last executing test programs: 1.77599351s ago: executing program 2 (id=1003): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f00000002c0)={0x74, 0x0, 0x30}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x22}) 1.617013013s ago: executing program 2 (id=1008): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002380)=ANY=[@ANYBLOB="4000000010003904000000000000000080040000", @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100736974001400028006000e000600000008000100", @ANYRES16=r0], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendto$packet(r0, &(0x7f0000000400)="05d936277c6f5422007f83477ca1b278e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53bcc", 0x28, 0x8c1, &(0x7f0000000200)={0x11, 0x86dd, r2, 0x1, 0x4, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) 1.616671007s ago: executing program 1 (id=1009): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0xd) 1.513067036s ago: executing program 2 (id=1012): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002d00)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xd, 0x7}, {0xfff1, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0xc050) recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/233, 0xe9}], 0x1}, 0x20) 1.464864952s ago: executing program 2 (id=1015): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff1c, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='generic_add_lease\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='generic_add_lease\x00', r1}, 0x18) r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r2, 0x400, 0x0) 1.412173069s ago: executing program 2 (id=1017): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.238034533s ago: executing program 2 (id=1019): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b00010100000009040000020701010009050102"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0xfffffffffffffc4a}}) syz_open_dev$char_usb(0xc, 0xb4, 0x2000000) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000008c0)=ANY=[], 0x0) syz_usb_disconnect(r1) 1.095885448s ago: executing program 3 (id=1022): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x1, r2, 0x8000000, r0}, 0x10) 988.974871ms ago: executing program 3 (id=1023): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "7817765dc5914c3d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", "58ff90f0", "2a1e833e7af32011"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304, 0x34}, "f6d0d3f08ab5712f", "ae224a0d7a4a27ff96d9692d2c7408f1", "7209ca5b", "eaeb2dc30b59bf2f"}, 0x28) 988.786961ms ago: executing program 3 (id=1024): ioperm(0x3, 0x5, 0x7) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$kcm(0x23, 0x2, 0x0) readv(r1, &(0x7f0000000780)=[{&(0x7f0000000280)=""/206, 0xce}], 0x1) timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 689.939734ms ago: executing program 0 (id=1026): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x80800) r2 = accept4(r1, 0x0, 0x0, 0x80000) sendmsg$nl_netfilter(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)={0x904, 0x2, 0xb, 0x5, 0x70bd28, 0x25dfdbfe, {0x2, 0x0, 0x1}, [@generic="3224f839282bf6600479735e95e8baff1e9ad54d26d806ea18f2724c27d3fbe32ae6e21618e5", @generic="feb6f1990814e5304c7bf10e57b786b02f0b5b4be83216990315d0126c6f75d2dd408ec4d7b90c4a30c69b68bb1559ac0738770d96ab0aef1784e5ff7348b85acfcc5b528c9c0f834bd35dfe62cf238b93f8439c194108af635e691b876cb7fc7ab83aa3727b23114c977eabf2af3a5204418743324051ab8a3713785ee6", @generic="a538234d0b482f1ff8a242d5cc21e6c496d9b6a94e831030e5ddf6e6aca63f9ffced3b695184781e782414c01d3ad3208ea317517259f4f80c72d76a0242744fa720ee02083493ceed85c473e4ec8f3b84ce01c9d6706ac8b64ddc05ec84f79714689e24c17747ccab207d261056047831d0bda944ac32d0f30f51065bd05cf1b1c4af83243f62c81218d48dbcb8f1d9bd9bf666506bcd6aa858b523", @generic="a319eab493487b63075311f294df9e54903d307d8e80354d4ba57be9e5038a4e97bcfd90c07e6d63b37b4f3316eb3eedcef95438bb61e9f7bb959410381c1e50584a6ffee33e6486fbf583018fd2c332adf70520dd9c9d24410db42f46c0dbeef6683e636abc54dc51ae661ac81157eafc5c344bed872574220b067332820e9cc64b56072c46828d8a82ceaa61bef475fab5bc3a306b4bb93904f3b22d5ce166a04be1ae805829929047892cebbdd15d636716c1f9ce64be6b39c80877084f96bfd7acf9b2c92f2ca850fdc244a5f04fc6c0c28e99dda4247f056df3c20ffe08d9fba9e51b", @generic="4a4e4d35bc67da3309bba20531a92a6027a3f02b55c1e664d0e6f048849e3c650c05d051f33e9017f069e4aa24ba7aa05c417b3de8f4e418c8efd319378e9fd02298cc53efcf1c7cc0e4e3d18ba3a85445c99435e6d56a3da4bf935d4ca1923572ada4ecc7becc4d5cb4955830f9d7689bcb07f07004a4a1733bbbdcdaeae6cdeadc7570459f6de3276d76d50f74ab6b6137adda62806b27b758aec0e8fd0b70", @nested={0x625, 0x127, 0x0, 0x1, [@typed={0x8, 0xd0, 0x0, 0x0, @pid}, @typed={0x8, 0xae, 0x0, 0x0, @fd}, @generic="d498ef132d998e564836d960128546e46eebe48f4cb4fb2cdf1d56c29ca4192d10fce31f967c12fa587568c9adbc26b738fedc2ada2aaaa40e663df84dac67630f415122e99ee7ba1ff509041b5ae2d53e7736282b5807086b9c02464b7cbea24e3ef85d4998ad7c5ee4c070c332e9d2aebf2c0d2e849366f5ca0671665e9e22f19fc743fb3fb6f9adb86efcdecb62c777fda47067466829a0ac5ddebcadbe9bcf0f5835dea3b84a5d1037317366c55b74cfed049f25fe36547dd75fe7b16bc4c6a16e3a200b916921d1f4c606db90418460a665ed0309cbaeadbbf1db70f52d28da4b6766325537cb5377bda505e7f6a63d55a54ee78bfad043af566230be88f86abcfcca37e877ebf2b5208ebd81ae20e334b65f83a0bb9ccac364e2e02fa8a26360df4508ef2b972bd68fc69056478af162836b782b92538208f81036e81175095c4091f0eca3737224a83115b4df6c5ed711fa95989a834e21b155191c267a2ec7fde8eee6a0e60fc0814bb97080b24d47d258f37ec8f02e850bbf1167a63a88f335c9d189c50f1f2a2d14578af3e4d804982aeb883a98e91e7a01ae1d5506081594d94cf08de41a4cba2037eaa790b4272025b1bdf0d8fde059ca3fb9b42a914cade882f689dafcd11d287be6519a30de12fab369de0ab3076673aac7580051ae0219835c39c5851657bde2606531cc7bbfa2210f2f21b12162991b752d9513217d13c4bc9b6e7baf108d0f0b20096492745478f7d074f763fda09725c3042d85c9c048f3e9ef92b0b058803646c25cd18d149e37a47e13c227477676b9ae39d70babfb8b1b645836d29cd01efbe374775fdc1b54b9e571f5dbb6adb489785b7204aa88ebe0d05dae33379bfd8b115fbe13b2e31bc6be3cd15d2665e6807d956cde4f6aeed73e59f733c7e5c9a0a416b2ce607375972b4c1778da7cbb993535faed3711a6a72fa2ee3ad4e4845bcd3d3041ece1545c2ae6619837dfda38e6891171b8d22d1bd4996ea48cb4126874569f7b327ce9eb53e06e387bc79ed8f16174d951b0ad179679b0e532d5723f56a4c2164982adfce62364d2047c7e30748a0259625b6b6d3f59e294c85e76eafc8318c0a211fb101846db96c2f8d3d1c2779eb27fe6e219a168bd69d931d9aa24aa9273cdc914a196ab848b204dad5e200ec437c06ad602f8f6d0682c2e6c1cf704df26f237f55c5e14ae98035a581766a0714197c49240ac9b918498385bd46cad12d2884b4387aa94c190146744a0ee713f031ca10fb2f194cb98ed7dac7172e019d8567bfd42594651076ab0f73faa015644bf4c16e80a50f5498e8f5b27f80c46f483cfab2af551534353f00bff8a943a1830d3823a6bea68ad51a7608c852d5b6964379b1e495aa42db6f45a4cf0678c684cbc41f90b7e0e838f05bb82b0f6fa9ec5d9eb4501b5f3b2934f2b79486b399c623a10911632de850aef230fe49caa270b204c436b20b2acd48113a17b49310043989bd50de9640412a84a6e02a1899866e9c4edcca8cf3113a18ad9fbd3adacf62903d927ad03416e81b3de2b9ccd6759cf99f8b319586983a25b012f1881f3eaafd364d80e243ba80e7b627bf814c6ba8e9407370f98321cbdfb6001f276d31b7b35331a5b4419104aad06fcc0ff54a253468ec6b3bc130e64365bab4aebc5d4e296629a9018eed888acdbb32161335f1406fb59ff2cacf64218d4836b11f17d6eaf7c87a4848bdf517c1c5f49a8ecfc4b9940773d478e123827dd22f20cabd4520ed977418d6b137f94ff63a336eddbc2536d4623f7e8004b9ff0b7aae331b06c811be7efefc89617abf9b678ac267db6963a7778ca1564e4270998f50d63f9383c20dcd9c53f60e6e987f81bc4637d2c84efb67c22dfcbb0803ccf767bdb4913005b667d8e010785e0e07ebee9f72ea325e9fd8b7f08beedb128682df630c2c53dd95196ad20c8fa8c588548d82405e5c0ebabb3a4e7347ce03dd919ab94ac9ca8366ff5797163f568200b9465439d2f1dcbdf9ee76567bea8ce14c1f7bfbe78563e84961ce8427b802d608a70defdc93ef57648291b48319f127b2463f8f7f254b297eb83c4e552168581963e9a3dc0f65a10483499f223f16a8e9e4cc48d0cfd8ad543d6350cbfa99abd3ccb6226d194681fc949f81c0abe3e00b9e8f539f2aa5ebe3c6c85775c7398fd"]}]}, 0x904}, 0x1, 0x0, 0x0, 0x2000}, 0x20000004) 689.771646ms ago: executing program 1 (id=1027): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 689.637431ms ago: executing program 0 (id=1028): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 613.904899ms ago: executing program 1 (id=1029): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x0) 605.911233ms ago: executing program 1 (id=1030): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x301) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000011c0)={0x0, 0x0, r3, r4, 0x2000, 0x0, 0x2, 0x802, {0x6, 0x2, 0x7, 0x69, 0xf4b, 0x0, 0x2, 0x45, 0x412f, 0xe154, 0x1000, 0xf6, 0xb2bf, 0x3, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}}) 588.176494ms ago: executing program 0 (id=1031): r0 = syz_io_uring_setup(0x305, &(0x7f0000000300)={0x0, 0x8006d85, 0x400, 0x7, 0x20011b}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x8, 0x0, r3, 0x0, 0x0, 0x0, 0x100}) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000006c0)={0xfffffffffffffff7, r3, 0x2, {0x27fffffffffffff, 0x4}, 0x54}, 0x1) 511.276135ms ago: executing program 1 (id=1032): r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xb47, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x25, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffcf, 0x0, 0x0, 0x9}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4000, @fd, 0xd4b, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x473a, 0x74ee, 0x0, 0x0, 0x0) 507.008098ms ago: executing program 0 (id=1033): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040041}, 0x4044009) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x86dd, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 506.65448ms ago: executing program 1 (id=1034): r0 = gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f0000000080)="99", 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000140)='ns/uts\x00') 419.906446ms ago: executing program 0 (id=1035): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) openat$bsg(0xffffff9c, 0x0, 0x327402, 0x0) nanosleep(0x0, 0x0) socket(0x1e, 0x3, 0xb4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x3, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x8042) 419.5171ms ago: executing program 0 (id=1036): migrate_pages(0x0, 0x0, &(0x7f0000000040)=0x6000000000000000, &(0x7f0000000180)=0x7) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f00000012c0)={0x0, 0x22, 0x5, {0x5, 0xc, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x0, 0x9, 0x7, &(0x7f00000000c0)={0x7, "0f5dbf9b3c0000004700510000000000000000000200"}}) 110.433788ms ago: executing program 3 (id=1037): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000021c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x880}], 0x1, 0x80001) recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1}, 0x40}], 0x1, 0x102, 0x0) 110.239735ms ago: executing program 3 (id=1038): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x48014) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x13, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}]}, 0x24}, 0x1, 0x0, 0x0, 0x44001}, 0xc800) 0s ago: executing program 3 (id=1039): unshare(0x62040200) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x20, 0xfb, 0x6}]}) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:34244' (ED25519) to the list of known hosts. [ 57.801399][ T5925] cgroup: Unknown subsys name 'net' [ 57.975650][ T5925] cgroup: Unknown subsys name 'cpuset' [ 57.980195][ T5925] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.927217][ T5925] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.706079][ T5943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.710747][ T5943] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.714537][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.717973][ T5940] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.720691][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.723701][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.726132][ T5940] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.728510][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.729342][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.731494][ T5940] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.734008][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.736203][ T5940] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.739011][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.741182][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.743208][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.746329][ T5940] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.747158][ T5952] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.749390][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.751149][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.753349][ T5952] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.115872][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 63.140289][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 63.181713][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 63.187199][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 63.374281][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.383556][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.386855][ T5938] bridge_slave_0: entered allmulticast mode [ 63.389681][ T5938] bridge_slave_0: entered promiscuous mode [ 63.402594][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.405505][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.408518][ T5947] bridge_slave_0: entered allmulticast mode [ 63.412117][ T5947] bridge_slave_0: entered promiscuous mode [ 63.416099][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.418884][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.421936][ T5941] bridge_slave_0: entered allmulticast mode [ 63.425682][ T5941] bridge_slave_0: entered promiscuous mode [ 63.429892][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.432702][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.435850][ T5938] bridge_slave_1: entered allmulticast mode [ 63.438520][ T5938] bridge_slave_1: entered promiscuous mode [ 63.454767][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.457093][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.459402][ T5947] bridge_slave_1: entered allmulticast mode [ 63.462108][ T5947] bridge_slave_1: entered promiscuous mode [ 63.474464][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.477408][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.480341][ T5941] bridge_slave_1: entered allmulticast mode [ 63.484212][ T5941] bridge_slave_1: entered promiscuous mode [ 63.528582][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.531499][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.534581][ T5948] bridge_slave_0: entered allmulticast mode [ 63.538100][ T5948] bridge_slave_0: entered promiscuous mode [ 63.544119][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.549610][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.555056][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.558530][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.561531][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.565032][ T5948] bridge_slave_1: entered allmulticast mode [ 63.568954][ T5948] bridge_slave_1: entered promiscuous mode [ 63.573960][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.579651][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.585269][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.637598][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.649873][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.674583][ T5947] team0: Port device team_slave_0 added [ 63.688824][ T5941] team0: Port device team_slave_0 added [ 63.692736][ T5938] team0: Port device team_slave_0 added [ 63.696948][ T5947] team0: Port device team_slave_1 added [ 63.710544][ T5941] team0: Port device team_slave_1 added [ 63.714997][ T5938] team0: Port device team_slave_1 added [ 63.741631][ T5948] team0: Port device team_slave_0 added [ 63.753829][ T5948] team0: Port device team_slave_1 added [ 63.793634][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.796638][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.806943][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.812372][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.815208][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.823486][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.828382][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.831305][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.841900][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.857674][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.860514][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.870817][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.876304][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.878652][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.886941][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.891322][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.894423][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.904985][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.909963][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.912811][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.923268][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.935008][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.937901][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.947006][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.026175][ T5938] hsr_slave_0: entered promiscuous mode [ 64.029526][ T5938] hsr_slave_1: entered promiscuous mode [ 64.037372][ T5947] hsr_slave_0: entered promiscuous mode [ 64.040405][ T5947] hsr_slave_1: entered promiscuous mode [ 64.043260][ T5947] debugfs: 'hsr0' already exists in 'hsr' [ 64.045616][ T5947] Cannot create hsr debugfs directory [ 64.072045][ T5948] hsr_slave_0: entered promiscuous mode [ 64.074372][ T5948] hsr_slave_1: entered promiscuous mode [ 64.076489][ T5948] debugfs: 'hsr0' already