last executing test programs: 4.115978035s ago: executing program 1 (id=37): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000005180)={0x2020}, 0x2038) 4.02883204s ago: executing program 1 (id=39): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @any, 0x2}, 0xa) 3.03209239s ago: executing program 1 (id=54): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60) 2.907903322s ago: executing program 1 (id=57): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1.517752522s ago: executing program 2 (id=78): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) 1.321698344s ago: executing program 1 (id=81): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0) 1.242549964s ago: executing program 2 (id=83): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x300000000, 0x2) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000280)=@multiplanar_overlay={0xf27, 0x2, 0x4, 0x20, 0xffff3a90, {}, {0x3, 0x0, 0x9, 0x7, 0x2, 0x44, "3a0cfd0f"}, 0x5, 0x3, {0x0}, 0x1}) 1.132319975s ago: executing program 1 (id=85): syz_usb_connect(0x3, 0x56, &(0x7f0000000b80)={{0x12, 0x1, 0x310, 0xe4, 0xaa, 0x89, 0x40, 0x421, 0x44d, 0xe6ce, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x10, 0x0, 0xbc84a2361729c907, 0xb, [{{0x9, 0x4, 0xc3, 0x80, 0x3, 0x2, 0x2, 0xff, 0x5f, [@cdc_ecm={{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x9, 0xea4, 0x8, 0xc0}}], [{{0x9, 0x5, 0xc, 0x2, 0x3ff, 0xd2, 0x3f, 0x40}}, {{0x9, 0x5, 0x1, 0x2, 0x400, 0x8, 0xe7, 0x4a}}, {{0x9, 0x5, 0xb, 0x3, 0x400, 0xfb, 0x9, 0x4}}]}}]}}]}}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0}) 1.084039271s ago: executing program 2 (id=86): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000001c0)={@default, @default, @null, 0x5, 0x7db, 0x0, [@bcast, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 946.359793ms ago: executing program 2 (id=88): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGETMODE(r0, 0x4bfb, &(0x7f0000000140)) 823.031217ms ago: executing program 2 (id=91): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) 756.022848ms ago: executing program 3 (id=92): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xfe, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x81000000}, 0x70bd28, 0x3500, 0x2, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x19, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 622.829617ms ago: executing program 0 (id=94): r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x267800, 0xb}}) 520.031599ms ago: executing program 0 (id=95): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}]}}}]}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 498.366422ms ago: executing program 3 (id=96): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000001c0)={@default, @default, @null, 0x5, 0x7db, 0x0, [@bcast, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 401.473782ms ago: executing program 2 (id=97): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x141, 0x1b, 0x76, 0x36, 0x20, 0x525, 0x9901, 0x3975, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x84, 0x4, 0x2, 0xc4, 0xc6, 0x1f, 0x0, [], [{{0x9, 0x5, 0xc, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) setns(0xffffffffffffffff, 0x24020000) 372.800509ms ago: executing program 3 (id=98): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03000000000000000000020000000900020073797a31000000000800034000000001090001"], 0x34}}, 0x0) 372.080102ms ago: executing program 0 (id=99): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_channels={0x3c, 0x550e8d7f, 0x0, 0x0, 0x0, 0x1, 0x2}}) 259.829928ms ago: executing program 0 (id=100): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@hci={0x1f, 0x1, 0x1}, 0x80, 0x0}, 0x20000814) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0b080510"], 0xe) 241.642037ms ago: executing program 3 (id=101): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') preadv2(r0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/142, 0x8e}], 0x1, 0x4, 0x3, 0x0) 162.117495ms ago: executing program 3 (id=102): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWCHAIN={0x44, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x18, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'ip6gre0\x00'}]}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 161.515378ms ago: executing program 0 (id=103): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000034000000030a010200000000000000000100fffb0900030073797a32000000000900010073797a300000000008000a400000000420000000080a01080000000000000000010000000900010073797a30"], 0x9c}}, 0x0) 83.151177ms ago: executing program 0 (id=104): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xfe, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x81000000}, 0x70bd28, 0x3500, 0x2, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x19, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 0s ago: executing program 3 (id=105): r0 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) write$binfmt_format(r0, &(0x7f0000000100)='-1\x00', 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. [ 66.599299][ T5821] cgroup: Unknown subsys name 'net' [ 66.748088][ T5821] cgroup: Unknown subsys name 'cpuset' [ 66.757271][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.198536][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.555219][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.559258][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.570925][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.578914][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.587310][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.599116][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.608285][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.616660][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.616712][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.625458][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.632842][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.639076][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.646786][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.653145][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.668023][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.677131][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.686064][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.686336][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.702274][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.720174][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.234356][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 