last executing test programs: 2m30.916932762s ago: executing program 3 (id=3223): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"}) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000480)=""/156) 2m28.625766785s ago: executing program 3 (id=3237): unshare(0x26020480) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, 0x0, 0x0) 2m28.294845129s ago: executing program 3 (id=3241): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000002400), 0x222482, 0x0) fchown(r0, 0x0, 0x0) 2m27.939530735s ago: executing program 3 (id=3245): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x755, 0x2626, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="402345000000453061639c545d2ce9daa7602630c6863773fddd911869efc89610aab1b0d2363bdd00b77c5bdfd51207b2908fceb485a8995d9125"], 0x0, 0x0, 0x0, 0x0}, 0x0) 2m24.563389797s ago: executing program 3 (id=3264): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}}], {0x14}}, 0x94}}, 0x0) 2m24.293375018s ago: executing program 3 (id=3265): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000080)={0x281, 0x3}) 2m15.742521792s ago: executing program 0 (id=3347): sync() sync() sync() 2m14.989076113s ago: executing program 0 (id=3354): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000001500)=""/19, &(0x7f0000000240)=0x13) 2m14.814637845s ago: executing program 0 (id=3358): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002b80)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x70bd29, 0x0, {0x2, 0x20, 0x20, 0x5, 0x0, 0x3}, [@RTA_IIF={0x8, 0x3, r1}, @RTA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2c}}, @RTA_DST={0x8, 0x1, @loopback}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 2m14.586119496s ago: executing program 0 (id=3361): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x14, r1, 0x30d}, 0x14}}, 0x0) 2m14.382976486s ago: executing program 0 (id=3364): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x2) 2m14.181216769s ago: executing program 0 (id=3367): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, &(0x7f0000000700)={0x4, 0x0, @ioapic={0x10000, 0x3, 0x1ff, 0x7, 0x0, [{0x6, 0x80, 0xfe}, {0xe7, 0x0, 0xfb, '\x00', 0x7f}, {0x0, 0x9, 0xc, '\x00', 0xa}, {0x2, 0xc6, 0xe, '\x00', 0xfa}, {0x0, 0x3, 0x7, '\x00', 0x9}, {0x5, 0x8, 0x6, '\x00', 0x1}, {0x16, 0x83, 0x6, '\x00', 0xcd}, {0x2, 0x4, 0x2, '\x00', 0x48}, {0x9, 0x3, 0x1a, '\x00', 0x7}, {0x4, 0x8, 0xdb, '\x00', 0x1}, {0x0, 0x7, 0x5, '\x00', 0x75}, {0x8, 0x0, 0xb, '\x00', 0xf}, {0x2, 0x80, 0x9, '\x00', 0xc3}, {0x9, 0x9, 0x6, '\x00', 0x85}, {0xfa, 0x81, 0x6, '\x00', 0x8}, {0x9, 0xe4, 0x2, '\x00', 0x1}, {0x5c, 0x2, 0x40, '\x00', 0x8}, {0x4a, 0x6, 0xa, '\x00', 0x6}, {0xd, 0x3, 0x2, '\x00', 0x4}, {0x6, 0x4, 0x80, '\x00', 0x80}, {0x7, 0x4, 0xf1, '\x00', 0x8}, {0x6, 0xf9, 0xf, '\x00', 0x10}, {0x8, 0x8, 0x81, '\x00', 0xc9}, {0x7b, 0x7f, 0x7, '\x00', 0x2}]}}) 2m9.226098456s ago: executing program 32 (id=3265): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000080)={0x281, 0x3}) 2m8.640645817s ago: executing program 4 (id=3415): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) 2m8.224698107s ago: executing program 4 (id=3417): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x18}}, 0x0) 2m7.793564893s ago: executing program 4 (id=3419): r0 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r0, 0x4000) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, 0x0) 2m7.500102059s ago: executing program 4 (id=3421): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000900)={0x0, @bt={0x2d0, 0x190, 0x1, 0x2, 0xdd9f83, 0x1, 0x9, 0x1, 0x2, 0x5, 0x722, 0x13, 0x7, 0x7f, 0x3f, 0xb763599953cb0936, {0x0, 0x6fd8e84b}, 0x3, 0xed}}) 2m7.171002833s ago: executing program 4 (id=3423): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x401, 0xfffffffd}) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008004f0fffeffe809005300fff5dd00000010000100050c10000000000000000000", 0x58}], 0x1) 2m6.725127156s ago: executing program 4 (id=3427): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000f40)) 2m4.733058687s ago: executing program 1 (id=3434): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x280}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0) 2m4.650290371s ago: executing program 1 (id=3435): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = dup(r0) ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000000000000910400000000000d00000004000000008604"]) 2m4.251202366s ago: executing program 1 (id=3438): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, &(0x7f0000000000)='tunl0\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000240)='}\x00') 2m4.135540201s ago: executing program 2 (id=3439): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x50, 0x0) 2m4.029629307s ago: executing program 1 (id=3440): r0 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x20000010}, 0x4040) 2m3.491007364s ago: executing program 1 (id=3441): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000003c0)={0x1}) 2m2.726860906s ago: executing program 1 (id=3442): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3) ioctl$PPPIOCSPASS(r0, 0x40107447, 0x0) 2m2.493030492s ago: executing program 2 (id=3443): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f00000010c0)=[{0x0}, {&(0x7f00000000c0)='|', 0x1}], 0x2, 0x10, 0x0) 2m2.377144635s ago: executing program 2 (id=3444): openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) 2m2.191949343s ago: executing program 2 (id=3445): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = syz_open_procfs$userns(0x0, &(0x7f0000000040)) mount_setattr(r0, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000000100)={0x100087, 0x0, 0x100000, {r1}}, 0x20) 2m1.956800947s ago: executing program 2 (id=3446): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1300000010000000"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000005000000bf0900000000000055090100000000005e90000000000000bf91000000000000b70200000000000085000000a0000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) 2m1.773784245s ago: executing program 2 (id=3447): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) 1m59.063230584s ago: executing program 33 (id=3367): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, &(0x7f0000000700)={0x4, 0x0, @ioapic={0x10000, 0x3, 0x1ff, 0x7, 0x0, [{0x6, 0x80, 0xfe}, {0xe7, 0x0, 0xfb, '\x00', 0x7f}, {0x0, 0x9, 0xc, '\x00', 0xa}, {0x2, 0xc6, 0xe, '\x00', 0xfa}, {0x0, 0x3, 0x7, '\x00', 0x9}, {0x5, 0x8, 0x6, '\x00', 0x1}, {0x16, 0x83, 0x6, '\x00', 0xcd}, {0x2, 0x4, 0x2, '\x00', 0x48}, {0x9, 0x3, 0x1a, '\x00', 0x7}, {0x4, 0x8, 0xdb, '\x00', 0x1}, {0x0, 0x7, 0x5, '\x00', 0x75}, {0x8, 0x0, 0xb, '\x00', 0xf}, {0x2, 0x80, 0x9, '\x00', 0xc3}, {0x9, 0x9, 0x6, '\x00', 0x85}, {0xfa, 0x81, 0x6, '\x00', 0x8}, {0x9, 0xe4, 0x2, '\x00', 0x1}, {0x5c, 0x2, 0x40, '\x00', 0x8}, {0x4a, 0x6, 0xa, '\x00', 0x6}, {0xd, 0x3, 0x2, '\x00', 0x4}, {0x6, 0x4, 0x80, '\x00', 0x80}, {0x7, 0x4, 0xf1, '\x00', 0x8}, {0x6, 0xf9, 0xf, '\x00', 0x10}, {0x8, 0x8, 0x81, '\x00', 0xc9}, {0x7b, 0x7f, 0x7, '\x00', 0x2}]}}) 1m51.32861636s ago: executing program 34 (id=3427): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000f40)) 1m47.314862043s ago: executing program 35 (id=3442): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3) ioctl$PPPIOCSPASS(r0, 0x40107447, 0x0) 1m46.677638777s ago: executing program 36 (id=3447): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) 1m23.398130921s ago: executing program 9 (id=3493): r0 = socket$inet6(0xa, 0x3, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x2, 0x0) 1m22.825908081s ago: executing program 9 (id=3540): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000020ac05650200000000000109022400010000000309040000010300020009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00220004"], 0x0}, 0x0) 1m19.15538758s ago: executing program 9 (id=3551): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f00000000c0)) 1m9.633462137s ago: executing program 8 (id=3577): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000300)={0x1, 0x0, &(0x7f00000002c0)=[0x0]}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={r1, r1, 0x1, 0x0, 0x3ae85256}) 1m9.206468786s ago: executing program 8 (id=3579): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000b3d000/0x1000)=nil) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) 1m8.737986632s ago: executing program 8 (id=3582): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)=0x9) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000000c0)=0x2000) 1m7.750528153s ago: executing program 8 (id=3589): capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000000)={0x4, 0x4, 0x0, 0x0, 0x0, 0x7}) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe11) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='pids.events\x00', 0x275a, 0x0) 1m7.335951148s ago: executing program 8 (id=3591): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000006c0)={0x9, 0x4, 0x5, 0xfb2, 0x4, "567f9949489623aa"}) 1m6.829341761s ago: executing program 8 (id=3595): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10b500, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f00000014c0)={0x0, 0x5000, 0xfb7f0000}) 1m5.919530171s ago: executing program 5 (id=3599): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x2}, {0x0, 0xfff2}}}, 0x24}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0) 1m5.533948186s ago: executing program 5 (id=3601): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x7, @remote, 0x34}]}, &(0x7f0000002100)=0x10) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0)=0x8, 0x4) 1m4.343930713s ago: executing program 5 (id=3605): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x52b242d) request_key(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x3}, 0x0, r0) 1m3.869588847s ago: executing program 37 (id=3551): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f00000000c0)) 1m3.832308125s ago: executing program 5 (id=3608): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000180)="e7", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x2c, &(0x7f0000000240)=[@in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}]}, &(0x7f0000000280)=0x10) 1m2.700210755s ago: executing program 5 (id=3613): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000080)=0xfffffffb) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 1m2.104543438s ago: executing program 5 (id=3615): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="00fd618dec0500008d"], 0x9a) 51.739742886s ago: executing program 38 (id=3595): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10b500, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f00000014c0)={0x0, 0x5000, 0xfb7f0000}) 47.878514889s ago: executing program 7 (id=3665): r0 = open(&(0x7f0000000780)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180e180009000000000000000500000095"], &(0x7f0000000300)='GPL\x00', 0xc, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94) 47.552494043s ago: executing program 7 (id=3667): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0) 46.935296176s ago: executing program 39 (id=3615): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="00fd618dec0500008d"], 0x9a) 46.865263568s ago: executing program 7 (id=3671): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast2, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 46.485773282s ago: executing program 7 (id=3672): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, 0x0, 0x56) 43.201201457s ago: executing program 7 (id=3676): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f0000000080)="1a4f30d089f5bd5b", 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e24, 0x1, @mcast2, 0x235}}}, 0x84) 42.992681091s ago: executing program 7 (id=3678): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x44}}, 0x20000490) 27.735619655s ago: executing program 40 (id=3678): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x44}}, 0x20000490) 18.430141246s ago: executing program 6 (id=3697): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x2a, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @address_reply={0x12, 0x0, 0x0, 0xc8}}}}}, 0x0) 18.245303886s ago: executing program 6 (id=3698): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000004c0)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0x10000a}, 0x1c) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000006fc0)=@req3={0x6, 0x101, 0x5, 0x8, 0x7, 0x9, 0xfffffff9}, 0x1c) 17.714794228s ago: executing program 6 (id=3699): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0000d63f9a8eecdeb60ddb0700000000000000f2000000000080000000000000", 0x20) 17.526530893s ago: executing program 6 (id=3700): r0 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) sendmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x88c3) 16.979241368s ago: executing program 6 (id=3701): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x12) syz_clone3(&(0x7f00000004c0)={0xe12d480, &(0x7f0000000480), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 16.503808144s ago: executing program 6 (id=3702): socket$key(0xf, 0x3, 0x2) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) lseek(r0, 0x2808, 0x0) 0s ago: executing program 41 (id=3702): socket$key(0xf, 0x3, 0x2) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) lseek(r0, 0x2808, 0x0) kernel console output (not intermixed with test programs): ket: 32 [ 276.441596][ T5920] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.452861][ T5920] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 276.476719][ T5920] usb 1-1: config 0 interface 0 has no altsetting 0 [ 276.495483][ T5920] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 276.504598][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.536145][ T5920] usb 1-1: config 0 descriptor?? [ 276.934470][T12171] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 276.960402][ T5920] vrc2 0003:07C0:1125.0068: fixing up VRC-2 report descriptor [ 276.995827][ T5920] input: HID 07c0:1125 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:07C0:1125.0068/input/input25 [ 277.114569][ T5920] vrc2 0003:07C0:1125.0068: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.0-1/input0 [ 277.146389][ T977] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 277.172717][ T5920] usb 1-1: USB disconnect, device number 41 [ 277.251770][T12178] fido_id[12178]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 277.321287][ T977] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 277.332848][ T977] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 277.357940][ T977] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 277.372867][ T977] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 277.385737][ T977] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 277.410496][ T977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.441261][ T977] usb 3-1: config 0 descriptor?? [ 277.657255][ T977] hdpvr 3-1:0.0: firmware version 0x8 dated )#jn [ 278.095902][T12220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2909'. [ 278.122197][ T977] hdpvr 3-1:0.0: Could not setup controls [ 278.134562][ T977] hdpvr 3-1:0.0: registering videodev failed [ 278.190296][ T977] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71 [ 278.220415][ T977] usb 3-1: USB disconnect, device number 36 [ 279.004945][ T5991] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 279.185483][ T5991] usb 5-1: Using ep0 maxpacket: 8 [ 279.209781][ T5991] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 279.223624][ T5991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.233878][ T5991] usb 5-1: Product: syz [ 279.239864][ T5991] usb 5-1: Manufacturer: syz [ 279.244901][ T5991] usb 5-1: SerialNumber: syz [ 279.252079][ T5991] usb 5-1: config 0 descriptor?? [ 279.261612][ T5991] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 279.271599][ T5991] usb 5-1: setting power ON [ 279.276836][ T5991] dvb-usb: bulk message failed: -22 (2/0) [ 279.289308][ T5991] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 279.305462][ T5991] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 279.314613][ T5991] usb 5-1: media controller created [ 279.326436][ T5921] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 279.326447][ T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 279.359060][ T5991] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 279.385438][ T5991] usb 5-1: selecting invalid altsetting 6 [ 279.391416][ T5991] usb 5-1: digital interface selection failed (-22) [ 279.404097][ T5991] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 279.414459][ T5991] usb 5-1: setting power OFF [ 279.419949][ T5991] dvb-usb: bulk message failed: -22 (2/0) [ 279.427291][ T5991] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 279.436970][ T5991] (NULL device *): no alternate interface [ 279.463682][T12250] dvb-usb: bulk message failed: -22 (3/0) [ 279.481343][T12250] dvb-usb: bulk message failed: -22 (4/0) [ 279.486095][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.488396][T12250] cxusb: i2c read failed [ 279.508849][ T5991] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 279.519276][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.519326][ T10] usb 1-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 279.519350][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.548734][ T5921] usb 3-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 279.550241][ T10] usb 1-1: config 0 descriptor?? [ 279.561791][ T5921] usb 3-1: config 0 interface 0 has no altsetting 0 [ 279.561841][ T5921] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 279.561865][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.564974][ T5921] usb 3-1: config 0 descriptor?? [ 279.638824][ T5991] usb 5-1: USB disconnect, device number 41 [ 279.885512][T12291] pimreg: entered allmulticast mode [ 280.030498][ T10] elo 0003:04E7:0030.0069: item fetching failed at offset 5/7 [ 280.043205][ T10] elo 0003:04E7:0030.0069: parse failed [ 280.049360][ T10] elo 0003:04E7:0030.0069: probe with driver elo failed with error -22 [ 280.079286][ T5921] ntrig 0003:1B96:0009.006A: item fetching failed at offset 5/7 [ 280.088511][ T5921] ntrig 0003:1B96:0009.006A: parse failed [ 280.094337][ T5921] ntrig 0003:1B96:0009.006A: probe with driver ntrig failed with error -22 [ 280.155428][T12297] loop8: detected capacity change from 0 to 7 [ 280.167728][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.177135][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.186899][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.196177][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.204345][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.213635][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.221938][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.231243][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.239462][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.248746][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.257538][ T5886] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 