exists in 'hsr' [ 64.078232][ T5948] Cannot create hsr debugfs directory [ 64.085931][ T5941] hsr_slave_0: entered promiscuous mode [ 64.088278][ T5941] hsr_slave_1: entered promiscuous mode [ 64.090459][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 64.092927][ T5941] Cannot create hsr debugfs directory [ 64.439083][ T5938] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.447088][ T5938] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.452018][ T5938] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.456673][ T5938] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.504010][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.508945][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.513898][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.526300][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.612240][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.619539][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.626639][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.635329][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.691696][ T5948] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.697991][ T5948] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.705212][ T5948] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.713584][ T5948] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.754988][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.800464][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.806234][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.823599][ T3732] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.826048][ T3732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.834824][ T5940] Bluetooth: hci0: command tx timeout [ 64.834990][ T5943] Bluetooth: hci3: command tx timeout [ 64.835347][ T5297] Bluetooth: hci1: command tx timeout [ 64.837903][ T5951] Bluetooth: hci2: command tx timeout [ 64.852996][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.856121][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.872183][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.896045][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.898561][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.917650][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.929592][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.931898][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.954772][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.968136][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.975164][ T1240] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.977714][ T1240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.992792][ T1240] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.995840][ T1240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.020999][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.036568][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.039496][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.049221][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.052146][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.175715][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.220333][ T5938] veth0_vlan: entered promiscuous mode [ 65.229457][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.237910][ T5938] veth1_vlan: entered promiscuous mode [ 65.265011][ T5938] veth0_macvtap: entered promiscuous mode [ 65.272252][ T5938] veth1_macvtap: entered promiscuous mode [ 65.281525][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.309376][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.323781][ T5947] veth0_vlan: entered promiscuous mode [ 65.327987][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.337809][ T1179] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.341432][ T1179] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.347749][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.354764][ T1179] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.364758][ T1179] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.388673][ T5947] veth1_vlan: entered promiscuous mode [ 65.419926][ T5941] veth0_vlan: entered promiscuous mode [ 65.468629][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.471924][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.486461][ T5941] veth1_vlan: entered promiscuous mode [ 65.492817][ T5948] veth0_vlan: entered promiscuous mode [ 65.504311][ T5947] veth0_macvtap: entered promiscuous mode [ 65.518495][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.521820][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.526060][ T5947] veth1_macvtap: entered promiscuous mode [ 65.541518][ T5941] veth0_macvtap: entered promiscuous mode [ 65.555317][ T5941] veth1_macvtap: entered promiscuous mode [ 65.574357][ T5948] veth1_vlan: entered promiscuous mode [ 65.582569][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.586428][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.604787][ T5948] veth0_macvtap: entered promiscuous mode [ 65.610001][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.615617][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.619628][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.638268][ T82] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.647088][ T5948] veth1_macvtap: entered promiscuous mode [ 65.651360][ T82] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.663170][ T82] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.670113][ T82] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.679832][ T82] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.682634][ T82] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.704519][ T82] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.708247][ T82] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.746318][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.775411][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.810171][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.815703][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.819185][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.822291][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.835900][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.838921][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.841169][ T3732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.853572][ T3732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.867974][ T6032] syz.3.5 uses obsolete (PF_INET,SOCK_PACKET) [ 65.883856][ T3732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.886750][ T3732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.910323][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.914422][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.952413][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.959941][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.013711][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.016733][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.118582][ T6045] CIFS: VFS: Malformed UNC in devname [ 66.262221][ T40] audit: type=1326 audit(1765538641.945:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.0.1" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f85579 code=0x0 [ 66.642187][ T6077] netlink: 'syz.3.19': attribute type 1 has an invalid length. [ 66.723868][ T6083] warning: `syz.2.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 66.913991][ T5940] Bluetooth: hci0: command tx timeout [ 66.914032][ T5951] Bluetooth: hci1: command tx timeout [ 66.915788][ T5297] Bluetooth: hci2: command tx timeout [ 66.915809][ T5297] Bluetooth: hci3: command tx timeout [ 66.946673][ T6102] netlink: 'syz.2.29': attribute type 10 has an invalid length. [ 66.956799][ T6102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.968799][ T6102] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 67.014444][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.023337][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.028327][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.031320][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.048280][ T6102] bond0: (slave batadv0): Releasing backup interface [ 67.063667][ T5951] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 67.067149][ T5951] CPU: 0 UID: 0 PID: 5951 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 67.067165][ T5951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.067173][ T5951] Workqueue: hci3 hci_rx_work [ 67.067189][ T5951] Call Trace: [ 67.067194][ T5951] [ 67.067220][ T5951] dump_stack_lvl+0x16c/0x1f0 [ 67.067247][ T5951] sysfs_warn_dup+0x7f/0xa0 [ 67.067261][ T5951] sysfs_create_dir_ns+0x24b/0x2b0 [ 67.067273][ T5951] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 67.067284][ T5951] ? find_held_lock+0x2b/0x80 [ 67.067302][ T5951] ? do_raw_spin_unlock+0x172/0x230 [ 67.067316][ T5951] kobject_add_internal+0x2c4/0x9d0 [ 67.067336][ T5951] kobject_add+0x16e/0x240 [ 67.067352][ T5951] ? __pfx_kobject_add+0x10/0x10 [ 67.067370][ T5951] ? kobject_put+0xaf/0x6f0 [ 67.067384][ T5951] ? _raw_spin_unlock+0x28/0x50 [ 67.067400][ T5951] device_add+0x288/0x1980 [ 67.067414][ T5951] ? __pfx_dev_set_name+0x10/0x10 [ 67.067428][ T5951] ? __pfx_device_add+0x10/0x10 [ 67.067441][ T5951] ? mgmt_send_event_skb+0x2fb/0x460 [ 67.067456][ T5951] hci_conn_add_sysfs+0x1a8/0x260 [ 67.067471][ T5951] le_conn_complete_evt+0x11ed/0x1fa0 [ 67.067486][ T5951] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 67.067502][ T5951] hci_le_enh_conn_complete_evt+0x23d/0x3b0 [ 67.067514][ T5951] ? skb_pull_data+0x166/0x210 [ 67.067526][ T5951] hci_le_meta_evt+0x357/0x610 [ 67.067539][ T5951] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 67.067553][ T5951] hci_event_packet+0x685/0x1210 [ 67.067565][ T5951] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 67.067578][ T5951] ? __pfx_hci_event_packet+0x10/0x10 [ 67.067591][ T5951] ? kcov_remote_start+0x399/0x680 [ 67.067606][ T5951] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.067623][ T5951] hci_rx_work+0x2c9/0x1020 [ 67.067636][ T5951] process_one_work+0x9ba/0x1b20 [ 67.067654][ T5951] ? __pfx_process_one_work+0x10/0x10 [ 67.067669][ T5951] ? assign_work+0x1a0/0x250 [ 67.067682][ T5951] worker_thread+0x6c8/0xf10 [ 67.067699][ T5951] ? __pfx_worker_thread+0x10/0x10 [ 67.067711][ T5951] kthread+0x3c5/0x780 [ 67.067723][ T5951] ? __pfx_kthread+0x10/0x10 [ 67.067734][ T5951] ? rcu_is_watching+0x12/0xc0 [ 67.067749][ T5951] ? __pfx_kthread+0x10/0x10 [ 67.067760][ T5951] ret_from_fork+0x983/0xb10 [ 67.067772][ T5951] ? __pfx_ret_from_fork+0x10/0x10 [ 67.067784][ T5951] ? __switch_to+0x7af/0x10d0 [ 67.067798][ T5951] ? __pfx_kthread+0x10/0x10 [ 67.067809][ T5951] ret_from_fork_asm+0x1a/0x30 [ 67.067832][ T5951] [ 67.067848][ T5951] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 67.157248][ T5951] Bluetooth: hci3: failed to register connection device [ 67.286521][ T40] audit: type=1326 audit(1765538642.975:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.3.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7fc00000 [ 67.847601][ T6110] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 67.849698][ T6110] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 67.856132][ T6110] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 67.859233][ T6110] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 67.861259][ T6110] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 67.864315][ T6110] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 67.868475][ T6110] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 67.870422][ T6110] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 67.874896][ T6110] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 67.879354][ T6110] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 67.881369][ T6110] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 67.885246][ T6110] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 67.889258][ T6110] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 67.896014][ T82] Bluetooth: hci4: Frame reassembly failed (-84) [ 67.948964][ T40] audit: type=1326 audit(1765538643.635:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.3.34" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7fc00000 [ 67.975092][ T6133] ======================================================= [ 67.975092][ T6133] WARNING: The mand mount option has been deprecated and [ 67.975092][ T6133] and is ignored by this kernel. Remove the mand [ 67.975092][ T6133] option from the mount to silence this warning. [ 67.975092][ T6133] ======================================================= [ 68.096468][ T6140] mmap: syz.0.43 (6140) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 68.266949][ T6152] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size. [ 68.298308][ T6154] netlink: 96 bytes leftover after parsing attributes in process `syz.2.50'. [ 68.318958][ T6156] 8021q: adding VLAN 0 to HW filter on device bond1 [ 68.323602][ T6156] bridge0: port 3(bond1) entered blocking state [ 68.325700][ T6156] bridge0: port 3(bond1) entered disabled state [ 68.333959][ T6156] bond1: entered allmulticast mode [ 68.347473][ T6156] bond1: entered promiscuous mode [ 68.349819][ T6156] bridge0: port 3(bond1) entered blocking state [ 68.352253][ T6156] bridge0: port 3(bond1) entered forwarding state [ 68.358253][ T1179] bridge0: port 3(bond1) entered disabled state [ 68.610890][ T6186] binder: 6179:6186 ioctl c0306201 80000480 returned -14 [ 68.637230][ T6189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'. [ 68.726363][ T6192] netlink: 12 bytes leftover after parsing attributes in process `syz.2.67'. [ 68.890126][ T6198] netlink: 28 bytes leftover after parsing attributes in process `syz.2.70'. [ 69.323860][ T5951] Bluetooth: hci0: command 0x0419 tx timeout [ 69.873222][ T5940] Bluetooth: hci1: command 0x0419 tx timeout [ 69.875221][ T5951] Bluetooth: hci2: command 0x0419 tx timeout [ 69.953155][ T5951] Bluetooth: hci4: command 0x1003 tx timeout [ 69.953747][ T5940] Bluetooth: hci3: command 0x0419 tx timeout [ 69.955717][ T5943] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 70.336826][ T6261] loop2: detected capacity change from 0 to 7 [ 70.345102][ T6261] Dev loop2: unable to read RDB block 7 [ 70.347403][ T6261] loop2: AHDI p1 [ 70.348709][ T6261] loop2: partition table partially beyond EOD, truncated [ 70.802687][ T6281] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.898555][ T6281] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.947994][ T6281] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.030513][ T6281] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.119607][ T1240] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.132783][ T1240] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.148416][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.162154][ T1240] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.254166][ T6295] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 71.273479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.302221][ T6297] Driver unsupported XDP return value 0 on prog (id 23) dev N/A, expect packet loss! [ 71.393689][ T5940] Bluetooth: hci0: command 0x0419 tx timeout [ 71.963205][ T5940] Bluetooth: hci2: command 0x0419 tx timeout [ 71.963218][ T5943] Bluetooth: hci1: command 0x0419 tx timeout [ 72.033540][ T5943] Bluetooth: hci3: command 0x0419 tx timeout [ 72.373773][ T6367] Zero length message leads to an empty skb [ 72.527071][ T6381] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2182154216 (4364308432 ns) > initial count (507749598 ns). Using initial count to start timer. [ 72.650752][ T5943] Bluetooth: hci2: unexpected event for opcode 0x2023 [ 72.667039][ T6387] loop2: detected capacity change from 0 to 7 [ 72.684584][ T5945] Dev loop2: unable to read RDB block 7 [ 72.687025][ T5945] loop2: unable to read partition table [ 72.690211][ T5945] loop2: partition table beyond EOD, truncated [ 72.699276][ T6387] Dev loop2: unable to read RDB block 7 [ 72.701697][ T6387] loop2: unable to read partition table [ 72.706798][ T6387] loop2: partition table beyond EOD, truncated [ 72.709450][ T6387] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 73.324823][ T12] wlan1: Trigger new scan to find an IBSS to join [ 73.402067][ T40] audit: type=1326 audit(1765538649.085:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.1.166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7fc00000 [ 73.483235][ T5943] Bluetooth: hci0: command 0x0419 tx timeout [ 74.033182][ T5943] Bluetooth: hci1: command 0x0419 tx timeout [ 74.113144][ T5943] Bluetooth: hci3: command 0x0419 tx timeout [ 74.132733][ T40] audit: type=1326 audit(1765538649.815:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.1.166" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf709d579 code=0x7fc00000 [ 74.208660][ T53] libceph: connect (1)[c::]:6789 error -101 [ 74.211936][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 74.248942][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.179'. [ 74.254773][ T54] libceph: connect (1)[c::]:6789 error -101 [ 74.257788][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 74.484373][ T53] libceph: connect (1)[c::]:6789 error -101 [ 74.486408][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 74.513380][ T54] libceph: connect (1)[c::]:6789 error -101 [ 74.515456][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 74.993411][ T53] libceph: connect (1)[c::]:6789 error -101 [ 74.995536][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 75.029277][ T6463] ceph: No mds server is up or the cluster is laggy [ 75.029283][ T6470] ceph: No mds server is up or the cluster is laggy [ 75.032427][ T54] libceph: connect (1)[c::]:6789 error -101 [ 75.035834][ T54] libceph: mon0 (1)[c::]:6789 connect error [ 75.373185][ T5979] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 