71.293810][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 71.332402][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.338907][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.437957][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 71.466730][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 71.501849][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.509967][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.518017][ T5832] bridge_slave_0: entered allmulticast mode [ 71.525419][ T5832] bridge_slave_0: entered promiscuous mode [ 71.562416][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.569760][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.577240][ T5832] bridge_slave_1: entered allmulticast mode [ 71.584268][ T5832] bridge_slave_1: entered promiscuous mode [ 71.624053][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.631276][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.638574][ T5831] bridge_slave_0: entered allmulticast mode [ 71.646341][ T5831] bridge_slave_0: entered promiscuous mode [ 71.687210][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.694389][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.701890][ T5831] bridge_slave_1: entered allmulticast mode [ 71.709239][ T5831] bridge_slave_1: entered promiscuous mode [ 71.777764][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.790968][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.846530][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.853691][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.861313][ T5833] bridge_slave_0: entered allmulticast mode [ 71.869385][ T5833] bridge_slave_0: entered promiscuous mode [ 71.879941][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.893105][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.923496][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.931044][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.938751][ T5833] bridge_slave_1: entered allmulticast mode [ 71.946765][ T5833] bridge_slave_1: entered promiscuous mode [ 71.965708][ T5832] team0: Port device team_slave_0 added [ 72.006464][ T5832] team0: Port device team_slave_1 added [ 72.013930][ T5831] team0: Port device team_slave_0 added [ 72.020349][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.028020][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.035606][ T5830] bridge_slave_0: entered allmulticast mode [ 72.042517][ T5830] bridge_slave_0: entered promiscuous mode [ 72.064122][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.088074][ T5831] team0: Port device team_slave_1 added [ 72.105821][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.112995][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.120652][ T5830] bridge_slave_1: entered allmulticast mode [ 72.128696][ T5830] bridge_slave_1: entered promiscuous mode [ 72.152720][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.187902][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.195433][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.221726][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.277117][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.284057][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.310465][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.322409][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.329435][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.355839][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.378042][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.388821][ T5833] team0: Port device team_slave_0 added [ 72.397789][ T5833] team0: Port device team_slave_1 added [ 72.404580][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.411620][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.437767][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.462432][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.500518][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.507577][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.533951][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.582048][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.589232][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.615900][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.678896][ T5831] hsr_slave_0: entered promiscuous mode [ 72.685424][ T5831] hsr_slave_1: entered promiscuous mode [ 72.698271][ T5832] hsr_slave_0: entered promiscuous mode [ 72.704465][ T5832] hsr_slave_1: entered promiscuous mode [ 72.710723][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 72.716628][ T5832] Cannot create hsr debugfs directory [ 72.723905][ T5830] team0: Port device team_slave_0 added [ 72.732826][ T5830] team0: Port device team_slave_1 added [ 72.765727][ T5840] Bluetooth: hci1: command tx timeout [ 72.771462][ T5840] Bluetooth: hci0: command tx timeout [ 72.777060][ T5838] Bluetooth: hci2: command tx timeout [ 72.782807][ T5838] Bluetooth: hci3: command tx timeout [ 72.837753][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.845281][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.871810][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.889911][ T5833] hsr_slave_0: entered promiscuous mode [ 72.896435][ T5833] hsr_slave_1: entered promiscuous mode [ 72.902473][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 72.908252][ T5833] Cannot create hsr debugfs directory [ 72.938120][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.945371][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.971379][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.100867][ T5830] hsr_slave_0: entered promiscuous mode [ 73.107731][ T5830] hsr_slave_1: entered promiscuous mode [ 73.113761][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 73.119576][ T5830] Cannot create hsr debugfs directory [ 73.451994][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.464481][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.476624][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.500614][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.563574][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.590004][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.603027][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.614057][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.694331][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.704072][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.729357][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.738838][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.821054][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.853031][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.863764][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.888077][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.909375][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.948718][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.988264][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.014278][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.040588][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.048320][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.063633][ T3499] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.070804][ T3499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.094419][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.117625][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.124790][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.148480][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.155597][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.210663][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.262686][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.269874][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.290052][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.297180][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.371767][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.450767][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.506612][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.513778][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.551516][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.558791][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.611139][ T5830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 74.623840][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.823079][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.849591][ T5838] Bluetooth: hci3: command tx timeout [ 74.856466][ T5847] Bluetooth: hci0: command tx timeout [ 74.856486][ T5840] Bluetooth: hci2: command tx timeout [ 74.861886][ T5847] Bluetooth: hci1: command tx timeout [ 74.885453][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.013058][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.045567][ T5831] veth0_vlan: entered promiscuous mode [ 75.062518][ T5832] veth0_vlan: entered promiscuous mode [ 75.073235][ T5831] veth1_vlan: entered promiscuous mode [ 75.101587][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.112686][ T5832] veth1_vlan: entered promiscuous mode [ 75.184468][ T5832] veth0_macvtap: entered promiscuous mode [ 75.214981][ T5832] veth1_macvtap: entered promiscuous mode [ 75.227426][ T5833] veth0_vlan: entered promiscuous mode [ 75.235334][ T5831] veth0_macvtap: entered promiscuous mode [ 75.257144][ T5830] veth0_vlan: entered promiscuous mode [ 75.271159][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.283658][ T5831] veth1_macvtap: entered promiscuous mode [ 75.295587][ T5833] veth1_vlan: entered promiscuous mode [ 75.304608][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.319486][ T5830] veth1_vlan: entered promiscuous mode [ 75.338940][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.359991][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.369193][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.388483][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.418972][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.469292][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.493836][ T5833] veth0_macvtap: entered promiscuous mode [ 75.515374][ T5830] veth0_macvtap: entered promiscuous mode [ 75.523888][ T61] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.533307][ T61] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.561865][ T61] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.578920][ T61] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.601610][ T5830] veth1_macvtap: entered promiscuous mode [ 75.608899][ T5833] veth1_macvtap: entered promiscuous mode [ 75.651956][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.662664][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.691112][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.712016][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.726488][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.753098][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.784403][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.796218][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.818930][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.830101][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.831151][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.876527][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.891791][ T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.916521][ T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.928267][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.939259][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.959532][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.974166][ T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.986718][ T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.109517][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.131135][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.168238][ T3499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.182729][ T3499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.234260][ T3507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.247632][ T3507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.336190][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 76.360822][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.370831][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.431814][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.459031][ T5929] netlink: 'syz.1.5': attribute type 2 has an invalid length. [ 76.461461][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.467902][ T5929] netlink: 'syz.1.5': attribute type 1 has an invalid length. [ 76.491372][ T5929] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5'. [ 76.515241][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 76.541650][ T9] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 76.566531][ T9] usb 4-1: config 0 has no interface number 0 [ 76.572985][ T9] usb 4-1: config 0 interface 184 has no altsetting 0 [ 76.614999][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 76.624072][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.692400][ T9] usb 4-1: Product: syz [ 76.719927][ T9] usb 4-1: Manufacturer: syz [ 76.724562][ T9] usb 4-1: SerialNumber: syz [ 76.751160][ T9] usb 4-1: config 0 descriptor?? [ 76.779420][ T9] smsc75xx v1.0.0 [ 76.925918][ T5838] Bluetooth: hci0: command tx timeout [ 76.926025][ T5840] Bluetooth: hci1: command tx timeout [ 76.931373][ T5838] Bluetooth: hci3: command tx timeout [ 76.943051][ T5847] Bluetooth: hci2: command tx timeout [ 76.954706][ T48] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 77.136936][ T48] usb 2-1: config 0 has an invalid interface number: 170 but max is 0 [ 77.154192][ T48] usb 2-1: config 0 has no interface number 0 [ 77.161341][ T48] usb 2-1: config 0 interface 170 has no altsetting 0 [ 77.188358][ T48] usb 2-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf [ 77.201872][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.218755][ T48] usb 2-1: config 0 descriptor?? [ 77.227282][ T48] usb 2-1: bad CDC descriptors [ 77.402849][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 77.415321][ T981] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.424260][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 77.481226][ T5899] usb 2-1: USB disconnect, device number 2 [ 77.555130][ T48] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.596915][ T981] usb 1-1: config 0 has too many interfaces: 132, using maximum allowed: 32 [ 77.605873][ T981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 132 [ 77.615617][ T981] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 77.628311][ T981] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 77.639506][ T981] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 77.659420][ T981] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 77.669638][ T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.677890][ T981] usb 1-1: Product: syz [ 77.682071][ T981] usb 1-1: Manufacturer: syz [ 77.686771][ T981] usb 1-1: SerialNumber: syz [ 77.695014][ T981] usb 1-1: config 0 descriptor?? [ 77.705971][ T981] iguanair 1-1:0.0: probe with driver iguanair failed with error -12 [ 77.714871][ T48] usb 3-1: Using ep0 maxpacket: 32 [ 77.727851][ T48] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.742593][ T48] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 77.752637][ T48] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 77.761152][ T48] usb 3-1: Product: syz [ 77.766016][ T48] usb 3-1: Manufacturer: syz [ 77.770685][ T48] usb 3-1: SerialNumber: syz [ 77.782562][ T48] usb 3-1: config 0 descriptor?? [ 77.919033][ T981] usb 1-1: USB disconnect, device number 2 [ 78.014210][ T56] usb 3-1: USB disconnect, device number 2 [ 78.352515][ T5970] netlink: 'syz.1.22': attribute type 8 has an invalid length. [ 78.413112][ T5847] Bluetooth: hci0: connection err: -111 [ 78.719894][ T5978] netlink: 16 bytes leftover after parsing attributes in process `syz.2.26'. [ 78.737725][ T5978] netlink: 16 bytes leftover after parsing attributes in process `syz.2.26'. [ 78.875579][ T5982] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 78.984767][ T5852] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 79.005903][ T5847] Bluetooth: hci1: command tx timeout [ 79.005937][ T5838] Bluetooth: hci0: command tx timeout [ 79.016901][ T5847] Bluetooth: hci2: command tx timeout [ 79.016941][ T5847] Bluetooth: hci3: command tx timeout [ 79.156076][ T5852] usb 1-1: Using ep0 maxpacket: 16 [ 79.171615][ T5852] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 79.190270][ T5852] usb 1-1: config 0 has no interface number 0 [ 79.203192][ T5852] usb 1-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01 [ 79.220582][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.237562][ T5852] usb 1-1: Product: syz [ 79.245691][ T5852] usb 1-1: Manufacturer: syz [ 79.250341][ T5852] usb 1-1: SerialNumber: syz [ 79.259048][ T5996] netlink: 'syz.2.34': attribute type 1 has an invalid length. [ 79.273752][ T5996] netlink: 224 bytes leftover after parsing attributes in process `syz.2.34'. [ 79.287461][ T5852] usb 1-1: config 0 descriptor?? [ 79.309016][ T5852] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 79.478740][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000304: -71 [ 79.497331][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0100, value 0x00, error -71) [ 79.519960][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write ADDR_FILTX+4: -71 [ 79.537579][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 79.547650][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0112, value 0x01, error -71) [ 79.560479][ T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 