last executing test programs: 3m23.62955817s ago: executing program 0 (id=158): socket$inet6_sctp(0xa, 0x5, 0x84) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r1, &(0x7f00000022c0)=""/4089, 0xff9, 0x10002, 0x0, 0x0) 3m23.079329538s ago: executing program 0 (id=159): socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x0, 0x8, 0x8001, 0x0, 0xaf, 0x0, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 3m21.495212145s ago: executing program 0 (id=161): syz_open_dev$dri(&(0x7f0000000600), 0x2, 0x38040) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x9}], 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r2, 0xb) accept4(r2, 0x0, 0x0, 0x80000) 3m20.011123391s ago: executing program 0 (id=166): mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0) mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0) 3m19.845452574s ago: executing program 0 (id=169): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x111, 0x5}}, 0x20) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x8000001, &(0x7f0000000300), 0x2, 0x1}}, 0x20) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 3m18.903811934s ago: executing program 0 (id=175): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000600)={0x48, 0x8, r2, 0x0, 0x2, 0x1, &(0x7f0000000100)='i', 0x4}) 3m18.788479138s ago: executing program 32 (id=175): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000600)={0x48, 0x8, r2, 0x0, 0x2, 0x1, &(0x7f0000000100)='i', 0x4}) 1m36.294442076s ago: executing program 1 (id=360): socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$IPC_RMID(0x0, 0x0) 1m32.281854049s ago: executing program 1 (id=364): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d697400"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1m31.519417167s ago: executing program 1 (id=365): add_key$fscrypt_provisioning(&(0x7f0000000300), 0x0, &(0x7f00000003c0)=ANY=[], 0x18, 0xffffffffffffffff) 1m31.199707131s ago: executing program 1 (id=366): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="c40000001900674c2cbd70000000000000000000000000000000000000000000ac1eff0100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000000000000000020000000000000000000000000000000000000000000008000000000000000000000000000fcffffffffffffff0000000000000000b0ac00000000000000000000000000000000000000000000000400000000000000000002000000000a00100001"], 0xc4}}, 0x4c050) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0100001300010100000000000000002001000000000000000000000000000100000000000000000000ffff7f001d010000000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000401000000000000feffffff0000000000000000000000008400050020010000000000000000000000000001000000002b0000000a000000000000000000000000000000000000000040000001000000040000007f00000000000000fc020000000000000000000000000000000000002b"], 0x13c}}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 1m29.391571735s ago: executing program 1 (id=369): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x3, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0xfffffffd, 0x4) connect$inet6(r1, 0x0, 0x0) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000000)) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f0000c75000/0x4000)=nil, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f42000) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x4, 0x2, 0x2, 0x4}}, 0x26) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x2, &(0x7f0000000280)=0x54f, 0x4) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1m28.433280086s ago: executing program 1 (id=373): socket(0xa, 0x3, 0x3a) r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000021c0)=[{0xf, 0x9, 0x7, 0x7fff0000}]}) r3 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) shmctl$IPC_RMID(r3, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) flock(r0, 0x2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2020) syz_open_dev$loop(&(0x7f0000002280), 0xffff, 0x121ac3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002240)=ANY=[], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) r6 = semget$private(0x0, 0x6, 0x0) semtimedop(r6, &(0x7f00000003c0)=[{0x2, 0x9, 0x1800}], 0x1, 0x0) semop(r6, &(0x7f0000000240)=[{0x1, 0x0, 0x800}, {0x2, 0x0, 0x2000}], 0x2) semop(r6, &(0x7f0000000140)=[{0x1, 0xfff, 0x1800}, {0x4, 0x0, 0x800}], 0x2) 1m13.187981963s ago: executing program 33 (id=373): socket(0xa, 0x3, 0x3a) r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000021c0)=[{0xf, 0x9, 0x7, 0x7fff0000}]}) r3 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) shmctl$IPC_RMID(r3, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) flock(r0, 0x2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2020) syz_open_dev$loop(&(0x7f0000002280), 0xffff, 0x121ac3) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002240)=ANY=[], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) r6 = semget$private(0x0, 0x6, 0x0) semtimedop(r6, &(0x7f00000003c0)=[{0x2, 0x9, 0x1800}], 0x1, 0x0) semop(r6, &(0x7f0000000240)=[{0x1, 0x0, 0x800}, {0x2, 0x0, 0x2000}], 0x2) semop(r6, &(0x7f0000000140)=[{0x1, 0xfff, 0x1800}, {0x4, 0x0, 0x800}], 0x2) 39.964337184s ago: executing program 2 (id=404): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000000280)='L', 0x1) readv(0xffffffffffffffff, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000140)=""/224, 0xe0}, {&(0x7f0000002380)=""/4099, 0x1003}, {&(0x7f0000000080)=""/168, 0xa8}, {0x0}], 0x5) syz_usb_disconnect(r0) 35.62605105s ago: executing program 2 (id=405): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x110, 0xd, {0x0, @dev={0xac, 0x14, 0x14, 0xc}, @multicast2}}}], 0x20}, 0x0) 34.779047757s ago: executing program 2 (id=407): sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fbd3df2502"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40000) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="8c0000000206010200000000400000000a00000805000100060000000900020073797a310000000050000708060005404e22000005001500fc000000080017400000000408000a400000000108000b4000000005180001801400024000000000000000000000ffffffffffff0c00008008000140ac14141913000300686173683a6e65742c69"], 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0) write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14) socket$netlink(0x10, 0x3, 0x5) 34.065598165s ago: executing program 3 (id=408): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000940)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x6, "ba0e194041ea"}, 0x9) write$nci(r0, &(0x7f0000000780)=ANY=[@ANYBLOB='$]\n'], 0x5) read$nci(r0, 0x0, 0x0) 28.57943454s ago: executing program 3 (id=409): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x1f) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x5b) keyctl$revoke(0x3, r0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79b2, 0x3180, 0x1, 0x283}, 0x0, 0x0, 0x0) r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c000090400000207010100090501020002"], 0x0) syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev2(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x40, [0x8000, 0xc95a, 0xe, 0x8, 0x84, 0x2, 0x3, 0x10007f, 0x20000006, 0x4b, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x200, 0x1, 0x7, 0x200, 0x3e, 0x2, 0xff, 0x6, 0xc, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000009, 0x9, 0x8000012f, 0x8004, 0x1, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x8, 0x6c7, 0x9, 0xfffffffc, 0x8, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x30e, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f3c, 0xd, 0x100004e0, 0x2, 0x4, 0xb, 0x8001, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0xffffffff, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0x7f, 0x100, 0x8d2, 0x9, 0x3, 0x7fff, 0x0, 0x5, 0x9, 0x4, 0x6, 0xfffffffd, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0xbe7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x2, 0x38, 0x800003, 0x200, 0x0, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x6, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0xfffffff9, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x80009, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0xfffffffe, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x6, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7ff, 0x2, 0x5, 0x1, 0x2, 0x14d, 0x60a7, 0x16, 0x96, 0xfffffffe, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x3f00000000000000) 28.203352526s ago: executing program 2 (id=410): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r0, 0xffffffffffffffff, 0x0) 21.714542533s ago: executing program 3 (id=411): socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket(0x840000000002, 0x3, 0xff) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0) 21.714314726s ago: executing program 2 (id=412): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc778000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000680)=""/233, 0xe9}], 0x1}, 0x0) 19.625282838s ago: executing program 3 (id=413): prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000080), 0x4) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) 18.513207971s ago: executing program 2 (id=414): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 17.775971935s ago: executing program 3 (id=415): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000600)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000280)={0x0, 0x2, 0xffffffffffffffff, 0x0, 0x80000}) syz_emit_vhci(&(0x7f0000001ac0)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{}, {0x9, 0xc8}}}, 0x102) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x8, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) readv(r1, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1) close_range(r1, r1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) 17.338735263s ago: executing program 3 (id=416): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "000000000100007f", "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x38) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000145f405e04bd84be89010403010902240001000000000904ed0002ff5d810009050303000000050009058a03"], 0x0) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0xffff, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24008011}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r1 = syz_open_dev$vbi(&(0x7f0000000580), 0x3, 0x2) ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000200)={0x5}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r4) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000080)={0x0, 0x6c, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000047400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) recvmmsg(r3, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000001e40)=""/104, 0x45}], 0x2}, 0x2}], 0x1, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000780)=[{{0x0, 0xfdfc, &(0x7f0000000180)=[{&(0x7f0000000340)="338f92feb0ccf6426223d4849e72aff47107a29568e13380965512367fd7a3039176ce22891da5bd1335a5408c12483bdef1209f875c6b1141a0787bcdd6424d3e5ef21ebd1c9cc264d5f4f3857a0955c9cf38ad6c747465cb45e56cae259a135cea425180fefaead0a3a0f2724e7afbe959f514c6eca6b07674708aea4fb504bd", 0x1}, {&(0x7f0000000100)="127d589163267e4b0eda2e4186729989fdd2e24baac09a37b374a16c27a136d37e08121d3864d6559759e5bfba0a1c8b2c7d20228827e09902302ddc29760ee36ce64699", 0x44}], 0x2}}], 0x1, 0x220e00cc) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02180000100000000000000000000000030006000000000002004e23000000000000000000000000080012000000000000000000000000001700000000000000000000000000000002000000000000000000000000000000fe800000000000000000000000000000030005000000000002"], 0x80}}, 0x0) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000000007061d080cb27cbc00000000020000020900010007"], 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x800) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x42c0, 0x0) ioctl$PPPIOCGDEBUG(r7, 0x80047441, &(0x7f0000000300)) 2.473251041s ago: executing program 34 (id=414): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 0s ago: executing program 35 (id=416): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "000000000100007f", "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x38) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000145f405e04bd84be89010403010902240001000000000904ed0002ff5d810009050303000000050009058a03"], 0x0) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0xffff, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24008011}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r1 = syz_open_dev$vbi(&(0x7f0000000580), 0x3, 0x2) ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000200)={0x5}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r4) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000080)={0x0, 0x6c, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000047400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) recvmmsg(r3, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000001e40)=""/104, 0x45}], 0x2}, 0x2}], 0x1, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000780)=[{{0x0, 0xfdfc, &(0x7f0000000180)=[{&(0x7f0000000340)="338f92feb0ccf6426223d4849e72aff47107a29568e13380965512367fd7a3039176ce22891da5bd1335a5408c12483bdef1209f875c6b1141a0787bcdd6424d3e5ef21ebd1c9cc264d5f4f3857a0955c9cf38ad6c747465cb45e56cae259a135cea425180fefaead0a3a0f2724e7afbe959f514c6eca6b07674708aea4fb504bd", 0x1}, {&(0x7f0000000100)="127d589163267e4b0eda2e4186729989fdd2e24baac09a37b374a16c27a136d37e08121d3864d6559759e5bfba0a1c8b2c7d20228827e09902302ddc29760ee36ce64699", 0x44}], 0x2}}], 0x1, 0x220e00cc) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02180000100000000000000000000000030006000000000002004e23000000000000000000000000080012000000000000000000000000001700000000000000000000000000000002000000000000000000000000000000fe800000000000000000000000000000030005000000000002"], 0x80}}, 0x0) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000000007061d080cb27cbc00000000020000020900010007"], 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x800) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x42c0, 0x0) ioctl$PPPIOCGDEBUG(r7, 0x80047441, &(0x7f0000000300)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts. [ 70.978718][ T5593] cgroup: Unknown subsys name 'net' [ 71.219438][ T5593] cgroup: Unknown subsys name 'cpuset' [ 71.275809][ T5593] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 72.873966][ T5593] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.126317][ T5606] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.137930][ T5606] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.143059][ T5606] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.144257][ T5606] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.144933][ T5606] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.228722][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.250189][ T5613] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.269517][ T5613] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.288677][ T5616] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.309951][ T5613] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.311102][ T5613] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.312858][ T5613] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.313909][ T5613] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.329092][ T5616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.333329][ T5616] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.334070][ T5616] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.337913][ T5606] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.339306][ T5606] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.340850][ T5606] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.341795][ T5606] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.032719][ T5604] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.035060][ T5604] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.035224][ T5604] bridge_slave_0: entered allmulticast mode [ 77.039779][ T5604] bridge_slave_0: entered promiscuous mode [ 77.084027][ T5604] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.084290][ T5604] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.084447][ T5604] bridge_slave_1: entered allmulticast mode [ 77.087161][ T5604] bridge_slave_1: entered promiscuous mode [ 77.157536][ T60] Bluetooth: hci0: command tx timeout [ 77.221270][ T5604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.221630][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.221965][ T5608] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.222247][ T5608] bridge_slave_0: entered allmulticast mode [ 77.224384][ T5608] bridge_slave_0: entered promiscuous mode [ 77.265750][ T5604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.266112][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.266280][ T5608] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.266424][ T5608] bridge_slave_1: entered allmulticast mode [ 77.268336][ T5608] bridge_slave_1: entered promiscuous mode [ 77.391570][ T5610] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.391835][ T5610] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.392056][ T5610] bridge_slave_0: entered allmulticast mode [ 77.393982][ T5610] bridge_slave_0: entered promiscuous mode [ 77.396801][ T5609] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.396919][ T60] Bluetooth: hci3: command tx timeout [ 77.397052][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.397261][ T5609] bridge_slave_0: entered allmulticast mode [ 77.401510][ T5609] bridge_slave_0: entered promiscuous mode [ 77.411628][ T5604] team0: Port device team_slave_0 added [ 77.421341][ T5608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.422398][ T5610] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.422650][ T5610] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.423222][ T5610] bridge_slave_1: entered allmulticast mode [ 77.427417][ T5610] bridge_slave_1: entered promiscuous mode [ 77.429964][ T5609] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.430234][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.430441][ T5609] bridge_slave_1: entered allmulticast mode [ 77.433605][ T5609] bridge_slave_1: entered promiscuous mode [ 77.440726][ T5604] team0: Port device team_slave_1 added [ 77.448089][ T5608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.475433][ T60] Bluetooth: hci1: command tx timeout [ 77.475570][ T60] Bluetooth: hci2: command tx timeout [ 77.597944][ T5610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.602013][ T5609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.603775][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.603784][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.603797][ T5604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.610077][ T5608] team0: Port device team_slave_0 added [ 77.616766][ T5610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.621893][ T5609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.623742][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.623753][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.623775][ T5604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.630366][ T5608] team0: Port device team_slave_1 added [ 78.011355][ T5610] team0: Port device team_slave_0 added [ 78.013818][ T5609] team0: Port device team_slave_0 added [ 78.018849][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.018861][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.018884][ T5608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.024565][ T5610] team0: Port device team_slave_1 added [ 78.029259][ T5609] team0: Port device team_slave_1 added [ 78.053005][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.053020][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.053044][ T5608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.160149][ T5604] hsr_slave_0: entered promiscuous mode [ 78.161412][ T5604] hsr_slave_1: entered promiscuous mode [ 78.166261][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.166273][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.166296][ T5610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.169402][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.169413][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.169435][ T5609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.179514][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.179528][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.179551][ T5610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.181894][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.181904][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.181927][ T5609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.316816][ T5608] hsr_slave_0: entered promiscuous mode [ 78.318565][ T5608] hsr_slave_1: entered promiscuous mode [ 78.320193][ T5608] debugfs: 'hsr0' already exists in 'hsr' [ 78.320300][ T5608] Cannot create hsr debugfs directory [ 78.446951][ T5610] hsr_slave_0: entered promiscuous mode [ 78.448066][ T5610] hsr_slave_1: entered promiscuous mode [ 78.448985][ T5610] debugfs: 'hsr0' already exists in 'hsr' [ 78.449006][ T5610] Cannot create hsr debugfs directory [ 78.459176][ T5609] hsr_slave_0: entered promiscuous mode [ 78.466570][ T5609] hsr_slave_1: entered promiscuous mode [ 78.468284][ T5609] debugfs: 'hsr0' already exists in 'hsr' [ 78.468305][ T5609] Cannot create hsr debugfs directory [ 79.239299][ T5606] Bluetooth: hci0: command tx timeout [ 79.241198][ T5604] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.308241][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.313911][ T5604] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.342665][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.350889][ T5604] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.379531][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 79.402654][ T5604] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.440994][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 79.475502][ T5606] Bluetooth: hci3: command tx timeout [ 79.547224][ T5609] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.555901][ T5606] Bluetooth: hci2: command tx timeout [ 79.555929][ T5606] Bluetooth: hci1: command tx timeout [ 79.579599][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.593952][ T5609] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.630450][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.632234][ T5609] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.668252][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 79.695088][ T5609] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.730728][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 79.857400][ T5608] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.900708][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.912308][ T5608] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.950988][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.957216][ T5608] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.990575][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.021425][ T5608] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.065203][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.181956][ T5610] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.222428][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.229587][ T5610] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.258469][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.273464][ T5610] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.310820][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.322135][ T5610] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.362119][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.444576][ T5604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.534577][ T5604] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.552099][ T5609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.594666][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.594970][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.644531][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.644668][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.693776][ T5609] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.733842][ T5608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.745214][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.753855][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.791928][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.792019][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.859574][ T5608] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.892018][ T5610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.909805][ T102] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.909945][ T102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.954968][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.955108][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.044844][ T5610] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.115018][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.115158][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.179434][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.179595][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.315959][ T60] Bluetooth: hci0: command tx timeout [ 81.555584][ T60] Bluetooth: hci3: command tx timeout [ 81.640721][ T60] Bluetooth: hci1: command tx timeout [ 81.640753][ T60] Bluetooth: hci2: command tx timeout [ 81.663217][ T1592] cfg80211: failed to load regulatory.db [ 82.529263][ T5609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.557835][ T5604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.762816][ T5608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.888114][ T5609] veth0_vlan: entered promiscuous mode [ 82.896732][ T5604] veth0_vlan: entered promiscuous mode [ 82.924685][ T5610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.954365][ T5609] veth1_vlan: entered promiscuous mode [ 82.981632][ T5604] veth1_vlan: entered promiscuous mode [ 83.036694][ T5608] veth0_vlan: entered promiscuous mode [ 83.079715][ T5608] veth1_vlan: entered promiscuous mode [ 83.133588][ T5609] veth0_macvtap: entered promiscuous mode [ 83.152761][ T5604] veth0_macvtap: entered promiscuous mode [ 83.160906][ T5610] veth0_vlan: entered promiscuous mode [ 83.168281][ T5609] veth1_macvtap: entered promiscuous mode [ 83.186651][ T5604] veth1_macvtap: entered promiscuous mode [ 83.218483][ T5610] veth1_vlan: entered promiscuous mode [ 83.267546][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.273330][ T5608] veth0_macvtap: entered promiscuous mode [ 83.292718][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.311205][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.314314][ T5608] veth1_macvtap: entered promiscuous mode [ 83.351659][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.374328][ T1793] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.392684][ T1793] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.396715][ T5606] Bluetooth: hci0: command tx timeout [ 83.424878][ T1793] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.443131][ T1793] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.454770][ T1793] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.471860][ T1793] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.544654][ T1793] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.554622][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.555738][ T1793] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.614166][ T5610] veth0_macvtap: entered promiscuous mode [ 83.635788][ T5606] Bluetooth: hci3: command tx timeout [ 83.691062][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.713175][ T5610] veth1_macvtap: entered promiscuous mode [ 83.718313][ T60] Bluetooth: hci1: command tx timeout [ 83.718354][ T5606] Bluetooth: hci2: command tx timeout [ 83.911526][ T152] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.964700][ T152] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.973579][ T152] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.103467][ T3020] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.177640][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.257553][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.280995][ T1793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.281020][ T1793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.520332][ T102] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.532644][ T102] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.535185][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.535200][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.542858][ T102] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.569719][ T102] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.633030][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.633048][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.798301][ T1027] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.798313][ T1027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.207643][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.207662][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.404448][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.404467][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.513170][ T5759] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.717819][ T5759] process 'syz.3.5' launched '/dev/fd/3' with NULL argv: empty string added [ 85.752710][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.752727][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.995132][ T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.995151][ T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.403173][ T5770] ======================================================= [ 