280.265773][ T10] usb 1-1: USB disconnect, device number 42 [ 280.272276][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.281492][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.295170][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.304521][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.310033][ T977] usb 3-1: USB disconnect, device number 37 [ 280.312834][T12297] ldm_validate_partition_table(): Disk read failed. [ 280.334578][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.343916][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.352175][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.361455][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.371593][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 280.380841][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 280.389670][T12297] Dev loop8: unable to read RDB block 0 [ 280.399196][T12297] loop8: unable to read partition table [ 280.409040][T12297] loop8: partition table beyond EOD, truncated [ 280.415901][T12297] loop_reread_partitions: partition scan of loop8 (被x ) failed (rc=-5) [ 280.445402][ T5886] usb 2-1: Using ep0 maxpacket: 16 [ 280.454174][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.475554][ T5886] usb 2-1: New USB device found, idVendor=05ac, idProduct=0254, bcdDevice= 0.00 [ 280.484672][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.513372][ T5886] usb 2-1: config 0 descriptor?? [ 280.910493][T12311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2953'. [ 280.967604][ T977] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 280.982537][ T5886] apple 0003:05AC:0254.006B: hidraw0: USB HID v0.03 Device [HID 05ac:0254] on usb-dummy_hcd.1-1/input0 [ 281.146675][ T977] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 281.177094][ T977] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 281.180375][ T5886] usb 2-1: USB disconnect, device number 36 [ 281.219537][ T977] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 281.247129][ T977] usb 5-1: config 220 has no interface number 2 [ 281.254195][ T977] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 281.279776][ T977] usb 5-1: config 220 interface 0 has no altsetting 0 [ 281.292501][ T977] usb 5-1: config 220 interface 76 has no altsetting 0 [ 281.305961][ T977] usb 5-1: config 220 interface 1 has no altsetting 0 [ 281.318308][ T977] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 281.345540][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.365384][ T977] usb 5-1: Product: syz [ 281.369638][ T977] usb 5-1: Manufacturer: syz [ 281.381541][ T977] usb 5-1: SerialNumber: syz [ 281.643351][ T977] usb 5-1: selecting invalid altsetting 0 [ 281.651104][ T977] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 281.661339][ T977] usb 5-1: No valid video chain found. [ 281.684140][ T977] usb 5-1: selecting invalid altsetting 0 [ 281.702075][ T977] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 281.743473][ T977] usb 5-1: USB disconnect, device number 42 [ 281.839687][ T30] audit: type=1800 audit(1750779994.198:89): pid=12347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2970" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 281.997008][T12357] ptrace attach of "./syz-executor exec"[5853] was attempted by " [ 282.202196][T12371] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2982'. [ 282.329642][T12371] vxcan5: entered promiscuous mode [ 282.895916][ T30] audit: type=1326 audit(1750779995.248:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 282.955483][ T30] audit: type=1326 audit(1750779995.248:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.008045][ T30] audit: type=1326 audit(1750779995.278:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.101515][ T30] audit: type=1326 audit(1750779995.318:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.123916][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.139541][ T30] audit: type=1326 audit(1750779995.338:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.230664][ T30] audit: type=1326 audit(1750779995.338:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12409 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f88f77c11e5 code=0x7ffc0000 [ 283.272517][ T30] audit: type=1326 audit(1750779995.408:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.352464][ T30] audit: type=1326 audit(1750779995.408:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.374804][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.422746][ T30] audit: type=1326 audit(1750779995.408:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f778e929 code=0x7ffc0000 [ 283.446093][ T977] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 283.455987][T12426] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 283.462558][T12426] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 283.481083][T12426] vhci_hcd vhci_hcd.0: Device attached [ 283.528560][T12427] vhci_hcd: connection closed [ 283.528994][ T49] vhci_hcd: stop threads [ 283.557815][ T49] vhci_hcd: release socket [ 283.572580][ T49] vhci_hcd: disconnect device [ 283.629350][ T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.660308][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 283.686445][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 283.699177][ T977] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 283.727894][ T977] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 283.755637][ T977] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 283.763710][ T977] usb 1-1: Manufacturer: syz [ 283.804007][ T977] usb 1-1: config 0 descriptor?? [ 284.167656][ T977] rc_core: IR keymap rc-hauppauge not found [ 284.173669][ T977] Registered IR keymap rc-empty [ 284.203245][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.245511][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.281263][ T977] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 284.318936][T12470] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3025'. [ 284.320720][ T977] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input27 [ 284.345025][T12470] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3025'. [ 284.374916][T12470] netlink: 'syz.3.3025': attribute type 5 has an invalid length. [ 284.382957][T12470] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3025'. [ 284.386768][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.449357][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.487904][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.515587][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.545535][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.565617][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.585575][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.605618][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.639479][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.665850][ T977] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 284.712997][ T977] mceusb 1-1:0.0: Registered 怋뿇젡焹♏迭ᖣํ韻믫═왕⫃箭ᥧ얥籥䄭椴㍙ߍ with mce emulator interface version 1 [ 284.754516][ T977] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 284.791572][ T977] usb 1-1: USB disconnect, device number 43 [ 285.628444][T12527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3052'. [ 286.598866][ T5886] hid-generic 0000:0005:0009.006C: unknown main item tag 0x0 [ 286.598900][ T5886] hid-generic 0000:0005:0009.006C: unknown main item tag 0x0 [ 286.598925][ T5886] hid-generic 0000:0005:0009.006C: unknown main item tag 0x0 [ 286.604595][ T5886] hid-generic 0000:0005:0009.006C: hidraw0: HID v0.02 Device [syz0] on syz1 [ 286.812725][T12562] fido_id[12562]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 286.851156][T12568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3071'. [ 286.865882][ T977] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 286.878999][T12568] tipc: Enabling of bearer rejected, failed to enable media [ 287.025742][ T977] usb 3-1: Using ep0 maxpacket: 8 [ 287.031744][T12576] vlan4: entered promiscuous mode [ 287.040494][ T977] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 287.042949][T12576] bridge0: entered promiscuous mode [ 287.061766][ T977] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.087616][ T977] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.113643][T12580] ======================================================= [ 287.113643][T12580] WARNING: The mand mount option has been deprecated and [ 287.113643][T12580] and is ignored by this kernel. Remove the mand [ 287.113643][T12580] option from the mount to silence this warning. [ 287.113643][T12580] ======================================================= [ 287.130958][ T977] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 287.184374][ T977] usb 3-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 287.194267][ T977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.222386][ T977] usb 3-1: config 0 descriptor?? [ 287.650521][ T977] hid (null): report_id 0 is invalid [ 287.703737][ T977] redragon 0003:0C45:760B.006D: report_id 0 is invalid [ 287.722078][ T977] redragon 0003:0C45:760B.006D: item 0 1 1 8 parsing failed [ 287.742358][ T977] redragon 0003:0C45:760B.006D: probe with driver redragon failed with error -22 [ 287.877652][ T5822] usb 3-1: USB disconnect, device number 38 [ 288.261854][T12636] binder: 12635:12636 ioctl c00c620f 2000000001c0 returned -22 [ 288.447717][T12640] pim6reg: entered allmulticast mode [ 288.458339][T12640] pim6reg: left allmulticast mode [ 289.145027][ T5886] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 289.326846][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 289.346236][ T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 289.348476][ T5886] usb 5-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 289.386542][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.405815][ T5886] usb 5-1: config 0 descriptor?? [ 289.415570][T12664] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 289.517454][ T10] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 289.535371][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.562101][ T10] usb 2-1: config 0 descriptor?? [ 289.573909][ T10] cp210x 2-1:0.0: cp210x converter detected [ 289.848573][ T5886] uclogic 0003:5543:0064.006E: unknown main item tag 0x0 [ 289.864837][ T5886] uclogic 0003:5543:0064.006E: unknown main item tag 0x0 [ 289.872008][ T5886] uclogic 0003:5543:0064.006E: unknown main item tag 0x0 [ 289.893146][ T5886] uclogic 0003:5543:0064.006E: unknown main item tag 0x0 [ 289.900353][ T5886] uclogic 0003:5543:0064.006E: unknown main item tag 0x0 [ 289.909082][ T5886] uclogic 0003:5543:0064.006E: No inputs registered, leaving [ 289.927524][ T5886] uclogic 0003:5543:0064.006E: hidraw0: USB HID v1.01 Device [HID 5543:0064] on usb-dummy_hcd.4-1/input0 [ 290.008931][ T10] usb 2-1: cp210x converter now attached to ttyUSB0 [ 290.081366][ T10] usb 5-1: USB disconnect, device number 43 [ 290.098557][ T5921] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 290.134672][T12712] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (48423) [ 290.145036][T12712] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 290.199237][ T5886] usb 2-1: USB disconnect, device number 37 [ 290.215983][ T5886] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 290.280690][ T5886] cp210x 2-1:0.0: device disconnected [ 290.291415][ T5921] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 290.315583][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.336909][ T5921] usb 1-1: config 0 descriptor?? [ 290.359032][ T5921] cp210x 1-1:0.0: cp210x converter detected [ 290.635381][ T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 290.783211][ T5921] usb 1-1: cp210x converter now attached to ttyUSB0 [ 290.785700][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 290.816619][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.837831][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.858615][ T10] usb 3-1: New USB device found, idVendor=0738, idProduct=1709, bcdDevice= 0.00 [ 290.882437][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.906206][ T10] usb 3-1: config 0 descriptor?? [ 290.981296][ T977] usb 1-1: USB disconnect, device number 44 [ 291.017070][ T977] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 291.041483][ T977] cp210x 1-1:0.0: device disconnected [ 291.279323][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 291.279341][ T30] audit: type=1326 audit(1750780003.638:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.322170][ T30] audit: type=1326 audit(1750780003.638:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.349579][ T30] audit: type=1326 audit(1750780003.638:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.359827][ T10] saitek 0003:0738:1709.006F: unknown main item tag 0x0 [ 291.382001][ T30] audit: type=1326 audit(1750780003.638:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.413526][ T10] saitek 0003:0738:1709.006F: unknown main item tag 0x0 [ 291.421972][ T30] audit: type=1326 audit(1750780003.638:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.423969][ T10] saitek 0003:0738:1709.006F: unknown main item tag 0x0 [ 291.459311][T12752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3159'. [ 291.465902][ T30] audit: type=1326 audit(1750780003.648:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.470950][ T10] saitek 0003:0738:1709.006F: unknown main item tag 0x0 [ 291.490440][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.496145][ T30] audit: type=1326 audit(1750780003.648:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.529362][ T30] audit: type=1326 audit(1750780003.648:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12747 comm="syz.4.3157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7e498e929 code=0x7ffc0000 [ 291.542429][ T10] saitek 0003:0738:1709.006F: unknown main item tag 0x0 [ 291.652003][ T10] saitek 0003:0738:1709.006F: hidraw0: USB HID v0.00 Device [HID 0738:1709] on usb-dummy_hcd.2-1/input0 [ 291.686042][ T10] usb 3-1: USB disconnect, device number 39 [ 291.940504][T12757] fido_id[12757]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 292.128930][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3167'. [ 292.725423][ T10] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 292.905508][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 292.923966][ T10] usb 3-1: config index 0 descriptor too short (expected 42, got 18) [ 292.944017][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30 [ 292.992104][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219 [ 293.065388][ T10] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice= 7.06 [ 293.107721][ T10] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 293.145361][ T10] usb 3-1: Product: syz [ 293.165464][ T10] usb 3-1: SerialNumber: syz [ 293.197976][ T10] r8152-cfgselector 3-1: Unknown version 0x0000 [ 293.225821][ T10] r8152-cfgselector 3-1: config 0 descriptor?? [ 293.241674][ T10] hub 3-1:0.0: bad descriptor, ignoring hub [ 293.255822][ T10] hub 3-1:0.0: probe with driver hub failed with error -5 [ 293.730269][ T10] r8152-cfgselector 3-1: USB disconnect, device number 40 [ 293.829497][T12795] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3179'. [ 294.075767][ T10] usb 3-1: new full-speed USB device number 41 using dummy_hcd [ 294.247536][ T10] usb 3-1: config index 0 descriptor too short (expected 42, got 18) [ 294.287573][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30 [ 294.346115][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219 [ 294.412447][ T10] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice= 7.06 [ 294.458740][ T10] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 294.480668][ T10] usb 3-1: Product: syz [ 294.489427][ T10] usb 3-1: SerialNumber: syz [ 294.550709][ T10] r8152-cfgselector 3-1: Unknown version 0x0000 [ 294.570579][ T10] r8152-cfgselector 3-1: config 0 descriptor?? [ 294.612447][ T10] hub 3-1:0.0: bad descriptor, ignoring hub [ 294.660182][ T10] hub 3-1:0.0: probe with driver hub failed with error -5 [ 294.915780][ T977] r8152-cfgselector 3-1: USB disconnect, device number 41 [ 295.035552][ T10] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 295.195704][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 295.207514][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.247574][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.269888][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 295.307855][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 295.343127][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.393724][ T10] usb 1-1: config 0 descriptor?? [ 295.848404][ T10] logitech 0003:046D:C293.0070: bogus close delimiter [ 295.898462][ T10] logitech 0003:046D:C293.0070: item 0 1 2 10 parsing failed [ 295.928786][ T10] logitech 0003:046D:C293.0070: parse failed [ 295.965492][ T10] logitech 0003:046D:C293.0070: probe with driver logitech failed with error -22 [ 296.111015][ T10] usb 1-1: USB disconnect, device number 45 [ 296.337059][T12834] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.3197'. [ 296.396201][T12834] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 296.457646][T12834] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 296.563600][T12839] netlink: 'syz.1.3200': attribute type 5 has an invalid length. [ 296.586967][T12839] netlink: 'syz.1.3200': attribute type 3 has an invalid length. [ 296.607555][T12839] netlink: 152988 bytes leftover after parsing attributes in process `syz.1.3200'. [ 296.982034][T12846] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3205'. [ 298.158853][T12879] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3219'. [ 299.485713][ T10] usb 3-1: new full-speed USB device number 42 using dummy_hcd [ 299.680364][ T10] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 299.711931][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.749780][ T10] usb 3-1: Product: syz [ 299.770797][ T10] usb 3-1: Manufacturer: syz [ 299.789198][ T10] usb 3-1: SerialNumber: syz [ 299.821455][ T10] usb 3-1: config 0 descriptor?? [ 300.281468][ T10] airspy 3-1:0.0: Board ID: 00 [ 300.295844][ T10] airspy 3-1:0.0: Firmware version: [ 300.492082][ T10] airspy 3-1:0.0: usb_control_msg() failed -71 request 11 [ 300.538601][ T10] airspy 3-1:0.0: Registered as swradio24 [ 300.569381][ T10] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 300.634267][ T10] usb 3-1: USB disconnect, device number 42 [ 301.728960][T12937] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.762079][T12937] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.784159][T12937] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.803872][T12937] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.856505][T12937] geneve2: entered promiscuous mode [ 302.003638][T12944] bridge0: port 3(syz_tun) entered blocking state [ 302.023977][T12944] bridge0: port 3(syz_tun) entered