75.544981][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.549340][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.552866][ T5979] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 75.553163][ T5943] Bluetooth: hci0: command 0x0419 tx timeout [ 75.556227][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.190'. [ 75.557169][ T5979] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 75.565866][ T5979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.570699][ T5979] usb 6-1: config 0 descriptor?? [ 75.604554][ T6502] overlayfs: failed to clone upperpath [ 75.760260][ T6510] syzkaller1: entered promiscuous mode [ 75.762606][ T6510] syzkaller1: entered allmulticast mode [ 75.967301][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 75.969574][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 75.992114][ T5979] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 76.113173][ T5943] Bluetooth: hci1: command 0x0419 tx timeout [ 76.193236][ T5943] Bluetooth: hci3: command 0x0419 tx timeout [ 76.804286][ T53] usb 6-1: USB disconnect, device number 2 [ 76.943170][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 77.113693][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 77.117672][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 77.120594][ T10] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 77.123900][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.128792][ T10] usb 7-1: config 0 descriptor?? [ 77.501711][ T6603] netlink: 'syz.1.234': attribute type 4 has an invalid length. [ 77.548138][ T10] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 77.593502][ T6609] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.751531][ T10] usb 7-1: USB disconnect, device number 2 [ 78.194797][ T6655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.257'. [ 78.273138][ T5943] Bluetooth: hci3: command 0x0419 tx timeout [ 78.286208][ T3732] wlan1: Trigger new scan to find an IBSS to join [ 78.612835][ T6673] macvlan2: entered promiscuous mode [ 78.615324][ T6673] macvlan2: entered allmulticast mode [ 78.617597][ T6673] gretap0: entered allmulticast mode [ 78.864111][ T6697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.272'. [ 78.874007][ T6697] vxlan0: entered promiscuous mode [ 78.877480][ T163] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.880955][ T163] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.886316][ T163] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.893559][ T163] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 79.236543][ T12] wlan1: Creating new IBSS network, BSSID 82:ae:52:4a:51:88 [ 79.643176][ T54] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 79.824537][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.830606][ T54] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.834787][ T54] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 79.839245][ T54] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 79.842836][ T54] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.848635][ T54] usb 8-1: config 0 descriptor?? [ 80.004730][ T6747] Bluetooth: MGMT ver 1.23 [ 80.006918][ T6747] Bluetooth: hci0: invalid len left 7, exp >= 35 [ 80.125068][ T6757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.300'. [ 80.214812][ T6762] bad cache= option: none [ 80.214812][ T6762] async : no [ 80.214812][ T6762] blocksize : 1 [ 80.214812][ T6762] ivsize : 16 [ 80.214812][ T6762] maxauthsize : 16 [ 80.214812][ T6762] geniv : [ 80.214812][ T6762] [ 80.214812][ T6762] name : cbcmac(aes) [ 80.214812][ T6762] driver : cbcmac(aes-aesni) [ 80.214812][ T6762] module : kernel [ 80.214812][ T6762] priority : 300 [ 80.214812][ T6762] refcnt : 1 [ 80.214812][ T6762] selftest : passed [ 80.214812][ T6762] internal : no [ 80.214812][ T6762] type : shash [ 80.214812][ T6762] blocksize : 16 [ 80.214812][ T6762] digestsize : 16 [ 80.214812][ T6762] [ 80.214812][ T6762] name : pkcs1(rsa [ 80.214812][ T6762] [ 80.238973][ T6762] CIFS: VFS: bad cache= option: none [ 80.238973][ T6762] async : no [ 80.238973][ T6762] blocksize : 1 [ 80.238973][ T6762] ivsize : 16 [ 80.238973][ T6762] maxauthsize : 16 [ 80.238973][ T6762] geniv : [ 80.238973][ T6762] [ 80.238973][ T6762] name : cbcmac(aes) [ 80.238973][ T6762] driver : cbcmac(aes-aesni) [ 80.238973][ T6762] module : kernel [ 80.238973][ T6762] priority : 300 [ 80.238973][ T6762] refcnt : 1 [ 80.238973][ T6762] selftest : passed [ 80.238973][ T6762] internal : no [ 80.238973][ T6762] type : shash [ 80.238973][ T6762] blocksize : 16 [ 80.238973][ T6762] digestsize : 16 [ 80.238973][ T6762] [ 80.238973][ T6762] name : pkcs1(rsa [ 80.261492][ T6762] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 80.268381][ T54] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 80.272690][ T6762] CIFS mount error: No usable UNC path provided in device string! [ 80.272690][ T6762] [ 80.277844][ T6762] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 80.363344][ T5943] Bluetooth: hci3: command 0x0419 tx timeout [ 82.238081][ T6875] input: syz0 as /devices/virtual/input/input5 [ 82.240182][ T6875] input: failed to attach handler leds to device input5, error: -6 [ 82.337877][ T6025] usb 8-1: USB disconnect, device number 2 [ 82.357213][ T40] audit: type=1326 audit(1765538658.045:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.352" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cd579 code=0x0 [ 82.473204][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 82.624887][ T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 82.629151][ T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 82.632923][ T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 82.636637][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.643596][ T6873] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 82.650172][ T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 82.852471][ T1457] usb 7-1: USB disconnect, device number 3 [ 83.115701][ T5943] Bluetooth: hci3: Unknown advertising packet type: 0x1e [ 83.115731][ T5943] Bluetooth: hci3: Malformed LE Event: 0x0d [ 83.460018][ T6915] input: syz0 as /devices/virtual/input/input6 [ 84.075344][ T6952] netlink: 96 bytes leftover after parsing attributes in process `syz.0.378'. [ 84.193409][ T1179] wlan1: Trigger new scan to find an IBSS to join [ 84.389060][ T6964] netlink: 67 bytes leftover after parsing attributes in process `syz.2.384'. [ 84.450114][ T6972] binder: 6971:6972 ioctl 40046205 0 returned -22 [ 84.573001][ T6978] netlink: 'syz.1.391': attribute type 6 has an invalid length. [ 85.266675][ T6993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.397'. [ 85.427802][ T6999] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 85.793245][ T5940] Bluetooth: hci4: command 0x1003 tx timeout [ 85.793266][ T5943] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 85.986840][ T7033] netlink: 67 bytes leftover after parsing attributes in process `syz.3.415'. [ 86.150005][ T7039] syzkaller1: entered promiscuous mode [ 86.152415][ T7039] syzkaller1: entered allmulticast mode [ 86.198467][ T73] cfg80211: failed to load regulatory.db [ 86.434565][ T7055] input: syz0 as /devices/virtual/input/input7 [ 86.553837][ T7060] input: syz1 as /devices/virtual/input/input8 [ 86.581847][ T6043] udevd[6043]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 86.840999][ T40] audit: type=1326 audit(1765538918.523:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7078 comm="syz.0.436" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f85579 code=0x0 [ 86.870989][ T7083] netlink: 'syz.1.437': attribute type 9 has an invalid length. [ 86.873726][ T7083] netlink: 'syz.1.437': attribute type 11 has an invalid length. [ 86.876283][ T7083] netlink: 'syz.1.437': attribute type 12 has an invalid length. [ 86.878742][ T7083] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.437'. [ 86.882256][ T7083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.437'. [ 87.200910][ T7094] input: syz1 as /devices/virtual/input/input9 [ 87.269879][ T7099] netlink: 28 bytes leftover after parsing attributes in process `syz.2.445'. [ 87.313316][ T3732] wlan1: Trigger new scan to find an IBSS to join [ 87.503152][ T1022] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 87.533978][ T40] audit: type=1326 audit(1765538919.223:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.542790][ T40] audit: type=1326 audit(1765538919.223:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.549717][ T40] audit: type=1326 audit(1765538919.223:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.557384][ T40] audit: type=1326 audit(1765538919.223:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 87.563503][ T40] audit: type=1326 audit(1765538919.223:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 87.569657][ T40] audit: type=1326 audit(1765538919.223:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 87.575883][ T40] audit: type=1326 audit(1765538919.223:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 87.583179][ T40] audit: type=1326 audit(1765538919.223:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.591948][ T40] audit: type=1326 audit(1765538919.223:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.600022][ T40] audit: type=1326 audit(1765538919.223:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.2.451" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 87.654324][ T1022] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 87.657716][ T1022] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 87.660864][ T1022] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 87.664352][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.670047][ T7100] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 87.675720][ T1022] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 87.876614][ T54] usb 6-1: USB disconnect, device number 3 [ 87.951787][ T7152] netlink: 20 bytes leftover after parsing attributes in process `syz.3.466'. [ 88.610912][ T7164] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.615426][ T7164] netlink: 'syz.2.471': attribute type 12 has an invalid length. [ 88.618509][ T7164] netlink: 'syz.2.471': attribute type 29 has an invalid length. [ 88.625372][ T7164] netlink: 148 bytes leftover after parsing attributes in process `syz.2.471'. [ 88.628298][ T7164] netlink: 'syz.2.471': attribute type 2 has an invalid length. [ 88.630832][ T7164] netlink: 'syz.2.471': attribute type 3 has an invalid length. [ 88.634884][ T7164] netlink: 15 bytes leftover after parsing attributes in process `syz.2.471'. [ 88.923752][ T1457] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 89.074551][ T1457] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 89.077311][ T1457] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 89.080479][ T1457] usb 7-1: config 0 interface 0 has no altsetting 0 [ 89.084682][ T1457] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 89.087938][ T1457] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 89.090589][ T1457] usb 7-1: Product: syz [ 89.092027][ T1457] usb 7-1: Manufacturer: syz [ 89.093845][ T1457] usb 7-1: SerialNumber: syz [ 89.097190][ T1457] usb 7-1: config 0 descriptor?? [ 89.100591][ T1457] hub 7-1:0.0: bad descriptor, ignoring hub [ 89.102541][ T1457] hub 7-1:0.0: probe with driver hub failed with error -5 [ 89.106192][ T1457] usb 7-1: selecting invalid altsetting 0 [ 89.464936][ T7198] overlayfs: failed to clone upperpath [ 89.724624][ T7173] usb 7-1: reset high-speed USB device number 4 using dummy_hcd [ 90.098279][ T7173] usb 7-1: failed to restore interface 0 altsetting 251 (error=-71) [ 90.102329][ T6025] usb 7-1: USB disconnect, device number 4 [ 90.193270][ T1141] wlan1: Creating new IBSS network, BSSID 00:8d:ff:ff:00:00 [ 91.885234][ T7315] input: syz0 as /devices/virtual/input/input10 [ 91.918070][ T7320] netlink: 24 bytes leftover after parsing attributes in process `syz.3.537'. [ 91.937486][ T7320] netlink: 67 bytes leftover after parsing attributes in process `syz.3.537'. [ 92.557313][ T40] kauditd_printk_skb: 86 callbacks suppressed [ 92.557325][ T40] audit: type=1326 audit(1765538924.243:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7353 comm="syz.2.551" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f46579 code=0x0 [ 92.617838][ T7362] netlink: 'syz.1.554': attribute type 8 has an invalid length. [ 92.621403][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.1.554'. [ 92.629491][ T7362] bond0: entered promiscuous mode [ 92.632143][ T7362] bond_slave_0: entered promiscuous mode [ 92.635487][ T7362] bond_slave_1: entered promiscuous mode [ 92.639419][ T7362] gretap0: entered promiscuous mode [ 92.644787][ T7362] bond0: left promiscuous mode [ 92.647242][ T7362] bond_slave_0: left promiscuous mode [ 92.650560][ T7362] bond_slave_1: left promiscuous mode [ 92.659906][ T7362] gretap0: left promiscuous mode [ 92.765845][ T7370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.559'. [ 92.772436][ T7370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.559'. [ 92.894592][ T7376] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 93.340152][ T7408] netlink: 'syz.0.575': attribute type 9 has an invalid length. [ 93.343572][ T7408] netlink: 'syz.0.575': attribute type 11 has an invalid length. [ 93.346789][ T7408] netlink: 'syz.0.575': attribute type 12 has an invalid length. [ 93.350204][ T7408] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.575'. [ 93.418404][ T7412] netlink: 'syz.2.577': attribute type 4 has an invalid length. [ 93.425810][ T7412] netlink: 'syz.2.577': attribute type 4 has an invalid length. [ 93.453228][ T1022] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 93.634993][ T1022] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 93.638459][ T1022] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 93.643888][ T1022] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 93.648336][ T1022] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 93.652755][ T1022] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 93.658794][ T1022] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 93.662495][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.673571][ T1022] usb 6-1: config 0 descriptor?? [ 93.677162][ T7401] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 94.092778][ T1022] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xd [ 94.105713][ T1022] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 94.272488][ T40] audit: type=1326 audit(1765538925.953:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.2.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 94.282649][ T40] audit: type=1326 audit(1765538925.953:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.2.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 94.291938][ T40] audit: type=1326 audit(1765538925.963:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.2.592" exe="/syz-executor" sig=0 arch=40000003 syscall=258 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 94.303156][ T40] audit: type=1326 audit(1765538925.963:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.2.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 94.310097][ T40] audit: type=1326 audit(1765538925.963:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.2.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 94.358341][ T54] usb 6-1: USB disconnect, device number 4 [ 94.625853][ T7465] netlink: 24 bytes leftover after parsing attributes in process `syz.0.594'. [ 95.245000][ T7501] netlink: 92 bytes leftover after parsing attributes in process `syz.3.609'. [ 95.357023][ T7512] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 95.417912][ T7521] netlink: 'syz.3.620': attribute type 13 has an invalid length. [ 95.423502][ T7521] veth0_macvtap: left promiscuous mode [ 95.427290][ T7521] macvtap0: entered promiscuous mode [ 95.429445][ T7521] macvtap0: entered allmulticast mode [ 95.567271][ T7539] ALSA: seq fatal error: cannot create timer (-16) [ 95.743145][ T7040] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 95.905118][ T7040] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.908418][ T7040] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 95.911240][ T7040] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 95.914831][ T7040] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.920515][ T7040] usb 7-1: config 0 descriptor?? [ 95.924631][ T7040] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 95.927119][ T7040] dvb-usb: bulk message failed: -22 (3/0) [ 95.933020][ T7040] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 95.936503][ T7040] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 95.938870][ T7040] usb 7-1: media controller created [ 95.941787][ T7040] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 95.948567][ T7040] dvb-usb: bulk message failed: -22 (6/0) [ 95.950507][ T7040] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 95.956233][ T7040] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input12 [ 95.963651][ T7040] dvb-usb: schedule remote query interval to 150 msecs. [ 95.965975][ T7040] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 96.132760][ T6086] usb 7-1: USB disconnect, device number 5 [ 96.134628][ T7040] dvb-usb: bulk message failed: -22 (1/0) [ 96.137782][ T7040] dvb-usb: error while querying for an remote control event. [ 96.155250][ T6086] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 96.497858][ T7574] overlayfs: failed to clone upperpath [ 96.603993][ T7578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 96.610374][ T7578] vxlan1: entered promiscuous mode [ 96.749031][ T7584] overlayfs: statfs failed on './file0' [ 96.862517][ T7589] syzkaller1: entered promiscuous mode [ 96.865002][ T7589] syzkaller1: entered allmulticast mode [ 97.652048][ T7615] netlink: 830 bytes leftover after parsing attributes