86.403173][ T5770] WARNING: The mand mount option has been deprecated and [ 86.403173][ T5770] and is ignored by this kernel. Remove the mand [ 86.403173][ T5770] option from the mount to silence this warning. [ 86.403173][ T5770] ======================================================= [ 86.443499][ T5770] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 86.504946][ T5770] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 87.507472][ T5786] netlink: 'syz.2.9': attribute type 1 has an invalid length. [ 88.112772][ T5707] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 88.307660][ T5707] usb 4-1: Using ep0 maxpacket: 32 [ 88.364983][ T5707] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 88.365009][ T5707] usb 4-1: config 0 has no interface number 0 [ 88.382904][ T5707] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 88.382930][ T5707] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.382946][ T5707] usb 4-1: Product: syz [ 88.382953][ T5707] usb 4-1: Manufacturer: syz [ 88.382960][ T5707] usb 4-1: SerialNumber: syz [ 88.551088][ T5803] binder: BINDER_SET_CONTEXT_MGR already set [ 88.551102][ T5803] binder: 5802:5803 ioctl 4018620d 200000004a80 returned -16 [ 88.583908][ T5707] usb 4-1: config 0 descriptor?? [ 89.051862][ T5707] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 89.051891][ T5707] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 89.091168][ T5811] binder: 5808:5811 ioctl c0306201 0 returned -14 [ 90.539956][ T5693] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 90.652297][ T5693] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 90.978975][ T5707] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000006c: -71 [ 90.980261][ T5707] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 91.354365][ T5707] usb 4-1: USB disconnect, device number 2 [ 91.800230][ T38] audit: type=1326 audit(1777676408.509:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5831 comm="syz.1.22" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb91e61cdd9 code=0x0 [ 94.039378][ T5692] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 94.255977][ T5692] usb 3-1: Using ep0 maxpacket: 16 [ 94.258015][ T5692] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.258037][ T5692] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 94.267175][ T5692] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 94.267198][ T5692] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.267215][ T5692] usb 3-1: Product: syz [ 94.267228][ T5692] usb 3-1: Manufacturer: syz [ 94.267240][ T5692] usb 3-1: SerialNumber: syz [ 94.306882][ T5857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.29'. [ 94.574824][ T5692] usb 3-1: 0:2 : does not exist [ 94.692225][ T5693] IPVS: starting estimator thread 0... [ 94.785778][ T5862] IPVS: using max 7 ests per chain, 16800 per kthread [ 94.999655][ T5692] usb 3-1: USB disconnect, device number 2 [ 95.142204][ T5618] udevd[5618]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 99.019620][ T5920] netlink: 'syz.2.50': attribute type 10 has an invalid length. [ 99.029925][ T5920] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.336542][ T5920] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.432972][ T5928] mmap: syz.0.52 (5928) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 100.934650][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.958140][ T5920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.977969][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.978172][ T5920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.018622][ T5920] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 102.057789][ T5940] syz.0.55 uses obsolete (PF_INET,SOCK_PACKET) [ 103.915456][ T37] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.065445][ T37] usb 1-1: Using ep0 maxpacket: 16 [ 104.068414][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 104.071317][ T37] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 104.071341][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.071358][ T37] usb 1-1: Product: syz [ 104.071370][ T37] usb 1-1: Manufacturer: syz [ 104.071382][ T37] usb 1-1: SerialNumber: syz [ 104.143104][ T37] usb 1-1: config 0 descriptor?? [ 104.169727][ T37] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 104.169761][ T37] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 104.439063][ T60] Bluetooth: hci3: command 0x0406 tx timeout [ 104.771561][ T37] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 104.785426][ T5717] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 104.788420][ T5978] binder: 5977:5978 unknown command 0 [ 104.788443][ T5978] binder: 5977:5978 ioctl c0306201 200000000640 returned -22 [ 104.947995][ T5717] usb 3-1: Using ep0 maxpacket: 8 [ 104.951183][ T5717] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 104.951211][ T5717] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 104.977470][ T5717] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 104.977497][ T5717] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.977513][ T5717] usb 3-1: Product: syz [ 104.977526][ T5717] usb 3-1: Manufacturer: syz [ 104.977538][ T5717] usb 3-1: SerialNumber: syz [ 105.042621][ T5717] usb 3-1: config 0 descriptor?? [ 105.165445][ T5717] rc_core: IR keymap rc-streamzap not found [ 105.165465][ T5717] Registered IR keymap rc-empty [ 105.183529][ T5717] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 105.213421][ T5717] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input5 [ 106.308675][ T5717] usb 3-1: USB disconnect, device number 3 [ 106.802253][ T37] em28xx 1-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 106.802283][ T37] em28xx 1-1:0.0: board has no eeprom [ 106.895389][ T37] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 106.895431][ T37] em28xx 1-1:0.0: dvb set to bulk mode. [ 106.897416][ T32] em28xx 1-1:0.0: Binding DVB extension [ 107.059575][ T37] usb 1-1: USB disconnect, device number 2 [ 109.452826][ T32] em28xx 1-1:0.0: Registering input extension [ 109.953161][ T37] em28xx 1-1:0.0: Disconnecting em28xx [ 109.953330][ T37] em28xx 1-1:0.0: Closing input extension [ 110.265041][ T6015] lo speed is unknown, defaulting to 1000 [ 110.299293][ T37] em28xx 1-1:0.0: Freeing device [ 110.375120][ T6015] lo speed is unknown, defaulting to 1000 [ 110.422529][ T6015] lo speed is unknown, defaulting to 1000 [ 110.781647][ T6036] binder: 6031:6036 ioctl c0285840 200000000000 returned -22 [ 110.904630][ T37] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 111.244864][ T37] usb 1-1: unable to get BOS descriptor or descriptor too short [ 111.247793][ T37] usb 1-1: config 5 has an invalid interface number: 180 but max is 0 [ 111.247817][ T37] usb 1-1: config 5 has no interface number 0 [ 111.247846][ T37] usb 1-1: config 5 interface 180 has no altsetting 0 [ 111.257585][ T37] usb 1-1: New USB device found, idVendor=0bb4, idProduct=0a66, bcdDevice=e6.5a [ 111.257611][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.257627][ T37] usb 1-1: Product: syz [ 111.257639][ T37] usb 1-1: Manufacturer: syz [ 111.257651][ T37] usb 1-1: SerialNumber: syz [ 112.103302][ T6038] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 112.115192][ T6041] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 112.490703][ T37] usb 1-1: USB disconnect, device number 3 [ 112.715631][ T32] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 112.778377][ T6015] infiniband sz1: set active [ 112.787286][ T5717] lo speed is unknown, defaulting to 1000 [ 112.787663][ T6015] infiniband sz1: added lo [ 112.820901][ T6015] smbdirect: ib_dev[sz1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 112.820925][ T6015] smbdirect: ib_dev[sz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 112.820944][ T6015] smbdirect: ib_dev[sz1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 112.885373][ T32] usb 3-1: Using ep0 maxpacket: 32 [ 112.889791][ T32] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.889819][ T32] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.897118][ T32] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 112.897145][ T32] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 112.897162][ T32] usb 3-1: Product: syz [ 112.897174][ T32] usb 3-1: Manufacturer: syz [ 112.980588][ T32] hub 3-1:4.0: USB hub found [ 113.000035][ T6015] RDS/IB: sz1: added [ 113.012084][ T6015] smc: adding ib device sz1 with port count 1 [ 113.032555][ T6015] smc: ib device sz1 port 1 has no pnetid [ 113.059707][ T5717] lo speed is unknown, defaulting to 1000 [ 113.139744][ T32] hub 3-1:4.0: 2 ports detected [ 113.145911][ T6015] lo speed is unknown, defaulting to 1000 [ 114.908604][ T37] hub 3-1:4.0: activate --> -90 [ 115.109171][ T37] hub 3-1:4.0: hub_ext_port_status failed (err = 0) [ 115.273230][ T6015] lo speed is unknown, defaulting to 1000 [ 115.310276][ T37] usb 3-1: USB disconnect, device number 4 [ 115.899172][ T6015] lo speed is unknown, defaulting to 1000 [ 116.096153][ T6069] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 116.495526][ T37] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 116.516117][ T6015] lo speed is unknown, defaulting to 1000 [ 116.663812][ T37] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 116.663831][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.663841][ T37] usb 3-1: Product: syz [ 116.663847][ T37] usb 3-1: Manufacturer: syz [ 116.663854][ T37] usb 3-1: SerialNumber: syz [ 116.915412][ T5717] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.960498][ T6075] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 117.065466][ T5717] usb 1-1: Using ep0 maxpacket: 16 [ 117.073980][ T5717] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 117.074005][ T5717] usb 1-1: config 1 has no interface number 0 [ 117.074080][ T5717] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 117.074102][ T5717] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 117.074123][ T5717] usb 1-1: config 1 interface 105 has no altsetting 0 [ 117.122566][ T5717] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 117.122593][ T5717] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 117.122611][ T5717] usb 1-1: Product: syz [ 117.122623][ T5717] usb 1-1: Manufacturer: syz [ 117.122631][ T5717] usb 1-1: SerialNumber: syz [ 117.147793][ T37] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 117.147853][ T37] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 117.219260][ T6073] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 117.219572][ T6073] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 117.792866][ T6073] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 117.793044][ T6073] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 117.826275][ T37] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 117.826339][ T37] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 118.618876][ T37] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 118.644175][ T37] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 118.719095][ T37] usb 3-1: USB disconnect, device number 5 [ 118.787980][ T5717] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 118.788687][ T5717] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 118.789175][ T5717] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 119.192144][ T6102] binder: 6097:6102 ioctl 541b 0 returned -22 [ 119.455961][ T5683] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 120.552406][ T5683] usb 4-1: config 0 has an invalid interface number: 83 but max is 0 [ 120.552434][ T5683] usb 4-1: config 0 has no interface number 0 [ 120.552551][ T5683] usb 4-1: config 0 interface 83 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 4 [ 120.552620][ T5683] usb 4-1: config 0 interface 83 altsetting 0 endpoint 0x82 has invalid maxpacket 246, setting to 64 [ 120.812269][ T5683] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11 [ 120.812293][ T5683] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.812303][ T5683] usb 4-1: Product: syz [ 120.812310][ T5683] usb 4-1: Manufacturer: syz [ 120.812317][ T5683] usb 4-1: SerialNumber: syz [ 120.895843][ T5683] usb 4-1: config 0 descriptor?? [ 120.902883][ T6100] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 120.960200][ T5683] redrat3 4-1:0.83: Couldn't find all endpoints [ 121.089459][ T5717] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 22:f7:5e:69:d7:86 [ 121.118539][ T5717] usb 1-1: USB disconnect, device number 4 [ 121.256697][ T5824] usb 4-1: USB disconnect, device number 3 [ 121.259233][ T5717] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 121.724744][ T6112] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 121.765081][ T6112] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 121.765466][ T6112] overlayfs: failed to look up (tracing) for ino (-66) [ 122.536240][ T5717] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 122.536363][ T5717] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 122.536477][ T5717] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 125.829892][ T6148] lo speed is unknown, defaulting to 1000 [ 132.800396][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.841943][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.865307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 136.071716][ T6236] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 136.405539][ T5717] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 136.775598][ T5717] usb 4-1: Using ep0 maxpacket: 32 [ 137.132289][ T5717] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.172825][ T5717] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.172852][ T5717] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.172870][ T5717] usb 4-1: Product: syz [ 137.172883][ T5717] usb 4-1: Manufacturer: syz [ 137.172895][ T5717] usb 4-1: SerialNumber: syz [ 137.456931][ T5824] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 137.717110][ T5824] usb 1-1: Using ep0 maxpacket: 32 [ 137.733669][ T5824] usb 1-1: unable to get BOS descriptor or descriptor too short [ 137.736300][ T5824] usb 1-1: config 10 has an invalid interface number: 127 but max is 3 [ 137.736324][ T5824] usb 1-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config [ 137.736341][ T5824] usb 1-1: config 10 has 1 interface, different from the descriptor's value: 4 [ 137.736359][ T5824] usb 1-1: config 10 has no interface number 0 [ 137.736455][ T5824] usb 1-1: config 10 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 137.736478][ T5824] usb 1-1: config 10 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 137.736497][ T5824] usb 1-1: config 10 interface 127 has no altsetting 0 [ 137.754745][ T5824] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 137.754772][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.754789][ T5824] usb 1-1: Product: syz [ 137.754801][ T5824] usb 1-1: Manufacturer: syz [ 137.754812][ T5824] usb 1-1: SerialNumber: syz [ 137.896337][ T5717] cdc_ncm 4-1:1.0: bind() failure [ 138.080798][ T5717] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 138.080883][ T5717] cdc_ncm 4-1:1.1: bind() failure [ 138.277142][ T5717] usb 4-1: USB disconnect, device number 4 [ 139.344686][ T5824] usb 1-1: USB disconnect, device number 5 [ 139.542010][ T5618] udevd[5618]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:10.