disabled state [ 302.043469][T12944] syz_tun: entered allmulticast mode [ 302.078263][T12944] syz_tun: entered promiscuous mode [ 302.099978][T12944] bridge0: port 3(syz_tun) entered blocking state [ 302.106864][T12944] bridge0: port 3(syz_tun) entered forwarding state [ 302.283174][T12950] tipc: Enabling of bearer rejected, failed to enable media [ 302.295865][ T5920] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 302.455656][ T5920] usb 3-1: Using ep0 maxpacket: 8 [ 302.481444][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.502201][ T5920] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 302.518802][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.539111][ T5920] usb 3-1: config 0 descriptor?? [ 302.981176][ T5920] hid-multitouch 0003:0EEF:72C4.0071: unknown main item tag 0x0 [ 303.012551][ T5920] hid-multitouch 0003:0EEF:72C4.0071: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.2-1/input0 [ 303.184091][ T5920] usb 3-1: USB disconnect, device number 43 [ 303.845856][ T5920] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 303.884357][T12965] pimreg3: entered allmulticast mode [ 304.019857][ T5920] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.041471][ T5920] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 304.062870][ T5920] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 304.073092][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.091496][ T5920] usb 2-1: config 0 descriptor?? [ 304.732611][ T5920] Bluetooth: Can't get version to change to load ram patch err [ 304.769309][ T5920] Bluetooth: Loading sysconfig file failed [ 304.769345][ T5920] ath3k 2-1:0.0: probe with driver ath3k failed with error -71 [ 304.785252][ T5920] usb 2-1: USB disconnect, device number 38 [ 310.726114][T13103] netlink: 'syz.2.3321': attribute type 3 has an invalid length. [ 311.505789][ T5920] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 311.666049][ T5920] usb 3-1: Using ep0 maxpacket: 8 [ 311.683664][ T5920] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.710679][ T5920] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 311.748132][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 311.775677][ T5920] usb 3-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 311.796412][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.819091][ T5920] usb 3-1: config 0 descriptor?? [ 312.278724][ T5920] kye 0003:0458:4018.0072: unknown main item tag 0x0 [ 312.308502][ T5920] kye 0003:0458:4018.0072: reserved main item tag 0xe [ 312.331688][ T5920] kye 0003:0458:4018.0072: item fetching failed at offset 15/133 [ 312.361614][ T5920] kye 0003:0458:4018.0072: parse failed [ 312.375640][ T5920] kye 0003:0458:4018.0072: probe with driver kye failed with error -22 [ 312.429477][T13127] tipc: Enabling of bearer rejected, failed to enable media [ 312.496256][ T5920] usb 3-1: USB disconnect, device number 44 [ 312.991738][T13136] netlink: 26 bytes leftover after parsing attributes in process `syz.1.3336'. [ 313.024308][T13136] netlink: 26 bytes leftover after parsing attributes in process `syz.1.3336'. [ 313.565886][T13147] vlan2: entered allmulticast mode [ 313.571092][T13147] bond0: entered allmulticast mode [ 313.614558][T13147] bond_slave_0: entered allmulticast mode [ 313.643409][T13147] bond_slave_1: entered allmulticast mode [ 314.757172][T13180] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3355'. [ 316.022787][T13208] netem: change failed [ 316.556177][ T5920] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 316.663132][T13225] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 316.717400][ T5920] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 316.755222][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 316.782589][ T5920] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 316.812946][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.867177][ T5920] usb 3-1: config 0 descriptor?? [ 316.893358][T13217] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 317.111402][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.118596][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.331636][T13238] netlink: 'syz.4.3381': attribute type 3 has an invalid length. [ 317.361327][T13238] netlink: 'syz.4.3381': attribute type 1 has an invalid length. [ 317.379051][ T5920] konepure 0003:1E7D:2DBE.0073: unknown main item tag 0x0 [ 317.429708][ T5920] konepure 0003:1E7D:2DBE.0073: unknown main item tag 0x0 [ 317.479016][ T5920] konepure 0003:1E7D:2DBE.0073: hidraw0: USB HID v80.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0 [ 317.602035][ T5920] usb 3-1: USB disconnect, device number 45 [ 318.144661][T13239] fido_id[13239]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 318.640463][T13257] syz.4.3389 (13257): drop_caches: 0 [ 319.392557][T13275] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.402308][T13275] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.412317][T13275] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.421811][T13275] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.502686][ T30] audit: type=1326 audit(1750780031.848:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 319.576615][ T30] audit: type=1326 audit(1750780031.848:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 319.670212][ T30] audit: type=1326 audit(1750780031.848:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 319.767718][ T30] audit: type=1326 audit(1750780031.848:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 319.861572][ T30] audit: type=1326 audit(1750780031.848:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 319.959367][ T30] audit: type=1326 audit(1750780031.848:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 320.051570][ T30] audit: type=1326 audit(1750780031.848:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.1.3400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb737b8e929 code=0x7ffc0000 [ 321.096138][ T977] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 321.280005][ T977] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.305733][ T977] usb 2-1: config 0 interface 0 has no altsetting 0 [ 321.335986][ T977] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 321.372583][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.406480][ T977] usb 2-1: config 0 descriptor?? [ 321.625389][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 321.636071][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 321.644564][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 321.663966][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 321.680118][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 321.904432][ T977] kye 0003:0458:5013.0074: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 322.001462][ T977] kye 0003:0458:5013.0074: hidraw0: USB HID v8.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0 [ 322.028614][T13324] xt_policy: output policy not valid in PREROUTING and INPUT [ 322.075998][ T977] kye 0003:0458:5013.0074: tablet-enabling feature report not found [ 322.084055][ T977] kye 0003:0458:5013.0074: tablet enabling failed [ 322.205500][ T977] usb 2-1: USB disconnect, device number 39 [ 322.401122][T13325] fido_id[13325]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 322.611566][ T43] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 322.689888][ T43] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 323.011649][T13320] chnl_net:caif_netlink_parms(): no params data found [ 323.038138][T13341] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3426'. [ 323.142488][ T43] usb 4-1: USB disconnect, device number 29 [ 323.263825][ T30] audit: type=1326 audit(1750780035.618:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13344 comm="syz.1.3428" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb737b8e929 code=0x0 [ 323.652596][T13320] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.660617][T13320] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.672454][T13320] bridge_slave_0: entered allmulticast mode [ 323.682843][T13320] bridge_slave_0: entered promiscuous mode [ 323.699571][T13320] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.711951][T13320] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.720398][T13320] bridge_slave_1: entered allmulticast mode [ 323.733140][T13320] bridge_slave_1: entered promiscuous mode [ 323.749374][ T5833] Bluetooth: hci5: command tx timeout [ 323.890280][T13320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.911516][T13320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.080529][T13320] team0: Port device team_slave_0 added [ 324.120369][T13320] team0: Port device team_slave_1 added [ 324.422694][T13320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.442694][T13320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.529711][T13320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.578401][T13320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.601735][T13320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.672181][T13320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.029030][T13320] hsr_slave_0: entered promiscuous mode [ 325.061750][T13320] hsr_slave_1: entered promiscuous mode [ 325.080686][T13320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.089515][T13320] Cannot create hsr debugfs directory [ 325.826432][ T5833] Bluetooth: hci5: command tx timeout [ 326.103178][T13320] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 326.150669][T13320] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 326.199326][T13320] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 326.248699][T13320] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 326.659209][T13320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.733162][T13320] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.772381][ T5112] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.779637][ T5112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.839004][ T5112] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.846386][ T5112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.206186][T13320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.362552][T13320] veth0_vlan: entered promiscuous mode [ 327.411611][T13320] veth1_vlan: entered promiscuous mode [ 327.561873][T13320] veth0_macvtap: entered promiscuous mode [ 327.582847][T13320] veth1_macvtap: entered promiscuous mode [ 327.673842][T13320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 327.733169][T13320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 327.796009][T13320] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.853277][T13320] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.907143][ T5833] Bluetooth: hci5: command tx timeout [ 327.921350][T13320] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.974318][T13320] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.010787][T13396] 8021q: adding VLAN 0 to HW filter on device ipvlan3 [ 328.020212][T13396] team0: Device ipvlan3 is already an upper device of the team interface [ 328.482592][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 328.521176][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 328.598668][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 328.612517][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.972646][T13414] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3455'. [ 329.992650][ T5833] Bluetooth: hci5: command tx timeout [ 332.096061][ T5835] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 332.110959][ T5835] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 332.129536][ T5835] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 332.139285][ T5835] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 332.148648][ T5835] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 333.104169][T13437] chnl_net:caif_netlink_parms(): no params data found [ 333.333947][ T30] audit: type=1400 audit(1750780045.678:123): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A01 pid=13446 comm="syz.5.3468" [ 333.732503][T13437] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.768122][T13437] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.800333][T13437] bridge_slave_0: entered allmulticast mode [ 333.809238][T13437] bridge_slave_0: entered promiscuous mode [ 333.856759][T13437] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.886002][T13437] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.893313][T13437] bridge_slave_1: entered allmulticast mode [ 333.940336][T13437] bridge_slave_1: entered promiscuous mode [ 334.129731][T13437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.149628][T13437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.226409][ T5833] Bluetooth: hci6: command tx timeout [ 334.338831][T13437] team0: Port device team_slave_0 added [ 334.351344][T13437] team0: Port device team_slave_1 added [ 334.626458][T13437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.633475][T13437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.672117][T13437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.694361][T13437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.740659][T13437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.829428][T13437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.143065][T13437] hsr_slave_0: entered promiscuous mode [ 336.166757][T13437] hsr_slave_1: entered promiscuous mode [ 336.173292][T13437] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 336.210660][T13437] Cannot create hsr debugfs directory [ 336.306336][ T5833] Bluetooth: hci6: command tx timeout [ 336.518282][T13473] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3479'. [ 338.385607][ T5833] Bluetooth: hci6: command tx timeout [ 338.788517][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 338.800266][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 338.809060][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 338.818842][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 338.828597][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 339.389285][T13484] netlink: 'syz.5.3484': attribute type 3 has an invalid length. [ 339.794473][T13437] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 339.824708][ C1] sched: DL replenish lagged too much [ 340.079416][T13437] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 340.118893][T13437] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 340.183354][T13437] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 340.465968][ T5833] Bluetooth: hci6: command tx timeout [ 340.866581][ T5833] Bluetooth: hci1: command tx timeout [ 340.886329][T13437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.893571][T13482] chnl_net:caif_netlink_parms(): no params data found [ 341.071793][T13437] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.095840][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 341.213856][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.221107][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.261740][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 341.294325][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.313417][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 341.332859][ T10] usb 6-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 341.355729][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.376937][ T10] usb 6-1: config 0 descriptor?? [ 341.384046][T13482] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.430689][T13482] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.451796][T13482] bridge_slave_0: entered allmulticast mode [ 341.471680][T13482] bridge_slave_0: entered promiscuous mode [ 341.507818][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.515089][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.558021][T13482] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.579753][T13482] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.591302][T13482] bridge_slave_1: entered allmulticast mode [ 341.619547][T13482] bridge_slave_1: entered promiscuous mode [ 341.820689][ T10] dragonrise 0003:0079:0011.0075: unknown main item tag 0x1 [ 341.858277][ T10] dragonrise 0003:0079:0011.0075: reserved main item tag 0xe [ 341.885856][ T10] dragonrise 0003:0079:0011.0075: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.5-1/input0 [ 341.954357][T13482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.103847][T13482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.139029][ T10] usb 6-1: USB disconnect, device number 2 [ 342.554460][T13482] team0: Port device team_slave_0 added [ 342.634247][T13482] team0: Port device team_slave_1 added [ 342.958576][ T5833] Bluetooth: hci1: command tx timeout [ 343.083718][T13482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.147089][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.310843][T13482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.447952][T13482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.501552][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.666300][T13482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.916642][ T5835] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 343.926787][ T5835] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 343.934650][ T5835] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 343.943832][ T5835] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 343.952857][ T5835] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 344.322962][T13482] hsr_slave_0: entered promiscuous mode [ 344.362774][T13482] hsr_slave_1: entered promiscuous mode [ 344.406271][T13482] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 344.456031][T13482] Cannot create hsr debugfs directory [ 344.464259][T13437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.676393][ T977] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 344.709166][ T5833] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 344.726148][ T5833] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 344.734305][ T5833] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 344.743772][ T5833] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 344.759844][ T5833] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 344.847610][ T977] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 344.889371][ T977] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.919876][ T977] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 344.943071][ T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.981626][ T977] hub 6-1:4.0: USB hub found [ 345.028896][ T5833] Bluetooth: hci1: command tx timeout [ 345.182857][ T977] hub 6-1:4.0: 13 ports detected [ 345.225369][ T977] usb 6-1: selecting invalid altsetting 1 [ 345.245761][ T977] hub 6-1:4.0: Using single TT (err -22) [ 345.277071][ T977] hub 6-1:4.0: insufficient power available to use all downstream ports [ 345.443836][T13437] veth0_vlan: entered promiscuous mode [ 345.609972][ T977] usb 6-1: USB