last executing test programs: 2m58.971364467s ago: executing program 1 (id=508): r0 = io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0x2637, 0x3c00, 0x2, 0x10001d4}) r1 = eventfd2(0x6, 0x80800) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000340)=r1, 0x1) io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0) 2m58.701359022s ago: executing program 1 (id=511): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0xf51) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000140)="2aa229111272ff", 0x7}, {&(0x7f0000000200)="3cc5c48b32b27a215ed6734667e778fd5e31bd2a645c1ad3521f8bb3347afdda1150f0871a3dc29260bd8c43222471588c75a894d31eb4e0a8b9439adf553dd6c343aa6a7cb47d37bfcc1b89ff13a3e68d9ec5751948ea50e29915258db6597fa5c3ed168fe9704d5ecced81fd9dc1400a7b749d9495e6e621", 0x79}], 0x2}, 0x24044014) 2m57.626436613s ago: executing program 1 (id=520): r0 = msgget$private(0x0, 0x480) msgsnd(r0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="01"], 0x401, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x1000) msgctl$IPC_RMID(r0, 0x0) 2m57.196761426s ago: executing program 1 (id=522): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047452, 0x0) 2m56.92609536s ago: executing program 1 (id=526): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) fchown(r1, 0x0, 0x0) 2m56.720425033s ago: executing program 1 (id=528): r0 = io_uring_setup(0x2291, &(0x7f00000001c0)={0x0, 0xc63b, 0x80, 0x0, 0x10000000}) io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000040)={0x7}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}}, 0x4008840) io_uring_enter(r0, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) 2m41.392561442s ago: executing program 32 (id=528): r0 = io_uring_setup(0x2291, &(0x7f00000001c0)={0x0, 0xc63b, 0x80, 0x0, 0x10000000}) io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000040)={0x7}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}}, 0x4008840) io_uring_enter(r0, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) 2m27.4499045s ago: executing program 3 (id=750): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000080000000100000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000380)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m27.230446106s ago: executing program 3 (id=752): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 2m26.744768826s ago: executing program 2 (id=754): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0x1, &(0x7f0000000040)="0f", 0x9, 0x1, 0x458, 0x58, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) 2m26.219667539s ago: executing program 2 (id=758): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000280)=0x62c, 0x4) 2m26.133663013s ago: executing program 4 (id=759): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 2m24.579851333s ago: executing program 2 (id=763): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wg2\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m24.271926823s ago: executing program 3 (id=765): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0xa, 0x4, 0xfff, 0x7, 0x88, 0xffffffffffffffff, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x1e) 2m23.944592759s ago: executing program 3 (id=767): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r1, 0x0) setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000280)=0x1, 0x4) 2m23.848553487s ago: executing program 0 (id=768): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000b00)={0x48, 0x1, r1}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f00000000c0)={0x18, r1, 0x1, 0x0, &(0x7f0000000080)=[{0x0, 0x2}]}) 2m23.674346299s ago: executing program 3 (id=769): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080)=r0, 0x4) syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "39a59f", 0x18, 0x2b, 0x0, @remote, @local, {[], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) 2m23.579792038s ago: executing program 0 (id=770): r0 = epoll_create1(0x0) epoll_wait(r0, &(0x7f0000000000)=[{}], 0x1, 0x7ff) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000001}) 2m23.181311273s ago: executing program 0 (id=771): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000740)={0x0, 0x0, 0x1, 0x81, 0xfffffff9}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, 0x0) 2m23.055652224s ago: executing program 0 (id=772): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x3}) 2m22.8820813s ago: executing program 0 (id=773): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002800)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000100)="93", 0x1}], 0x1}}, {{&(0x7f00000004c0)={0xa, 0x4e22, 0x6, @private2, 0x8}, 0x1c, &(0x7f0000000a40)=[{&(0x7f0000000500)='J', 0x1}], 0x1}}], 0x2, 0xc010) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) 2m22.605665897s ago: executing program 0 (id=774): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2d0, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdc03, {}, [{0x200, 0x1, [@m_bpf={0x120, 0x11, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x8, 0x7ff, 0xffffffffffffffff, 0x6, 0x1}}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x9}]}, {0xd5, 0x6, "de3076c9029c89cac2110cd55d581704e58a5390b9cafe2b64325a46f8b081e699757e6d7cf4a3448bb5b2e64fc2e03a54809c577282b40999588f3efe910071f63fad74218353479ab4d67caaaad76cb8231e2af9d3784677d066a55d753b07d7cabab4ae2c7e8d954ddf9c32616632f4eba2ba551706a996a99b9508676f04ec62c4eec024ae6fef5f4b90e3b79f303a01dcd61f1d87045f545d5a1fb4a6b9ed362ca321f191dbc0b38444eee6b18c0ec2080e377d676db297bbb8895ce12fe5022a379c12d299b63f5b6cd0a81ca5c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_csum={0xdc, 0x34, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x6, 0x8, 0x9}, 0x43}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x5, 0xffffffffffffffff, 0x0, 0x136bcb9c}, 0x77}}]}, {0x75, 0x6, "576458eea52fd27eec92e713a172e757e1f62fe8475fa8817d9bd39d398251801f64d9b8e312b47b111ff094a2f452e1fd749b169123625c664a63e06baa8402c6b5fe34fbffaf329e5589fe1d00f704d8d13b0100000081ec7a1e9e21427be570631961812505684e260d3f73821a3729"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}, {0xbc, 0x1, [@m_csum={0xb8, 0x1a, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0xfffffffc, 0x7, 0x7, 0x9}, 0x73}}]}, {0x6d, 0x6, "d2990ddc96447f6733ad356593557e70e17945b617d6e26390f64d88754d4a753e27565de494e3e78f119c8b7a529ddd13c6f4117badc7056e7a1b38494e3afa87056c9db99cd66c882461eb503f4be4ea8e12c19c1e5a8b86b5d7d42ee1a73b81fb6edb42b5c214ad"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4004000}, 0x50) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2m21.615590546s ago: executing program 2 (id=775): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r0, 0x1) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r1, 0x6) 2m21.606709298s ago: executing program 3 (id=776): getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)=""/4087, &(0x7f0000001000)=0xff7) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r0, 0x0, 0x30, 0x0, &(0x7f0000001000)) 2m21.338919093s ago: executing program 2 (id=777): r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000600)={0x2, @pix={0x80000000, 0xbb46, 0x34324142, 0x0, 0x0, 0x2c9, 0x0, 0xfffffffd}}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2}) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x2, @sliced={0x8, [0x1, 0x7, 0x5, 0x3ff, 0x9, 0x2, 0x6, 0x9, 0x1ff, 0xdd, 0x494, 0x139, 0x7, 0x5, 0x5, 0x7, 0x6, 0x9, 0x2, 0x5, 0x1, 0x1, 0xd, 0x6, 0x9, 0x8, 0xf6, 0x5, 0x7, 0x9, 0x4, 0x5, 0x9, 0x5, 0x5, 0x258d, 0xa, 0x9, 0x6, 0x1, 0xe, 0x40, 0x7ff, 0x7, 0x7f, 0xdea, 0x5, 0xbb], 0x80000000}}) 2m21.018553303s ago: executing program 4 (id=778): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0x8) listen(r0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000540), &(0x7f0000000580)=0x4) 2m20.901430746s ago: executing program 2 (id=779): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x34, r2, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x404c001}, 0x24000000) 2m20.703036711s ago: executing program 4 (id=780): r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000200)=0x8000000) 2m19.684736214s ago: executing program 4 (id=781): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) r1 = getpgid(0x0) process_vm_readv(r1, &(0x7f0000000b00)=[{&(0x7f0000000100)=""/175, 0xaf}], 0x1, 0x0, 0x0, 0x0) 2m19.518048565s ago: executing program 4 (id=782): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) 2m19.214910027s ago: executing program 4 (id=783): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000140)={0x2, 0xc004, @remote}, 0x10) 1m37.090361665s ago: executing program 33 (id=774): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2d0, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdc03, {}, [{0x200, 0x1, [@m_bpf={0x120, 0x11, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x8, 0x7ff, 0xffffffffffffffff, 0x6, 0x1}}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x9}]}, {0xd5, 0x6, "de3076c9029c89cac2110cd55d581704e58a5390b9cafe2b64325a46f8b081e699757e6d7cf4a3448bb5b2e64fc2e03a54809c577282b40999588f3efe910071f63fad74218353479ab4d67caaaad76cb8231e2af9d3784677d066a55d753b07d7cabab4ae2c7e8d954ddf9c32616632f4eba2ba551706a996a99b9508676f04ec62c4eec024ae6fef5f4b90e3b79f303a01dcd61f1d87045f545d5a1fb4a6b9ed362ca321f191dbc0b38444eee6b18c0ec2080e377d676db297bbb8895ce12fe5022a379c12d299b63f5b6cd0a81ca5c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_csum={0xdc, 0x34, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x6, 0x8, 0x9}, 0x43}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x5, 0xffffffffffffffff, 0x0, 0x136bcb9c}, 0x77}}]}, {0x75, 0x6, "576458eea52fd27eec92e713a172e757e1f62fe8475fa8817d9bd39d398251801f64d9b8e312b47b111ff094a2f452e1fd749b169123625c664a63e06baa8402c6b5fe34fbffaf329e5589fe1d00f704d8d13b0100000081ec7a1e9e21427be570631961812505684e260d3f73821a3729"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}, {0xbc, 0x1, [@m_csum={0xb8, 0x1a, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0xfffffffc, 0x7, 0x7, 0x9}, 0x73}}]}, {0x6d, 0x6, "d2990ddc96447f6733ad356593557e70e17945b617d6e26390f64d88754d4a753e27565de494e3e78f119c8b7a529ddd13c6f4117badc7056e7a1b38494e3afa87056c9db99cd66c882461eb503f4be4ea8e12c19c1e5a8b86b5d7d42ee1a73b81fb6edb42b5c214ad"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4004000}, 0x50) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 59.496932671s ago: executing program 34 (id=779): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x34, r2, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x404c001}, 0x24000000) 19.874084886s ago: executing program 35 (id=776): getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)=""/4087, &(0x7f0000001000)=0xff7) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r0, 0x0, 0x30, 0x0, &(0x7f0000001000)) 0s ago: executing program 36 (id=783): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000140)={0x2, 0xc004, @remote}, 0x10) kernel console output (not intermixed with test programs): [ 88.898284][ T1231] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. [ 97.069230][ T5835] cgroup: Unknown subsys name 'net' [ 97.310883][ T5835] cgroup: Unknown subsys name 'cpuset' [ 97.345967][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 99.627550][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 103.080509][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.084000][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.085273][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.087119][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.088185][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.194782][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.205262][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.210300][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.212164][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.236268][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.259015][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.272737][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.285411][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.286961][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.287972][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.322747][ T5163] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.333955][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 103.336325][ T5868] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 103.339265][ T5868] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 103.360819][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 103.366828][ T5868] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 103.462371][ T5163] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.476959][ T5163] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.478462][ T5163] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.479348][ T5163] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.382101][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 104.494149][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 104.905976][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 105.038034][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 105.062648][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 105.207296][ T5858] Bluetooth: hci0: command tx timeout [ 105.286487][ T5858] Bluetooth: hci1: command tx timeout [ 105.337806][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.338286][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.340846][ T5849] bridge_slave_0: entered allmulticast mode [ 105.343155][ T5849] bridge_slave_0: entered promiscuous mode [ 105.445268][ T5858] Bluetooth: hci2: command tx timeout [ 105.488972][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.489151][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.489484][ T5849] bridge_slave_1: entered allmulticast mode [ 105.492893][ T5849] bridge_slave_1: entered promiscuous mode [ 105.535207][ T5858] Bluetooth: hci4: command tx timeout [ 105.606702][ T5862] Bluetooth: hci3: command tx timeout [ 105.686148][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.686271][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.686402][ T5853] bridge_slave_0: entered allmulticast mode [ 105.688204][ T5853] bridge_slave_0: entered promiscuous mode [ 105.832854][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.832991][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.833142][ T5853] bridge_slave_1: entered allmulticast mode [ 105.834888][ T5853] bridge_slave_1: entered promiscuous mode [ 106.084332][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.261681][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.336443][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.336568][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.336711][ T5863] bridge_slave_0: entered allmulticast mode [ 106.338604][ T5863] bridge_slave_0: entered promiscuous mode [ 106.458108][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.598857][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.599022][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.599738][ T5863] bridge_slave_1: entered allmulticast mode [ 106.603059][ T5863] bridge_slave_1: entered promiscuous mode [ 106.818846][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.926229][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.926391][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.926603][ T5856] bridge_slave_0: entered allmulticast mode [ 106.928788][ T5856] bridge_slave_0: entered promiscuous mode [ 107.034212][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.034384][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.034537][ T5854] bridge_slave_0: entered allmulticast mode [ 107.039639][ T5854] bridge_slave_0: entered promiscuous mode [ 107.143453][ T5849] team0: Port device team_slave_0 added [ 107.144151][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.144300][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.144503][ T5856] bridge_slave_1: entered allmulticast mode [ 107.149996][ T5856] bridge_slave_1: entered promiscuous mode [ 107.258061][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.258368][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.258604][ T5854] bridge_slave_1: entered allmulticast mode [ 107.262006][ T5854] bridge_slave_1: entered promiscuous mode [ 107.295358][ T5862] Bluetooth: hci0: command tx timeout [ 107.351431][ T5849] team0: Port device team_slave_1 added [ 107.365342][ T5862] Bluetooth: hci1: command tx timeout [ 107.433619][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.508283][ T5853] team0: Port device team_slave_0 added [ 107.525344][ T5862] Bluetooth: hci2: command tx timeout [ 107.605362][ T5862] Bluetooth: hci4: command tx timeout [ 107.653805][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.685426][ T5862] Bluetooth: hci3: command tx timeout [ 107.720920][ T5853] team0: Port device team_slave_1 added [ 107.810784][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.193426][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.280155][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.280171][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.280186][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.294350][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.392292][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.468900][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.468922][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.468963][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.570627][ T5863] team0: Port device team_slave_0 added [ 108.671548][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.671563][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.671578][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.688443][ T5863] team0: Port device team_slave_1 added [ 108.841815][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.841834][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.841861][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.939397][ T5856] team0: Port device team_slave_0 added [ 108.941941][ T5854] team0: Port device team_slave_0 added [ 109.049587][ T5856] team0: Port device team_slave_1 added [ 109.051826][ T5854] team0: Port device team_slave_1 added [ 109.270161][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.270181][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.270211][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.365348][ T5862] Bluetooth: hci0: command tx timeout [ 109.447143][ T5862] Bluetooth: hci1: command tx timeout [ 109.517594][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.517615][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.517657][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.605681][ T5862] Bluetooth: hci2: command tx timeout [ 109.686986][ T5862] Bluetooth: hci4: command tx timeout [ 109.765422][ T5862] Bluetooth: hci3: command tx timeout [ 109.785290][ T5849] hsr_slave_0: entered promiscuous mode [ 109.786702][ T5849] hsr_slave_1: entered promiscuous mode [ 109.808841][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.808860][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.808896][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.810775][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.810789][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.810813][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.952954][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.952973][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.952988][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.954563][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.954574][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.954589][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.012543][ T5853] hsr_slave_0: entered promiscuous mode [ 110.020438][ T5853] hsr_slave_1: entered promiscuous mode [ 110.025644][ T5853] debugfs: 'hsr0' already exists in 'hsr' [ 110.025763][ T5853] Cannot create hsr debugfs directory [ 110.577903][ T5863] hsr_slave_0: entered promiscuous mode [ 110.579704][ T5863] hsr_slave_1: entered promiscuous mode [ 110.580867][ T5863] debugfs: 'hsr0' already exists in 'hsr' [ 110.580895][ T5863] Cannot create hsr debugfs directory [ 110.940773][ T5856] hsr_slave_0: entered promiscuous mode [ 110.942803][ T5856] hsr_slave_1: entered promiscuous mode [ 110.943743][ T5856] debugfs: 'hsr0' already exists in 'hsr' [ 110.943770][ T5856] Cannot create hsr debugfs directory [ 111.168257][ T5854] hsr_slave_0: entered promiscuous mode [ 111.169198][ T5854] hsr_slave_1: entered promiscuous mode [ 111.169803][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 111.169822][ T5854] Cannot create hsr debugfs directory [ 111.445313][ T5862] Bluetooth: hci0: command tx timeout [ 111.525665][ T5862] Bluetooth: hci1: command tx timeout [ 111.686584][ T5862] Bluetooth: hci2: command tx timeout [ 111.765411][ T5862] Bluetooth: hci4: command tx timeout [ 111.855512][ T5862] Bluetooth: hci3: command tx timeout [ 112.741269][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 112.780032][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 112.821130][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 112.861582][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.037047][ T5853] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 113.084012][ T5853] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 113.122221][ T5853] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 113.174845][ T5853] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 113.417836][ T5863] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 113.474671][ T5863] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 113.532496][ T5863] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 113.597052][ T5863] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 113.786899][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.838270][ T5856] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 113.879349][ T5856] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 113.924062][ T5856] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 113.997565][ T5856] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.104039][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.222328][ T1352] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.224327][ T1352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.234588][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 114.286700][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 114.343508][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 114.389960][ T1352] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.390112][ T1352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.393371][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 114.475827][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.651972][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.722857][ T1352] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.723116][ T1352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.791802][ T1352] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.791936][ T1352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.861104][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.061249][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.130752][ T1352] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.131430][ T1352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.169583][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.212086][ T1353] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.212294][ T1353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.388511][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.399734][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.461980][ T1361] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.462168][ T1361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.542622][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.559830][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.562610][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.662288][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.720582][ T1361] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.720886][ T1361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.802080][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.802269][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.125380][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.206803][ T5849] veth0_vlan: entered promiscuous mode [ 116.357522][ T5849] veth1_vlan: entered promiscuous mode [ 116.490125][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.624246][ T5853] veth0_vlan: entered promiscuous mode [ 116.709778][ T5849] veth0_macvtap: entered promiscuous mode [ 116.739656][ T5853] veth1_vlan: entered promiscuous mode [ 116.776537][ T5849] veth1_macvtap: entered promiscuous mode [ 116.931875][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.064618][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.094755][ T5863] veth0_vlan: entered promiscuous mode [ 117.218885][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.312856][ T5853] veth0_macvtap: entered promiscuous mode [ 117.343525][ T5863] veth1_vlan: entered promiscuous mode [ 117.363530][ T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.382433][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.392786][ T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.399445][ T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.418058][ T5853] veth1_macvtap: entered promiscuous mode [ 117.449242][ T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.691786][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.814946][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.905386][ T5863] veth0_macvtap: entered promiscuous mode [ 117.953545][ T1140] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.973877][ T1140] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.979534][ T5863] veth1_macvtap: entered promiscuous mode [ 117.992789][ T1499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.992820][ T1499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.032271][ T1140] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.050605][ T1140] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.178302][ T5854] veth0_vlan: entered promiscuous mode [ 118.200385][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.200411][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.309938][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.426627][ T5854] veth1_vlan: entered promiscuous mode [ 118.495929][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.514685][ T5856] veth0_vlan: entered promiscuous mode [ 118.631248][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.639990][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.658932][ T1499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.658957][ T1499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.670085][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.693746][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.701177][ T5856] veth1_vlan: entered promiscuous mode [ 118.988561][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.988588][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.043664][ T5854] veth0_macvtap: entered promiscuous mode [ 119.182509][ T5854] veth1_macvtap: entered promiscuous mode [ 119.419774][ T5856] veth0_macvtap: entered promiscuous mode [ 119.433869][ T1352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.433904][ T1352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.478139][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.577408][ T5856] veth1_macvtap: entered promiscuous mode [ 119.620002][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.840052][ T1352] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.842110][ T1352] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.842182][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.842200][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.846983][ T1352] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.852273][ T1140] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.968848][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.158145][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.372659][ T1352] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.422899][ T1352] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.465281][ T1352] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.625174][ T1361] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.728897][ T5988] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2'. [ 120.798437][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.798465][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.188476][ T1499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.188505][ T1499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.572776][ T1353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.572802][ T1353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.769222][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.769247][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.162176][ T5998] process 'syz.0.16' launched './file0' with NULL argv: empty string added [ 125.333484][ T6043] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 