in process `syz.0.659'. [ 97.772970][ T7621] netlink: 'syz.0.662': attribute type 1 has an invalid length. [ 97.808391][ T7621] 8021q: adding VLAN 0 to HW filter on device bond2 [ 97.812497][ T7621] bond1: (slave bond2): making interface the new active one [ 97.817168][ T7621] bond1: (slave bond2): Enslaving as an active interface with an up link [ 97.954783][ T7635] netlink: 12 bytes leftover after parsing attributes in process `syz.0.667'. [ 97.957867][ T7635] bridge_slave_0: default FDB implementation only supports local addresses [ 97.961668][ T7635] netlink: 12 bytes leftover after parsing attributes in process `syz.0.667'. [ 97.966061][ T7635] bridge_slave_0: default FDB implementation only supports local addresses [ 98.394671][ T7662] "syz.0.677" (7662) uses obsolete ecb(arc4) skcipher [ 99.333384][ T7739] netlink: 'syz.1.708': attribute type 11 has an invalid length. [ 99.403455][ T7747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.711'. [ 99.813367][ T54] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 99.963208][ T54] usb 7-1: Using ep0 maxpacket: 32 [ 99.966238][ T54] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 99.969848][ T54] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 99.973694][ T54] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.980116][ T54] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 99.983197][ T54] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 99.985865][ T54] usb 7-1: Product: syz [ 99.987287][ T54] usb 7-1: Manufacturer: syz [ 99.988854][ T54] usb 7-1: SerialNumber: syz [ 99.997939][ T54] input: appletouch as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/input/input13 [ 100.200500][ T53] usb 7-1: USB disconnect, device number 6 [ 100.217010][ T53] appletouch 7-1:1.0: input: appletouch disconnected [ 100.363400][ T7812] syzkaller1: entered promiscuous mode [ 100.365776][ T7812] syzkaller1: entered allmulticast mode [ 100.496571][ T40] audit: type=1326 audit(1765538932.183:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7817 comm="syz.1.726" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0 [ 100.592445][ T7829] netlink: 'syz.3.729': attribute type 10 has an invalid length. [ 100.621060][ T7829] veth0_vlan: left promiscuous mode [ 100.624536][ T7829] veth0_vlan: entered promiscuous mode [ 100.628811][ T7829] team0: Device veth0_vlan failed to register rx_handler [ 101.051080][ T7862] "syz.2.745" (7862) uses obsolete ecb(arc4) skcipher [ 101.248378][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.754'. [ 101.479722][ T7902] ip6gre1: entered promiscuous mode [ 101.481984][ T7902] ip6gre1: entered allmulticast mode [ 101.675305][ T7923] netlink: 'syz.0.773': attribute type 10 has an invalid length. [ 101.686783][ T7923] veth0_vlan: left promiscuous mode [ 101.689409][ T7923] veth0_vlan: entered promiscuous mode [ 101.694694][ T7923] team0: Device veth0_vlan failed to register rx_handler [ 102.336269][ T7975] input: syz0 as /devices/virtual/input/input14 [ 103.461438][ T8065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.835'. [ 103.546609][ T8071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.838'. [ 104.000042][ T8103] ip6gre1: entered promiscuous mode [ 104.002117][ T8103] ip6gre1: entered allmulticast mode [ 104.078183][ T8112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'. [ 104.104279][ T8115] input: syz0 as /devices/virtual/input/input15 [ 105.037534][ T8176] netlink: 4 bytes leftover after parsing attributes in process `syz.1.884'. [ 105.511643][ T8204] netlink: 6 bytes leftover after parsing attributes in process `syz.2.895'. [ 105.536591][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.898'. [ 105.547816][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.898'. [ 105.551467][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.898'. [ 105.734431][ T8224] process 'syz.0.906' launched './file2' with NULL argv: empty string added [ 105.770719][ C0] Unknown status report in ack skb [ 105.796259][ T40] audit: type=1326 audit(1765538937.473:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8227 comm="syz.0.907" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 105.802085][ T8230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.908'. [ 105.803025][ T40] audit: type=1326 audit(1765538937.473:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8227 comm="syz.0.907" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 105.813146][ T40] audit: type=1326 audit(1765538937.473:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8227 comm="syz.0.907" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 105.837924][ T8230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.908'. [ 106.223167][ T1022] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 106.376369][ T1022] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.380183][ T1022] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 106.384496][ T1022] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 106.388568][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.394561][ T1022] usb 6-1: config 0 descriptor?? [ 106.404492][ T1022] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 106.407300][ T1022] dvb-usb: bulk message failed: -22 (3/0) [ 106.412674][ T1022] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 106.416286][ T1022] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 106.419032][ T1022] usb 6-1: media controller created [ 106.422471][ T1022] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 106.430312][ T1022] dvb-usb: bulk message failed: -22 (6/0) [ 106.433371][ T1022] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 106.437538][ T1022] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input16 [ 106.443549][ T1022] dvb-usb: schedule remote query interval to 150 msecs. [ 106.446418][ T1022] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 106.604839][ T1022] dvb-usb: bulk message failed: -22 (1/0) [ 106.612249][ T1022] dvb-usb: error while querying for an remote control event. [ 106.621246][ T1457] usb 6-1: USB disconnect, device number 5 [ 106.631988][ T1457] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 107.269966][ T8278] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 107.641128][ T8309] netlink: 'syz.2.942': attribute type 2 has an invalid length. [ 107.689816][ T8313] netlink: 'syz.0.944': attribute type 9 has an invalid length. [ 107.695185][ T8313] netlink: 'syz.0.944': attribute type 11 has an invalid length. [ 107.698538][ T8313] netlink: 'syz.0.944': attribute type 12 has an invalid length. [ 107.740684][ T8315] Invalid ELF header magic: != ELF [ 108.475477][ T8381] __nla_validate_parse: 4 callbacks suppressed [ 108.475492][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'. [ 108.482023][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'. [ 108.482257][ T40] audit: type=1326 audit(1765538940.163:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 108.497851][ T40] audit: type=1326 audit(1765538940.173:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 108.512149][ T40] audit: type=1326 audit(1765538940.173:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 108.520356][ T40] audit: type=1326 audit(1765538940.173:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 108.532225][ T40] audit: type=1326 audit(1765538940.183:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000 [ 108.539148][ T40] audit: type=1326 audit(1765538940.183:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 108.545750][ T40] audit: type=1326 audit(1765538940.183:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8382 comm="syz.2.974" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f46598 code=0x7ffc0000 [ 109.006145][ T8402] 9pnet: p9_errstr2errno: server reported unknown error ./file0 [ 109.213000][ T8416] netlink: 'syz.1.988': attribute type 1 has an invalid length. [ 109.216434][ T8416] netlink: 224 bytes leftover after parsing attributes in process `syz.1.988'. [ 109.312878][ T8426] input: syz0 as /devices/virtual/input/input17 [ 109.742509][ T8478] netlink: 'syz.0.1006': attribute type 4 has an invalid length. [ 109.761142][ T8478] netlink: 'syz.0.1006': attribute type 4 has an invalid length. [ 110.303156][ T1457] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 110.464814][ T1457] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 110.468667][ T1457] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 110.475089][ T1457] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 110.481796][ T1457] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 110.485677][ T1457] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.489047][ T1457] usb 7-1: Product: syz [ 110.490839][ T1457] usb 7-1: Manufacturer: syz [ 110.492812][ T1457] usb 7-1: SerialNumber: syz [ 110.499935][ T1457] hub 7-1:1.0: bad descriptor, ignoring hub [ 110.502522][ T1457] hub 7-1:1.0: probe with driver hub failed with error -5 [ 110.644615][ T8536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1028'. [ 110.648686][ T8536] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1028'. [ 110.727561][ T1457] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 110.834614][ T40] kauditd_printk_skb: 100 callbacks suppressed [ 110.834626][ T40] audit: type=1326 audit(1765538942.523:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.1034" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0 [ 111.349625][ T40] audit: type=1326 audit(1765538943.033:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8562 comm="syz.3.1039" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x0 [ 111.395123][ T53] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 111.397176][ T53] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 111.403128][ C2] ------------[ cut here ]------------ [ 111.405615][ C2] workqueue: cannot queue hci_cmd_timeout on wq hci0 [ 111.408389][ C2] WARNING: kernel/workqueue.c:2251 at 0x0, CPU#2: swapper/2/0 [ 111.411511][ C2] Modules linked in: [ 111.413356][ C2] CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.417735][ C2] Tainted: [L]=SOFTLOCKUP [ 111.419587][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.424064][ C2] RIP: 0010:__queue_work+0xca1/0x10e0 [ 111.426352][ C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 03 70 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 10 11 3a 00 90 0f 0b 90 e9 15 f6 [ 111.434260][ C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010046 [ 111.436836][ C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009f3c151 [ 111.440121][ C2] RDX: ffff888045043178 RSI: ffffffff8a684760 RDI: ffffffff908ba4d0 [ 111.443581][ C2] RBP: ffff88804f9e0a70 R08: 0000000000000005 R09: 0000000000000000 [ 111.446886][ C2] R10: 0000000000000100 R11: ffff88801d6cd4b0 R12: 1ffff920000a718f [ 111.450143][ C2] R13: ffffffff81844610 R14: 0000000000000101 R15: ffff888045043000 [ 111.453359][ C2] FS: 0000000000000000(0000) GS:ffff888097902000(0000) knlGS:0000000000000000 [ 111.457022][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.459777][ C2] CR2: 0000000030310ffc CR3: 0000000055e2f000 CR4: 0000000000352ef0 [ 111.463073][ C2] Call Trace: [ 111.464516][ C2] [ 111.465789][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.468299][ C2] call_timer_fn+0x19a/0x5a0 [ 111.470315][ C2] ? __pfx_call_timer_fn+0x10/0x10 [ 111.472488][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.474985][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.477455][ C2] ? __run_timers+0x559/0xae0 [ 111.479472][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.481949][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.484356][ C2] __run_timers+0x569/0xae0 [ 111.486256][ C2] ? __pfx___run_timers+0x10/0x10 [ 111.488440][ C2] ? rcu_is_watching+0x12/0xc0 [ 111.490615][ C2] ? asm_sysvec_call_function_single+0x1a/0x20 [ 111.493216][ C2] ? lockdep_hardirqs_on+0x7c/0x110 [ 111.495444][ C2] run_timer_base+0x114/0x190 [ 111.497451][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 111.499672][ C2] run_timer_softirq+0x1a/0x40 [ 111.501705][ C2] handle_softirqs+0x219/0x950 [ 111.503797][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 111.506104][ C2] __irq_exit_rcu+0x109/0x170 [ 111.508148][ C2] irq_exit_rcu+0x9/0x30 [ 111.509818][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 111.511670][ C2] [ 111.512616][ C2] [ 111.513806][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.516117][ C2] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 111.517945][ C2] Code: 66 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 73 87 15 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 111.524782][ C2] RSP: 0018:ffffc9000047fde8 EFLAGS: 00000286 [ 111.527353][ C2] RAX: 00000000000c8881 RBX: 0000000000000002 RCX: ffffffff8b74d6d9 [ 111.530685][ C2] RDX: 0000000000000000 RSI: ffffffff8dac831b RDI: ffffffff8bf2a980 [ 111.534018][ C2] RBP: ffffed1003ad9930 R08: 0000000000000001 R09: ffffed100568673d [ 111.537353][ C2] R10: ffff88802b4339eb R11: ffff88801d6cd4b0 R12: 0000000000000002 [ 111.540703][ C2] R13: ffff88801d6cc980 R14: ffffffff9088b3d0 R15: 0000000000000000 [ 111.544043][ C2] ? ct_kernel_exit+0x139/0x190 [ 111.546170][ C2] default_idle+0x13/0x20 [ 111.548030][ C2] default_idle_call+0x6c/0xb0 [ 111.549948][ C2] do_idle+0x38d/0x510 [ 111.551447][ C2] ? __pfx_do_idle+0x10/0x10 [ 111.553410][ C2] cpu_startup_entry+0x4f/0x60 [ 111.555415][ C2] start_secondary+0x21d/0x2d0 [ 111.557436][ C2] ? __pfx_start_secondary+0x10/0x10 [ 111.559685][ C2] common_startup_64+0x13e/0x148 [ 111.561760][ C2] [ 111.563032][ C2] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 111.566027][ C2] CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.570312][ C2] Tainted: [L]=SOFTLOCKUP [ 111.572083][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.576425][ C2] Call Trace: [ 111.577856][ C2] [ 111.579103][ C2] dump_stack_lvl+0x3d/0x1f0 [ 111.581025][ C2] vpanic+0x640/0x6f0 [ 111.582585][ C2] panic+0xca/0xd0 [ 111.584172][ C2] ? __pfx_panic+0x10/0x10 [ 111.586077][ C2] ? check_panic_on_warn+0x1f/0xb0 [ 111.588063][ C2] check_panic_on_warn+0xab/0xb0 [ 111.589709][ C2] __warn+0x108/0x3c0 [ 111.591352][ C2] __report_bug+0x2a0/0x520 [ 111.593308][ C2] ? __pfx___report_bug+0x10/0x10 [ 111.595458][ C2] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 111.597704][ C2] ? look_up_lock_class+0x59/0x130 [ 111.599834][ C2] report_bug_entry+0xb2/0x220 [ 111.601743][ C2] ? __queue_work+0xca1/0x10e0 [ 111.603621][ C2] handle_bug+0x18a/0x260 [ 111.605486][ C2] exc_invalid_op+0x17/0x50 [ 111.607435][ C2] asm_exc_invalid_op+0x1a/0x20 [ 111.609519][ C2] RIP: 0010:__queue_work+0xca1/0x10e0 [ 111.611784][ C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 03 70 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 10 11 3a 00 90 0f 0b 90 e9 15 f6 [ 111.619830][ C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010046 [ 111.622354][ C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009f3c151 [ 111.625602][ C2] RDX: ffff888045043178 RSI: ffffffff8a684760 RDI: ffffffff908ba4d0 [ 111.628555][ C2] RBP: ffff88804f9e0a70 R08: 0000000000000005 R09: 0000000000000000 [ 111.631102][ C2] R10: 0000000000000100 R11: ffff88801d6cd4b0 R12: 1ffff920000a718f [ 111.633810][ C2] R13: ffffffff81844610 R14: 0000000000000101 R15: ffff888045043000 [ 111.636438][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.638358][ C2] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 111.640143][ C2] ? __queue_work+0xc70/0x10e0 [ 111.641744][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.643656][ C2] call_timer_fn+0x19a/0x5a0 [ 111.645150][ C2] ? __pfx_call_timer_fn+0x10/0x10 [ 111.646860][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.648715][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.650779][ C2] ? __run_timers+0x559/0xae0 [ 111.652531][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.655003][ C2] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 111.657422][ C2] __run_timers+0x569/0xae0 [ 111.659095][ C2] ? __pfx___run_timers+0x10/0x10 [ 111.660750][ C2] ? rcu_is_watching+0x12/0xc0 [ 111.662375][ C2] ? asm_sysvec_call_function_single+0x1a/0x20 [ 111.664385][ C2] ? lockdep_hardirqs_on+0x7c/0x110 [ 111.666139][ C2] run_timer_base+0x114/0x190 [ 111.667653][ C2] ? __pfx_run_timer_base+0x10/0x10 [ 111.669351][ C2] run_timer_softirq+0x1a/0x40 [ 111.670938][ C2] handle_softirqs+0x219/0x950 [ 111.672771][ C2] ? __pfx_handle_softirqs+0x10/0x10 [ 111.674588][ C2] __irq_exit_rcu+0x109/0x170 [ 111.676141][ C2] irq_exit_rcu+0x9/0x30 [ 111.677552][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 111.679387][ C2] [ 111.680364][ C2] [ 111.681339][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.683786][ C2] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 111.686111][ C2] Code: 66 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 73 87 15 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 111.693759][ C2] RSP: 0018:ffffc9000047fde8 EFLAGS: 00000286 [ 111.696360][ C2] RAX: 00000000000c8881 RBX: 0000000000000002 RCX: ffffffff8b74d6d9 [ 111.699641][ C2] RDX: 0000000000000000 RSI: ffffffff8dac831b RDI: ffffffff8bf2a980 [ 111.702852][ C2] RBP: ffffed1003ad9930 R08: 0000000000000001 R09: ffffed100568673d [ 111.706229][ C2] R10: ffff88802b4339eb R11: ffff88801d6cd4b0 R12: 0000000000000002 [ 111.709547][ C2] R13: ffff88801d6cc980 R14: ffffffff9088b3d0 R15: 0000000000000000 [ 111.712864][ C2] ? ct_kernel_exit+0x139/0x190 [ 111.714988][ C2] default_idle+0x13/0x20 [ 111.716853][ C2] default_idle_call+0x6c/0xb0 [ 111.718917][ C2] do_idle+0x38d/0x510 [ 111.720680][ C2] ? __pfx_do_idle+0x10/0x10 [ 111.722593][ C2] cpu_startup_entry+0x4f/0x60 [ 111.724627][ C2] start_secondary+0x21d/0x2d0 [ 111.726659][ C2] ? __pfx_start_secondary+0x10/0x10 [ 111.728754][ C2] common_startup_64+0x13e/0x148 [ 111.730864][ C2] [ 111.732853][ C2] Kernel Offset: disabled [ 111.734688][ C2] Rebooting in 86400 seconds..