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 139.950977][ T6258] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.245319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.265330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.275312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.285319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.295322][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.305318][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.315310][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.325322][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 140.335311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 142.795580][ T6289] netlink: 'syz.1.167': attribute type 4 has an invalid length. [ 142.915005][ T6258] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.330854][ T6258] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.915630][ T6258] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.193256][ T4923] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 144.243815][ T4923] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 144.261185][ T4923] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 144.280444][ T4923] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 144.283687][ T4923] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 144.443811][ T152] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.768998][ T152] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.902730][ T1824] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.157126][ T5616] Bluetooth: hci3: command 0x0406 tx timeout [ 145.163113][ T152] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.309350][ T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.440178][ T152] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.486368][ T6305] lo speed is unknown, defaulting to 1000 [ 145.486793][ T3056] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.548539][ T1824] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.561044][ T5616] Bluetooth: hci0: command 0x1003 tx timeout [ 145.561229][ T5606] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 146.324595][ T6332] binder: 6331:6332 ioctl c0306201 200000000640 returned -22 [ 146.435451][ T5606] Bluetooth: hci4: command tx timeout [ 147.235486][ T5606] Bluetooth: hci3: command 0x0406 tx timeout [ 148.515423][ T60] Bluetooth: hci4: command tx timeout [ 150.091446][ T821] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 150.478941][ T821] usb 3-1: Using ep0 maxpacket: 32 [ 150.553465][ T821] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 150.553492][ T821] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 150.553508][ T821] usb 3-1: config 0 has no interface number 0 [ 150.587788][ T821] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e [ 150.587817][ T821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.587836][ T821] usb 3-1: Product: syz [ 150.587848][ T821] usb 3-1: Manufacturer: syz [ 150.587861][ T821] usb 3-1: SerialNumber: syz [ 150.606813][ T60] Bluetooth: hci4: command tx timeout [ 150.717829][ T821] usb 3-1: config 0 descriptor?? [ 150.824508][ T152] bridge_slave_1: left allmulticast mode [ 150.861139][ T152] bridge_slave_1: left promiscuous mode [ 151.012352][ T152] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.341931][ T821] usb 3-1: probing VID:PID(0424:012C) [ 151.364536][ T821] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs [ 151.456682][ T821] vub300 3-1:0.133: probe with driver vub300 failed with error -22 [ 151.584512][ T821] usb 3-1: USB disconnect, device number 6 [ 151.677182][ T152] bridge_slave_0: left allmulticast mode [ 151.677214][ T152] bridge_slave_0: left promiscuous mode [ 151.677475][ T152] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.365789][ T6390] syz.3.195 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 153.062999][ T60] Bluetooth: hci4: command tx timeout [ 153.074193][ T6388] netlink: 'syz.2.196': attribute type 4 has an invalid length. [ 153.074207][ T6388] netlink: 152 bytes leftover after parsing attributes in process `syz.2.196'. [ 154.887551][ T821] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 155.071493][ T821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 155.071513][ T821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 155.071526][ T821] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 155.071547][ T821] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 155.071558][ T821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.082424][ T821] usb 2-1: config 0 descriptor?? [ 155.083664][ T6399] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 155.540049][ T152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 155.599456][ T821] samsung 0003:0419:0600.0002: unexpected long global item [ 155.600555][ T821] samsung 0003:0419:0600.0002: parse failed [ 155.600626][ T821] samsung 0003:0419:0600.0002: probe with driver samsung failed with error -22 [ 155.798673][ T821] usb 2-1: USB disconnect, device number 2 [ 155.859458][ T6407] capability: warning: `syz.3.202' uses deprecated v2 capabilities in a way that may be insecure [ 156.285570][ T5692] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 156.463527][ T5692] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.463565][ T5692] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 156.468387][ T5692] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 156.468413][ T5692] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 156.468430][ T5692] usb 4-1: SerialNumber: syz [ 156.754288][ T5692] usb 4-1: 0:2 : does not exist [ 156.837099][ T5692] usb 4-1: USB disconnect, device number 5 [ 156.933183][ T5618] udevd[5618]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.998674][ T152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.243495][ T152] bond0 (unregistering): Released all slaves [ 157.440316][ T5269] 8021q: adding VLAN 0 to HW filter on device eth1 [ 158.257663][ T6388] .`: renamed from bond0 (while UP) [ 164.053535][ T1027] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 165.703718][ T6305] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.704002][ T6305] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.704286][ T6305] bridge_slave_0: entered allmulticast mode [ 165.772095][ T6305] bridge_slave_0: entered promiscuous mode [ 165.824250][ T5269] 8021q: adding VLAN 0 to HW filter on device eth2 [ 165.825250][ T6305] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.840451][ T6305] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.840846][ T6305] bridge_slave_1: entered allmulticast mode [ 165.844597][ T6305] bridge_slave_1: entered promiscuous mode [ 166.006394][ T6305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.030103][ T6305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.125472][ T6481] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 166.125589][ T6481] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 166.211361][ T6494] fuse: Bad value for 'fd' [ 167.615792][ T6481] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 167.702962][ T6481] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 167.703045][ T6481] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.115396][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 168.217674][ T6481] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.562923][ T6481] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.563051][ T6481] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 168.810812][ T6481] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 168.810938][ T6481] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 168.856829][ T6305] team0: Port device team_slave_0 added [ 169.255568][ T6481] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 169.331624][ T6305] team0: Port device team_slave_1 added [ 169.715564][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 170.195506][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.551317][ T5269] 8021q: adding VLAN 0 to HW filter on device eth3 [ 170.595461][ T60] Bluetooth: hci3: command 0x0406 tx timeout [ 170.786703][ T6305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.786719][ T6305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.786743][ T6305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.845696][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 170.887535][ T6305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.887549][ T6305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.887573][ T6305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.795678][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 172.275480][ T5606] Bluetooth: hci2: command 0x0c1a tx timeout [ 172.675454][ T60] Bluetooth: hci3: command 0x0406 tx timeout [ 172.915535][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 174.765425][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.995600][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 175.487362][ T60] Bluetooth: hci3: unexpected event for opcode 0x0413 [ 175.535463][ T5717] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 175.892438][ T5717] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 175.892464][ T5717] usb 4-1: config 0 has no interface number 0 [ 175.892505][ T5717] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 175.892536][ T5717] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 175.892559][ T5717] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 175.918956][ T5717] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 175.918984][ T5717] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 175.919003][ T5717] usb 4-1: Product: syz [ 175.919015][ T5717] usb 4-1: SerialNumber: syz [ 176.976778][ T5717] usb 4-1: config 0 descriptor?? [ 178.000084][ T5717] usb 4-1: can't set config #0, error -71 [ 178.080795][ T5717] usb 4-1: USB disconnect, device number 6 [ 178.696700][ T6305] hsr_slave_0: entered promiscuous mode [ 178.752257][ T6305] hsr_slave_1: entered promiscuous mode [ 178.763116][ T6305] debugfs: 'hsr0' already exists in 'hsr' [ 178.763138][ T6305] Cannot create hsr debugfs directory [ 178.795414][ T5717] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 178.952726][ T5717] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 178.952752][ T5717] usb 4-1: config 0 has no interface number 0 [ 178.952797][ T5717] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 178.980934][ T5717] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 178.980961][ T5717] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.980978][ T5717] usb 4-1: Product: syz [ 178.980991][ T5717] usb 4-1: Manufacturer: syz [ 178.981003][ T5717] usb 4-1: SerialNumber: syz [ 179.165210][ T5717] usb 4-1: config 0 descriptor?? [ 179.561714][ T60] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 179.569736][ T60] Bluetooth: hci3: Injecting HCI hardware error event [ 179.580400][ T5606] Bluetooth: hci3: hardware error 0x00 [ 180.251448][ T5717] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0 [ 180.315723][ T5717] usb 4-1: USB disconnect, device number 7 [ 180.480090][ T5717] yurex 4-1:0.50: USB YUREX #0 now disconnected [ 181.399611][ T6564] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 181.399891][ T6564] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 181.431282][ T6564] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 181.645694][ T5606] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 181.686320][ T5717] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 181.847089][ T5717] usb 2-1: Using ep0 maxpacket: 16 [ 181.898136][ T5717] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 181.917884][ T5717] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 181.917912][ T5717] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.917929][ T5717] usb 2-1: Product: syz [ 181.917942][ T5717] usb 2-1: Manufacturer: syz [ 181.917954][ T5717] usb 2-1: SerialNumber: syz [ 182.052853][ T6589] binder: 6586:6589 ioctl c0306201 2000000004c0 returned -14 [ 182.053465][ T6589] binder_alloc: 6586: binder_alloc_buf, no vma [ 182.236607][ T6591] capability: warning: `syz.2.250' uses 32-bit capabilities (legacy support in use) [ 182.244037][ T6591] program syz.2.250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.352474][ T5717] usb 2-1: config 0 descriptor?? [ 183.394042][ T5717] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 183.394075][ T5717] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 183.475504][ T5606] Bluetooth: hci4: command 0x0c1a tx timeout [ 183.475542][ T5606] Bluetooth: hci2: command 0x0c1a tx timeout [ 183.475584][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 183.894347][ T152] hsr_slave_0: left promiscuous mode [ 183.988204][ T5717] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 184.065449][ T821] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 184.095442][ T152] hsr_slave_1: left promiscuous mode [ 184.108882][ T152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.108960][ T152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.219605][ T152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.219630][ T152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.227344][ T5706] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 184.248462][ T821] usb 4-1: Using ep0 maxpacket: 16 [ 184.250878][ T821] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.250900][ T821] usb 4-1: config 0 has no interfaces? [ 184.250935][ T821] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 184.250956][ T821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.311335][ T821] usb 4-1: config 0 descriptor?? [ 184.417415][ T5706] usb 3-1: Using ep0 maxpacket: 16 [ 184.423438][ T5706] usb 3-1: config 0 has no interfaces? [ 184.447401][ T5706] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.40 [ 184.447428][ T5706] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.447446][ T5706] usb 3-1: Product: syz [ 184.447459][ T5706] usb 3-1: Manufacturer: syz [ 184.447472][ T5706] usb 3-1: SerialNumber: syz [ 184.516964][ T5717] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 184.516993][ T5717] em28xx 2-1:0.0: board has no eeprom [ 184.522077][ T5706] usb 3-1: config 0 descriptor?? [ 184.599989][ T821] usb 4-1: USB disconnect, device number 8 [ 184.635469][ T5717] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 184.635496][ T5717] em28xx 2-1:0.0: dvb set to bulk mode. [ 184.635547][ T5693] em28xx 2-1:0.0: Binding DVB extension [ 184.673759][ T5717] usb 2-1: USB