125.635438][ T5229] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 125.705145][ T1231] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 125.849770][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 125.849815][ T5229] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 125.849847][ T5229] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 125.849869][ T5229] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 125.849915][ T5229] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 125.849938][ T5229] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.868088][ T1231] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 125.868121][ T1231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.989331][ T1231] usb 1-1: config 0 descriptor?? [ 126.018898][ T5229] usb 3-1: config 0 descriptor?? [ 126.075256][ T5851] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 126.242496][ T1231] gspca_main: spca508-2.14.0 probing 8086:0110 [ 126.262927][ T5851] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 126.262968][ T5851] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 126.263015][ T5851] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 126.263039][ T5851] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.374462][ T5229] hdpvr 3-1:0.0: firmware version 0x0 dated [ 126.374489][ T5229] hdpvr 3-1:0.0: untested firmware, the driver might not work. [ 126.410858][ T6051] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 126.473491][ T5851] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 126.552170][ T1231] gspca_spca508: reg_read err -71 [ 126.556331][ T1231] gspca_spca508: reg_read err -71 [ 126.557647][ T1231] gspca_spca508: reg_read err -71 [ 126.564288][ T1231] gspca_spca508: reg_read err -71 [ 126.577259][ T1231] gspca_spca508: reg_read err -71 [ 126.579809][ T1231] gspca_spca508: reg write: error -71 [ 126.580461][ T1231] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 126.843239][ T1231] usb 1-1: USB disconnect, device number 2 [ 127.210661][ T5851] usb 2-1: USB disconnect, device number 2 [ 127.364456][ T5229] hdpvr 3-1:0.0: Could not setup controls [ 127.373115][ T5229] hdpvr 3-1:0.0: registering videodev failed [ 127.676819][ T5229] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71 [ 127.750035][ T5229] usb 3-1: USB disconnect, device number 2 [ 128.595280][ T5941] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 128.768385][ T5941] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 128.768423][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 128.768451][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 128.773477][ T5941] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 128.773520][ T5941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.773540][ T5941] usb 3-1: Product: syz [ 128.773554][ T5941] usb 3-1: Manufacturer: syz [ 128.773568][ T5941] usb 3-1: SerialNumber: syz [ 128.888908][ T5941] usb 3-1: config 0 descriptor?? [ 128.891538][ T6082] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 129.104718][ T5941] powermate: unknown product id 0240 [ 129.104751][ T5941] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 129.166681][ T5941] input: Griffin SoundKnob as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input5 [ 129.329231][ T6092] netlink: 256 bytes leftover after parsing attributes in process `syz.1.47'. [ 129.643155][ C1] powermate: config urb returned -71 [ 129.644031][ C1] powermate: config urb returned -71 [ 129.644301][ C1] powermate: config urb returned -71 [ 129.678539][ T5933] usb 3-1: USB disconnect, device number 3 [ 129.678539][ C1] powermate 3-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 130.225244][ T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 130.399139][ T31] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 130.399183][ T31] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 130.399228][ T31] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 130.399252][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.453697][ T6098] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 130.473966][ T31] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 130.755774][ T31] usb 1-1: USB disconnect, device number 3 [ 131.075306][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 131.648044][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.648509][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.648690][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.648896][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.649080][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.649264][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.649471][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.649662][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.649862][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 131.650054][ T6121] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 135.342297][ T6166] netlink: 24 bytes leftover after parsing attributes in process `syz.4.72'. [ 136.807545][ T6188] input: syz1 as /devices/virtual/input/input6 [ 137.855124][ T5922] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 138.014093][ T5922] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 138.014161][ T5922] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 138.014184][ T5922] usb 4-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 138.014209][ T5922] usb 4-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 138.014253][ T5922] usb 4-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 243 [ 138.047383][ T5922] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 138.047422][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.047439][ T5922] usb 4-1: Product: syz [ 138.047452][ T5922] usb 4-1: Manufacturer: syz [ 138.047464][ T5922] usb 4-1: SerialNumber: syz [ 138.129160][ T6197] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 138.142798][ T5922] usb 4-1: ucan: probing device on interface #0 [ 138.142830][ T5922] usb 4-1: ucan: invalid out_ep MaxPacketSize [ 138.146388][ T5922] usb 4-1: ucan: probe failed; try to update the device firmware [ 138.400203][ T5922] usb 4-1: USB disconnect, device number 2 [ 139.395468][ T6215] Driver unsupported XDP return value 0 on prog (id 6) dev N/A, expect packet loss! [ 139.543823][ T6217] netlink: 56 bytes leftover after parsing attributes in process `syz.4.94'. [ 139.544463][ T6217] netlink: 8 bytes leftover after parsing attributes in process `syz.4.94'. [ 140.116433][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 140.116531][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.753580][ T6232] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 140.785222][ T1231] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 140.935552][ T1231] usb 3-1: Using ep0 maxpacket: 16 [ 140.939058][ T1231] usb 3-1: config 0 interface 0 has no altsetting 0 [ 140.939104][ T1231] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 140.939125][ T1231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.987683][ T1231] usb 3-1: config 0 descriptor?? [ 141.113271][ T37] audit: type=1326 audit(1757989170.713:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6233 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb489aeba9 code=0x7ffc0000 [ 141.113341][ T37] audit: type=1326 audit(1757989170.713:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6233 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7feb489aeba9 code=0x7ffc0000 [ 141.113387][ T37] audit: type=1326 audit(1757989170.713:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6233 comm="syz.4.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb489aeba9 code=0x7ffc0000 [ 141.432766][ T1231] hid (null): nested delimiters [ 141.688509][ T5851] usb 3-1: USB disconnect, device number 4 [ 142.346416][ T6255] program syz.4.112 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 143.195273][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 143.350215][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.350270][ T31] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 143.350308][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.398448][ T31] usb 2-1: config 0 descriptor?? [ 144.114742][ T31] razer 0003:1532:010E.0002: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.1-1/input0 [ 144.156180][ T6288] ======================================================= [ 144.156180][ T6288] WARNING: The mand mount option has been deprecated and [ 144.156180][ T6288] and is ignored by this kernel. Remove the mand [ 144.156180][ T6288] option from the mount to silence this warning. [ 144.156180][ T6288] ======================================================= [ 144.188262][ T5851] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 144.262907][ T1231] usb 2-1: USB disconnect, device number 3 [ 144.385618][ T5851] usb 5-1: Using ep0 maxpacket: 16 [ 144.394396][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.394434][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.394483][ T5851] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 144.394508][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.438190][ T5851] usb 5-1: config 0 descriptor?? [ 144.552222][ T6289] fido_id[6289]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 144.773800][ T6285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.813731][ T6285] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.073122][ T5851] hid (null): unknown global tag 0xc [ 145.073172][ T5851] hid (null): invalid report_count 47589 [ 145.284347][ T5851] usb 5-1: string descriptor 0 read error: -71 [ 145.300909][ T6293] netlink: 188 bytes leftover after parsing attributes in process `syz.3.129'. [ 145.315194][ T5851] usb 5-1: Max retries (5) exceeded reading string descriptor 200 [ 145.315297][ T5851] letsketch 0003:6161:4D15.0003: probe with driver letsketch failed with error -32 [ 145.445403][ T5851] usb 5-1: USB disconnect, device number 2 [ 148.263798][ T37] audit: type=1326 audit(1757989178.860:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3625f3eba9 code=0x7ffc0000 [ 148.263862][ T37] audit: type=1326 audit(1757989178.860:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6304 comm="syz.3.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3625f3eba9 code=0x7ffc0000 [ 150.245275][ T6369] capability: warning: `syz.0.160' uses 32-bit capabilities (legacy support in use) [ 150.450419][ T6356] syz.1.154 (6356) used greatest stack depth: 18968 bytes left [ 151.072176][ T37] audit: type=1326 audit(1757989181.660:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.095266][ T37] audit: type=1326 audit(1757989181.690:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.174702][ T37] audit: type=1326 audit(1757989181.710:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.174772][ T37] audit: type=1326 audit(1757989181.770:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.178091][ T37] audit: type=1326 audit(1757989181.780:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.210516][ T37] audit: type=1326 audit(1757989181.780:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 151.210572][ T37] audit: type=1326 audit(1757989181.810:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8c30b65b67 code=0x7ffc0000 [ 151.211205][ T37] audit: type=1326 audit(1757989181.810:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6373 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8c30b0ada9 code=0x7ffc0000 [ 151.790740][ T6383] input: syz0 as /devices/virtual/input/input9 [ 152.464339][ T6390] Bluetooth: MGMT ver 1.23 [ 153.593540][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 153.593574][ T37] audit: type=1326 audit(1757989184.180:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.593633][ T37] audit: type=1326 audit(1757989184.190:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.653758][ T37] audit: type=1326 audit(1757989184.250:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.679075][ T37] audit: type=1326 audit(1757989184.280:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.679861][ T37] audit: type=1326 audit(1757989184.280:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.701706][ T37] audit: type=1326 audit(1757989184.300:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.701772][ T37] audit: type=1326 audit(1757989184.300:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 153.734369][ T37] audit: type=1326 audit(1757989184.320:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8c30b0ada9 code=0x7ffc0000 [ 153.734432][ T37] audit: type=1326 audit(1757989184.330:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8c30b0ada9 code=0x7ffc0000 [ 153.734493][ T37] audit: type=1326 audit(1757989184.330:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6413 comm="syz.1.