disconnect, device number 3 [ 345.832500][T13437] veth1_vlan: entered promiscuous mode [ 346.066269][ T5833] Bluetooth: hci7: command tx timeout [ 346.131515][T13437] veth0_macvtap: entered promiscuous mode [ 346.319529][T13437] veth1_macvtap: entered promiscuous mode [ 346.636184][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 346.695670][T13482] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 346.786410][ T5833] Bluetooth: hci8: command tx timeout [ 346.804092][T13482] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 346.821814][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 346.855817][ T9] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 346.899929][T13437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 346.916262][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 346.937042][T13520] chnl_net:caif_netlink_parms(): no params data found [ 346.951453][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.001908][ T9] usb 6-1: config 0 descriptor?? [ 347.043383][T13482] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 347.106482][ T5833] Bluetooth: hci1: command tx timeout [ 347.152894][T13482] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 347.223544][T13437] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 347.250839][T13526] chnl_net:caif_netlink_parms(): no params data found [ 347.382407][ T977] usb 6-1: USB disconnect, device number 4 [ 347.480197][T13437] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.499820][T13437] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.512708][T13437] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.536868][T13437] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.147057][ T5833] Bluetooth: hci7: command tx timeout [ 348.273890][T13520] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.292894][T13520] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.327289][ T977] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 348.337085][T13520] bridge_slave_0: entered allmulticast mode [ 348.356763][T13520] bridge_slave_0: entered promiscuous mode [ 348.392623][T13526] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.417669][T13526] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.432685][T13526] bridge_slave_0: entered allmulticast mode [ 348.443400][T13526] bridge_slave_0: entered promiscuous mode [ 348.499567][ T977] usb 6-1: Using ep0 maxpacket: 32 [ 348.521855][T13520] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.553428][ T977] usb 6-1: too many endpoints for config 64 interface 0 altsetting 8: 33, using maximum allowed: 30 [ 348.570540][T13520] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.588022][ T977] usb 6-1: config 64 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.601107][T13520] bridge_slave_1: entered allmulticast mode [ 348.617967][T13520] bridge_slave_1: entered promiscuous mode [ 348.624026][ T977] usb 6-1: config 64 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.656058][ T977] usb 6-1: config 64 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 348.689982][ T977] usb 6-1: config 64 interface 0 has no altsetting 0 [ 348.703687][ T977] usb 6-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 348.728348][ T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.868133][ T5833] Bluetooth: hci8: command tx timeout [ 348.901338][T13526] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.922073][T13526] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.940398][T13526] bridge_slave_1: entered allmulticast mode [ 348.961398][T13526] bridge_slave_1: entered promiscuous mode [ 349.192493][ T977] hid-rmi 0003:17EF:6085.0076: unknown main item tag 0x0 [ 349.232266][T13520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.243125][ T977] hid-rmi 0003:17EF:6085.0076: unknown main item tag 0x0 [ 349.262936][ T977] hid-rmi 0003:17EF:6085.0076: unknown main item tag 0x0 [ 349.293077][ T977] hid-rmi 0003:17EF:6085.0076: unknown main item tag 0x0 [ 349.315645][ T977] hid-rmi 0003:17EF:6085.0076: unknown main item tag 0x0 [ 349.386641][ T977] hid-rmi 0003:17EF:6085.0076: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.5-1/input0 [ 349.430319][T13526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.468043][ T977] usb 6-1: USB disconnect, device number 5 [ 349.597663][T13520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 349.664116][T13549] fido_id[13549]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 349.867157][T13526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 349.886657][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.964450][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.070830][T13520] team0: Port device team_slave_0 added [ 350.230185][ T5833] Bluetooth: hci7: command tx timeout [ 350.408607][T13526] team0: Port device team_slave_0 added [ 350.437943][T13520] team0: Port device team_slave_1 added [ 350.459139][T13526] team0: Port device team_slave_1 added [ 350.947009][ T5833] Bluetooth: hci8: command tx timeout [ 351.042638][T13520] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 351.086846][T13520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.151621][T13520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 351.288949][T13526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 351.303604][T13526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.341401][T13526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 351.367990][T13520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.385937][ T5920] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 351.410922][T13520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.457849][T13520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 351.479832][T13526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.493137][T13526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.537755][T13526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 351.559410][ T5920] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 351.578041][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 351.599686][ T5112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.619127][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 351.651463][ T5112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.675624][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 351.701143][T13482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.716247][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 351.778509][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 351.817077][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 351.848442][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 351.865601][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 351.891977][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 351.955784][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 351.975991][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 352.010476][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 352.030000][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 352.048110][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 352.070168][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 352.102927][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 352.131715][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 352.153719][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 352.162950][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 352.181626][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 352.207061][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 352.247113][ T5920] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 352.266416][ T5920] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 352.286111][ T5920] usb 6-1: config 0 interface 0 has no altsetting 0 [ 352.306089][ T5833] Bluetooth: hci7: command tx timeout [ 352.317693][ T5920] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 352.349579][ T5920] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 352.362693][T13520] hsr_slave_0: entered promiscuous mode [ 352.377883][ T5920] usb 6-1: Product: syz [ 352.382963][T13520] hsr_slave_1: entered promiscuous mode [ 352.400049][ T5920] usb 6-1: Manufacturer: syz [ 352.408091][T13520] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 352.428445][ T5920] usb 6-1: SerialNumber: syz [ 352.445778][T13520] Cannot create hsr debugfs directory [ 352.452659][ T5920] usb 6-1: config 0 descriptor?? [ 352.488869][T13482] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.512391][ T5920] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 352.592699][T13526] hsr_slave_0: entered promiscuous mode [ 352.659637][T13526] hsr_slave_1: entered promiscuous mode [ 352.697450][T13526] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 352.767898][T13526] Cannot create hsr debugfs directory [ 352.932255][ T977] usb 6-1: USB disconnect, device number 6 [ 352.964673][ T977] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 352.976472][ T1341] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.989915][ T1341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.026356][ T5833] Bluetooth: hci8: command tx timeout [ 353.287228][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.294505][ T1341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.552573][ T5920] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 354.716991][T13578] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3510'. [ 354.768644][ T5920] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 354.821409][ T5920] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.852533][ T5920] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 354.955559][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.974250][T13482] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 355.038651][ T5920] hub 7-1:4.0: USB hub found [ 355.295744][ T5920] hub 7-1:4.0: config failed, can't read hub descriptor (err -90) [ 355.635689][ T977] usb 7-1: USB disconnect, device number 2 [ 355.652143][T13482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.700368][T13520] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 355.776283][T13520] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 355.874993][T13520] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 355.947763][T13520] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 356.610525][T13482] veth0_vlan: entered promiscuous mode [ 356.732624][T13526] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 356.818787][T13526] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 356.940100][T13482] veth1_vlan: entered promiscuous mode [ 357.008013][T13526] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 357.102816][T13526] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 357.512109][T13482] veth0_macvtap: entered promiscuous mode [ 357.569548][T13482] veth1_macvtap: entered promiscuous mode [ 357.737093][T13520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 357.844024][T13482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.992351][T13520] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.050770][T13482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 358.209083][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.216340][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.293604][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.300834][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.437286][T13482] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.504855][T13482] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.562791][T13482] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.603377][T13482] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.907584][T13526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.293692][T13526] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.459337][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.466640][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.507221][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 359.553326][ T5112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.613891][T13520] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.623571][ T5112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.658719][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.665993][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.707632][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 359.718627][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 359.762069][ T10] usb 6-1: config 4 interface 0 has no altsetting 0 [ 359.859999][ T10] usb 6-1: string descriptor 0 read error: -22 [ 359.885849][ T10] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 359.959869][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.047431][ T5112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.063413][ T10] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 360.116600][ T5112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.200127][ T10] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 360.273794][T13606] usb 6-1: dvb_usb_au6610: wlen=0, aborting [ 360.300919][T13526] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 360.316909][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 360.353755][ T10] usb 6-1: media controller created [ 360.490457][T13520] veth0_vlan: entered promiscuous mode [ 360.536273][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 360.648515][T13520] veth1_vlan: entered promiscuous mode [ 360.743798][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 360.863453][T13526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.164447][ T10] usb 6-1: USB disconnect, device number 7 [ 361.219215][T13520] veth0_macvtap: entered promiscuous mode [ 361.390367][T13520] veth1_macvtap: entered promiscuous mode [ 361.554003][T13526] veth0_vlan: entered promiscuous mode [ 361.732425][T13526] veth1_vlan: entered promiscuous mode [ 361.812251][T13612] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 361.893339][T13520] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.070882][T13520] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.333681][T13520] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.455469][T13520] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.464257][T13520] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.573389][T13520] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.682649][T13526] veth0_macvtap: entered promiscuous mode [ 362.878549][T13526] veth1_macvtap: entered promiscuous mode [ 363.304082][T13526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 363.415766][ T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 363.452567][T13526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 363.573435][T13526] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.625576][ T10] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.647889][T13526] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.682443][ T10] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.712837][T13526] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.748943][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 363.776068][T13526] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.805762][ T10] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 363.866171][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.983039][ T10] usb 6-1: config 0 descriptor?? [ 364.117758][T13607] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.176820][T13607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.599401][ T10] corsair-psu 0003:1B1C:1C09.0077: hidraw0: USB HID v0.00 Device [HID 1b1c:1c09] on usb-dummy_hcd.5-1/input0 [ 364.641367][T13617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.718712][T13617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.796698][ T10] corsair-psu 0003:1B1C:1C09.0077: unable to initialize device (-38) [ 364.899088][ T10] corsair-psu 0003:1B1C:1C09.0077: probe with driver corsair-psu failed with error -38 [ 365.052168][ T10] usb 6-1: USB disconnect, device number 8 [ 365.114671][T13617] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.276038][T13617] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.401449][T13652] fido_id[13652]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 365.527763][ T5112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.625725][ T5112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.755613][ T5920] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 366.795701][ T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 366.997787][ T5920] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.024354][ T10] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 367.115472][ T5920] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 367.186160][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.249669][ T5920] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 367.330881][ T10] usb 6-1: config 0 descriptor?? [ 367.423863][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.445751][ T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 367.609031][ T5920] usb 7-1: config 0 descriptor?? [ 367.685037][ T9] usb 10-1: Using ep0 maxpacket: 32 [ 367.802089][ T5920] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 367.809752][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.955089][ T5920] dvb-usb: bulk message failed: -22 (3/0) [ 367.966334][ T10] ath6kl: Unsupported hardware version: 0x0 [ 367.984649][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.082540][ T10] ath6kl: Failed to init ath6kl core: -22 [ 368.132846][ T5920] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 368.178155][ T9] usb 10-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 368.189012][ T10] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 368.350484][ T5920] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 368.416042][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.491129][ T5920] usb 7-1: media controller created [ 368.575859][ T10] usb 6-1: USB disconnect, device number 9 [ 368.632659][ T5920] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 368.648867][ T9] usb 10-1: config 0 descriptor?? [ 368.976719][ T5920] dvb-usb: bulk message failed: -22 (6/0) [ 368.982619][ T5920] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 369.329545][ T5920] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input29 [ 369.378205][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 369.557956][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 369.626718][ T5920] dvb-usb: schedule remote query interval to 150 msecs. [ 369.712315][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 369.738688][ T5920] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 369.818562][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 369.886165][ T5920] usb 7-1: USB disconnect, device number 3 [ 369.937163][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 