disconnect, device number 3 [ 184.683625][ T5717] em28xx 2-1:0.0: Disconnecting em28xx [ 184.844659][ T5693] em28xx 2-1:0.0: Registering input extension [ 184.860462][ T5717] em28xx 2-1:0.0: Closing input extension [ 184.959361][ T152] veth1_macvtap: left promiscuous mode [ 184.959631][ T152] veth0_macvtap: left promiscuous mode [ 184.959945][ T152] veth1_vlan: left promiscuous mode [ 184.987300][ T5706] usb 3-1: USB disconnect, device number 7 [ 184.999045][ T152] veth0_vlan: left promiscuous mode [ 185.169641][ T5717] em28xx 2-1:0.0: Freeing device [ 189.635658][ T60] Bluetooth: hci1: SCO packet for unknown connection handle 201 [ 190.740192][ T37] IPVS: starting estimator thread 0... [ 191.025476][ T6636] IPVS: using max 9 ests per chain, 21600 per kthread [ 191.198489][ T6638] block nbd2: not configured, cannot reconfigure [ 191.616375][ T6646] netlink: 12 bytes leftover after parsing attributes in process `syz.3.272'. [ 192.164327][ T37] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 192.992543][ T37] usb 3-1: Using ep0 maxpacket: 16 [ 193.003531][ T37] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 193.003560][ T37] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 193.032669][ T37] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 193.032696][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.032714][ T37] usb 3-1: Product: syz [ 193.032727][ T37] usb 3-1: Manufacturer: syz [ 193.032739][ T37] usb 3-1: SerialNumber: syz [ 194.073008][ T37] usb 3-1: config 0 descriptor?? [ 194.782030][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.782129][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.174063][ T37] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 195.174095][ T37] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 196.285968][ T37] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 196.286768][ T37] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 196.290264][ T37] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 196.290281][ T37] em28xx 3-1:0.0: No AC97 audio processor [ 196.463893][ T37] usb 3-1: USB disconnect, device number 8 [ 196.514788][ T37] em28xx 3-1:0.0: Disconnecting em28xx [ 196.778751][ T37] em28xx 3-1:0.0: Freeing device [ 197.121872][ T6673] Zero length message leads to an empty skb [ 198.982936][ T6680] netlink: 28 bytes leftover after parsing attributes in process `syz.1.278'. [ 199.684598][ T152] team0 (unregistering): Port device team_slave_1 removed [ 199.838016][ T152] team0 (unregistering): Port device team_slave_0 removed [ 202.723067][ T5269] 8021q: adding VLAN 0 to HW filter on device eth4 [ 205.496610][ T6305] netdevsim netdevsim4: probe with driver netdevsim failed with error -12 [ 206.075784][ T5606] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 206.095409][ T5606] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 206.142150][ T821] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 206.146690][ T5693] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 206.147148][ T5606] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 206.192192][ T5606] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 206.194560][ T5606] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 206.238425][ T821] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 206.414295][ T5693] usb 2-1: config 0 has no interfaces? [ 206.429502][ T5693] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 206.429543][ T5693] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 206.429561][ T5693] usb 2-1: SerialNumber: syz [ 206.539502][ T5693] usb 2-1: config 0 descriptor?? [ 206.565480][ T5606] Bluetooth: hci2: unexpected event for opcode 0x0c2d [ 207.023994][ T5706] usb 2-1: USB disconnect, device number 4 [ 209.379395][ T5606] Bluetooth: hci0: command tx timeout [ 211.587235][ T5606] Bluetooth: hci0: command tx timeout [ 212.020153][ T152] IPVS: stop unused estimator thread 0... [ 213.645431][ T5606] Bluetooth: hci0: command tx timeout [ 213.958074][ T6711] lo speed is unknown, defaulting to 1000 [ 214.221135][ T152] bridge_slave_1: left allmulticast mode [ 214.221171][ T152] bridge_slave_1: left promiscuous mode [ 214.221457][ T152] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.920455][ T152] bridge_slave_0: left allmulticast mode [ 214.920491][ T152] bridge_slave_0: left promiscuous mode [ 214.920774][ T152] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.504689][ T5606] Bluetooth: hci0: command tx timeout [ 216.987006][ T5717] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 217.135514][ T5717] usb 2-1: Using ep0 maxpacket: 32 [ 217.137959][ T5717] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.137986][ T5717] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.144430][ T5717] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 217.144456][ T5717] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 217.144474][ T5717] usb 2-1: Product: syz [ 217.144487][ T5717] usb 2-1: Manufacturer: syz [ 217.342214][ T5717] hub 2-1:4.0: USB hub found [ 217.534386][ T5717] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 217.649410][ T5717] usb 2-1: USB disconnect, device number 5 [ 217.769132][ T6787] comedi comedi3: board detection failed [ 217.833373][ T152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.073736][ T152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.458955][ T152] bond0 (unregistering): Released all slaves [ 224.925434][ T821] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 225.107959][ T821] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 225.107991][ T821] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 225.108014][ T821] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 225.175828][ T821] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 225.175855][ T821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.175873][ T821] usb 2-1: Product: syz [ 225.175885][ T821] usb 2-1: Manufacturer: syz [ 225.175898][ T821] usb 2-1: SerialNumber: syz [ 225.249118][ T821] usb 2-1: config 0 descriptor?? [ 225.250088][ T6863] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 225.250198][ T6863] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 225.276016][ T152] hsr_slave_0: left promiscuous mode [ 225.296649][ T821] usb 2-1: ucan: probing device on interface #0 [ 225.571654][ T152] hsr_slave_1: left promiscuous mode [ 225.605393][ T152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.753486][ T152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.011825][ T152] team0 (unregistering): Port device team_slave_1 removed [ 227.089722][ T152] team0 (unregistering): Port device team_slave_0 removed [ 228.073594][ T821] ucan 2-1:0.0 can0: registered device [ 228.074336][ T821] ucan 2-1:0.0 can0: firmware string: unknown [ 228.130316][ T821] usb 2-1: USB disconnect, device number 6 [ 233.516717][ T6920] lo speed is unknown, defaulting to 1000 [ 240.796297][ T6711] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.796580][ T6711] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.796872][ T6711] bridge_slave_0: entered allmulticast mode [ 240.825992][ T6711] bridge_slave_0: entered promiscuous mode [ 241.295832][ T6711] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.296174][ T6711] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.296459][ T6711] bridge_slave_1: entered allmulticast mode [ 241.326267][ T6711] bridge_slave_1: entered promiscuous mode [ 244.246890][ T6711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.298942][ T6711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.243466][ T6711] team0: Port device team_slave_0 added [ 245.426564][ T6711] team0: Port device team_slave_1 added [ 245.655629][ T6711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.655642][ T6711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.655656][ T6711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.665574][ T6711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.665585][ T6711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.665599][ T6711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.520223][ T6711] hsr_slave_0: entered promiscuous mode [ 246.545908][ T6711] hsr_slave_1: entered promiscuous mode [ 247.307936][ T5706] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 247.658717][ T5706] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 247.658742][ T5706] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.658758][ T5706] usb 3-1: config 0 has no interfaces? [ 247.658785][ T5706] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 247.658805][ T5706] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.624329][ T5706] usb 3-1: config 0 descriptor?? [ 249.665410][ T5706] usb 3-1: can't set config #0, error -71 [ 249.777170][ T5706] usb 3-1: USB disconnect, device number 9 [ 250.475028][ T7126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.364'. [ 250.920530][ T6711] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 251.221981][ T6711] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 251.227538][ T6711] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 251.368205][ T5706] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 251.508473][ T6711] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 251.510479][ T6711] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 251.625326][ T6711] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 251.651192][ T6711] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 251.685370][ T5706] usb 3-1: Using ep0 maxpacket: 32 [ 251.687778][ T5706] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.687796][ T5706] usb 3-1: config 0 has no interfaces? [ 251.690037][ T5706] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 251.690060][ T5706] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.690077][ T5706] usb 3-1: Product: syz [ 251.690089][ T5706] usb 3-1: Manufacturer: syz [ 251.690102][ T5706] usb 3-1: SerialNumber: syz [ 251.782150][ T5706] usb 3-1: config 0 descriptor?? [ 252.203801][ T6711] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 252.382113][ T5693] usb 3-1: USB disconnect, device number 10 [ 254.134983][ T7167] netlink: 200 bytes leftover after parsing attributes in process `syz.3.372'. [ 254.619430][ T6711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.905122][ T6711] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.640736][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.640836][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.557359][ T3020] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.557451][ T3020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.171792][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.186148][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.205445][ T1592] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 269.385436][ T1592] usb 3-1: Using ep0 maxpacket: 16 [ 269.387696][ T1592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 269.408366][ T1592] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 269.408395][ T1592] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.408412][ T1592] usb 3-1: Product: syz [ 269.408424][ T1592] usb 3-1: Manufacturer: syz [ 269.408437][ T1592] usb 3-1: SerialNumber: syz [ 269.451175][ T1592] usb 3-1: config 0 descriptor?? [ 269.512597][ T1592] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 269.512630][ T1592] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 270.190994][ T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 270.232950][ T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 270.251696][ T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 270.289703][ T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 270.291894][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 272.550715][ T60] Bluetooth: hci4: command tx timeout [ 272.558571][ T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 272.715458][ T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 272.746516][ T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 272.785117][ T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 272.793874][ T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 273.474292][ T1592] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 273.968954][ T7219] lo speed is unknown, defaulting to 1000 [ 274.058958][ T1592] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 274.058987][ T1592] em28xx 3-1:0.0: board has no eeprom [ 274.597697][ T60] Bluetooth: hci4: command tx timeout [ 274.775454][ T1592] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 274.775483][ T1592] em28xx 3-1:0.0: dvb set to bulk mode. [ 274.869916][ T5706] em28xx 3-1:0.0: Binding DVB extension [ 275.005516][ T1592] usb 3-1: USB disconnect, device number 11 [ 275.705727][ T1592] em28xx 3-1:0.0: Disconnecting em28xx [ 276.103244][ T5706] em28xx 3-1:0.0: Registering input extension [ 276.112096][ T1592] em28xx 3-1:0.0: Closing input extension [ 276.676885][ T5606] Bluetooth: hci5: command tx timeout [ 276.677470][ T5606] Bluetooth: hci4: command tx timeout [ 278.757175][ T5616] Bluetooth: hci4: command tx timeout [ 278.757210][ T5616] Bluetooth: hci5: command tx timeout [ 278.875419][ T1592] em28xx 3-1:0.0: Freeing device [ 280.873099][ T5606] Bluetooth: hci5: command tx timeout [ 282.920744][ T5606] Bluetooth: hci5: command tx timeout [ 284.221270][ T7267] random: crng reseeded on system resumption [ 295.900861][ T7288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.025492][ T1592] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 297.620564][ T1592] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 297.620591][ T1592] usb 4-1: config 0 has no interface number 0 [ 297.620631][ T1592] usb 4-1: config 0 interface 2 altsetting 11 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 297.620656][ T1592] usb 4-1: config 0 interface 2 altsetting 11 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.620676][ T1592] usb 4-1: config 0 interface 2 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 297.620699][ T1592] usb 4-1: config 0 interface 2 has no altsetting 0 [ 297.620727][ T1592] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 297.620746][ T1592] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.774444][ T1592] usb 4-1: config 0 descriptor?? [ 300.159467][ T1592] usbhid 4-1:0.2: can't add hid device: -71 [ 300.159589][ T1592] usbhid 4-1:0.2: probe with driver usbhid failed with error -71 [ 300.245462][ T37] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 301.223964][ T1592] usb 4-1: USB disconnect, device number 10 [ 302.473110][ T152] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.539538][ T37] usb 3-1: device descriptor read/all, error -71 [ 303.948909][ T37] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 304.138850][ T37] usb 3-1: config 0 has an invalid interface number: 50 but max is 0 [ 304.138876][ T37] usb 3-1: config 0 has no interface number 0 [ 304.138918][ T37] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 304.141249][ T37] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 304.141274][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.141290][ T37] usb 3-1: Product: syz [ 304.141302][ T37] usb 3-1: Manufacturer: syz [ 304.141315][ T37] usb 3-1: SerialNumber: syz [ 304.185500][ T1592] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 304.365420][ T1592] usb 4-1: Using ep0 maxpacket: 32 [ 304.390633][ T1592] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 304.416067][ T1592] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 304.416095][ T1592] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 304.416113][ T1592] usb 4-1: Product: syz [ 304.416125][ T1592] usb 4-1: Manufacturer: syz [ 304.416137][ T1592] usb 4-1: SerialNumber: syz [ 304.519242][ T1592] usb 4-1: config 0 descriptor?? [ 304.519529][ T37] usb 3-1: config 0 descriptor?? [ 304.520422][ T7301] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 305.737458][ T1592] hub 4-1:0.0: bad descriptor, ignoring hub [ 305.737505][ T1592] hub 4-1:0.0: probe with driver hub failed with error -5 [ 306.860087][ T37] yurex 3-1:0.50: USB YUREX device now attached to Yurex #1 [ 306.918128][ T37] usb 3-1: USB disconnect, device number 13 [ 306.963807][ T37] yurex 3-1:0.50: USB YUREX #1 now disconnected [ 308.747442][ T1592] usb 4-1: USB disconnect, device number 11 [ 311.927404][ T7313] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 314.947548][ T5717] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 317.865986][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.866083][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.940102][ T5717] usb 4-1: device descriptor read/all, error -71 [ 322.473394][ T152] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.574513][ T7231] lo speed is unknown, defaulting to 1000 [ 324.912356][ T5606] Bluetooth: hci2: unexpected event 0x30 length: 255 > 3 [ 325.621654][ T7348] syzkaller0: entered promiscuous mode [ 325.621681][ T7348] syzkaller0: entered allmulticast mode [ 325.745509][ T821] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 325.917871][ T821] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 325.917899][ T821] usb 4-1: config 0 has no interface number 0 [ 325.917939][ T821] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 325.917972][ T821] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 325.917992][ T821] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 325.920887][ T821] usb 4-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 325.920912][ T821] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=3 [ 325.920930][ T821] usb 4-1: Product: syz [ 325.920942][ T821] usb 4-1: Manufacturer: syz [ 325.920954][ T821] usb 4-1: SerialNumber: syz [ 326.029523][ T821] usb 4-1: config 0 descriptor?? [ 326.140180][ T821] xpad 4-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 327.141097][ T821] xpad 4-1:0.237: probe with driver xpad failed with error -90 [ 327.340906][ T7359] netlink: 12 bytes leftover after parsing attributes in process `syz.3.416'. [ 328.557639][ T7359] netlink: 'syz.3.416': attribute type 1 has an invalid length. [ 328.557659][ T7359] netlink: 16 bytes leftover after parsing attributes in process `syz.3.416'. [ 328.557951][ T7359] netlink: 'syz.3.416': attribute type 1 has an invalid length. [ 334.232197][ T5616] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 334.278031][ T5616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 334.281492][ T5616] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 334.284113][ T5616] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 334.343580][ T5616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 336.435549][ T5616] Bluetooth: hci0: command tx timeout [ 338.309971][ T5606] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 338.515392][ T5606] Bluetooth: hci0: command tx timeout [ 338.532252][ T5606] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 338.534579][ T5606] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 338.549921][ T5606] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 338.550698][ T5606] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 340.852965][ T5616] Bluetooth: hci0: command tx timeout [ 340.853032][ T5616] Bluetooth: hci3: command tx timeout [ 341.543204][ T5823] usb 4-1: USB disconnect, device number 14 [ 344.388262][ T5616] Bluetooth: hci0: command tx timeout [ 344.388299][ T5616] Bluetooth: hci3: command tx timeout [ 346.416462][ T5616] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 348.398794][ T5616] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 348.464968][ T4923] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 348.513528][ T5620] Bluetooth: hci3: command tx timeout [ 348.513627][ T5620] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 348.599371][ T4923] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 348.600239][ T4923] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 349.510604][ T5616] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 349.826857][ T4923] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 351.762186][ T5616] Bluetooth: hci3: command tx timeout [ 352.484352][ T5616] Bluetooth: hci7: command tx timeout [ 353.789570][ T5616] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 353.810105][ T5616] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 355.093241][ T60] Bluetooth: hci7: command tx timeout [ 356.442485][ T60] Bluetooth: hci6: command tx timeout [ 357.195350][ T60] Bluetooth: hci7: command tx timeout [ 358.516422][ T60] Bluetooth: hci6: command tx timeout [ 359.251171][ T60] Bluetooth: hci7: command tx timeout [ 360.595442][ T60] Bluetooth: hci6: command tx timeout [ 362.749426][ T60] Bluetooth: hci6: command tx timeout [ 382.674981][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.675086][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 393.516605][ T5616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 393.553659][ T5616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 393.557511][ T5616] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 393.560289][ T5616] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 393.562137][ T5616] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 393.849214][ T60] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 393.911554][ T60] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 393.914259][ T60] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 395.099791][ T60] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 395.107298][ T60] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 395.776379][ T60] Bluetooth: hci2: command tx timeout [ 395.962171][ T60] Bluetooth: hci4: command 0x0406 tx timeout [ 398.473321][ T60] Bluetooth: hci8: command tx timeout [ 398.473746][ T60] Bluetooth: hci2: command tx timeout [ 400.695498][ T5606] Bluetooth: hci8: command tx timeout [ 400.695535][ T5606] Bluetooth: hci2: command tx timeout [ 401.103097][ T5616] Bluetooth: hci5: command 0x0406 tx timeout [ 402.755588][ T5606] Bluetooth: hci2: command tx timeout [ 402.755621][ T5606] Bluetooth: hci8: command tx timeout [ 403.579662][ T4923] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 403.625827][ T4923] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 403.630569][ T4923] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 403.633049][ T4923] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 403.661202][ T4923] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 405.625422][ T60] Bluetooth: hci8: command tx timeout [ 405.902674][ T60] Bluetooth: hci9: command tx timeout [ 408.035747][ T60] Bluetooth: hci9: command tx timeout [ 408.528368][ T5616] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 408.580278][ T5616] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 408.581780][ T5616] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 408.583258][ T5616] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 408.584018][ T5616] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 410.401347][ T5616] Bluetooth: hci9: command tx timeout [ 410.755464][ T5616] Bluetooth: hci10: command tx timeout [ 412.435661][ T5616] Bluetooth: hci9: command tx timeout [ 412.835526][ T5616] Bluetooth: hci10: command tx timeout [ 414.915470][ T5616] Bluetooth: hci10: command tx timeout [ 417.105489][ T5616] Bluetooth: hci10: command tx timeout [ 445.211610][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.211711][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 456.008543][ T4923] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 456.087546][ T4923] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 456.088987][ T4923] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 456.090617][ T4923] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 456.091469][ T4923] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 457.791169][ T4923] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 457.824003][ T4923] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 457.826562][ T4923] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 457.829373][ T4923] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 457.830311][ T4923] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 457.887042][ T4923] Bluetooth: hci0: command 0x0406 tx timeout [ 458.370169][ T60] Bluetooth: hci11: command tx timeout [ 460.573581][ T4923] Bluetooth: hci12: command tx timeout [ 460.574056][ T4923] Bluetooth: hci11: command tx timeout [ 462.764225][ T4923] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 462.808249][ T4923] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 462.810884][ T4923] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 462.813155][ T4923] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 462.843810][ T4923] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 463.424442][ T60] Bluetooth: hci3: command 0x0406 tx timeout [ 463.424476][ T60] Bluetooth: hci11: command tx timeout [ 463.424495][ T60] Bluetooth: hci12: command tx timeout [ 465.458809][ T4923] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 465.489233][ T5606] Bluetooth: hci11: command tx timeout [ 465.522283][ T4923] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 465.523764][ T4923] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 465.524926][ T4923] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 465.556743][ T4923] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 465.699885][ T4923] Bluetooth: hci12: command tx timeout [ 465.809381][ T4923] Bluetooth: hci13: command tx timeout [ 467.717784][ T4923] Bluetooth: hci12: command tx timeout [ 467.717848][ T4923] Bluetooth: hci14: command tx timeout [ 467.875603][ T4923] Bluetooth: hci13: command tx timeout [ 469.930260][ T4923] Bluetooth: hci14: command tx timeout [ 469.965449][ T4923] Bluetooth: hci13: command tx timeout [ 472.652803][ T5606] Bluetooth: hci13: command tx timeout [ 472.652854][ T4923] Bluetooth: hci14: command tx timeout [ 472.755489][ T4923] Bluetooth: hci7: command 0x0406 tx timeout [ 474.675409][ T5616] Bluetooth: hci14: command tx timeout [ 477.955721][ T4923] Bluetooth: hci6: command 0x0406 tx timeout [ 483.475507][ T39] INFO: task kworker/u8:6:152 blocked for more than 142 seconds. [ 483.475537][ T39] Not tainted syzkaller #0 [ 483.475546][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.475554][ T39] task:kworker/u8:6 state:D stack:20072 pid:152 tgid:152 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 483.475606][ T39] Workqueue: netns cleanup_net [ 483.475642][ T39] Call Trace: [ 483.475651][ T39] [ 483.475665][ T39] __schedule+0x169e/0x54f0 [ 483.475717][ T39] ? __pfx___schedule+0x10/0x10 [ 483.475753][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.475773][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.475809][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.475830][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.475850][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.475884][ T39] ? nsim_destroy+0x13a/0x830 [ 483.475915][ T39] ? nsim_destroy+0x13a/0x830 [ 483.475937][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.475960][ T39] nsim_destroy+0x13a/0x830 [ 483.475992][ T39] __nsim_dev_port_del+0x14f/0x200 [ 483.476016][ T39] nsim_dev_reload_destroy+0x288/0x490 [ 483.476041][ T39] nsim_dev_reload_down+0x8a/0xc0 [ 483.476063][ T39] devlink_reload+0x1eb/0x8d0 [ 483.476095][ T39] ? __pfx_devlink_reload+0x10/0x10 [ 483.476112][ T39] ? xa_get_mark+0x6fc/0x7b0 [ 483.476148][ T39] devlink_pernet_pre_exit+0x1ff/0x420 [ 483.476170][ T39] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 483.476194][ T39] ? class_remove_file_ns+0x124/0x160 [ 483.476218][ T39] ops_undo_list+0x187/0x940 [ 483.476242][ T39] ? rt_spin_unlock+0x120/0x200 [ 483.476261][ T39] ? __pfx_ops_undo_list+0x10/0x10 [ 483.476279][ T39] ? rt_spin_unlock+0x14f/0x200 [ 483.476299][ T39] ? idr_destroy+0x21b/0x2a0 [ 483.476320][ T39] ? rt_spin_unlock+0x160/0x200 [ 483.476340][ T39] cleanup_net+0x56e/0x800 [ 483.476395][ T39] ? __pfx_cleanup_net+0x10/0x10 [ 483.476426][ T39] ? process_one_work+0x8b7/0x1710 [ 483.476446][ T39] process_one_work+0x9a3/0x1710 [ 483.476486][ T39] ? __pfx_process_one_work+0x10/0x10 [ 483.476504][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 483.476541][ T39] worker_thread+0xba8/0x11e0 [ 483.476572][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 483.476597][ T39] ? __kthread_parkme+0x7a/0x1f0 [ 483.476618][ T39] ? __kthread_parkme+0x19c/0x1f0 [ 483.476645][ T39] kthread+0x388/0x470 [ 483.476677][ T39] ? __pfx_worker_thread+0x10/0x10 [ 483.476697][ T39] ? __pfx_kthread+0x10/0x10 [ 483.476722][ T39] ret_from_fork+0x514/0xb70 [ 483.476748][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 483.476768][ T39] ? __switch_to+0xc79/0x1410 [ 483.476790][ T39] ? __pfx_kthread+0x10/0x10 [ 483.476814][ T39] ret_from_fork_asm+0x1a/0x30 [ 483.476889][ T39] [ 483.476909][ T39] INFO: task kworker/u8:7:1027 blocked for more than 142 seconds. [ 483.476928][ T39] Not tainted syzkaller #0 [ 483.476941][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.476949][ T39] task:kworker/u8:7 state:D stack:21328 pid:1027 tgid:1027 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 483.476991][ T39] Workqueue: events_unbound linkwatch_event [ 483.477017][ T39] Call Trace: [ 483.477023][ T39] [ 483.477034][ T39] __schedule+0x169e/0x54f0 [ 483.477069][ T39] ? __lock_acquire+0x6b5/0x2d10 [ 483.477108][ T39] ? __pfx___schedule+0x10/0x10 [ 483.477142][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.477162][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.477197][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.477219][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.477237][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.477267][ T39] ? linkwatch_event+0xe/0x60 [ 483.477294][ T39] ? process_one_work+0x8b7/0x1710 [ 483.477320][ T39] ? linkwatch_event+0xe/0x60 [ 483.477341][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.477373][ T39] ? process_one_work+0x8b7/0x1710 [ 483.477392][ T39] linkwatch_event+0xe/0x60 [ 483.477413][ T39] process_one_work+0x9a3/0x1710 [ 483.477452][ T39] ? __pfx_process_one_work+0x10/0x10 [ 483.477470][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 483.477508][ T39] worker_thread+0xba8/0x11e0 [ 483.477537][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 483.477561][ T39] ? __kthread_parkme+0x7a/0x1f0 [ 483.477584][ T39] ? __kthread_parkme+0x19c/0x1f0 [ 483.477611][ T39] kthread+0x388/0x470 [ 483.477634][ T39] ? __pfx_worker_thread+0x10/0x10 [ 483.477653][ T39] ? __pfx_kthread+0x10/0x10 [ 483.477677][ T39] ret_from_fork+0x514/0xb70 [ 483.477702][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 483.477723][ T39] ? __switch_to+0xc79/0x1410 [ 483.477743][ T39] ? __pfx_kthread+0x10/0x10 [ 483.477768][ T39] ret_from_fork_asm+0x1a/0x30 [ 483.477806][ T39] [ 483.477876][ T39] INFO: task kworker/u8:13:3067 blocked for more than 142 seconds. [ 483.477890][ T39] Not tainted syzkaller #0 [ 483.477898][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.477906][ T39] task:kworker/u8:13 state:D stack:21560 pid:3067 tgid:3067 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 483.477949][ T39] Workqueue: ipv6_addrconf addrconf_verify_work [ 483.477976][ T39] Call Trace: [ 483.477981][ T39] [ 483.477992][ T39] __schedule+0x169e/0x54f0 [ 483.478044][ T39] ? __pfx___schedule+0x10/0x10 [ 483.478079][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.478099][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.478135][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.478156][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.478175][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.478203][ T39] ? addrconf_verify_work+0x19/0x30 [ 483.478232][ T39] ? process_one_work+0x8b7/0x1710 [ 483.478250][ T39] ? addrconf_verify_work+0x19/0x30 [ 483.478280][ T39] ? addrconf_verify_work+0x19/0x30 [ 483.478302][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.478325][ T39] ? process_one_work+0x8b7/0x1710 [ 483.478343][ T39] addrconf_verify_work+0x19/0x30 [ 483.478377][ T39] process_one_work+0x9a3/0x1710 [ 483.478417][ T39] ? __pfx_process_one_work+0x10/0x10 [ 483.478439][ T39] ? do_raw_spin_lock+0x12b/0x2f0 [ 483.478477][ T39] worker_thread+0xba8/0x11e0 [ 483.478507][ T39] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 483.478531][ T39] ? __kthread_parkme+0x7a/0x1f0 [ 483.478552][ T39] ? __kthread_parkme+0x19c/0x1f0 [ 483.478579][ T39] kthread+0x388/0x470 [ 483.478603][ T39] ? __pfx_worker_thread+0x10/0x10 [ 483.478620][ T39] ? __pfx_kthread+0x10/0x10 [ 483.478645][ T39] ret_from_fork+0x514/0xb70 [ 483.478670][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 483.478691][ T39] ? __switch_to+0xc79/0x1410 [ 483.478712][ T39] ? __pfx_kthread+0x10/0x10 [ 483.478741][ T39] ret_from_fork_asm+0x1a/0x30 [ 483.478779][ T39] [ 483.478841][ T39] INFO: task syz-executor:7219 blocked for more than 142 seconds. [ 483.478854][ T39] Not tainted syzkaller #0 [ 483.478863][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.478871][ T39] task:syz-executor state:D stack:25512 pid:7219 tgid:7219 ppid:1 task_flags:0x400140 flags:0x00080002 [ 483.478915][ T39] Call Trace: [ 483.478920][ T39] [ 483.478931][ T39] __schedule+0x169e/0x54f0 [ 483.478984][ T39] ? __pfx___schedule+0x10/0x10 [ 483.479019][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.479039][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.479073][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.479095][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.479114][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.479142][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.479168][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.479194][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.479214][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.479238][ T39] inet_rtm_newaddr+0x404/0x1ad0 [ 483.479259][ T39] ? __kernel_text_address+0xd/0x30 [ 483.479287][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.479325][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.479346][ T39] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 483.479375][ T39] ? kasan_save_track+0x3e/0x80 [ 483.479393][ T39] ? kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 483.479417][ T39] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 483.479436][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.479457][ T39] ? __lock_acquire+0x6b5/0x2d10 [ 483.479493][ T39] netlink_rcv_skb+0x232/0x4b0 [ 483.479517][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.479538][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 483.479571][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.479593][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.479616][ T39] netlink_unicast+0x780/0x920 [ 483.479647][ T39] netlink_sendmsg+0x813/0xb40 [ 483.479677][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.479700][ T39] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 483.479730][ T39] ? aa_sock_msg_perm+0x122/0x200 [ 483.479754][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.479774][ T39] sock_sendmsg_nosec+0x112/0x150 [ 483.479803][ T39] __sys_sendto+0x402/0x590 [ 483.479829][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 483.479873][ T39] ? fput_close_sync+0x11f/0x240 [ 483.479892][ T39] ? __pfx_fput_close_sync+0x10/0x10 [ 483.479920][ T39] __x64_sys_sendto+0xde/0x100 [ 483.479941][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.479960][ T39] do_syscall_64+0x15f/0xf80 [ 483.479982][ T39] ? trace_irq_disable+0x3b/0x140 [ 483.480004][ T39] ? clear_bhb_loop+0x40/0x90 [ 483.480026][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.480044][ T39] RIP: 0033:0x7fa677eed60e [ 483.480076][ T39] RSP: 002b:00007ffe260131a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 483.480095][ T39] RAX: ffffffffffffffda RBX: 000055557dc67500 RCX: 00007fa677eed60e [ 483.480108][ T39] RDX: 0000000000000028 RSI: 00007fa678cd4670 RDI: 0000000000000003 [ 483.480119][ T39] RBP: 0000000000000001 R08: 00007ffe26013224 R09: 000000000000000c [ 483.480130][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 483.480141][ T39] R13: 0000000000000000 R14: 00007fa678cd4670 R15: 0000000000000000 [ 483.480168][ T39] [ 483.480176][ T39] INFO: task syz-executor:7231 blocked for more than 142 seconds. [ 483.480189][ T39] Not tainted syzkaller #0 [ 483.480198][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.480205][ T39] task:syz-executor state:D stack:21920 pid:7231 tgid:7231 ppid:1 task_flags:0x400140 flags:0x00080002 [ 483.480245][ T39] Call Trace: [ 483.480251][ T39] [ 483.480262][ T39] __schedule+0x169e/0x54f0 [ 483.480313][ T39] ? __pfx___schedule+0x10/0x10 [ 483.480347][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.480375][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.480411][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.480431][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.480451][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.480467][ T39] ? copy_net_ns+0x50e/0x730 [ 483.480495][ T39] ? ip_tunnel_init_net+0x2d7/0x840 [ 483.480524][ T39] ? ip_tunnel_init_net+0x2d7/0x840 [ 483.480552][ T39] ? ip_tunnel_init_net+0x2d7/0x840 [ 483.480573][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.480596][ T39] ip_tunnel_init_net+0x2d7/0x840 [ 483.480624][ T39] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 483.480653][ T39] ? __kmalloc_noprof+0x408/0x7b0 [ 483.480682][ T39] ops_init+0x35c/0x5c0 [ 483.480711][ T39] setup_net+0x118/0x340 [ 483.480732][ T39] ? __pfx_setup_net+0x10/0x10 [ 483.480750][ T39] ? mutex_rt_init_lockdep+0x66/0x80 [ 483.480772][ T39] ? preinit_net+0x4b5/0x7d0 [ 483.480792][ T39] copy_net_ns+0x50e/0x730 [ 483.480814][ T39] create_new_namespaces+0x3e7/0x6a0 [ 483.480840][ T39] ? security_capable+0x7e/0x2c0 [ 483.480869][ T39] unshare_nsproxy_namespaces+0x149/0x190 [ 483.480893][ T39] ksys_unshare+0x57d/0x9f0 [ 483.480926][ T39] ? __pfx_ksys_unshare+0x10/0x10 [ 483.480957][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.480977][ T39] __x64_sys_unshare+0x38/0x50 [ 483.480999][ T39] do_syscall_64+0x15f/0xf80 [ 483.481021][ T39] ? trace_irq_disable+0x3b/0x140 [ 483.481043][ T39] ? clear_bhb_loop+0x40/0x90 [ 483.481065][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.481083][ T39] RIP: 0033:0x7f700426e0a7 [ 483.481099][ T39] RSP: 002b:00007ffdd0010d58 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 483.481118][ T39] RAX: ffffffffffffffda RBX: 00007f70044e5f40 RCX: 00007f700426e0a7 [ 483.481131][ T39] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 483.481142][ T39] RBP: 00007f70044e67b8 R08: 0000000000000000 R09: 0000000000000000 [ 483.481153][ T39] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 483.481163][ T39] R13: 0000000000000003 R14: 00007ffdd0010f98 R15: 0000000000000000 [ 483.481191][ T39] [ 483.481200][ T39] INFO: task syz-executor:7365 blocked for more than 142 seconds. [ 483.481213][ T39] Not tainted syzkaller #0 [ 483.481221][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.481229][ T39] task:syz-executor state:D stack:25752 pid:7365 tgid:7365 ppid:1 task_flags:0x400140 flags:0x00080002 [ 483.481271][ T39] Call Trace: [ 483.481277][ T39] [ 483.481288][ T39] __schedule+0x169e/0x54f0 [ 483.481307][ T39] ? unwind_next_frame+0xa6/0x2550 [ 483.481382][ T39] ? __pfx___schedule+0x10/0x10 [ 483.481418][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.481438][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.481473][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.481494][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.481513][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.481542][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.481568][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.481595][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.481614][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.481644][ T39] inet_rtm_newaddr+0x404/0x1ad0 [ 483.481666][ T39] ? __kernel_text_address+0xd/0x30 [ 483.481693][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.481731][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.481752][ T39] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 483.481770][ T39] ? kasan_save_track+0x3e/0x80 [ 483.481788][ T39] ? kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 483.481811][ T39] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 483.481830][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.481851][ T39] ? __lock_acquire+0x6b5/0x2d10 [ 483.481886][ T39] netlink_rcv_skb+0x232/0x4b0 [ 483.481909][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.481930][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 483.481963][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.481984][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.482010][ T39] netlink_unicast+0x780/0x920 [ 483.482040][ T39] netlink_sendmsg+0x813/0xb40 [ 483.482070][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.482093][ T39] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 483.482123][ T39] ? aa_sock_msg_perm+0x122/0x200 [ 483.482146][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.482167][ T39] sock_sendmsg_nosec+0x112/0x150 [ 483.482196][ T39] __sys_sendto+0x402/0x590 [ 483.482222][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 483.482266][ T39] ? exc_page_fault+0x6a/0xc0 [ 483.482292][ T39] ? do_user_addr_fault+0xc6f/0x1340 [ 483.482317][ T39] __x64_sys_sendto+0xde/0x100 [ 483.482339][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.482358][ T39] do_syscall_64+0x15f/0xf80 [ 483.482389][ T39] ? trace_irq_disable+0x3b/0x140 [ 483.482411][ T39] ? clear_bhb_loop+0x40/0x90 [ 483.482433][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.482451][ T39] RIP: 0033:0x7f3e63ddd60e [ 483.482466][ T39] RSP: 002b:00007fffebb673f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 483.482484][ T39] RAX: ffffffffffffffda RBX: 0000555558b51500 RCX: 00007f3e63ddd60e [ 483.482497][ T39] RDX: 0000000000000028 RSI: 00007f3e64bc4670 RDI: 0000000000000003 [ 483.482508][ T39] RBP: 0000000000000001 R08: 00007fffebb67474 R09: 000000000000000c [ 483.482519][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 483.482530][ T39] R13: 0000000000000000 R14: 00007f3e64bc4670 R15: 0000000000000000 [ 483.482557][ T39] [ 483.482565][ T39] INFO: task syz-executor:7374 blocked for more than 142 seconds. [ 483.482578][ T39] Not tainted syzkaller #0 [ 483.482586][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 483.482593][ T39] task:syz-executor state:D stack:25752 pid:7374 tgid:7374 ppid:1 task_flags:0x400140 flags:0x00080002 [ 483.482636][ T39] Call Trace: [ 483.482642][ T39] [ 483.482652][ T39] __schedule+0x169e/0x54f0 [ 483.482673][ T39] ? unwind_next_frame+0xa6/0x2550 [ 483.482724][ T39] ? __pfx___schedule+0x10/0x10 [ 483.482759][ T39] rt_mutex_schedule+0x76/0xf0 [ 483.482778][ T39] rt_mutex_slowlock_block+0x508/0x680 [ 483.482814][ T39] rt_mutex_slowlock+0x2dc/0x780 [ 483.482834][ T39] ? rt_mutex_slowlock+0x1fd/0x780 [ 483.482854][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 483.482883][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.482909][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.482936][ T39] ? inet_rtm_newaddr+0x404/0x1ad0 [ 483.482956][ T39] mutex_lock_nested+0x168/0x1d0 [ 483.482979][ T39] inet_rtm_newaddr+0x404/0x1ad0 [ 483.483000][ T39] ? __kernel_text_address+0xd/0x30 [ 483.483027][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.483064][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 483.483085][ T39] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 483.483103][ T39] ? kasan_save_track+0x3e/0x80 [ 483.483121][ T39] ? kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 483.483143][ T39] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 483.483162][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.483183][ T39] ? __lock_acquire+0x6b5/0x2d10 [ 483.483219][ T39] netlink_rcv_skb+0x232/0x4b0 [ 483.483240][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 483.483262][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 483.483294][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.483315][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 483.483342][ T39] netlink_unicast+0x780/0x920 [ 483.483380][ T39] netlink_sendmsg+0x813/0xb40 [ 483.483411][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.483434][ T39] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 483.483462][ T39] ? aa_sock_msg_perm+0x122/0x200 [ 483.483484][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.483504][ T39] sock_sendmsg_nosec+0x112/0x150 [ 483.483533][ T39] __sys_sendto+0x402/0x590 [ 