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8c30b0ada9 code=0x7ffc0000 [ 155.181029][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 155.325136][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 155.328455][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.328554][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 155.328582][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 155.328605][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 155.328628][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 155.333645][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 155.333678][ T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 155.333698][ T9] usb 4-1: Manufacturer: syz [ 155.355866][ T9] usb 4-1: config 0 descriptor?? [ 155.843381][ T9] rc_core: IR keymap rc-hauppauge not found [ 155.843411][ T9] Registered IR keymap rc-empty [ 155.844120][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.855285][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.880526][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 155.884219][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10 [ 155.919073][ T6457] warning: `syz.1.198' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 155.973935][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.986223][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.188060][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.227033][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.246269][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.268154][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.285375][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.306451][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.335680][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.355212][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 156.380186][ T9] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 156.380216][ T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 156.429457][ T9] usb 4-1: USB disconnect, device number 3 [ 156.624248][ T6468] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 156.932474][ T6474] input: syz1 as /devices/virtual/input/input11 [ 157.666768][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 157.815270][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 157.818647][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 157.820356][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.824308][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=7000, bcdDevice=a1.ec [ 157.824342][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.824361][ T9] usb 2-1: Product: syz [ 157.824376][ T9] usb 2-1: Manufacturer: syz [ 157.824391][ T9] usb 2-1: SerialNumber: syz [ 157.852604][ T9] usb 2-1: config 0 descriptor?? [ 157.875170][ T5851] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 158.072987][ T5851] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 158.073024][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.073044][ T5851] usb 1-1: Product: syz [ 158.073059][ T5851] usb 1-1: Manufacturer: syz [ 158.073074][ T5851] usb 1-1: SerialNumber: syz [ 158.109087][ T5851] usb 1-1: config 0 descriptor?? [ 158.122149][ T5851] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 004 [ 158.144046][ T1231] usb 2-1: USB disconnect, device number 4 [ 158.486422][ T5922] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 158.527218][ T5851] (null): failure reading functionality [ 158.564949][ T5851] i2c i2c-1: connected i2c-tiny-usb device [ 158.646213][ T5922] usb 5-1: Using ep0 maxpacket: 16 [ 158.652622][ T5922] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.652689][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 158.652719][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 158.652741][ T5922] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 158.652765][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.654954][ T5922] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 158.655202][ T5922] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 158.655224][ T5922] usb 5-1: Manufacturer: syz [ 158.669203][ T5922] usb 5-1: config 0 descriptor?? [ 158.787698][ T9] usb 1-1: USB disconnect, device number 4 [ 159.095322][ T5922] rc_core: IR keymap rc-hauppauge not found [ 159.095359][ T5922] Registered IR keymap rc-empty [ 159.095563][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.125306][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.147222][ T5922] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 159.152449][ T5922] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input12 [ 159.167201][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.191014][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.218277][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.236277][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.265463][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.285282][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.306944][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.325289][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.345338][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.365421][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 159.449245][ T5922] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 159.449277][ T5922] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 159.489352][ T5922] usb 5-1: USB disconnect, device number 3 [ 159.715296][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.227'. [ 160.014890][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.019057][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.382872][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.236'. [ 160.382897][ T6543] netlink: 26 bytes leftover after parsing attributes in process `syz.2.236'. [ 161.125224][ T37] kauditd_printk_skb: 254 callbacks suppressed [ 161.125247][ T37] audit: type=1326 audit(1757989191.720:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.2.242" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f7a264b5b67 code=0x0 [ 162.767123][ T6578] Zero length message leads to an empty skb [ 162.910136][ T6538] syz.4.233: vmalloc error: size 100663296, failed to allocated page array size 196608, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 162.910515][ T6538] CPU: 1 UID: 0 PID: 6538 Comm: syz.4.233 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 162.910540][ T6538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 162.910558][ T6538] Call Trace: [ 162.910579][ T6538] [ 162.910599][ T6538] dump_stack_lvl+0x189/0x250 [ 162.910667][ T6538] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.910709][ T6538] ? __pfx__printk+0x10/0x10 [ 162.910733][ T6538] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 162.910760][ T6538] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 162.910786][ T6538] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 162.910812][ T6538] warn_alloc+0x22e/0x3b0 [ 162.910859][ T6538] ? __pfx_warn_alloc+0x10/0x10 [ 162.910902][ T6538] ? __get_vm_area_node+0x2bc/0x350 [ 162.910934][ T6538] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 162.910975][ T6538] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 162.911037][ T6538] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 162.911075][ T6538] ? rcu_is_watching+0x15/0xb0 [ 162.911128][ T6538] __kvmalloc_node_noprof+0x330/0x550 [ 162.911159][ T6538] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 162.911185][ T6538] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 162.911210][ T6538] ? bpf_uprobe_multi_link_attach+0x527/0xed0 [ 162.911243][ T6538] bpf_uprobe_multi_link_attach+0x546/0xed0 [ 162.911290][ T6538] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 162.911316][ T6538] ? __fget_files+0x2a/0x420 [ 162.911350][ T6538] ? __fget_files+0x2a/0x420 [ 162.911380][ T6538] ? __fget_files+0x2a/0x420 [ 162.911414][ T6538] ? bpf_prog_attach_check_attach_type+0x453/0x540 [ 162.911451][ T6538] link_create+0x67c/0x850 [ 162.911485][ T6538] __sys_bpf+0x6dc/0x870 [ 162.911518][ T6538] ? __pfx___sys_bpf+0x10/0x10 [ 162.911569][ T6538] ? rcu_is_watching+0x15/0xb0 [ 162.911609][ T6538] __x64_sys_bpf+0x7c/0x90 [ 162.911634][ T6538] do_syscall_64+0xfa/0x3b0 [ 162.911658][ T6538] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.911689][ T6538] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.911711][ T6538] ? clear_bhb_loop+0x60/0xb0 [ 162.911738][ T6538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.911759][ T6538] RIP: 0033:0x7feb489aeba9 [ 162.911792][ T6538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.911815][ T6538] RSP: 002b:00007feb46c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 162.911842][ T6538] RAX: ffffffffffffffda RBX: 00007feb48bf5fa0 RCX: 00007feb489aeba9 [ 162.911858][ T6538] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c [ 162.911871][ T6538] RBP: 00007feb48a31e19 R08: 0000000000000000 R09: 0000000000000000 [ 162.911885][ T6538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.911897][ T6538] R13: 00007feb48bf6038 R14: 00007feb48bf5fa0 R15: 00007ffeb0450988 [ 162.911933][ T6538] [ 162.911947][ T6538] Mem-Info: [ 162.911964][ T6538] active_anon:260 inactive_anon:4299 isolated_anon:0 [ 162.911964][ T6538] active_file:5431 inactive_file:37811 isolated_file:0 [ 162.911964][ T6538] unevictable:768 dirty:167 writeback:25 [ 162.911964][ T6538] slab_reclaimable:11414 slab_unreclaimable:102484 [ 162.911964][ T6538] mapped:29234 shmem:1374 pagetables:1054 [ 162.911964][ T6538] sec_pagetables:0 bounce:0 [ 162.911964][ T6538] kernel_misc_reclaimable:0 [ 162.911964][ T6538] free:1335062 free_pcp:4361 free_cma:0 [ 162.912020][ T6538] Node 0 active_anon:1040kB inactive_anon:17196kB active_file:21524kB inactive_file:151240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116936kB dirty:668kB writeback:100kB shmem:3960kB kernel_stack:12604kB pagetables:4044kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 162.912069][ T6538] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 162.912121][ T6538] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 162.912186][ T6538] lowmem_reserve[]: 0 2512 2513 2513 2513 [ 162.912225][ T6538] Node 0 DMA32 free:1434352kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1036kB inactive_anon:17152kB active_file:20508kB inactive_file:151172kB unevictable:1536kB writepending:868kB present:3129332kB managed:2572296kB mlocked:0kB bounce:0kB free_pcp:6856kB local_pcp:2976kB free_cma:0kB [ 162.912288][ T6538] lowmem_reserve[]: 0 0 1 1 1 [ 162.912324][ T6538] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1016kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 162.912380][ T6538] lowmem_reserve[]: 0 0 0 0 0 [ 162.912416][ T6538] Node 1 Normal free:3890536kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:10588kB local_pcp:6096kB free_cma:0kB [ 162.912490][ T6538] lowmem_reserve[]: 0 0 0 0 0 [ 162.912526][ T6538] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 162.912657][ T6538] Node 0 DMA32: 1076*4kB (UME) 1138*8kB (UME) 380*16kB (UME) 518*32kB (UME) 174*64kB (UME) 120*128kB (UME) 42*256kB (UME) 18*512kB (UME) 12*1024kB (UME) 8*2048kB (UM) 323*4096kB (M) = 1434208kB [ 162.912846][ T6538] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 162.912956][ T6538] Node 1 Normal: 175*4kB (UM) 51*8kB (UME) 33*16kB (UME) 209*32kB (UME) 108*64kB (UME) 26*128kB (UME) 17*256kB (UME) 8*512kB (UME) 3*1024kB (UM) 3*2048kB (UE) 941*4096kB (UM) = 3890564kB [ 162.913144][ T6538] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 162.913162][ T6538] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 162.913180][ T6538] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 162.913197][ T6538] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 162.913214][ T6538] 44612 total pagecache pages [ 162.913227][ T6538] 0 pages in swap cache [ 162.913235][ T6538] Free swap = 124996kB [ 162.913243][ T6538] Total swap = 124996kB [ 162.913252][ T6538] 2097051 pages RAM [ 162.913259][ T6538] 0 pages HighMem/MovableOnly [ 162.913267][ T6538] 422079 pages reserved [ 162.913275][ T6538] 0 pages cma reserved [ 163.041859][ T6587] batadv_slave_0: entered promiscuous mode [ 163.049151][ T6585] batadv_slave_0: left promiscuous mode [ 164.275388][ T5941] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 164.432337][ T5941] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 164.432372][ T5941] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 164.432394][ T5941] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 164.432415][ T5941] usb 1-1: config 1 has no interface number 0 [ 164.432470][ T5941] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 164.432499][ T5941] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 164.432545][ T5941] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 164.432570][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.540274][ T5941] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 165.141329][ T5941] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 165.337930][ T9] usb 1-1: USB disconnect, device number 5 [ 165.341560][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 166.529904][ T6659] IPVS: persistence engine module ip_vs_pe_ not found [ 166.854290][ T6678] netlink: 33 bytes leftover after parsing attributes in process `syz.4.294'. [ 167.865151][ T5229] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 168.021152][ T5229] usb 3-1: Using ep0 maxpacket: 32 [ 168.024106][ T5229] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 168.024136][ T5229] usb 3-1: config 0 has no interface number 0 [ 168.027821][ T5229] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 168.027849][ T5229] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.027867][ T5229] usb 3-1: Product: syz [ 168.027880][ T5229] usb 3-1: Manufacturer: syz [ 168.027893][ T5229] usb 3-1: SerialNumber: syz [ 168.048099][ T5229] usb 3-1: config 0 descriptor?? [ 168.084937][ T5229] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 168.326153][ T5229] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 168.375488][ T5229] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 168.695983][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 168.697742][ T9] usb 3-1: USB disconnect, device number 5 [ 168.736671][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 168.768424][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 168.769356][ T9] quatech2 3-1:0.51: device disconnected [ 169.896397][ T6729] bond0: entered promiscuous mode [ 169.896427][ T6729] bond_slave_0: entered promiscuous mode [ 169.896749][ T6729] bond_slave_1: entered promiscuous mode [ 170.019904][ T6729] bond0: left promiscuous mode [ 170.019936][ T6729] bond_slave_0: left promiscuous mode [ 170.020492][ T6729] bond_slave_1: left promiscuous mode [ 170.835324][ T9] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 170.988989][ T9] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 170.989024][ T9] usb 1-1: config 0 has no interface number 0 [ 171.012538][ T9] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 171.012574][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.012593][ T9] usb 1-1: Product: syz [ 171.012607][ T9] usb 1-1: Manufacturer: syz [ 171.012620][ T9] usb 1-1: SerialNumber: syz [ 171.133998][ T9] usb 1-1: config 0 descriptor?? [ 171.213007][ T1231] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 171.364055][ T1231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 171.364097][ T1231] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 171.364123][ T1231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 171.373027][ T1231] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 171.373063][ T1231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.373084][ T1231] usb 3-1: Product: syz [ 171.373099][ T1231] usb 3-1: Manufacturer: syz [ 171.373114][ T1231] usb 3-1: SerialNumber: syz [ 171.380460][ T1231] usb 3-1: config 0 descriptor?? [ 171.405040][ T6742] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 171.405269][ T6742] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 171.415898][ T1231] usb 3-1: ucan: probing device on interface #0 [ 171.605253][ T9] usb 1-1: Firmware: major: 0, minor: 43, hardware type: ATUSB (0) [ 171.815877][ T9] usb 1-1: failed to fetch extended address, random address set [ 171.972751][ T9] usb 1-1: USB disconnect, device number 6 [ 172.066875][ T1231] usb 3-1: ucan: device reported invalid tx-fifo size [ 172.066903][ T1231] usb 3-1: ucan: probe failed; try to update the device firmware [ 172.335451][ T5941] usb 3-1: USB