370.095851][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 370.103267][ T9] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0 [ 370.524016][ T9] magicmouse 0003:05AC:0265.0078: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.9-1/input0 [ 370.746214][T13700] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3549'. [ 370.848995][ T9] magicmouse 0003:05AC:0265.0078: magicmouse input not registered [ 370.986413][ T5920] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 371.038273][ T9] magicmouse 0003:05AC:0265.0078: probe with driver magicmouse failed with error -12 [ 371.424518][ T9] usb 10-1: USB disconnect, device number 2 [ 371.819063][T13703] fido_id[13703]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 372.185428][ T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 372.372937][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 372.420322][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.544257][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.620023][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 372.727835][ T9] usb 7-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 372.820892][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.876624][ T9] usb 7-1: config 0 descriptor?? [ 373.345725][ T5920] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 373.480702][ T9] input: HID 0458:501a as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:501A.0079/input/input30 [ 373.555982][ T5920] usb 9-1: Using ep0 maxpacket: 8 [ 373.576354][ T5920] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 373.642910][ T9] input: HID 0458:501a as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0458:501A.0079/input/input31 [ 373.679266][ T5920] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 373.757464][ T5920] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 373.873603][ T5920] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 373.896942][ T9] kye 0003:0458:501A.0079: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:501a] on usb-dummy_hcd.6-1/input0 [ 374.032047][ T5920] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 374.145848][ T9] usb 7-1: USB disconnect, device number 4 [ 374.179124][ T5920] usb 9-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 374.298978][ T5920] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.397936][ T5920] usb 9-1: config 0 descriptor?? [ 374.476085][T13728] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 375.046618][T13728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.068816][T13733] fido_id[13733]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 375.147710][T13728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 375.324541][ T5835] Bluetooth: hci0: unexpected event 0x12 length: 1 < 8 [ 375.351035][ T5835] Bluetooth: hci0: Malformed Event: 0x02 [ 375.358803][ T5835] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 375.359141][ T5835] Bluetooth: hci0: connection err: -111 [ 375.702418][ T5833] Bluetooth: hci0: Opcode 0x0c03 failed: -71 [ 375.714620][ T5920] usb 9-1: USB disconnect, device number 2 [ 377.675878][ T5919] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 377.838645][ T5919] usb 7-1: config 0 has an invalid interface number: 217 but max is 0 [ 377.854046][ T5919] usb 7-1: config 0 has no interface number 0 [ 377.874447][ T5919] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 377.893642][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.933793][ T5919] usb 7-1: Product: syz [ 377.942856][ T5919] usb 7-1: Manufacturer: syz [ 377.962188][ T5919] usb 7-1: SerialNumber: syz [ 377.982169][ T5919] usb 7-1: config 0 descriptor?? [ 378.017879][ T5919] hub 7-1:0.217: bad descriptor, ignoring hub [ 378.034324][ T5919] hub 7-1:0.217: probe with driver hub failed with error -5 [ 378.132224][T13201] bridge0: port 3(syz_tun) entered disabled state [ 378.236367][ T5919] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 378.254355][T13201] syz_tun (unregistering): left allmulticast mode [ 378.278369][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 378.297148][T13201] syz_tun (unregistering): left promiscuous mode [ 378.314735][T13201] bridge0: port 3(syz_tun) entered disabled state [ 378.332652][ T5919] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 378.343871][ T5919] usb 7-1: media controller created [ 378.424387][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 378.564710][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.571725][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.673105][ T5919] DVB: Unable to find symbol dib7000p_attach() [ 378.697402][ T5919] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 378.835664][ T5919] rc_core: IR keymap rc-dib0700-rc5 not found [ 378.843954][ T5919] Registered IR keymap rc-empty [ 378.860800][ T5919] dvb-usb: could not initialize remote control. [ 378.875828][ T5919] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 379.195667][T13737] tipc: Started in network mode [ 379.200618][T13737] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 379.225594][ T5919] usb 7-1: USB disconnect, device number 5 [ 379.260712][T13737] tipc: Enabled bearer , priority 10 [ 379.522959][ T5919] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 380.375547][ T5919] tipc: Node number set to 10463914 [ 387.616098][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3614'. [ 387.668149][T13861] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3614'. [ 387.718584][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 387.729605][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 387.745738][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 387.756348][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 387.769387][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 387.807869][T13861] netlink: 'syz.6.3614': attribute type 15 has an invalid length. [ 389.437065][T13865] chnl_net:caif_netlink_parms(): no params data found [ 389.826236][ T5833] Bluetooth: hci0: command tx timeout [ 390.203753][T13865] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.245715][T13865] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.280202][T13865] bridge_slave_0: entered allmulticast mode [ 390.323291][T13865] bridge_slave_0: entered promiscuous mode [ 390.374479][T13865] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.414149][T13865] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.450328][T13865] bridge_slave_1: entered allmulticast mode [ 390.516576][T13865] bridge_slave_1: entered promiscuous mode [ 390.918467][T13865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 390.998241][T13865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.471162][T13865] team0: Port device team_slave_0 added [ 391.529772][T13865] team0: Port device team_slave_1 added [ 391.905606][ T5833] Bluetooth: hci0: command tx timeout [ 391.939953][T13865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.966135][T13865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.102034][T13865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 392.165990][T13865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.190966][T13865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.326634][T13865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.791052][T13865] hsr_slave_0: entered promiscuous mode [ 392.827244][T13865] hsr_slave_1: entered promiscuous mode [ 392.886674][T13865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.901385][T13865] Cannot create hsr debugfs directory [ 393.986195][ T5833] Bluetooth: hci0: command tx timeout [ 394.452499][T13865] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.255854][ T5919] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 395.420093][ T5919] usb 7-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 395.469508][ T5919] usb 7-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 395.495570][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.535468][ T5919] usb 7-1: Product: syz [ 395.550479][ T5919] usb 7-1: Manufacturer: syz [ 395.580641][ T5919] usb 7-1: SerialNumber: syz [ 395.861436][ T5919] usb 7-1: selecting invalid altsetting 1 [ 396.065723][ T5833] Bluetooth: hci0: command tx timeout [ 396.071515][ T5919] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 396.071637][ T5919] dvb_usb_lmedm04 7-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 396.281213][ T5919] usb 7-1: USB disconnect, device number 6 [ 397.329408][ T5919] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 397.555881][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.599912][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 397.635721][ T5919] usb 7-1: New USB device found, idVendor=1e71, idProduct=200d, bcdDevice= 0.00 [ 397.689029][ T5919] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.730805][ T5919] usb 7-1: config 0 descriptor?? [ 398.230943][ T5919] nzxt-smart2 0003:1E71:200D.007A: hidraw0: USB HID v0.00 Device [HID 1e71:200d] on usb-dummy_hcd.6-1/input0 [ 398.442541][ T5919] usb 7-1: USB disconnect, device number 7 [ 398.710674][T13955] fido_id[13955]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 399.652592][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 399.675764][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 399.683964][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 399.694315][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 399.703387][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 400.335193][T13641] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 400.516837][T13641] usb 7-1: Using ep0 maxpacket: 8 [ 400.556590][T13641] usb 7-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 400.583689][T13641] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.616303][T13641] usb 7-1: Product: syz [ 400.620572][T13641] usb 7-1: Manufacturer: syz [ 400.657472][T13641] usb 7-1: SerialNumber: syz [ 400.696190][T13641] usb 7-1: config 0 descriptor?? [ 400.727447][T13641] gspca_main: sq905-2.14.0 probing 2770:9120 [ 400.994464][T13970] chnl_net:caif_netlink_parms(): no params data found [ 401.322743][T13641] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 401.379378][T13641] sq905 7-1:0.0: probe with driver sq905 failed with error -71 [ 401.429967][T13641] usb 7-1: USB disconnect, device number 8 [ 401.753042][T13970] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.814630][T13970] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.828698][ T5835] Bluetooth: hci2: command tx timeout [ 401.866843][T13970] bridge_slave_0: entered allmulticast mode [ 401.904421][T13970] bridge_slave_0: entered promiscuous mode [ 401.961350][T13970] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.049693][T13970] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.093985][T13970] bridge_slave_1: entered allmulticast mode [ 402.178965][T13970] bridge_slave_1: entered promiscuous mode [ 402.404466][T13998] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 402.719638][T13970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 402.829394][T13970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.389886][T13970] team0: Port device team_slave_0 added [ 403.440643][T13970] team0: Port device team_slave_1 added [ 403.759281][T14009] trusted_key: encrypted_key: insufficient parameters specified [ 403.781863][T13970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.815942][T13970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.905851][ T5835] Bluetooth: hci2: command tx timeout [ 403.953587][T13970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 404.045585][T13970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 404.072951][T13970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 404.207468][T13970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.291807][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 404.301522][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 404.310585][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 404.326286][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 404.338431][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 404.698126][T13970] hsr_slave_0: entered promiscuous mode [ 404.716952][T13970] hsr_slave_1: entered promiscuous mode [ 404.746035][T13970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 404.753666][T13970] Cannot create hsr debugfs directory [ 405.155684][ T5919] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 405.315695][ T5919] usb 7-1: Using ep0 maxpacket: 32 [ 405.335940][ T5919] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.419015][ T5919] usb 7-1: config 0 has no interfaces? [ 405.433109][ T5919] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 405.481831][ T5919] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.513061][ T5919] usb 7-1: config 0 descriptor?? [ 405.808438][T14016] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 405.829119][T14016] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3675'. [ 405.849719][T14016] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 405.907924][ T5919] usb 7-1: USB disconnect, device number 9 [ 405.985735][ T5833] Bluetooth: hci2: command tx timeout [ 406.192488][T14014] chnl_net:caif_netlink_parms(): no params data found [ 406.385383][ T5833] Bluetooth: hci3: command tx timeout [ 408.065871][ T5833] Bluetooth: hci2: command tx timeout [ 408.465182][ T5833] Bluetooth: hci3: command tx timeout [ 410.545977][ T5833] Bluetooth: hci3: command tx timeout [ 412.625357][ T5833] Bluetooth: hci3: command tx timeout [ 422.560282][T14014] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.568357][ T5920] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 422.626054][T14014] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.633416][T14014] bridge_slave_0: entered allmulticast mode [ 422.709374][T14014] bridge_slave_0: entered promiscuous mode [ 422.728643][T14014] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.765975][T14014] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.780598][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 422.815752][ T5920] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 422.829241][T14014] bridge_slave_1: entered allmulticast mode [ 422.890658][T14014] bridge_slave_1: entered promiscuous mode [ 422.918483][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 423.056281][ T5920] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 423.109954][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.167934][ T5920] usb 7-1: Product: syz [ 423.172172][ T5920] usb 7-1: Manufacturer: syz [ 423.230741][ T5920] usb 7-1: SerialNumber: syz [ 423.280575][ T5920] usb 7-1: config 0 descriptor?? [ 423.288678][T14014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.335926][T14039] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 423.358240][T14039] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 423.390357][T14014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.442588][ T5920] usb 7-1: ucan: probing device on interface #0 [ 423.753789][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 423.763911][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 423.787935][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 423.802258][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 423.814324][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 424.010415][ T5920] usb 7-1: ucan: device reported invalid tx-fifo size [ 424.033462][ T5920] usb 7-1: ucan: probe failed; try to update the device firmware [ 424.257876][T14014] team0: Port device team_slave_0 added [ 424.279648][ T5920] usb 7-1: USB disconnect, device number 10 [ 424.307758][T14014] team0: Port device team_slave_1 added [ 424.569822][T14014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.598927][T14014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.650435][T14014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.683223][T14014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.717047][T14014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.756884][T14014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.217533][T14014] hsr_slave_0: entered promiscuous mode [ 425.224361][T14014] hsr_slave_1: entered promiscuous mode [ 425.286103][T14014] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 425.293731][T14014] Cannot create hsr debugfs directory [ 425.910362][ T5835] Bluetooth: hci1: command tx timeout [ 426.558326][T14043] chnl_net:caif_netlink_parms(): no params data found [ 427.262452][T14043] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.292867][T14043] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.326311][T14043] bridge_slave_0: entered allmulticast mode [ 427.356732][T14043] bridge_slave_0: entered promiscuous mode [ 427.388832][T14043] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.425984][T14043] bridge0: port 2(bridge_slave_1) entered disabled state [ 427.433336][T14043] bridge_slave_1: entered allmulticast mode [ 427.502165][T14043] bridge_slave_1: entered promiscuous mode [ 427.834303][T14043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 427.876424][T14043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 427.985599][ T5835] Bluetooth: hci1: command tx timeout [ 428.128562][T14043] team0: Port device team_slave_0 added [ 428.166984][T14043] team0: Port device team_slave_1 added [ 428.393431][T14043] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 428.411752][T14043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.454012][T14043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 428.501793][T14043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 428.518828][T14043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.561524][T14043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 429.067681][T14043] hsr_slave_0: entered promiscuous mode [ 429.094112][T14043] hsr_slave_1: entered promiscuous mode [ 429.129444][T14043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 429.169073][T14043] Cannot create hsr debugfs directory [ 429.555846][T14071] netlink: 'syz.6.3693': attribute type 12 has an invalid length. [ 429.573089][T14071] netlink: 9472 bytes leftover after parsing attributes in process `syz.6.3693'. [ 430.065656][ T5835] Bluetooth: hci1: command tx timeout [ 432.146245][ T5835] Bluetooth: hci1: command tx timeout [ 432.784509][T14091] cgroup: fork rejected by pids controller in /syz6 [ 439.994482][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.001661][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.674391][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 446.696360][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 446.704377][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 446.719623][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 446.731057][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 447.189180][ T5837] Bluetooth: hci5: command 0x0406 tx timeout [ 447.440483][T14105] chnl_net:caif_netlink_parms(): no params data found [ 