483.483559][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 483.483603][ T39] ? exc_page_fault+0x6a/0xc0 [ 483.483628][ T39] ? do_user_addr_fault+0xc6f/0x1340 [ 483.483652][ T39] __x64_sys_sendto+0xde/0x100 [ 483.483673][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.483692][ T39] do_syscall_64+0x15f/0xf80 [ 483.483713][ T39] ? trace_irq_disable+0x3b/0x140 [ 483.483733][ T39] ? clear_bhb_loop+0x40/0x90 [ 483.483754][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.483772][ T39] RIP: 0033:0x7f4619e6d60e [ 483.483787][ T39] RSP: 002b:00007fff40169328 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 483.483806][ T39] RAX: ffffffffffffffda RBX: 000055555dd6b500 RCX: 00007f4619e6d60e [ 483.483818][ T39] RDX: 0000000000000028 RSI: 00007f461ac54670 RDI: 0000000000000003 [ 483.483830][ T39] RBP: 0000000000000001 R08: 00007fff401693a4 R09: 000000000000000c [ 483.483840][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 483.483851][ T39] R13: 0000000000000000 R14: 00007f461ac54670 R15: 0000000000000000 [ 483.483878][ T39] [ 483.483904][ T39] [ 483.483904][ T39] Showing all locks held in the system: [ 483.483914][ T39] 4 locks held by rcuc/0/21: [ 483.483924][ T39] #0: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 483.483970][ T39] #1: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 483.484012][ T39] #2: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 [ 483.484055][ T39] #3: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 483.484104][ T39] 5 locks held by ksoftirqd/1/31: [ 483.484114][ T39] #0: ffffffff8e05f300 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 483.484157][ T39] #1: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 483.484201][ T39] #2: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 483.484244][ T39] #3: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 [ 483.484287][ T39] #4: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 483.484334][ T39] 3 locks held by kworker/1:0/32: [ 483.484344][ T39] #0: ffff88813fe0b938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 483.484397][ T39] #1: ffffc90000a6fc40 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 483.484440][ T39] #2: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 483.484491][ T39] 1 lock held by khungtaskd/39: [ 483.484500][ T39] #0: ffffffff8e1c8180 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 483.484548][ T39] 6 locks held by kworker/u8:6/152: [ 483.484558][ T39] #0: ffff88801b6d6138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 483.484601][ T39] #1: ffffc9000155fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 483.484643][ T39] #2: ffffffff8f580da0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 483.484687][ T39] #3: ffff88805db2d160 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x420 [ 483.484730][ T39] #4: ffff88803a10c310 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x142/0x420 [ 483.484776][ T39] #5: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x13a/0x830 [ 483.484829][ T39] 3 locks held by kworker/u8:7/1027: [ 483.484839][ T39] #0: ffff88813fe4c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 483.484882][ T39] #1: ffffc90005cc7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 483.484925][ T39] #2: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 483.484986][ T39] 3 locks held by kworker/u8:13/3067: [ 483.484997][ T39] #0: ffff888032590138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x890/0x1710 [ 483.485040][ T39] #1: ffffc9000ed6fc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710 [ 483.485084][ T39] #2: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 483.485136][ T39] 2 locks held by getty/5360: [ 483.485146][ T39] #0: ffff888035b8b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 483.485194][ T39] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 483.485244][ T39] 1 lock held by syz.3.123/6153: [ 483.485254][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 483.491213][ T39] 1 lock held by syz-executor/7219: [ 483.491225][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491274][ T39] 2 locks held by syz-executor/7231: [ 483.491284][ T39] #0: ffffffff8f580da0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 [ 483.491326][ T39] #1: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2d7/0x840 [ 483.491383][ T39] 1 lock held by syz.2.414/7345: [ 483.491393][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 483.491438][ T39] 1 lock held by syz-executor/7365: [ 483.491448][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491494][ T39] 1 lock held by syz-executor/7374: [ 483.491504][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491548][ T39] 1 lock held by syz-executor/7382: [ 483.491557][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491603][ T39] 1 lock held by syz-executor/7384: [ 483.491612][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491656][ T39] 1 lock held by syz-executor/7393: [ 483.491666][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491710][ T39] 1 lock held by syz-executor/7397: [ 483.491720][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491766][ T39] 1 lock held by syz-executor/7410: [ 483.491776][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491820][ T39] 1 lock held by syz-executor/7417: [ 483.491830][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491875][ T39] 1 lock held by syz-executor/7423: [ 483.491885][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491930][ T39] 1 lock held by syz-executor/7428: [ 483.491940][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.491985][ T39] 1 lock held by syz-executor/7438: [ 483.491995][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.492042][ T39] 1 lock held by syz-executor/7443: [ 483.492052][ T39] #0: ffffffff8f590278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 483.492107][ T39] [ 483.492111][ T39] ============================================= [ 483.492111][ T39] [ 483.492135][ T39] NMI backtrace for cpu 1 [ 483.492160][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 483.492208][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 483.492217][ T39] Call Trace: [ 483.492224][ T39] [ 483.492231][ T39] dump_stack_lvl+0xe8/0x150 [ 483.492256][ T39] nmi_cpu_backtrace+0x274/0x2d0 [ 483.492275][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 483.492298][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 483.492319][ T39] sys_info+0x135/0x170 [ 483.492356][ T39] watchdog+0xfd3/0x1030 [ 483.492392][ T39] ? watchdog+0x1c9/0x1030 [ 483.492416][ T39] kthread+0x388/0x470 [ 483.492441][ T39] ? __pfx_watchdog+0x10/0x10 [ 483.492459][ T39] ? __pfx_kthread+0x10/0x10 [ 483.492483][ T39] ret_from_fork+0x514/0xb70 [ 483.492506][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 483.492526][ T39] ? __switch_to+0xc79/0x1410 [ 483.492547][ T39] ? __pfx_kthread+0x10/0x10 [ 483.492577][ T39] ret_from_fork_asm+0x1a/0x30 [ 483.492612][ T39] [ 483.492639][ T39] Sending NMI from CPU 1 to CPUs 0: [ 483.492674][ C0] NMI backtrace for cpu 0 [ 483.492688][ C0] CPU: 0 UID: 0 PID: 21 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 483.492704][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 483.492712][ C0] RIP: 0010:save_dst_trace_buffer+0x1a2/0x5b0 [ 483.492737][ C0] Code: f7 dc 48 89 1c 24 48 8d 9b e0 91 5a 9a 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 74 08 48 89 df e8 c2 a7 1f f9 48 83 3b 00 <74> 07 e8 e7 1d b6 f8 eb 23 48 89 df be 08 00 00 00 e8 48 aa 1f f9 [ 483.492748][ C0] RSP: 0018:ffffc900001a6860 EFLAGS: 00000286 [ 483.492762][ C0] RAX: dffffc0000000000 RBX: ffffffff9a722160 RCX: ffff88801da9dc40 [ 483.492773][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 483.492783][ C0] RBP: ffffc900001a6a00 R08: 0000000000000000 R09: 0000000000000100 [ 483.492792][ C0] R10: ffffc900001a67c0 R11: fffff52000034cfc R12: e00000000cb1bbd3 [ 483.492803][ C0] R13: e00000000cb1bbd2 R14: 1ffffffff34e442c R15: e00000000cb1bbd2 [ 483.492814][ C0] FS: 0000000000000000(0000) GS:ffff888125cd3000(0000) knlGS:0000000000000000 [ 483.492826][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 483.492836][ C0] CR2: 000055dbc73c1a38 CR3: 000000004e1ea000 CR4: 00000000003526f0 [ 483.492850][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001800 [ 483.492858][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 483.492867][ C0] Call Trace: [ 483.492873][ C0] [ 483.492882][ C0] ? __pfx_save_dst_trace_buffer+0x10/0x10 [ 483.492901][ C0] ? ref_tracker_alloc+0x2c2/0x4a0 [ 483.492919][ C0] ? dst_init+0x26d/0x490 [ 483.492936][ C0] ? dst_alloc+0x12a/0x170 [ 483.492953][ C0] ? ip_route_output_key_hash_rcu+0x14d0/0x25e0 [ 483.492973][ C0] ? ip_route_output_key_hash+0x18d/0x2a0 [ 483.492990][ C0] ? ip_route_output_flow+0x2a/0x150 [ 483.493006][ C0] ? ip_route_me_harder+0x742/0xf90 [ 483.493024][ C0] ? synproxy_send_tcp+0x34c/0x670 [ 483.493043][ C0] ? synproxy_send_client_synack+0x8c1/0xe30 [ 483.493061][ C0] ? nft_synproxy_eval_v4+0x34a/0x4e0 [ 483.493082][ C0] ? nft_synproxy_do_eval+0x305/0x580 [ 483.493100][ C0] ? nft_do_chain+0x467/0x19f0 [ 483.493113][ C0] ? nft_do_chain_inet+0x360/0x4b0 [ 483.493133][ C0] ? nf_hook_slow+0xc5/0x220 [ 483.493150][ C0] ? NF_HOOK+0x21f/0x3c0 [ 483.493164][ C0] ? NF_HOOK+0x336/0x3c0 [ 483.493177][ C0] ? process_backlog+0x569/0xc60 [ 483.493191][ C0] ? __napi_poll+0xab/0x550 [ 483.493204][ C0] ? net_rx_action+0x696/0xe00 [ 483.493217][ C0] ? handle_softirqs+0x1de/0x6d0 [ 483.493233][ C0] ? __local_bh_enable_ip+0x170/0x2b0 [ 483.493248][ C0] ? nf_hook_slow+0xc5/0x220 [ 483.493265][ C0] ? NF_HOOK+0x21f/0x3c0 [ 483.493278][ C0] ? NF_HOOK+0x336/0x3c0 [ 483.493291][ C0] ? process_backlog+0x569/0xc60 [ 483.493305][ C0] ? rcu_is_watching+0x15/0xb0 [ 483.493323][ C0] dst_init+0x26d/0x490 [ 483.493343][ C0] dst_alloc+0x12a/0x170 [ 483.493362][ C0] ip_route_output_key_hash_rcu+0x14d0/0x25e0 [ 483.493385][ C0] ? ip_route_output_key_hash+0xd8/0x2a0 [ 483.493404][ C0] ip_route_output_key_hash+0x18d/0x2a0 [ 483.493425][ C0] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 483.493450][ C0] ip_route_output_flow+0x2a/0x150 [ 483.493466][ C0] ? ip_route_me_harder+0x730/0xf90 [ 483.493485][ C0] ip_route_me_harder+0x742/0xf90 [ 483.493508][ C0] ? __pfx_ip_route_me_harder+0x10/0x10 [ 483.493532][ C0] ? __cookie_v4_init_sequence+0x25d/0x500 [ 483.493551][ C0] synproxy_send_tcp+0x34c/0x670 [ 483.493572][ C0] synproxy_send_client_synack+0x8c1/0xe30 [ 483.493597][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 483.493622][ C0] ? nft_redir_eval+0x238/0x4a0 [ 483.493639][ C0] ? synproxy_pernet+0x45/0x270 [ 483.493660][ C0] nft_synproxy_eval_v4+0x34a/0x4e0 [ 483.493683][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 483.493703][ C0] ? nf_ip_checksum+0x13c/0x510 [ 483.493719][ C0] nft_synproxy_do_eval+0x305/0x580 [ 483.493738][ C0] ? irqentry_exit+0x218/0x730 [ 483.493759][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 483.493778][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 483.493803][ C0] nft_do_chain+0x467/0x19f0 [ 483.493823][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 483.493840][ C0] ? ktime_get+0x45/0x220 [ 483.493865][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 483.493886][ C0] nft_do_chain_inet+0x360/0x4b0 [ 483.493907][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 483.493931][ C0] ? NF_HOOK+0x9e/0x3c0 [ 483.493945][ C0] ? NF_HOOK+0x9e/0x3c0 [ 483.493960][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 483.493981][ C0] nf_hook_slow+0xc5/0x220 [ 483.494001][ C0] NF_HOOK+0x21f/0x3c0 [ 483.494016][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 483.494031][ C0] ? NF_HOOK+0x9e/0x3c0 [ 483.494044][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 483.494057][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 483.494074][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 483.494091][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 483.494108][ C0] NF_HOOK+0x336/0x3c0 [ 483.494121][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 483.494141][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 483.494156][ C0] ? NF_HOOK+0x9e/0x3c0 [ 483.494169][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 483.494185][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 483.494201][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 483.494215][ C0] ? process_backlog+0x271/0xc60 [ 483.494229][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 483.494244][ C0] process_backlog+0x569/0xc60 [ 483.494259][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 483.494283][ C0] __napi_poll+0xab/0x550 [ 483.494298][ C0] net_rx_action+0x696/0xe00 [ 483.494319][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 483.494333][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 483.494354][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 483.494376][ C0] handle_softirqs+0x1de/0x6d0 [ 483.494397][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 483.494414][ C0] ? rcu_cpu_kthread+0x205/0x1470 [ 483.494434][ C0] rcu_cpu_kthread+0x9e8/0x1470 [ 483.494457][ C0] ? rcu_cpu_kthread+0x205/0x1470 [ 483.494480][ C0] ? __pfx_rcu_cpu_kthread+0x10/0x10 [ 483.494501][ C0] ? schedule+0x90/0x360 [ 483.494520][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 483.494538][ C0] smpboot_thread_fn+0x541/0xa50 [ 483.494556][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 483.494578][ C0] kthread+0x388/0x470 [ 483.494597][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 483.494619][ C0] ? __pfx_kthread+0x10/0x10 [ 483.494638][ C0] ret_from_fork+0x514/0xb70 [ 483.494656][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 483.494672][ C0] ? __switch_to+0xc79/0x1410 [ 483.494687][ C0] ? __pfx_kthread+0x10/0x10 [ 483.494706][ C0] ret_from_fork_asm+0x1a/0x30 [ 483.494731][ C0] [ 483.504433][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 483.504461][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 483.504483][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 483.504493][ T39] Call Trace: [ 483.504501][ T39] [ 483.504508][ T39] vpanic+0x56c/0xa60 [ 483.504536][ T39] ? __pfx___schedule+0x10/0x10 [ 483.504559][ T39] ? __pfx_vpanic+0x10/0x10 [ 483.504590][ T39] panic+0xc5/0xd0 [ 483.504611][ T39] ? __pfx_panic+0x10/0x10 [ 483.504635][ T39] ? preempt_schedule_thunk+0x16/0x30 [ 483.504658][ T39] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 483.504681][ T39] watchdog+0x102c/0x1030 [ 483.504710][ T39] ? watchdog+0x1c9/0x1030 [ 483.504736][ T39] kthread+0x388/0x470 [ 483.504760][ T39] ? __pfx_watchdog+0x10/0x10 [ 483.504778][ T39] ? __pfx_kthread+0x10/0x10 [ 483.504802][ T39] ret_from_fork+0x514/0xb70 [ 483.504826][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 483.504846][ T39] ? __switch_to+0xc79/0x1410 [ 483.504867][ T39] ? __pfx_kthread+0x10/0x10 [ 483.504891][ T39] ret_from_fork_asm+0x1a/0x30 [ 483.504928][ T39] [ 483.505298][ T39] Kernel Offset: disabled