disconnect, device number 6 [ 173.281572][ T6757] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 173.416493][ T6754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.327'. [ 173.956293][ T5922] IPVS: starting estimator thread 0... [ 173.970242][ T6766] net_ratelimit: 44 callbacks suppressed [ 173.970280][ T6766] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 174.055493][ T6768] IPVS: using max 6 ests per chain, 14400 per kthread [ 174.854901][ T6788] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'. [ 174.864417][ T6788] netlink: 'syz.0.342': attribute type 5 has an invalid length. [ 175.672591][ T6805] debugfs: 'ttyS3' already exists in 'caif_serial' [ 176.845698][ T37] audit: type=1326 audit(1757989207.450:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a2645ada9 code=0x7ffc0000 [ 176.845778][ T37] audit: type=1326 audit(1757989207.450:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.845826][ T37] audit: type=1326 audit(1757989207.450:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.846560][ T37] audit: type=1326 audit(1757989207.450:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a2645ada9 code=0x7ffc0000 [ 176.846610][ T37] audit: type=1326 audit(1757989207.450:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.847862][ T37] audit: type=1326 audit(1757989207.450:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.847918][ T37] audit: type=1326 audit(1757989207.450:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.847965][ T37] audit: type=1326 audit(1757989207.450:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.848012][ T37] audit: type=1326 audit(1757989207.450:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 176.848057][ T37] audit: type=1326 audit(1757989207.450:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.2.353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a264beba9 code=0x7ffc0000 [ 177.254508][ T6827] capability: warning: `syz.0.357' uses deprecated v2 capabilities in a way that may be insecure [ 178.250285][ T6858] netlink: 'syz.2.372': attribute type 3 has an invalid length. [ 179.213279][ T6881] netlink: 'syz.2.383': attribute type 2 has an invalid length. [ 179.213307][ T6881] netlink: 'syz.2.383': attribute type 8 has an invalid length. [ 179.213323][ T6881] netlink: 1160 bytes leftover after parsing attributes in process `syz.2.383'. [ 179.477390][ T6896] dummy0: entered promiscuous mode [ 181.856041][ T37] kauditd_printk_skb: 150 callbacks suppressed [ 181.856063][ T37] audit: type=1326 audit(1757989212.450:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 181.860050][ T37] audit: type=1326 audit(1757989212.460:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 181.863018][ T37] audit: type=1326 audit(1757989212.460:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 181.875193][ T5229] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 181.905321][ T37] audit: type=1326 audit(1757989212.500:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 181.905389][ T37] audit: type=1326 audit(1757989212.500:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 181.905429][ T37] audit: type=1326 audit(1757989212.500:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6947 comm="syz.1.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c30b6eba9 code=0x7ffc0000 [ 182.080965][ T5229] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 182.080997][ T5229] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 182.088753][ T5229] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 182.088802][ T5229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.088828][ T5229] usb 1-1: Product: syz [ 182.088841][ T5229] usb 1-1: Manufacturer: syz [ 182.088854][ T5229] usb 1-1: SerialNumber: syz [ 182.291168][ T6952] mmap: syz.3.416 (6952) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 182.354100][ T5229] usb 1-1: 0:2 : does not exist [ 182.391839][ T5229] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 182.532938][ T5229] usb 1-1: USB disconnect, device number 7 [ 182.675273][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 182.828133][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.828172][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.828215][ T9] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 182.828253][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.881414][ T9] usb 2-1: config 0 descriptor?? [ 183.106236][ T6966] loop7: detected capacity change from 0 to 524255231 [ 183.158918][ T6967] loop7: detected capacity change from 524255231 to 524287912 [ 183.372579][ T9] hid-thrustmaster 0003:044F:B65D.0004: unknown main item tag 0x0 [ 183.406273][ T9] hid-thrustmaster 0003:044F:B65D.0004: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0 [ 183.406649][ T9] hid-thrustmaster 0003:044F:B65D.0004: Wrong number of endpoints? [ 183.545133][ C0] hid-thrustmaster 0003:044F:B65D.0004: Unknown packet type 0x0, unable to proceed further with wheel init [ 183.754743][ T1231] usb 2-1: USB disconnect, device number 5 [ 185.906747][ T7028] macvlan0: entered promiscuous mode [ 186.315515][ T7032] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 186.435325][ T1231] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 186.517893][ T7037] loop6: detected capacity change from 0 to 2560 [ 186.597672][ T1231] usb 2-1: Using ep0 maxpacket: 8 [ 186.600776][ T1231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.600829][ T1231] usb 2-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 186.600853][ T1231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.631330][ T1231] usb 2-1: config 0 descriptor?? [ 187.098597][ T1231] hid-multitouch 0003:0EEF:72C4.0005: unknown main item tag 0x0 [ 187.098648][ T1231] hid-multitouch 0003:0EEF:72C4.0005: unknown main item tag 0x0 [ 187.098672][ T1231] hid-multitouch 0003:0EEF:72C4.0005: unknown main item tag 0x0 [ 187.098694][ T1231] hid-multitouch 0003:0EEF:72C4.0005: unknown main item tag 0x0 [ 187.098716][ T1231] hid-multitouch 0003:0EEF:72C4.0005: unknown main item tag 0x0 [ 187.165932][ T1231] hid-multitouch 0003:0EEF:72C4.0005: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.1-1/input0 [ 187.380002][ T5851] usb 2-1: USB disconnect, device number 6 [ 187.533569][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.457'. [ 187.533716][ T7053] netlink: 1 bytes leftover after parsing attributes in process `syz.3.457'. [ 189.046937][ T1499] wlan1: Trigger new scan to find an IBSS to join [ 198.625805][ T3662] wlan1: Creating new IBSS network, BSSID 9e:75:df:14:3f:73 [ 198.740713][ T7078] tun0: tun_chr_ioctl cmd 3223385353 [ 200.335006][ C1] sched: DL replenish lagged too much [ 201.545585][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 201.545675][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 203.047746][ T7114] [U] [ 203.047919][ T7114] [U] )½0 [ 203.048084][ T7114] [U] [ 203.048123][ T7114] [U] [ 203.048161][ T7114] [U] [ 203.048959][ T7114] [U] [ 203.049000][ T7114] [U] [ 203.049039][ T7114] [U] [ 203.049078][ T7114] [U] [ 203.049220][ T7114] [U] [ 203.049257][ T7114] [U] [ 203.049295][ T7114] [U] [ 203.092497][ T7113] [U] [ 203.222493][ T7120] netlink: 'syz.4.485': attribute type 15 has an invalid length. [ 205.629070][ T7195] Bluetooth: MGMT ver 1.23 [ 206.007921][ T7190] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.488416][ T7190] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.982015][ T7190] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.116294][ T7213] sp0: Synchronizing with TNC [ 207.147023][ T7211] [U] è`` [ 207.660620][ T7190] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.382319][ T69] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.522363][ T69] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.594552][ T1361] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.639223][ T69] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.644136][ T7237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.536'. [ 208.960324][ T7243] netlink: 'syz.0.539': attribute type 2 has an invalid length. [ 209.657543][ T7250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.542'. [ 209.857281][ T7214] syz.4.524: vmalloc error: size 100663296, failed to allocated page array size 196608, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 209.857369][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz.4.524 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 209.857404][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 209.857416][ T7214] Call Trace: [ 209.857424][ T7214] [ 209.857434][ T7214] dump_stack_lvl+0x189/0x250 [ 209.857487][ T7214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.857515][ T7214] ? __pfx__printk+0x10/0x10 [ 209.857536][ T7214] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 209.857557][ T7214] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 209.857578][ T7214] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 209.857601][ T7214] warn_alloc+0x22e/0x3b0 [ 209.857641][ T7214] ? __pfx_warn_alloc+0x10/0x10 [ 209.857676][ T7214] ? __get_vm_area_node+0x2bc/0x350 [ 209.857704][ T7214] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 209.857733][ T7214] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 209.857790][ T7214] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 209.857821][ T7214] ? rcu_is_watching+0x15/0xb0 [ 209.857852][ T7214] __kvmalloc_node_noprof+0x330/0x550 [ 209.857878][ T7214] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 209.857898][ T7214] ? bpf_uprobe_multi_link_attach+0x546/0xed0 [ 209.857918][ T7214] ? bpf_uprobe_multi_link_attach+0x527/0xed0 [ 209.857944][ T7214] bpf_uprobe_multi_link_attach+0x546/0xed0 [ 209.857981][ T7214] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 209.858002][ T7214] ? __fget_files+0x2a/0x420 [ 209.858031][ T7214] ? __fget_files+0x2a/0x420 [ 209.858055][ T7214] ? __fget_files+0x2a/0x420 [ 209.858083][ T7214] ? bpf_prog_attach_check_attach_type+0x453/0x540 [ 209.858114][ T7214] link_create+0x67c/0x850 [ 209.858145][ T7214] __sys_bpf+0x6dc/0x870 [ 209.858171][ T7214] ? __pfx___sys_bpf+0x10/0x10 [ 209.858209][ T7214] ? exc_page_fault+0x76/0xf0 [ 209.858238][ T7214] ? __pfx___se_sys_futex+0x10/0x10 [ 209.858276][ T7214] __x64_sys_bpf+0x7c/0x90 [ 209.858300][ T7214] do_syscall_64+0xfa/0x3b0 [ 209.858319][ T7214] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.858350][ T7214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.858370][ T7214] ? clear_bhb_loop+0x60/0xb0 [ 209.858395][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.858414][ T7214] RIP: 0033:0x7feb489aeba9 [ 209.858446][ T7214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.858462][ T7214] RSP: 002b:00007feb46c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 209.858493][ T7214] RAX: ffffffffffffffda RBX: 00007feb48bf5fa0 RCX: 00007feb489aeba9 [ 209.858508][ T7214] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c [ 209.858522][ T7214] RBP: 00007feb48a31e19 R08: 0000000000000000 R09: 0000000000000000 [ 209.858535][ T7214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.858548][ T7214] R13: 00007feb48bf6038 R14: 00007feb48bf5fa0 R15: 00007ffeb0450988 [ 209.858584][ T7214] [ 209.858593][ T7214] Mem-Info: [ 209.858604][ T7214] active_anon:250 inactive_anon:7005 isolated_anon:0 [ 209.858604][ T7214] active_file:5470 inactive_file:37790 isolated_file:0 [ 209.858604][ T7214] unevictable:768 dirty:273 writeback:0 [ 209.858604][ T7214] slab_reclaimable:11530 slab_unreclaimable:104341 [ 209.858604][ T7214] mapped:31906 shmem:4013 pagetables:1098 [ 209.858604][ T7214] sec_pagetables:0 bounce:0 [ 209.858604][ T7214] kernel_misc_reclaimable:0 [ 209.858604][ T7214] free:1318981 free_pcp:15814 free_cma:0 [ 209.858661][ T7214] Node 0 active_anon:1000kB inactive_anon:28020kB active_file:21680kB inactive_file:151156kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127624kB dirty:1092kB writeback:0kB shmem:14516kB kernel_stack:12752kB pagetables:4220kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 209.858711][ T7214] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 209.858755][ T7214] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 209.858815][ T7214] lowmem_reserve[]: 0 2512 2513 2513 2513 [ 209.858855][ T7214] Node 0 DMA32 free:1363340kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:996kB inactive_anon:27976kB active_file:20664kB inactive_file:151088kB unevictable:1536kB writepending:1092kB present:3129332kB managed:2572296kB mlocked:0kB bounce:0kB free_pcp:59128kB local_pcp:54920kB free_cma:0kB [ 209.858924][ T7214] lowmem_reserve[]: 0 0 1 1 1 [ 209.858962][ T7214] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1016kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 209.859020][ T7214] lowmem_reserve[]: 0 0 0 0 0 [ 209.859057][ T7214] Node 1 Normal free:3897224kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:4128kB local_pcp:3256kB free_cma:0kB [ 209.859118][ T7214] lowmem_reserve[]: 0 0 0 0 0 [ 209.859155][ T7214] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 209.859286][ T7214] Node 0 DMA32: 1135*4kB (UE) 764*8kB (UE) 521*16kB (UME) 535*32kB (UME) 121*64kB (UME) 57*128kB (UME) 43*256kB (UM) 33*512kB (UME) 20*1024kB (UM) 9*2048kB (UM) 304*4096kB (UM) = 1363148kB [ 209.859456][ T7214] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 209.859574][ T7214] Node 1 Normal: 210*4kB (U) 52*8kB (UE) 32*16kB (UE) 209*32kB (UE) 106*64kB (UE) 26*128kB (UE) 17*256kB (UME) 9*512kB (UME) 5*1024kB (UM) 5*2048kB (UE) 941*4096kB (UM) = 3897224kB [ 209.859743][ T7214] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 209.859760][ T7214] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 209.859775][ T7214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 209.859792][ T7214] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 209.859809][ T7214] 47269 total pagecache pages [ 209.859818][ T7214] 0 pages in swap cache [ 209.859825][ T7214] Free swap = 124996kB [ 209.859833][ T7214] Total swap = 124996kB [ 209.859842][ T7214] 2097051 pages RAM [ 209.859850][ T7214] 0 pages HighMem/MovableOnly [ 209.859857][ T7214] 422079 pages reserved [ 209.859865][ T7214] 0 pages cma reserved [ 210.849210][ T37] audit: type=1326 audit(1757989241.440:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb489aeba9 code=0x7fc00000 [ 211.361209][ T37] audit: type=1326 audit(1757989241.960:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.4.546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feb489aeba9 code=0x7fc00000 [ 214.391273][ T7324] block nbd0: server does not support multiple connections per device. [ 214.392573][ T7324] block nbd0: shutting down sockets [ 215.712200][ T7348] netlink: 212296 bytes leftover