447.880499][T14105] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.900076][T14105] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.922687][T14105] bridge_slave_0: entered allmulticast mode [ 447.953977][T14105] bridge_slave_0: entered promiscuous mode [ 447.976852][T14105] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.991900][T14105] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.015877][T14105] bridge_slave_1: entered allmulticast mode [ 448.028045][T14105] bridge_slave_1: entered promiscuous mode [ 448.269666][T14105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.302062][T14105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.629491][T14105] team0: Port device team_slave_0 added [ 448.691153][T14105] team0: Port device team_slave_1 added [ 448.785909][ T5833] Bluetooth: hci4: command tx timeout [ 448.969826][T14105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.005604][T14105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.109288][T14105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.177782][T14105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.216398][T14105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.346497][T14105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.748324][T14105] hsr_slave_0: entered promiscuous mode [ 449.779721][T14105] hsr_slave_1: entered promiscuous mode [ 449.820753][T14105] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 449.856431][T14105] Cannot create hsr debugfs directory [ 450.595856][ T5837] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 450.608829][ T5837] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 450.617606][ T5837] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 450.627751][ T5837] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 450.647411][ T5837] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 450.866998][ T5837] Bluetooth: hci4: command tx timeout [ 451.312749][T14114] chnl_net:caif_netlink_parms(): no params data found [ 451.806315][T14114] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.813598][T14114] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.848141][T14114] bridge_slave_0: entered allmulticast mode [ 451.867848][T14114] bridge_slave_0: entered promiscuous mode [ 451.887892][T14114] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.907520][T14114] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.926874][T14114] bridge_slave_1: entered allmulticast mode [ 451.946582][T14114] bridge_slave_1: entered promiscuous mode [ 452.186988][T14114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.212526][T14114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.440889][T14114] team0: Port device team_slave_0 added [ 452.495908][T14114] team0: Port device team_slave_1 added [ 452.705899][ T5837] Bluetooth: hci6: command tx timeout [ 452.898709][T14114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 452.916277][T14114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.955523][ T5837] Bluetooth: hci4: command tx timeout [ 452.983444][T14114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 453.010940][T14114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.034596][T14114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.084434][T14114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.383552][T14114] hsr_slave_0: entered promiscuous mode [ 453.402423][T14114] hsr_slave_1: entered promiscuous mode [ 453.417260][T14114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 453.441141][T14114] Cannot create hsr debugfs directory [ 454.785778][ T5837] Bluetooth: hci6: command tx timeout [ 455.025870][ T5837] Bluetooth: hci4: command tx timeout [ 456.865882][ T5837] Bluetooth: hci6: command tx timeout [ 458.810071][ T5833] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 458.827376][ T5833] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 458.839463][ T5833] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 458.848323][ T5833] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 458.857735][ T5833] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 458.948283][ T5833] Bluetooth: hci6: command tx timeout [ 459.632639][T14125] chnl_net:caif_netlink_parms(): no params data found [ 460.117457][T14125] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.125915][T14125] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.146129][T14125] bridge_slave_0: entered allmulticast mode [ 460.165470][T14125] bridge_slave_0: entered promiscuous mode [ 460.197385][T14125] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.218761][T14125] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.233863][T14125] bridge_slave_1: entered allmulticast mode [ 460.253449][T14125] bridge_slave_1: entered promiscuous mode [ 460.500708][T14125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.533983][T14125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.778783][T14125] team0: Port device team_slave_0 added [ 460.806889][T14125] team0: Port device team_slave_1 added [ 460.945822][ T5833] Bluetooth: hci9: command tx timeout [ 461.015854][T14125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.022904][T14125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.074300][T14125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 461.104477][T14125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 461.135367][T14125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.191090][T14125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 461.488377][T14125] hsr_slave_0: entered promiscuous mode [ 461.508716][T14125] hsr_slave_1: entered promiscuous mode [ 461.525952][T14125] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 461.533567][T14125] Cannot create hsr debugfs directory [ 463.026124][ T5833] Bluetooth: hci9: command tx timeout [ 463.797708][ T5833] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 463.807939][ T5833] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 463.829565][ T5833] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 463.839612][ T5833] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 463.849007][ T5833] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 464.526357][T14135] chnl_net:caif_netlink_parms(): no params data found [ 465.023177][T14135] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.048434][T14135] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.065612][T14135] bridge_slave_0: entered allmulticast mode [ 465.086177][T14135] bridge_slave_0: entered promiscuous mode [ 465.105587][ T5833] Bluetooth: hci9: command tx timeout [ 465.113222][T14135] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.138161][T14135] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.166007][T14135] bridge_slave_1: entered allmulticast mode [ 465.176729][T14135] bridge_slave_1: entered promiscuous mode [ 465.416530][T14135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.469737][T14135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 465.704523][T14135] team0: Port device team_slave_0 added [ 465.746464][T14135] team0: Port device team_slave_1 added [ 465.905495][ T5842] Bluetooth: hci10: command tx timeout [ 465.983015][T14135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.005416][T14135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.051713][T14135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.107852][T14135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.125506][T14135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.191651][T14135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.484227][T14135] hsr_slave_0: entered promiscuous mode [ 466.502189][T14135] hsr_slave_1: entered promiscuous mode [ 466.525944][T14135] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.533572][T14135] Cannot create hsr debugfs directory [ 467.185656][ T5842] Bluetooth: hci9: command tx timeout [ 467.683243][ T5842] Bluetooth: hci7: command 0x0406 tx timeout [ 467.689834][ T5835] Bluetooth: hci8: command 0x0406 tx timeout [ 467.985795][ T5833] Bluetooth: hci10: command tx timeout [ 470.065981][ T5837] Bluetooth: hci10: command tx timeout [ 472.145616][ T5837] Bluetooth: hci10: command tx timeout [ 483.262991][ T5833] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 483.278799][ T5833] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 483.287363][ T5833] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 483.297919][ T5833] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 483.305867][ T5833] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 484.029031][T14147] chnl_net:caif_netlink_parms(): no params data found [ 484.542560][T14147] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.574534][T14147] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.595395][T14147] bridge_slave_0: entered allmulticast mode [ 484.617954][T14147] bridge_slave_0: entered promiscuous mode [ 484.638184][T14147] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.657735][T14147] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.677412][T14147] bridge_slave_1: entered allmulticast mode [ 484.698688][T14147] bridge_slave_1: entered promiscuous mode [ 484.930794][T14147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 484.998365][T14147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 485.288985][T14147] team0: Port device team_slave_0 added [ 485.330231][T14147] team0: Port device team_slave_1 added [ 485.434519][ T5833] Bluetooth: hci11: command tx timeout [ 485.570591][T14147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 485.587308][T14147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.651736][T14147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.685699][T14147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.692710][T14147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.744247][T14147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 486.109404][T14147] hsr_slave_0: entered promiscuous mode [ 486.133655][T14147] hsr_slave_1: entered promiscuous mode [ 486.165993][T14147] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 486.173606][T14147] Cannot create hsr debugfs directory [ 487.505107][ T5833] Bluetooth: hci11: command tx timeout [ 489.585952][ T5833] Bluetooth: hci11: command tx timeout [ 491.665570][ T5833] Bluetooth: hci11: command tx timeout [ 501.456114][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.462505][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.896450][ T5837] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 506.907181][ T5837] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 506.919033][ T5837] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 506.932800][ T5837] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 506.941797][ T5837] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 507.738076][T14160] chnl_net:caif_netlink_parms(): no params data found [ 508.285694][T14160] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.292913][T14160] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.323713][T14160] bridge_slave_0: entered allmulticast mode [ 508.332514][T14160] bridge_slave_0: entered promiscuous mode [ 508.380040][T14160] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.406761][T14160] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.414227][T14160] bridge_slave_1: entered allmulticast mode [ 508.444331][T14160] bridge_slave_1: entered promiscuous mode [ 508.707436][T14160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.740586][T14160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.024228][T14160] team0: Port device team_slave_0 added [ 509.031690][ T5837] Bluetooth: hci12: command tx timeout [ 509.059997][T14160] team0: Port device team_slave_1 added [ 509.307498][T14160] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.314524][T14160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.362268][T14160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.407105][T14160] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.414119][T14160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.483062][T14160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.882237][T14160] hsr_slave_0: entered promiscuous mode [ 509.918770][T14160] hsr_slave_1: entered promiscuous mode [ 509.935573][T14160] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.943200][T14160] Cannot create hsr debugfs directory [ 511.061085][ T5833] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 511.071513][ T5833] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 511.080857][ T5833] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 511.090383][ T5833] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 511.100763][ T5833] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 511.116028][ T5842] Bluetooth: hci12: command tx timeout [ 511.863965][T14174] chnl_net:caif_netlink_parms(): no params data found [ 512.396185][T14174] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.403487][T14174] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.430882][T14174] bridge_slave_0: entered allmulticast mode [ 512.476234][T14174] bridge_slave_0: entered promiscuous mode [ 512.497675][T14174] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.515365][T14174] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.523044][T14174] bridge_slave_1: entered allmulticast mode [ 512.552973][T14174] bridge_slave_1: entered promiscuous mode [ 512.806916][T14174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 512.839299][T14174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.177755][T14174] team0: Port device team_slave_0 added [ 513.185923][ T5837] Bluetooth: hci13: command tx timeout [ 513.192037][ T5837] Bluetooth: hci12: command tx timeout [ 513.227873][T14174] team0: Port device team_slave_1 added [ 513.475865][T14174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.495495][T14174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.563330][T14174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.605863][T14174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.612885][T14174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.687731][T14174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.748900][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 514.020877][T14174] hsr_slave_0: entered promiscuous mode [ 514.047352][T14174] hsr_slave_1: entered promiscuous mode [ 514.053834][T14174] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.098819][T14174] Cannot create hsr debugfs directory [ 515.266014][ T5833] Bluetooth: hci12: command tx timeout [ 515.271601][ T5837] Bluetooth: hci13: command tx timeout [ 517.345544][ T5833] Bluetooth: hci13: command tx timeout [ 519.360133][ T5837] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 519.374152][ T5837] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 519.383254][ T5837] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 519.392142][ T5837] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 519.406286][ T5837] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 519.425930][ T5837] Bluetooth: hci13: command tx timeout [ 520.102339][T14186] chnl_net:caif_netlink_parms(): no params data found [ 520.533144][T14186] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.555566][T14186] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.562953][T14186] bridge_slave_0: entered allmulticast mode [ 520.607490][T14186] bridge_slave_0: entered promiscuous mode [ 520.620164][T14186] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.649403][T14186] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.665625][T14186] bridge_slave_1: entered allmulticast mode [ 520.684439][T14186] bridge_slave_1: entered promiscuous mode [ 520.902794][T14186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.940997][T14186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 521.272688][T14186] team0: Port device team_slave_0 added [ 521.306942][T14186] team0: Port device team_slave_1 added [ 521.509238][ T5833] Bluetooth: hci14: command tx timeout [ 521.521015][T14186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 521.535509][T14186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.603665][T14186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 521.646500][T14186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 521.656170][T14186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.729280][T14186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 522.008220][T14186] hsr_slave_0: entered promiscuous mode [ 522.026056][T14186] hsr_slave_1: entered promiscuous mode [ 522.046354][T14186] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 522.054066][T14186] Cannot create hsr debugfs directory [ 523.585513][ T5842] Bluetooth: hci14: command tx timeout [ 523.869225][ T5837] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 523.879611][ T5837] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 523.892652][ T5837] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 523.902180][ T5837] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 523.911889][ T5837] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 523.993795][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 524.668148][T14199] chnl_net:caif_netlink_parms(): no params data found [ 525.122553][T14199] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.149520][T14199] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.175774][T14199] bridge_slave_0: entered allmulticast mode [ 525.195898][T14199] bridge_slave_0: entered promiscuous mode [ 525.212265][T14199] bridge0: port 2(bridge_slave_1) entered blocking state [ 525.235998][T14199] bridge0: port 2(bridge_slave_1) entered disabled state [ 525.243382][T14199] bridge_slave_1: entered allmulticast mode [ 525.276515][T14199] bridge_slave_1: entered promiscuous mode [ 525.488984][T14199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 525.520319][T14199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 525.669715][ T5833] Bluetooth: hci14: command tx timeout [ 525.826535][T14199] team0: Port device team_slave_0 added [ 525.846259][T14199] team0: Port device team_slave_1 added [ 525.985657][ T5833] Bluetooth: hci15: command tx timeout [ 526.060933][T14199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.090957][T14199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.155651][T14199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.188553][T14199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.215610][T14199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.275596][T14199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.607851][T14199] hsr_slave_0: entered promiscuous mode [ 526.624336][T14199] hsr_slave_1: entered promiscuous mode [ 526.647512][T14199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 526.665624][T14199] Cannot create hsr debugfs directory [ 527.755595][ T5833] Bluetooth: hci14: command tx timeout [ 528.066439][ T5833] Bluetooth: hci15: command tx timeout [ 529.117892][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 530.146308][ T5837] Bluetooth: hci15: command tx timeout [ 532.225930][ T5837] Bluetooth: hci15: command tx timeout [ 535.986480][ T31] INFO: task syz.0.3367:13201 blocked for more than 143 seconds. [ 535.994318][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 536.027180][ T31] Blocked by coredump. [ 536.031836][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.087836][ T31] task:syz.0.3367 state:D stack:24872 pid:13201 tgid:13201 ppid:5852 task_flags:0x40044c flags:0x00004006 [ 536.148656][ T31] Call Trace: [ 536.152014][ T31] [ 536.232820][ T31] __schedule+0x16f5/0x4d00 [ 536.319511][ T31] ? __lock_acquire+0xab9/0xd20 [ 536.324468][ T31] ? schedule+0x165/0x360 [ 536.361989][ T31] ? __pfx___schedule+0x10/0x10 [ 536.375696][ T31] ? schedule+0x91/0x360 [ 536.380112][ T31] schedule+0x165/0x360 [ 536.384305][ T31] schedule_preempt_disabled+0x13/0x30 [ 536.435999][ T31] __mutex_lock+0x724/0xe80 [ 536.440611][ T31] ? __mutex_lock+0x51b/0xe80 [ 536.472929][ T31] ? rcu_barrier+0x4c/0x570 [ 536.485786][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 536.490962][ T31] ? __mutex_unlock_slowpath+0x68a/0x700 [ 536.515656][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 536.534820][ T31] rcu_barrier+0x4c/0x570 [ 536.539232][ T31] netdev_run_todo+0x327/0xea0 [ 536.544060][ T31] ? __pfx_netif_state_change+0x10/0x10 [ 536.568507][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 536.573868][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 536.595507][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.600816][ T31] ? netdev_state_change+0x1ca/0x220 [ 536.623953][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 536.646007][ T31] tun_chr_close+0x13c/0x1c0 [ 536.650685][ T31] __fput+0x449/0xa70 [ 536.665439][ T31] task_work_run+0x1d1/0x260 [ 536.670108][ T31] ? __pfx_task_work_run+0x10/0x10 [ 536.685432][ T31] ? kmem_cache_free+0x18f/0x400 [ 536.690444][ T31] do_exit+0x6b5/0x22e0 [ 536.716926][ T31] ? do_raw_spin_lock+0x121/0x290 [ 536.722029][ T31] ? __pfx_do_exit+0x10/0x10 [ 536.745440][ T31] do_group_exit+0x21c/0x2d0 [ 536.750114][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.765704][ T31] get_signal+0x1286/0x1340 [ 536.770320][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 536.795311][ T31] ? blkcg_maybe_throttle_current+0x1ab/0xb40 [ 536.801608][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.830990][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 536.845436][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 536.850982][ T31] exit_to_user_mode_loop+0x75/0x110 [ 536.868206][ T31] do_syscall_64+0x2bd/0x3b0 [ 536.872873][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.899066][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.906467][ T31] ? clear_bhb_loop+0x60/0xb0 [ 536.911222][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.955725][ T31] RIP: 0033:0x7f88f778e929 [ 536.960234][ T31] RSP: 002b:00007f88f7adfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 536.995397][ T31] RAX: 0000000000000000 RBX: 000000000004d0b0 RCX: 00007f88f778e929 [ 537.028381][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 537.054415][ T31] RBP: 00007f88f79b7ba0 R08: 0000000000000001 R09: 00000003f7adfe7f [ 537.075691][ T31] R10: 00007f88f7600000 R11: 0000000000000246 R12: 00007f88f79b5fac [ 537.083755][ T31] R13: 00007f88f79b5fa0 R14: ffffffffffffffff R15: 00007f88f7adfca0 [ 537.118384][ T31] [ 537.121485][ T31] INFO: task syz.4.3427:13342 blocked for more than 144 seconds. [ 537.145378][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 537.153078][ T31] Blocked by coredump. [ 537.175562][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 537.184312][ T31] task:syz.4.3427 state:D stack:25128 pid:13342 tgid:13342 ppid:5850 task_flags:0x40044c flags:0x00004006 [ 537.228591][ T31] Call Trace: [ 537.232133][ T31] [ 537.248344][ T31] __schedule+0x16f5/0x4d00 [ 537.252952][ T31] ? __lock_acquire+0xab9/0xd20 [ 537.285814][ T31] ? schedule+0x165/0x360 [ 537.290302][ T31] ? __pfx___schedule+0x10/0x10 [ 537.305309][ T31] ? schedule+0x91/0x360 [ 537.309684][ T31] schedule+0x165/0x360 [ 537.324773][ T31] schedule_preempt_disabled+0x13/0x30 [ 537.330303][ T31] __mutex_lock+0x724/0xe80 [ 537.358394][ T31] ? __mutex_lock+0x51b/0xe80 [ 537.363161][ T31] ? rcu_barrier+0x4c/0x570 [ 537.377089][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 537.382194][ T31] ? __mutex_unlock_slowpath+0x68a/0x700 [ 537.405689][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 537.411762][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 537.436010][ T31] rcu_barrier+0x4c/0x570 [ 537.449189][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 537.454390][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 537.475770][ T31] netdev_run_todo+0x327/0xea0 [ 537.480628][ T31] ? __pfx_netif_state_change+0x10/0x10 [ 537.511176][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 537.517930][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 537.523275][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 537.546926][ T31] ? netdev_state_change+0x1ca/0x220 [ 537.552296][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 537.578478][ T31] tun_chr_close+0x13c/0x1c0 [ 537.583147][ T31] __fput+0x449/0xa70 [ 537.599481][ T31] task_work_run+0x1d1/0x260 [ 537.604153][ T31] ? __pfx_task_work_run+0x10/0x10 [ 537.625254][ T31] ? kmem_cache_free+0x18f/0x400 [ 537.630278][ T31] do_exit+0x6b5/0x22e0 [ 537.634499][ T31] ? do_raw_spin_lock+0x121/0x290 [ 537.668290][ T31] ? __pfx_do_exit+0x10/0x10 [ 537.672998][ T31] do_group_exit+0x21c/0x2d0 [ 537.692340][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 537.707398][ T31] get_signal+0x1286/0x1340 [ 537.712082][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 537.736271][ T31] ? blkcg_maybe_throttle_current+0x1ab/0xb40 [ 537.742433][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 537.765727][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 537.772007][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 537.799238][ T31] exit_to_user_mode_loop+0x75/0x110 [ 537.806671][ T31] do_syscall_64+0x2bd/0x3b0 [ 537.811403][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 537.835427][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.841580][ T31] ? clear_bhb_loop+0x60/0xb0 [ 537.865604][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.871582][ T31] RIP: 0033:0x7ff7e498e929 [ 537.888306][ T31] RSP: 002b:00007ff7e4cdfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 537.915986][ T31] RAX: 0000000000000000 RBX: 000000000004edc0 RCX: 00007ff7e498e929 [ 537.924036][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 537.956691][ T31] RBP: 00007ff7e4bb7ba0 R08: 0000000000000001 R09: 00000003e4cdfe7f [ 537.975767][ T31] R10: 00007ff7e4800000 R11: 0000000000000246 R12: 00007ff7e4bb5fac [ 537.983817][ T31] R13: 00007ff7e4bb5fa0 R14: ffffffffffffffff R15: 00007ff7e4cdfca0 [ 538.019104][ T31] [ 538.022223][ T31] INFO: task syz.1.3442:13385 blocked for more than 145 seconds. [ 538.040578][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 538.065999][ T31] Blocked by coredump. [ 538.070649][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 538.096083][ T31] task:syz.1.3442 state:D stack:25128 pid:13385 tgid:13385 ppid:5853 task_flags:0x40044c flags:0x00004006 [ 538.129161][ T31] Call Trace: [ 538.132529][ T31] [ 538.146735][ T31] __schedule+0x16f5/0x4d00 [ 538.151326][ T31] ? __lock_acquire+0xab9/0xd20 [ 538.175596][ T31] ? schedule+0x165/0x360 [ 538.180022][ T31] ? __pfx___schedule+0x10/0x10 [ 538.197350][ T31] ? schedule+0x91/0x360 [ 538.201669][ T31] schedule+0x165/0x360 [ 538.218446][ T31] schedule_preempt_disabled+0x13/0x30 [ 538.224074][ T31] __mutex_lock+0x724/0xe80 [ 538.245750][ T31] ? __mutex_lock+0x51b/0xe80 [ 538.250528][ T31] ? rcu_barrier+0x4c/0x570 [ 538.276048][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 538.281163][ T31] ? __mutex_unlock_slowpath+0x68a/0x700 [ 538.295974][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 538.315627][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 538.320830][ T31] rcu_barrier+0x4c/0x570 [ 538.336654][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 538.341944][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 538.367676][ T31] netdev_run_todo+0x327/0xea0 [ 538.372569][ T31] ? __pfx_netif_state_change+0x10/0x10 [ 538.395921][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 538.401299][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 538.415864][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 538.421153][ T31] ? netdev_state_change+0x1ca/0x220 [ 538.438942][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 538.444160][ T31] tun_chr_close+0x13c/0x1c0 [ 538.476995][ T31] __fput+0x449/0xa70 [ 538.481091][ T31] task_work_run+0x1d1/0x260 [ 538.498939][ T31] ? __pfx_task_work_run+0x10/0x10 [ 538.504188][ T31] ? kmem_cache_free+0x18f/0x400 [ 538.525449][ T31] do_exit+0x6b5/0x22e0 [ 538.529794][ T31] ? do_raw_spin_lock+0x121/0x290 [ 538.557299][ T31] ? __pfx_do_exit+0x10/0x10 [ 538.562000][ T31] do_group_exit+0x21c/0x2d0 [ 538.590529][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 538.605593][ T31] get_signal+0x1286/0x1340 [ 538.610205][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 538.635756][ T31] ? blkcg_maybe_throttle_current+0x1ab/0xb40 [ 538.641917][ T31] ? kmem_cache_free+0x309/0x400 [ 538.657836][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 538.664179][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 538.697194][ T31] exit_to_user_mode_loop+0x75/0x110 [ 538.702577][ T31] do_syscall_64+0x2bd/0x3b0 [ 538.715834][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 538.721122][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.745369][ T31] ? clear_bhb_loop+0x60/0xb0 [ 538.750167][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.776670][ T31] RIP: 0033:0x7fb737b8e929 [ 538.781254][ T31] RSP: 002b:00007fb737edfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 538.816081][ T31] RAX: 0000000000000000 RBX: 000000000004fd75 RCX: 00007fb737b8e929 [ 538.824142][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 538.847712][ T31] RBP: 00007fb737db7ba0 R08: 0000000000000001 R09: 0000000337edfe7f [ 538.881135][ T31] R10: 00007fb737a00000 R11: 0000000000000246 R12: 00007fb737db5fac [ 538.898741][ T31] R13: 00007fb737db5fa0 R14: ffffffffffffffff R15: 00007fb737edfca0 [ 538.921136][ T31] [ 538.924256][ T31] INFO: task syz.2.3447:13396 blocked for more than 146 seconds. [ 538.946052][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 538.953752][ T31] Blocked by coredump. [ 538.979868][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 539.009159][ T31] task:syz.2.3447 state:D stack:23688 pid:13396 tgid:13395 ppid:5851 task_flags:0x40054c flags:0x00004002 [ 539.035561][ T31] Call Trace: [ 539.038920][ T31] [ 539.041889][ T31] __schedule+0x16f5/0x4d00 [ 539.065523][ T31] ? __lock_acquire+0xab9/0xd20 [ 539.070471][ T31] ? schedule+0x165/0x360 [ 539.085675][ T31] ? __pfx___schedule+0x10/0x10 [ 539.090647][ T31] ? schedule+0x91/0x360 [ 539.119665][ T31] schedule+0x165/0x360 [ 539.123915][ T31] schedule_preempt_disabled+0x13/0x30 [ 539.145346][ T31] __mutex_lock+0x724/0xe80 [ 539.149976][ T31] ? __mutex_lock+0x51b/0xe80 [ 539.165313][ T31] ? rcu_barrier+0x4c/0x570 [ 539.169912][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 539.195599][ T31] ? __mutex_unlock_slowpath+0x6ed/0x700 [ 539.201344][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 539.216858][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 539.222056][ T31] rcu_barrier+0x4c/0x570 [ 539.247093][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 539.252307][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 539.275706][ T31] netdev_run_todo+0x327/0xea0 [ 539.280577][ T31] ? __pfx_netif_state_change+0x10/0x10 [ 539.305406][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 539.310794][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 539.339518][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.347604][ T31] ? netdev_state_change+0x1ca/0x220 [ 539.352960][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 539.375994][ T31] tun_chr_close+0x13c/0x1c0 [ 539.380767][ T31] __fput+0x449/0xa70 [ 539.404818][ T31] task_work_run+0x1d1/0x260 [ 539.409512][ T31] ? __pfx_task_work_run+0x10/0x10 [ 539.428451][ T31] ? kmem_cache_free+0x18f/0x400 [ 539.433494][ T31] do_exit+0x6b5/0x22e0 [ 539.455799][ T31] ? do_raw_spin_lock+0x121/0x290 [ 539.460936][ T31] ? __pfx_do_exit+0x10/0x10 [ 539.485547][ T31] do_group_exit+0x21c/0x2d0 [ 539.506367][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.511672][ T31] get_signal+0x1286/0x1340 [ 539.525321][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 539.530962][ T31] ? __x64_sys_sendmsg+0x230/0x260 [ 539.555728][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 539.562003][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 539.596013][ T31] exit_to_user_mode_loop+0x75/0x110 [ 539.601419][ T31] do_syscall_64+0x2bd/0x3b0 [ 539.615593][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.620897][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.647791][ T31] ? clear_bhb_loop+0x60/0xb0 [ 539.652666][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.678787][ T31] RIP: 0033:0x7f9f9d38e929 [ 539.683303][ T31] RSP: 002b:00007f9f9b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 539.716290][ T31] RAX: 000000000000004c RBX: 00007f9f9d5b5fa0 RCX: 00007f9f9d38e929 [ 539.724366][ T31] RDX: 0000000000004054 RSI: 00002000000002c0 RDI: 0000000000000003 [ 539.758156][ T31] RBP: 00007f9f9d410b39 R08: 0000000000000000 R09: 0000000000000000 [ 539.776103][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 539.784179][ T31] R13: 0000000000000000 R14: 00007f9f9d5b5fa0 R15: 00007f9f9d6dfa28 [ 539.827616][ T31] [ 539.830771][ T31] INFO: task syz.8.3595:13817 blocked for more than 147 seconds. [ 539.855773][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 539.863493][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 539.894022][ T31] task:syz.8.3595 state:D stack:25128 pid:13817 tgid:13817 ppid:13520 task_flags:0x400040 flags:0x00004006 [ 539.935321][ T31] Call Trace: [ 539.938692][ T31] [ 539.941655][ T31] __schedule+0x16f5/0x4d00 [ 539.955486][ T31] ? __lock_acquire+0xab9/0xd20 [ 539.960443][ T31] ? schedule+0x165/0x360 [ 539.976488][ T31] ? __pfx___schedule+0x10/0x10 [ 539.996014][ T31] ? schedule+0x91/0x360 [ 540.017862][ T31] schedule+0x165/0x360 [ 540.022113][ T31] schedule_preempt_disabled+0x13/0x30 [ 540.045895][ T31] __mutex_lock+0x724/0xe80 [ 540.050503][ T31] ? __mutex_lock+0x51b/0xe80 [ 540.065650][ T31] ? rcu_barrier+0x4c/0x570 [ 540.070263][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 540.099306][ T31] ? do_raw_write_lock+0x11d/0x260 [ 540.116033][ T31] ? __pfx_tdp_mmu_next_root+0x10/0x10 [ 540.121602][ T31] rcu_barrier+0x4c/0x570 [ 540.147167][ T31] ? kvm_mmu_uninit_tdp_mmu+0x32/0xc0 [ 540.152656][ T31] kvm_mmu_uninit_vm+0x23/0x60 [ 540.175979][ T31] kvm_arch_destroy_vm+0x23a/0x280 [ 540.181187][ T31] kvm_put_kvm+0xf8e/0x1650 [ 540.195804][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 540.201108][ T31] ? __pfx_kvm_vm_release+0x10/0x10 [ 540.225690][ T31] kvm_vm_release+0x43/0x50 [ 540.230295][ T31] __fput+0x449/0xa70 [ 540.234335][ T31] task_work_run+0x1d1/0x260 [ 540.265851][ T31] ? __pfx_task_work_run+0x10/0x10 [ 540.271074][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 540.285433][ T31] exit_to_user_mode_loop+0xec/0x110 [ 540.290818][ T31] do_syscall_64+0x2bd/0x3b0 [ 540.312541][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 540.335523][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.341679][ T31] ? clear_bhb_loop+0x60/0xb0 [ 540.357780][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.363764][ T31] RIP: 0033:0x7f38b3b8e929 [ 540.386482][ T31] RSP: 002b:00007f38b3edfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 540.405723][ T31] RAX: 0000000000000000 RBX: 000000000005d848 RCX: 00007f38b3b8e929 [ 540.435502][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 540.443565][ T31] RBP: 00007f38b3db7ba0 R08: 0000000000000001 R09: 00000003b3edfe7f [ 540.476682][ T31] R10: 00007f38b3a00000 R11: 0000000000000246 R12: 00007f38b3db5fac [ 540.495430][ T31] R13: 00007f38b3db5fa0 R14: ffffffffffffffff R15: 00007f38b3edfca0 [ 540.503501][ T31] [ 540.526482][ T31] INFO: task syz.5.3615:13863 blocked for more than 147 seconds. [ 540.534290][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 540.568308][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 540.586192][ T31] task:syz.5.3615 state:D stack:24680 pid:13863 tgid:13863 ppid:13320 task_flags:0x400040 flags:0x00004006 [ 540.618761][ T31] Call Trace: [ 540.622122][ T31] [ 540.646637][ T31] __schedule+0x16f5/0x4d00 [ 540.651254][ T31] ? __lock_acquire+0xab9/0xd20 [ 540.677940][ T31] ? schedule+0x165/0x360 [ 540.682376][ T31] ? __pfx___schedule+0x10/0x10 [ 540.696341][ T31] ? schedule+0x91/0x360 [ 540.700674][ T31] schedule+0x165/0x360 [ 540.715549][ T31] schedule_preempt_disabled+0x13/0x30 [ 540.746930][ T31] __mutex_lock+0x724/0xe80 [ 540.751632][ T31] ? __mutex_lock+0x51b/0xe80 [ 540.766298][ T31] ? rcu_barrier+0x4c/0x570 [ 540.770894][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 540.788333][ T31] ? __mutex_unlock_slowpath+0x68a/0x700 [ 540.794154][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 540.822548][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 540.836036][ T31] rcu_barrier+0x4c/0x570 [ 540.840449][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 540.856797][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 540.861991][ T31] netdev_run_todo+0x327/0xea0 [ 540.885514][ T31] ? __pfx_netif_state_change+0x10/0x10 [ 540.891138][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 540.916037][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 540.934102][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 540.945955][ T31] ? netdev_state_change+0x1ca/0x220 [ 540.951319][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 540.976006][ T31] tun_chr_close+0x13c/0x1c0 [ 540.980687][ T31] __fput+0x449/0xa70 [ 540.995966][ T31] task_work_run+0x1d1/0x260 [ 541.000637][ T31] ? __pfx_task_work_run+0x10/0x10 [ 541.029380][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 541.037566][ T31] exit_to_user_mode_loop+0xec/0x110 [ 541.042936][ T31] do_syscall_64+0x2bd/0x3b0 [ 541.065534][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 541.070818][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.091142][ T31] ? clear_bhb_loop+0x60/0xb0 [ 541.106176][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.112149][ T31] RIP: 0033:0x7f1d2058e929 [ 541.136822][ T31] RSP: 002b:00007f1d208dfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 541.155542][ T31] RAX: 0000000000000000 RBX: 