after parsing attributes in process `syz.0.586'. [ 218.365203][ T5936] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 218.525196][ T5936] usb 3-1: unable to get BOS descriptor or descriptor too short [ 218.528008][ T5936] usb 3-1: not running at top speed; connect to a high speed hub [ 218.532238][ T5936] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.532266][ T5936] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 218.559729][ T5936] usb 3-1: string descriptor 0 read error: -22 [ 218.559900][ T5936] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 218.559921][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.664033][ T5936] usb 3-1: 0:2 : does not exist [ 219.187097][ T7400] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa) [ 219.568781][ T7408] tap0: tun_chr_ioctl cmd 1074025675 [ 219.568809][ T7408] tap0: persist disabled [ 219.574803][ T5936] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 219.591848][ T5936] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 219.596622][ T7410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.614'. [ 219.596674][ T7410] netlink: 'syz.4.614': attribute type 30 has an invalid length. [ 219.599731][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.614'. [ 219.710641][ T5936] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 219.822414][ T5936] usb 3-1: USB disconnect, device number 7 [ 220.113012][ T7418] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 221.819172][ T7448] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 7448 comm: syz.4.631) [ 221.854217][ T37] audit: type=1800 audit(1757989252.420:450): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.631" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=15575 res=0 errno=0 [ 222.802484][ T7463] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 222.856151][ T7463] macsec1: entered promiscuous mode [ 222.856645][ T7463] macsec1: entered allmulticast mode [ 222.856667][ T7463] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 222.954784][ T7461] block device autoloading is deprecated and will be removed. [ 223.854610][ T5858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 223.894460][ T5858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 223.907885][ T5858] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 223.935440][ T5858] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 223.940124][ T5858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 224.549688][ T7489] bridge_slave_1: left allmulticast mode [ 224.549731][ T7489] bridge_slave_1: left promiscuous mode [ 224.550078][ T7489] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.657887][ T7489] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 225.334066][ T7507] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.657'. [ 225.735715][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.086453][ T5858] Bluetooth: hci5: command tx timeout [ 226.264711][ T7526] loop6: detected capacity change from 0 to 524288000 [ 226.299138][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.366767][ T7526] loop6: detected capacity change from 524288000 to 1 [ 226.890986][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.255674][ T7548] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 227.284770][ T7550] IPv6: Can't replace route, no match found [ 227.495419][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.175520][ T59] Bluetooth: hci5: command tx timeout [ 228.267262][ T7480] chnl_net:caif_netlink_parms(): no params data found [ 228.636347][ T1357] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 228.949502][ T1140] bridge_slave_1: left allmulticast mode [ 228.950063][ T1140] bridge_slave_1: left promiscuous mode [ 228.956834][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.214099][ T59] Bluetooth: hci1: command 0x0406 tx timeout [ 229.214255][ T59] Bluetooth: hci2: command 0x0406 tx timeout [ 229.214288][ T59] Bluetooth: hci3: command 0x0406 tx timeout [ 229.304920][ T1140] bridge_slave_0: left allmulticast mode [ 229.314773][ T1140] bridge_slave_0: left promiscuous mode [ 229.316642][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.245207][ T5163] Bluetooth: hci5: command tx timeout [ 232.075293][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 232.328553][ T5163] Bluetooth: hci5: command tx timeout [ 232.367971][ T10] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 232.368006][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.374428][ T10] usb 4-1: config 0 descriptor?? [ 232.690601][ T10] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 232.897166][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 232.942294][ T10] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 232.942324][ T10] [drm] Initialized udl on minor 2 [ 232.997507][ T10] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 233.021074][ T10] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 233.065655][ T10] usb 4-1: USB disconnect, device number 4 [ 233.083315][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 233.084442][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 234.158928][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 234.256411][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 234.293357][ T1140] bond0 (unregistering): Released all slaves [ 234.828961][ T7480] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.829443][ T7480] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.829770][ T7480] bridge_slave_0: entered allmulticast mode [ 234.858261][ T7480] bridge_slave_0: entered promiscuous mode [ 234.887437][ T7480] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.902569][ T7480] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.902897][ T7480] bridge_slave_1: entered allmulticast mode [ 234.919741][ T7480] bridge_slave_1: entered promiscuous mode [ 235.593570][ T7699] netlink: 20 bytes leftover after parsing attributes in process `syz.4.740'. [ 235.986086][ T7480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.017277][ T7480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.886699][ T7480] team0: Port device team_slave_0 added [ 236.941811][ T7480] team0: Port device team_slave_1 added [ 237.061766][ T7730] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input13 [ 237.826277][ T7742] netlink: 12 bytes leftover after parsing attributes in process `syz.4.759'. [ 237.826312][ T7742] netlink: 12 bytes leftover after parsing attributes in process `syz.4.759'. [ 239.649368][ T7760] sock: sock_set_timeout: `syz.0.766' (pid 7760) tries to set negative timeout [ 269.498322][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 269.660928][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.292204][ T5862] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 330.293837][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 330.297026][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 330.304267][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 330.305220][ T5862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 337.153016][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 338.743166][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 339.153772][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 340.842086][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 343.472550][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 348.739309][ T5163] Bluetooth: hci4: command tx timeout [ 351.179480][ T5163] Bluetooth: hci4: command tx timeout [ 353.270401][ T5163] Bluetooth: hci4: command tx timeout [ 355.326918][ T5163] Bluetooth: hci4: command tx timeout [ 361.796225][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 364.647476][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 375.264069][ T5163] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 375.267730][ T5163] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 375.269217][ T5163] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 376.254425][ T5163] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 376.265318][ T5163] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 381.388671][ T5858] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 383.947827][ T38] INFO: task kworker/u8:5:69 blocked for more than 143 seconds. [ 383.947860][ T38] Not tainted syzkaller #0 [ 383.947872][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 383.947883][ T38] task:kworker/u8:5 state:D stack:20264 pid:69 tgid:69 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 383.947949][ T38] Workqueue: cfg80211 cfg80211_dfs_channels_update_work [ 383.948005][ T38] Call Trace: [ 383.948014][ T38] [ 383.948038][ T38] __schedule+0x16f3/0x4c20 [ 383.948094][ T38] ? unwind_next_frame+0xa5/0x2390 [ 383.948139][ T38] ? __pfx___schedule+0x10/0x10 [ 383.948199][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.948234][ T38] rt_mutex_schedule+0x77/0xf0 [ 383.948257][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 383.948283][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 383.948330][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 383.948374][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 383.948400][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 383.948421][ T38] ? __lock_acquire+0xab9/0xd20 [ 383.948464][ T38] ? cfg80211_dfs_channels_update_work+0xb6/0x630 [ 383.948493][ [ 383.948493][ T38] ? __lock_acquire+0xab9/0xd20 [ 383.948532][ T38] ? cfg80211_dfs_channels_update_work+0xb6/0x630 [ 383.948556][ T38] mutex_lock_nested+0x16a/0x1d0 [ 383.948589][ T38] cfg80211_dfs_channels_update_work+0xb6/0x630 [ 383.948621][ T38] ? __lock_acquire+0xab9/0xd20 [ 383.948661][ T38] ? __pfx_cfg80211_dfs_channels_update_work+0x10/0x10 [ 383.948697][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.948725][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 383.948758][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 383.948786][ T38] process_scheduled_works+0xade/0x17b0 [ 383.948848][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 383.948897][ T38] worker_thread+0x8a0/0xda0 [ 383.948956][ T38] kthread+0x70e/0x8a0 [ 383.948992][ T38] ? __pfx_worker_thread+0x10/0x10 [ 383.949019][ T38] ? __pfx_kthread+0x10/0x10 [ 383.949056][ T38] ? __pfx_kthread+0x10/0x10 [ 383.949088][ T38] ret_from_fork+0x439/0x7d0 [ 383.949121][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 383.949156][ T38] ? __switch_to_asm+0x39/0x70 [ 383.949185][ T38] ? __switch_to_asm+0x33/0x70 [ 383.949203][ T38] ? __pfx_kthread+0x10/0x10 [ 383.949235][ T38] ret_from_fork_asm+0x1a/0x30 [ 383.949276][ T38] [ 383.949353][ T38] INFO: task kworker/u8:20:1499 blocked for more than 143 seconds. [ 383.949368][ T38] Not tainted syzkaller #0 [ 383.949378][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 383.949389][ T38] task:kworker/u8:20 state:D stack:20264 pid:1499 tgid:1499 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 383.949468][ T38] Workqueue: events_unbound linkwatch_event [ 383.949494][ T38] Call Trace: [ 383.949501][ T38] [ 383.949514][ T38] __schedule+0x16f3/0x4c20 [ 383.949574][ T38] ? __pfx___schedule+0x10/0x10 [ 383.949625][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.949659][ T38] rt_mutex_schedule+0x77/0xf0 [ 383.949679][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 383.949704][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 383.949751][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 383.949779][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 383.949806][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 383.949845][ T38] ? linkwatch_event+0xe/0x60 [ 383.949874][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 383.949906][ T38] ? linkwatch_event+0xe/0x60 [ 383.949925][ T38] mutex_lock_nested+0x16a/0x1d0 [ 383.949958][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.949987][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 383.950016][ T38] linkwatch_event+0xe/0x60 [ 383.950036][ T38] process_scheduled_works+0xade/0x17b0 [ 383.950098][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 383.950144][ T38] worker_thread+0x8a0/0xda0 [ 383.950183][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 383.950224][ T38] ? __kthread_parkme+0x7b/0x200 [ 383.950264][ T38] kthread+0x70e/0x8a0 [ 383.950299][ T38] ? __pfx_worker_thread+0x10/0x10 [ 383.950325][ T38] ? __pfx_kthread+0x10/0x10 [ 383.950363][ T38] ? __pfx_kthread+0x10/0x10 [ 383.950401][ T38] ret_from_fork+0x439/0x7d0 [ 383.950430][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 383.950465][ T38] ? __switch_to_asm+0x39/0x70 [ 383.950484][ T38] ? __switch_to_asm+0x33/0x70 [ 383.950502][ T38] ? __pfx_kthread+0x10/0x10 [ 383.950535][ T38] ret_from_fork_asm+0x1a/0x30 [ 383.950575][ T38] [ 383.950725][ T38] [ 383.950725][ T38] Showing all locks held in the system: [ 383.950741][ T38] 4 locks held by kworker/0:0/9: [ 383.950758][ T38] #0: ffff88805ce84538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 383.950839][ T38] #1: ffffc900000e7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 383.950894][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.950949][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.951004][ T38] 4 locks held by kworker/0:1/10: [ 383.951016][ T38] #0: ffff88805ce84538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 383.951084][ T38] #1: ffffc900000f7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 383.951159][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.951219][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.951272][ T38] 5 locks held by kworker/u8:0/12: [ 383.951284][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 383.951337][ T38] #1: ffffc90000117bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 383.951390][ T38] #2: ffff88804b2b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 383.951446][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.951498][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.951552][ T38] 4 locks held by kworker/u8:1/13: [ 383.951564][ T38] #0: ffff88805c935938 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 383.951617][ T38] #1: ffffc90000127bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 383.951671][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.951724][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.951777][ T38] 2 locks held by ksoftirqd/0/15: [ 383.951789][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.951840][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.951894][ T38] 7 locks held by ktimers/0/16: [ 383.951907][ T38] 2 locks held by rcuc/1/28: [ 383.951918][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 383.951969][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 383.952022][ T38] 2 locks held by ksoftirqd/1/30: [ 383.952035][ T38] 1 lock held by khungtaskd/38: [ 383.952045][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 383.952096][ T38] 4 locks held by kworker/1:1/49: [ 383.952108][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.463532][ T38] #1: ffffc90000bb7bc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.463618][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.463674][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.463732][ T38] 4 locks held by kworker/u8:3/57: [ 384.463746][ T38] #0: ffff88805ccb1938 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.463823][ T38] #1: ffffc9000123fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.463877][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.463929][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.463985][ T38] 5 locks held by kworker/u8:4/67: [ 384.463997][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.464050][ T38] #1: ffffc9000152fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.464103][ T38] #2: ffff88805ed50898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 384.464160][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.464213][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.464267][ T38] 3 locks held by kworker/u8:5/69: [ 384.464287][ T38] #0: ffff888144697938 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.464346][ T38] #1: ffffc9000154fbc0 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.464400][ T38] #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_dfs_channels_update_work+0xb6/0x630 [ 384.464481][ T38] 4 locks held by kworker/u8:6/1140: [ 384.464492][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.464543][ T38] #1: ffffc90004ddfbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.464594][ T38] #2: ffffffff8ecc6700 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 384.464652][ T38] #3: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 384.464702][ T38] 4 locks held by kworker/u8:7/1164: [ 384.464714][ T38] #0: ffff88814d949938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.464766][ T38] #1: ffffc90004e7fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.464820][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.464925][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.464976][ T38] 4 locks held by kworker/u8:8/1170: [ 384.464988][ T38] #0: ffff88803616a938 ((wq_completion)wg-kex-wg2#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.465047][ T38] #1: ffffc90004e6fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.465101][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.465153][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.465212][ T38] 2 locks held by aoe_tx0/1318: [ 384.465224][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.465285][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.465338][ T38] 6 locks held by kworker/u8:9/1341: [ 384.465350][ T38] #0: ffff88805c936938 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.465408][ T38] #1: ffffc900053afbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.465461][ T38] #2: ffff888031dc15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.465517][ T38] #3: ffff88804a18a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.465567][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.465617][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.465670][ T38] 7 locks held by kworker/u8:10/1344: [ 384.465682][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.465733][ T38] #1: ffffc9000516fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.465788][ T38] #2: ffff888026c3a300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 384.465854][ T38] #3: ffff88804a21a120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 384.465911][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 384.465964][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.466016][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.466068][ T38] 4 locks held by kworker/u8:11/1347: [ 384.466087][ T38] #0: ffff88805c933938 ((wq_completion)wg-kex-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.466141][ T38] #1: ffffc900053cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.466212][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.466270][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.466331][ T38] 5 locks held by kworker/u8:13/1352: [ 384.466342][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.466394][ T38] #1: ffffc9000542fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.466446][ T38] #2: ffff888048850898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 384.466500][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.466549][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.466602][ T38] 5 locks held by kworker/u8:14/1353: [ 384.466614][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.466665][ T38] #1: ffffc9000540fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.466718][ T38] #2: ffff88805ea70898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 384.466772][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.466822][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.466874][ T38] 5 locks held by kworker/u8:16/1357: [ 384.466886][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.466938][ T38] #1: ffffc9000546fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.466991][ T38] #2: ffff88805e690898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 384.467044][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.467096][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.467148][ T38] 5 locks held by kworker/u8:17/1359: [ 384.467160][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.467212][ T38] #1: ffffc9000548fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.467265][ T38] #2: ffff88805f100898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 384.467327][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.467378][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.467430][ T38] 3 locks held by kworker/u8:18/1361: [ 384.467443][ T38] #0: ffff88814d192938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.467495][ T38] #1: ffffc900054afbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.467544][ T38] #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 384.467599][ T38] 6 locks held by kworker/u8:19/1380: [ 384.467610][ T38] #0: ffff888030c2a138 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.467662][ T38] #1: ffffc9000531fbc0 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.467715][ T38] #2: ffff8880376a8078 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x15e/0x680 [ 384.467767][ T38] #3: ffff888063754f90 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: __inet_bind+0x392/0xa90 [ 384.467818][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.467868][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.467921][ T38] 3 locks held by kworker/u8:20/1499: [ 384.467933][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.467986][ T38] #1: ffffc9000594fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.468038][ T38] #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 384.468105][ T38] 6 locks held by kworker/u8:21/3662: [ 384.468124][ T38] #0: ffff88805c935938 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.468176][ T38] #1: ffffc9000d93fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.468234][ T38] #2: ffff88805ca455f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.468293][ T38] #3: ffff88804a1c0e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.468340][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.468385][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.468436][ T38] 3 locks held by dhcpcd/5510: [ 384.468448][ T38] #0: ffff88805e95ba50 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xc2f/0x2a70 [ 384.468504][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.468553][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.468606][ T38] 2 locks held by getty/5606: [ 384.468618][ T38] #0: ffff88823bf7c8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 384.468678][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 384.468732][ T38] 1 lock held by syz-executor/5835: [ 384.468747][ T38] 4 locks held by kworker/0:3/5865: [ 384.468759][ T38] #0: ffff88805ce87138 ((wq_completion)wg-kex-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.468816][ T38] #1: ffffc90004b6fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.468883][ T38] #2: ffff8880394fd5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 384.468936][ T38] #3: ffff88804a1c6350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 384.468994][ T38] 4 locks held by kworker/0:4/5922: [ 384.469005][ T38] #0: ffff88805ce84138 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.469064][ T38] #1: ffffc90004eefbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.469132][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.469185][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.469240][ T38] 4 locks held by kworker/0:5/5933: [ 384.469251][ T38] #0: ffff88805cefe138 ((wq_completion)wg-kex-wg2#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.469320][ T38] #1: ffffc9000506fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.469388][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.469440][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.469494][ T38] 4 locks held by kworker/0:6/5948: [ 384.469506][ T38] #0: ffff88805ca04d38 ((wq_completion)wg-crypt-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.469569][ T38] #1: ffffc9000514fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.469638][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.469690][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.469744][ T38] 4 locks held by kworker/1:7/6059: [ 384.469756][ T38] #0: ffff88805cfea138 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.469814][ T38] #1: ffffc9000593fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.469882][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.469934][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.469986][ T38] 2 locks held by syz-executor/7480: [ 384.469998][ T38] #0: ffffffff8e43b760 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 384.470061][ T38] #1: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 384.470118][ T38] 5 locks held by kworker/0:7/7750: [ 384.470130][ T38] #0: ffff888036635d38 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.470187][ T38] #1: ffffc900042ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.470255][ T38] #2: ffff888031dc55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 384.470315][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.470367][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.470421][ T38] 7 locks held by kworker/0:8/7752: [ 384.470443][ T38] 6 locks held by kworker/0:9/7753: [ 384.470455][ T38] #0: ffff88805cfeb938 ((wq_completion)wg-kex-wg1#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.470512][ T38] #1: ffffc900043ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.470578][ T38] #2: ffff8880286e55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 384.470630][ T38] #3: ffff888049262e58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 384.470681][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.470732][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.470786][ T38] 2 locks held by syz.0.774/7777: [ 384.470798][ T38] #0: ffff88801a78e910 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 384.470853][ T38] #1: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200 [ 384.470907][ T38] 1 lock held by syz.3.776/7781: [ 384.470925][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0xcb8/0x1b60 [ 384.470980][ T38] 2 locks held by syz.2.779/7788: [ 384.470992][ T38] #0: ffffffff8ed39600 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 384.471039][ T38] #1: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930 [ 384.471089][ T38] 4 locks held by kworker/0:10/7799: [ 384.471102][ T38] 3 locks held by kworker/1:8/7801: [ 384.471114][ T38] 7 locks held by kworker/u8:23/7802: [ 384.471126][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.471178][ T38] #1: ffffc900050bfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.471232][ T38] #2: ffff88804a05d300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 384.471301][ T38] #3: ffff888049fd8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 384.471359][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 384.471410][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.471462][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.471514][ T38] 4 locks held by kworker/0:11/7803: [ 384.471525][ T38] #0: ffff88805c893538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.471583][ T38] #1: ffffc9000510fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.471651][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.471703][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.471756][ T38] 4 locks held by kworker/u8:24/7804: [ 384.471767][ T38] #0: ffff888038a4d938 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.471824][ T38] #1: ffffc9000515fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.471877][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.471929][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.471982][ T38] 7 locks held by kworker/u8:25/7805: [ 384.471993][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.472047][ T38] #1: ffffc900051afbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.472101][ T38] #2: ffff888037669300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 384.472158][ T38] #3: ffff8880361c3d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 384.472216][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 384.472267][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.472326][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.472380][ T38] 4 locks held by kworker/1:9/7806: [ 384.472392][ T38] #0: ffff888036635538 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.472449][ T38] #1: ffffc900051bfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.472527][ T38] #2: ffff888031dc15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 384.472580][ T38] #3: ffff88804a189928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 384.472633][ T38] 6 locks held by kworker/u8:26/7807: [ 384.472645][ T38] #0: ffff888035f0a938 ((wq_completion)wg-kex-wg1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.472702][ T38] #1: ffffc900040efbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.472756][ T38] #2: ffff88803602d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.472808][ T38] #3: ffff88804a1c2e58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.472858][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.472911][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.472965][ T38] 1 lock held by dhcpcd/7810: [ 384.472976][ T38] #0: ffff88805df1ccb8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 384.473033][ T38] 4 locks held by kworker/u8:27/7811: [ 384.473045][ T38] #0: ffff888035676938 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.473102][ T38] #1: ffffc900051ffbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.473156][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.473208][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.473262][ T38] 6 locks held by kworker/1:11/7812: [ 384.473281][ T38] #0: ffff88805cffad38 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.473340][ T38] #1: ffffc9000415fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.473408][ T38] #2: ffff8880367295f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 384.473461][ T38] #3: ffff888049260e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 384.473513][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.473564][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.473618][ T38] 4 locks held by kworker/0:12/7813: [ 384.473629][ T38] #0: ffff88805cb22538 ((wq_completion)wg-crypt-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.473687][ T38] #1: ffffc9000520fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.473740][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.473792][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.473845][ T38] 2 locks held by kworker/1:12/7814: [ 384.473858][ T38] 4 locks held by kworker/0:13/7815: [ 384.473869][ T38] #0: ffff88805ca04938 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.473927][ T38] #1: ffffc9000521fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.473995][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.474048][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.474102][ T38] 6 locks held by kworker/0:14/7816: [ 384.474114][ T38] #0: ffff888036635538 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.474172][ T38] #1: ffffc9000522fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.474240][ T38] #2: ffff888031dc15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 384.474300][ T38] #3: ffff88804a189928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 384.474355][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.474408][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.474464][ T38] 4 locks held by kworker/0:15/7818: [ 384.474477][ T38] #0: ffff88805cffad38 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.474533][ T38] #1: ffffc9000526fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.474602][ T38] #2: ffff8880367295f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 384.474656][ T38] #3: ffff888049260e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 384.474710][ T38] 4 locks held by kworker/0:16/7819: [ 384.474727][ T38] #0: ffff88805ce62138 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.474786][ T38] #1: ffffc9000527fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.474841][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.494983][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.495039][ T38] 4 locks held by kworker/0:18/7823: [ 384.495051][ T38] #0: ffff88805cb22138 ((wq_completion)wg-kex-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.495106][ T38] #1: ffffc900052cfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.495165][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.495211][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.495258][ T38] 4 locks held by kworker/u8:28/7824: [ 384.495269][ T38] #0: ffff888038a4d938 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.495328][ T38] #1: ffffc90004997bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.495376][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.495421][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.495469][ T38] 1 lock held by dhcpcd/7827: [ 384.495480][ T38] #0: ffff88805df1d378 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 384.495530][ T38] 4 locks held by kworker/1:16/7828: [ 384.495541][ T38] #0: ffff88805cfeb938 ((wq_completion)wg-kex-wg1#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.495591][ T38] #1: ffffc9000533fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.495649][ T38] #2: ffff8880286e55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 384.495697][ T38] #3: ffff888049262e58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 384.495742][ T38] 6 locks held by kworker/u8:31/7829: [ 384.495752][ T38] #0: ffff888038a48938 ((wq_completion)wg-kex-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.495802][ T38] #1: ffffc9000535fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.495849][ T38] #2: ffff8880394fd5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.495894][ T38] #3: ffff88804a1c6350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.495938][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.495983][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.496030][ T38] 4 locks held by kworker/1:17/7830: [ 384.496040][ T38] #0: ffff88805c891538 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.496089][ T38] #1: ffffc9000536fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.496149][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.496199][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.496248][ T38] 4 locks held by kworker/1:20/7834: [ 384.496258][ T38] #0: ffff88805ca04938 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.496314][ T38] #1: ffffc900053ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.496374][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.496418][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.496468][ T38] 6 locks held by kworker/u8:34/7843: [ 384.496479][ T38] #0: ffff88802fbac138 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.496529][ T38] #1: ffffc900058afbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.496576][ T38] #2: ffff8880313f15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.496622][ T38] #3: ffff88804a18b8f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.496666][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.496712][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.496757][ T38] 4 locks held by kworker/u8:35/7844: [ 384.496775][ T38] #0: ffff88805c936938 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.496824][ T38] #1: ffffc900058bfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.496871][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.496916][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.496963][ T38] 4 locks held by kworker/u8:36/7845: [ 384.496973][ T38] #0: ffff888038a48938 ((wq_completion)wg-kex-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.497021][ T38] #1: ffffc900058dfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.497067][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.497110][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.497157][ T38] 6 locks held by kworker/u8:37/7846: [ 384.497166][ T38] #0: ffff88802fbac138 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.497215][ T38] #1: ffffc900058efbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.497261][ T38] #2: ffff8880313f15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.497313][ T38] #3: ffff88804a18c388 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.497357][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.497402][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.497449][ T38] 6 locks held by kworker/u8:38/7847: [ 384.497460][ T38] #0: ffff888035676938 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 384.497509][ T38] #1: ffffc900058ffbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 384.497556][ T38] #2: ffff8880313f55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 384.497601][ T38] #3: ffff88804a1c4e20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 384.497646][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.497692][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.497738][ T38] 1 lock held by syz-executor/7848: [ 384.497748][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 384.497794][ T38] 1 lock held by dhcpcd/7852: [ 384.497805][ T38] #0: ffff888038c7e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 384.497855][ T38] 1 lock held by dhcpcd/7856: [ 384.497865][ T38] #0: ffff88803517e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 384.497910][ T38] 3 locks held by syz-executor/7857: [ 384.497920][ T38] #0: ffff88802471b350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_ioctl+0x247/0x910 [ 384.497975][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.498025][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.498072][ T38] 3 locks held by syz-executor/7859: [ 384.498082][ T38] #0: ffff88804a27d350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_ioctl+0x247/0x910 [ 384.498132][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 384.498176][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 384.498225][ T38] [ 384.498235][ T38] ============================================= [ 384.498235][ T38] [ 384.498257][ T38] NMI backtrace for cpu 0 [ 384.498282][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.498303][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.498314][ T38] Call Trace: [ 384.498340][ T38] [ 384.498348][ T38] dump_stack_lvl+0x189/0x250 [ 384.498385][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.498411][ T38] ? __pfx__printk+0x10/0x10 [ 384.498449][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 384.498476][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 384.498501][ T38] ? __pfx__printk+0x10/0x10 [ 384.498524][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 384.498551][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 384.498576][ T38] watchdog+0xf93/0xfe0 [ 384.498608][ T38] ? watchdog+0x1de/0xfe0 [ 384.498636][ T38] kthread+0x70e/0x8a0 [ 384.498666][ T38] ? __pfx_watchdog+0x10/0x10 [ 384.498687][ T38] ? __pfx_kthread+0x10/0x10 [ 384.498718][ T38] ? __pfx_kthread+0x10/0x10 [ 384.498744][ T38] ret_from_fork+0x439/0x7d0 [ 384.498770][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 384.498798][ T38] ? __switch_to_asm+0x39/0x70 [ 384.498814][ T38] ? __switch_to_asm+0x33/0x70 [ 384.498830][ T38] ? __pfx_kthread+0x10/0x10 [ 384.498856][ T38] ret_from_fork_asm+0x1a/0x30 [ 384.498889][ T38] [ 384.498896][ T38] Sending NMI from CPU 0 to CPUs 1: [ 384.498945][ C1] NMI backtrace for cpu 1 [ 384.498962][ C1] CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.498981][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.498990][ C1] RIP: 0010:io_serial_in+0x77/0xc0 [ 384.499024][ C1] Code: e8 ae 4e 7f fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 4f 89 de fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f e9 0a 81 bb 05 cc 44 89 f9 80 e1 07 [ 384.499039][ C1] RSP: 0018:ffffc90000167890 EFLAGS: 00000202 [ 384.499055][ C1] RAX: 1ffffffff3275c00 RBX: 00000000000003fd RCX: 0000000000000000 [ 384.499068][ C1] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000 [ 384.499078][ C1] RBP: ffffffff993ae870 R08: 0000000000000000 R09: 0000000000000000 [ 384.499089][ C1] R10: dffffc0000000000 R11: ffffffff853f1f10 R12: dffffc0000000000 [ 384.499101][ C1] R13: 0000000000000000 R14: ffffffff993ae5e0 R15: 0000000000000000 [ 384.499112][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 384.499126][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.499139][ C1] CR2: 00007f6f00d96d00 CR3: 0000000028442000 CR4: 00000000003526f0 [ 384.499156][ C1] Call Trace: [ 384.499169][ C1] [ 384.499177][ C1] wait_for_lsr+0x1a7/0x2f0 [ 384.499201][ C1] serial8250_console_write+0x1341/0x1b40 [ 384.499233][ C1] ? __pfx_serial8250_console_write+0x10/0x10 [ 384.499251][ C1] ? console_flush_all+0x13a/0xcd0 [ 384.499272][ C1] ? console_flush_all+0x476/0xcd0 [ 384.499291][ C1] console_flush_all+0x695/0xcd0 [ 384.499315][ C1] ? console_flush_all+0x13a/0xcd0 [ 384.499334][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 384.499353][ C1] ? __lock_acquire+0xab9/0xd20 [ 384.499379][ C1] __console_flush_and_unlock+0xa4/0x240 [ 384.499398][ C1] ? __pfx___console_flush_and_unlock+0x10/0x10 [ 384.499429][ C1] legacy_kthread_func+0x13b/0x1a0 [ 384.499450][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 384.499470][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 384.499490][ C1] ? __kthread_parkme+0x7b/0x200 [ 384.499511][ C1] ? __kthread_parkme+0x1a1/0x200 [ 384.499542][ C1] kthread+0x70e/0x8a0 [ 384.499565][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 384.499584][ C1] ? __pfx_kthread+0x10/0x10 [ 384.499608][ C1] ? __pfx_kthread+0x10/0x10 [ 384.499631][ C1] ret_from_fork+0x439/0x7d0 [ 384.499651][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 384.499674][ C1] ? __switch_to_asm+0x39/0x70 [ 384.499688][ C1] ? __switch_to_asm+0x33/0x70 [ 384.499702][ C1] ? __pfx_kthread+0x10/0x10 [ 384.499724][ C1] ret_from_fork_asm+0x1a/0x30 [ 384.499746][ C1] [ 384.499933][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 384.499946][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 384.499966][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 384.499976][ T38] Call Trace: [ 384.499984][ T38] [ 384.499991][ T38] dump_stack_lvl+0x99/0x250 [ 384.500017][ T38] ? __asan_memcpy+0x40/0x70 [ 384.500039][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.500064][ T38] ? __pfx__printk+0x10/0x10 [ 384.500095][ T38] vpanic+0x281/0x750 [ 384.500129][ T38] ? __pfx_vpanic+0x10/0x10 [ 384.500151][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 384.500171][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.500208][ T38] panic+0xb9/0xc0 [ 384.500231][ T38] ? __pfx_panic+0x10/0x10 [ 384.500259][ T38] ? irq_work_queue+0xc3/0x140 [ 384.500294][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 384.500318][ T38] watchdog+0xfd2/0xfe0 [ 384.500345][ T38] ? watchdog+0x1de/0xfe0 [ 384.500373][ T38] kthread+0x70e/0x8a0 [ 384.500401][ T38] ? __pfx_watchdog+0x10/0x10 [ 384.500424][ T38] ? __pfx_kthread+0x10/0x10 [ 384.500454][ T38] ? __pfx_kthread+0x10/0x10 [ 384.500481][ T38] ret_from_fork+0x439/0x7d0 [ 384.500506][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 384.500535][ T38] ? __switch_to_asm+0x39/0x70 [ 384.500551][ T38] ? __switch_to_asm+0x33/0x70 [ 384.500567][ T38] ? __pfx_kthread+0x10/0x10 [ 384.500593][ T38] ret_from_fork_asm+0x1a/0x30 [ 384.500625][ T38] [ 384.500984][ T38] Kernel Offset: disabled