000000000005ea72 RCX: 00007f1d2058e929 [ 541.163611][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 541.197117][ T31] RBP: 00007f1d207b7ba0 R08: 0000000000000001 R09: 00000003208dfe7f [ 541.215614][ T31] R10: 00007f1d20400000 R11: 0000000000000246 R12: 00007f1d207b5fac [ 541.223671][ T31] R13: 00007f1d207b5fa0 R14: ffffffffffffffff R15: 00007f1d208dfca0 [ 541.263937][ T31] [ 541.268224][ T31] [ 541.268224][ T31] Showing all locks held in the system: [ 541.334353][ T31] 3 locks held by kworker/u8:0/12: [ 541.356263][ T31] 1 lock held by khungtaskd/31: [ 541.361379][ T31] #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 541.395720][ T31] 4 locks held by kworker/u8:2/36: [ 541.400909][ T31] #0: ffff88807a783948 ((wq_completion)wg-kex-wg0#13){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 541.445517][ T31] #1: ffffc90000ac7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 541.477022][ T31] #2: ffff88804dad5308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 541.505194][ T31] #3: ffff888041790338 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 541.541125][ T31] 4 locks held by kworker/u8:7/1341: [ 541.548784][ T31] #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 541.586364][ T31] #1: ffffc9000460fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 541.605653][ T31] #2: ffffffff8f503350 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 541.635713][ T31] #3: ffff88805a56b0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 541.661652][ T31] 5 locks held by kworker/1:2/2153: [ 541.686120][ T31] 2 locks held by getty/5591: [ 541.690864][ T31] #0: ffff8880350ba0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 541.715566][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 541.743627][ T31] 2 locks held by kworker/1:5/5921: [ 541.760371][ T31] 1 lock held by syz.0.3367/13201: [ 541.775502][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 541.805497][ T31] 1 lock held by syz.4.3427/13342: [ 541.810688][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 541.835907][ T31] 1 lock held by syz.1.3442/13385: [ 541.841095][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 541.885872][ T31] 1 lock held by syz.2.3447/13396: [ 541.891155][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 541.925521][ T31] 1 lock held by syz-executor/13437: [ 541.930878][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 541.965308][ T31] 1 lock held by syz-executor/13482: [ 541.970720][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 542.006934][ T31] 1 lock held by syz.9.3551/13704: [ 542.012120][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 542.045579][ T31] 1 lock held by syz.8.3595/13817: [ 542.057957][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 542.087295][ T31] 1 lock held by syz.5.3615/13863: [ 542.092468][ T31] #0: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 542.127197][ T31] 7 locks held by syz-executor/13865: [ 542.132642][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.165701][ T31] #1: ffff888028da0088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.185889][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.211866][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.237537][ T31] #4: ffff88805a56b0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 [ 542.275309][ T31] #5: ffff88805a56c250 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 [ 542.295538][ T31] #6: ffffffff8e144840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 542.315619][ T31] 5 locks held by kworker/1:10/13915: [ 542.321053][ T31] 4 locks held by syz-executor/13970: [ 542.347165][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.375614][ T31] #1: ffff8880470df088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.405560][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.425638][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.462076][ T31] 4 locks held by syz-executor/14014: [ 542.470357][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.495543][ T31] #1: ffff88808196e088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.516053][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.544268][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.574575][ T31] 4 locks held by syz-executor/14043: [ 542.587318][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.606810][ T31] #1: ffff88808372ec88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.637446][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.668887][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.696725][ T31] 4 locks held by syz-executor/14105: [ 542.702161][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.736114][ T31] #1: ffff888085481c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.768837][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.797074][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.815467][ T31] 4 locks held by syz-executor/14114: [ 542.820902][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.845416][ T31] #1: ffff888082299888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 542.877028][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 542.906912][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 542.935711][ T31] 4 locks held by syz-executor/14125: [ 542.941240][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 542.967615][ T31] #1: ffff88803e029888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.007320][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.027669][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.055109][ T31] 4 locks held by syz-executor/14135: [ 543.060567][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.095856][ T31] #1: ffff888087b32088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.117005][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.145645][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.178968][ T31] 4 locks held by syz-executor/14147: [ 543.184491][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.217900][ T31] #1: ffff888091391088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.237029][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.265681][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.295987][ T31] 4 locks held by syz-executor/14160: [ 543.301424][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.332618][ T31] #1: ffff8880989ca088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.356511][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.382577][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.413574][ T31] 4 locks held by syz-executor/14174: [ 543.420597][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.445638][ T31] #1: ffff88809c4e0488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.475902][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.505979][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.525465][ T31] 4 locks held by syz-executor/14186: [ 543.530909][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.567895][ T31] #1: ffff8880882ea088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.588144][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.615673][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.647221][ T31] 4 locks held by syz-executor/14199: [ 543.652670][ T31] #0: ffff888030f96428 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 543.690575][ T31] #1: ffff88809a7c9888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1e0/0x4f0 [ 543.715522][ T31] #2: ffff88802746ea58 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x203/0x4f0 [ 543.735457][ T31] #3: ffffffff8edaaae8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 [ 543.766922][ T31] [ 543.769325][ T31] ============================================= [ 543.769325][ T31] [ 543.805450][ T31] NMI backtrace for cpu 0 [ 543.805483][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 543.805526][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 543.805546][ T31] Call Trace: [ 543.805560][ T31] [ 543.805575][ T31] dump_stack_lvl+0x189/0x250 [ 543.805630][ T31] ? __wake_up_klogd+0xd9/0x110 [ 543.805675][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 543.805727][ T31] ? __pfx__printk+0x10/0x10 [ 543.805783][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 543.805813][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 543.805836][ T31] ? _printk+0xcf/0x120 [ 543.805863][ T31] ? __pfx__printk+0x10/0x10 [ 543.805886][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 543.805916][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 543.805945][ T31] watchdog+0xfee/0x1030 [ 543.805974][ T31] ? watchdog+0x1de/0x1030 [ 543.806009][ T31] kthread+0x70e/0x8a0 [ 543.806047][ T31] ? __pfx_watchdog+0x10/0x10 [ 543.806072][ T31] ? __pfx_kthread+0x10/0x10 [ 543.806097][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 543.806124][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 543.806150][ T31] ? __pfx_kthread+0x10/0x10 [ 543.806172][ T31] ret_from_fork+0x3fc/0x770 [ 543.806203][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 543.806237][ T31] ? __switch_to_asm+0x39/0x70 [ 543.806257][ T31] ? __switch_to_asm+0x33/0x70 [ 543.806277][ T31] ? __pfx_kthread+0x10/0x10 [ 543.806300][ T31] ret_from_fork_asm+0x1a/0x30 [ 543.806337][ T31] [ 543.806345][ T31] Sending NMI from CPU 0 to CPUs 1: [ 543.980664][ C1] NMI backtrace for cpu 1 [ 543.980681][ C1] CPU: 1 UID: 0 PID: 13915 Comm: kworker/1:10 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 543.980701][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 543.980712][ C1] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker [ 543.980742][ C1] RIP: 0010:debug_lockdep_rcu_enabled+0x2a/0x40 [ 543.980770][ C1] Code: f3 0f 1e fa 31 c0 83 3d 67 5d 3a 04 00 74 1e 83 3d 8a 8d 3a 04 00 74 15 65 48 8b 0c 25 08 f0 9c 92 31 c0 83 b9 ec 0a 00 00 00 <0f> 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ 543.980784][ C1] RSP: 0018:ffffc90000a08070 EFLAGS: 00000246 [ 543.980797][ C1] RAX: 0000000000000000 RBX: ffffffff9084d601 RCX: ffff8880351c9e00 [ 543.980809][ C1] RDX: ffffc90000a08101 RSI: dffffc0000000000 RDI: ffffc90000a08150 [ 543.980821][ C1] RBP: dffffc0000000000 R08: ffffc900047a7a70 R09: 0000000000000000 [ 543.980832][ C1] R10: ffffc90000a08198 R11: fffff52000141035 R12: ffffc900047a7a80 [ 543.980845][ C1] R13: ffffc900047a0000 R14: ffffc90000a08148 R15: ffffffff81728af5 [ 543.980857][ C1] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 543.980875][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 543.980887][ C1] CR2: 00007fb216898bc1 CR3: 000000000df38000 CR4: 00000000003526f0 [ 543.980901][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 543.980911][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 543.980920][ C1] Call Trace: [ 543.980927][ C1] [ 543.980933][ C1] unwind_next_frame+0x195c/0x2390 [ 543.980964][ C1] ? unwind_next_frame+0xa5/0x2390 [ 543.980988][ C1] ? wg_packet_handshake_receive_worker+0x5f2/0xfb0 [ 543.981015][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 543.981033][ C1] arch_stack_walk+0x11c/0x150 [ 543.981052][ C1] ? process_scheduled_works+0xae1/0x17b0 [ 543.981078][ C1] stack_trace_save+0x9c/0xe0 [ 543.981095][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 543.981118][ C1] kasan_save_track+0x3e/0x80 [ 543.981141][ C1] ? kasan_save_track+0x3e/0x80 [ 543.981163][ C1] ? __kasan_krealloc+0xe7/0x140 [ 543.981177][ C1] ? krealloc_noprof+0x1b8/0x340 [ 543.981203][ C1] ? nf_ct_ext_add+0x1ab/0x450 [ 543.981221][ C1] ? nf_ct_ecache_ext_add+0x156/0x2e0 [ 543.981243][ C1] ? init_conntrack+0x7dd/0xef0 [ 543.981262][ C1] ? nf_conntrack_in+0xbf2/0x1600 [ 543.981280][ C1] ? nf_hook_slow+0xc2/0x220 [ 543.981295][ C1] ? NF_HOOK+0x206/0x3a0 [ 543.981310][ C1] ? __netif_receive_skb+0x143/0x380 [ 543.981332][ C1] ? process_backlog+0x60e/0x14f0 [ 543.981346][ C1] ? __napi_poll+0xc4/0x480 [ 543.981366][ C1] ? net_rx_action+0x707/0xe30 [ 543.981380][ C1] ? handle_softirqs+0x286/0x870 [ 543.981401][ C1] ? do_softirq+0xec/0x180 [ 543.981421][ C1] ? __local_bh_enable_ip+0x17d/0x1c0 [ 543.981442][ C1] ? kernel_fpu_end+0xd2/0x120 [ 543.981456][ C1] ? blake2s_compress+0x5f/0xd0 [ 543.981470][ C1] ? blake2s_final+0x116/0x260 [ 543.981492][ C1] ? hmac+0x293/0x330 [ 543.981506][ C1] ? kdf+0xde/0x270 [ 543.981521][ C1] ? wg_noise_handshake_consume_initiation+0x3ee/0x900 [ 543.981539][ C1] ? wg_packet_handshake_receive_worker+0x5f2/0xfb0 [ 543.981580][ C1] __kasan_krealloc+0xe7/0x140 [ 543.981594][ C1] krealloc_noprof+0x1b8/0x340 [ 543.981611][ C1] nf_ct_ext_add+0x1ab/0x450 [ 543.981633][ C1] nf_ct_ecache_ext_add+0x156/0x2e0 [ 543.981658][ C1] init_conntrack+0x7dd/0xef0 [ 543.981681][ C1] ? __pfx_init_conntrack+0x10/0x10 [ 543.981704][ C1] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 543.981721][ C1] ? __local_bh_enable_ip+0x12d/0x1c0 [ 543.981743][ C1] ? __siphash_unaligned+0x232/0x3b0 [ 543.981781][ C1] nf_conntrack_in+0xbf2/0x1600 [ 543.981808][ C1] ? __pfx_nf_conntrack_in+0x10/0x10 [ 543.981831][ C1] ? ipt_do_table+0x2a3/0x1640 [ 543.981849][ C1] ? NF_HOOK+0x9a/0x3a0 [ 543.981869][ C1] ? NF_HOOK+0x9a/0x3a0 [ 543.981883][ C1] ? ipv4_conntrack_defrag+0x2a0/0x5b0 [ 543.981903][ C1] ? ip_sabotage_in+0x57/0x270 [ 543.981918][ C1] ? __pfx_ipv4_conntrack_in+0x10/0x10 [ 543.981935][ C1] nf_hook_slow+0xc2/0x220 [ 543.981952][ C1] NF_HOOK+0x206/0x3a0 [ 543.981967][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 543.981982][ C1] ? NF_HOOK+0x9a/0x3a0 [ 543.981996][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 543.982009][ C1] ? ip_rcv_core+0x7f7/0xd00 [ 543.982024][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 543.982044][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 543.982057][ C1] __netif_receive_skb+0x143/0x380 [ 543.982080][ C1] ? process_backlog+0x2d5/0x14f0 [ 543.982095][ C1] process_backlog+0x60e/0x14f0 [ 543.982116][ C1] ? __pfx_process_backlog+0x10/0x10 [ 543.982131][ C1] ? do_raw_spin_lock+0x121/0x290 [ 543.982149][ C1] __napi_poll+0xc4/0x480 [ 543.982169][ C1] ? net_rx_action+0x46d/0xe30 [ 543.982185][ C1] net_rx_action+0x707/0xe30 [ 543.982206][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 543.982236][ C1] handle_softirqs+0x286/0x870 [ 543.982258][ C1] ? do_softirq+0xec/0x180 [ 543.982280][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 543.982303][ C1] ? kernel_fpu_end+0xc8/0x120 [ 543.982318][ C1] do_softirq+0xec/0x180 [ 543.982338][ C1] [ 543.982343][ C1] [ 543.982348][ C1] ? __pfx_do_softirq+0x10/0x10 [ 543.982369][ C1] ? __local_bh_disable_ip+0xf1/0x190 [ 543.982389][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 543.982411][ C1] ? lockdep_softirqs_on+0x13b/0x1c0 [ 543.982431][ C1] __local_bh_enable_ip+0x17d/0x1c0 [ 543.982452][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 543.982473][ C1] ? kernel_fpu_begin_mask+0x2c8/0x3a0 [ 543.982491][ C1] kernel_fpu_end+0xd2/0x120 [ 543.982506][ C1] ? __pfx_kernel_fpu_end+0x10/0x10 [ 543.982539][ C1] ? preempt_schedule_common+0x83/0xd0 [ 543.982563][ C1] blake2s_compress+0x5f/0xd0 [ 543.982578][ C1] blake2s_final+0x116/0x260 [ 543.982602][ C1] hmac+0x293/0x330 [ 543.982619][ C1] ? __pfx_hmac+0x10/0x10 [ 543.982640][ C1] ? preempt_schedule+0xae/0xc0 [ 543.982660][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 543.982687][ C1] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 543.982708][ C1] kdf+0xde/0x270 [ 543.982725][ C1] ? __pfx_kdf+0x10/0x10 [ 543.982742][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 543.982765][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 543.982790][ C1] ? wg_pubkey_hashtable_lookup+0x1e/0x360 [ 543.982812][ C1] ? wg_pubkey_hashtable_lookup+0x1e/0x360 [ 543.982838][ C1] wg_noise_handshake_consume_initiation+0x3ee/0x900 [ 543.982867][ C1] ? __pfx_wg_noise_handshake_consume_initiation+0x10/0x10 [ 543.982885][ C1] ? kernel_fpu_end+0xd2/0x120 [ 543.982901][ C1] ? __pfx_kernel_fpu_end+0x10/0x10 [ 543.982921][ C1] ? __asan_memset+0x22/0x50 [ 543.982947][ C1] ? __pfx_compute_mac1+0x10/0x10 [ 543.982973][ C1] ? wg_cookie_validate_packet+0x208/0x320 [ 543.982994][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 543.983021][ C1] wg_packet_handshake_receive_worker+0x5f2/0xfb0 [ 543.983052][ C1] ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10 [ 543.983075][ C1] ? register_lock_class+0x51/0x320 [ 543.983098][ C1] ? __lock_acquire+0xab9/0xd20 [ 543.983124][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 543.983149][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 543.983168][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 543.983190][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 543.983213][ C1] process_scheduled_works+0xae1/0x17b0 [ 543.983248][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 543.983279][ C1] worker_thread+0x8a0/0xda0 [ 543.983313][ C1] kthread+0x70e/0x8a0 [ 543.983330][ C1] ? __pfx_worker_thread+0x10/0x10 [ 543.983353][ C1] ? __pfx_kthread+0x10/0x10 [ 543.983370][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 543.983389][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 543.983410][ C1] ? __pfx_kthread+0x10/0x10 [ 543.983426][ C1] ret_from_fork+0x3fc/0x770 [ 543.983448][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 543.983472][ C1] ? __switch_to_asm+0x39/0x70 [ 543.983487][ C1] ? __switch_to_asm+0x33/0x70 [ 543.983501][ C1] ? __pfx_kthread+0x10/0x10 [ 543.983518][ C1] ret_from_fork_asm+0x1a/0x30 [ 543.983541][ C1] [ 544.970793][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 544.977893][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 544.989733][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 544.999807][ T31] Call Trace: [ 545.003102][ T31] [ 545.006064][ T31] dump_stack_lvl+0x99/0x250 [ 545.010697][ T31] ? __asan_memcpy+0x40/0x70 [ 545.015326][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.020563][ T31] ? __pfx__printk+0x10/0x10 [ 545.025202][ T31] panic+0x2db/0x790 [ 545.029126][ T31] ? __pfx_panic+0x10/0x10 [ 545.033593][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 545.039432][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 545.044827][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 545.051015][ T31] watchdog+0x102d/0x1030 [ 545.055380][ T31] ? watchdog+0x1de/0x1030 [ 545.059836][ T31] kthread+0x70e/0x8a0 [ 545.063953][ T31] ? __pfx_watchdog+0x10/0x10 [ 545.068655][ T31] ? __pfx_kthread+0x10/0x10 [ 545.073270][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 545.078499][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 545.083730][ T31] ? __pfx_kthread+0x10/0x10 [ 545.088435][ T31] ret_from_fork+0x3fc/0x770 [ 545.093061][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 545.098209][ T31] ? __switch_to_asm+0x39/0x70 [ 545.103002][ T31] ? __switch_to_asm+0x33/0x70 [ 545.107806][ T31] ? __pfx_kthread+0x10/0x10 [ 545.112456][ T31] ret_from_fork_asm+0x1a/0x30 [ 545.117263][ T31] [ 545.120626][ T31] Kernel Offset: disabled [ 545.124967][ T31] Rebooting in 86400 seconds..