79.576843][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0400, value 0x00, error -71) [ 79.590259][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0400, value 0x01, error -71) [ 79.600888][ T9] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 79.616271][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x00, error -71) [ 79.632795][ T9] usb 4-1: USB disconnect, device number 2 [ 79.642618][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x01, error -71) [ 79.662200][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0409, value 0x0D, error -71) [ 79.679097][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x040A, value 0x02, error -71) [ 79.696345][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0405, value 0x18, error -71) [ 79.709946][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0435, value 0x08, error -71) [ 79.742168][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x040B, value 0x26, error -71) [ 79.752656][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0437, value 0x07, error -71) [ 79.763602][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x042F, value 0x15, error -71) [ 79.775320][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0439, value 0x2B, error -71) [ 79.787105][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x043A, value 0x26, error -71) [ 79.797589][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0438, value 0x08, error -71) [ 79.810921][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x042B, value 0x1E, error -71) [ 79.821544][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x042C, value 0x41, error -71) [ 79.831855][ T5852] gspca_xirlink_cit: Failed to write a register (index 0x0100, value 0xC0, error -71) [ 79.847671][ T5852] input: xirlink-cit as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 79.882142][ T5852] usb 1-1: USB disconnect, device number 3 [ 82.082819][ T6042] syz.1.57 (6042): drop_caches: 2 [ 82.689086][ T6111] netlink: 'syz.0.90': attribute type 7 has an invalid length. [ 82.764893][ T5930] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 82.937495][ T5930] usb 2-1: unable to get BOS descriptor or descriptor too short [ 82.955829][ T5930] usb 2-1: config 16 has an invalid interface number: 195 but max is 0 [ 82.964113][ T5930] usb 2-1: config 16 has no interface number 0 [ 82.982211][ T5930] usb 2-1: config 16 interface 195 altsetting 128 bulk endpoint 0xC has invalid maxpacket 1023 [ 83.014849][ T5930] usb 2-1: config 16 interface 195 altsetting 128 bulk endpoint 0x1 has invalid maxpacket 1024 [ 83.033026][ T5930] usb 2-1: config 16 interface 195 altsetting 128 endpoint 0xB has an invalid bInterval 251, changing to 11 [ 83.045983][ T5930] usb 2-1: config 16 interface 195 has no altsetting 0 [ 83.062131][ T5930] usb 2-1: New USB device found, idVendor=0421, idProduct=044d, bcdDevice=e6.ce [ 83.071719][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.094695][ T5930] usb 2-1: Product: syz [ 83.101515][ T5930] usb 2-1: Manufacturer: syz [ 83.113804][ T5930] usb 2-1: SerialNumber: syz [ 83.132000][ T6101] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 83.145242][ T6101] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 83.416812][ T5930] usb 2-1: bad CDC descriptors [ 83.427926][ T5852] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 83.449000][ T5930] usb 2-1: USB disconnect, device number 3 [ 83.541464][ T6144] [ 83.543823][ T6144] ============================================ [ 83.549961][ T6144] WARNING: possible recursive locking detected [ 83.556094][ T6144] 6.16.0-rc4-next-20250702-syzkaller #0 Not tainted [ 83.562653][ T6144] -------------------------------------------- [ 83.568777][ T6144] syz.3.105/6144 is trying to acquire lock: [ 83.574653][ T6144] ffff88807f966988 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: __simple_recursive_removal+0x95/0x510 [ 83.585785][ T6144] [ 83.585785][ T6144] but task is already holding lock: [ 83.593132][ T6144] ffff888032810b58 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540 [ 83.603303][ T6144] [ 83.603303][ T6144] other info that might help us debug this: [ 83.611357][ T6144] Possible unsafe locking scenario: [ 83.611357][ T6144] [ 83.618786][ T6144] CPU0 [ 83.622047][ T6144] ---- [ 83.625304][ T6144] lock(&sb->s_type->i_mutex_key#17); [ 83.630745][ T6144] lock(&sb->s_type->i_mutex_key#17); [ 83.636184][ T6144] [ 83.636184][ T6144] *** DEADLOCK *** [ 83.636184][ T6144] [ 83.644303][ T6144] May be due to missing lock nesting notation [ 83.644303][ T6144] [ 83.644896][ T5852] usb 3-1: Using ep0 maxpacket: 32 [ 83.652599][ T6144] 3 locks held by syz.3.105/6144: [ 83.652612][ T6144] #0: ffff88807820deb8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 83.659382][ T5852] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 83.662746][ T6144] #1: ffff88805ea9c428 (sb_writers#11){.+.+}-{0:0} [ 83.673175][ T5852] usb 3-1: config 0 has no interface number 0 [ 83.679898][ T6144] , at: vfs_write+0x211/0xa90 [ 83.679925][ T6144] #2: ffff888032810b58 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4} [ 83.686618][ T5852] usb 3-1: config 0 interface 132 has no altsetting 0 [ 83.692555][ T6144] , at: bm_entry_write+0x289/0x540 [ 83.692582][ T6144] [ 83.692582][ T6144] stack backtrace: [ 83.692605][ T6144] CPU: 1 UID: 0 PID: 6144 Comm: syz.3.105 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 83.692624][ T6144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.692640][ T6144] Call Trace: [ 83.692648][ T6144] [ 83.692655][ T6144] dump_stack_lvl+0x189/0x250 [ 83.692676][ T6144] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.692693][ T6144] ? __pfx__printk+0x10/0x10 [ 83.692710][ T6144] ? print_lock_name+0xde/0x100 [ 83.692727][ T6144] print_deadlock_bug+0x28b/0x2a0 [ 83.692744][ T6144] validate_chain+0x1a3f/0x2140 [ 83.692762][ T6144] ? lockdep_unlock+0x89/0x120 [ 83.692781][ T6144] ? validate_chain+0x897/0x2140 [ 83.692801][ T6144] __lock_acquire+0xab9/0xd20 [ 83.692824][ T6144] ? __simple_recursive_removal+0x95/0x510 [ 83.692843][ T6144] lock_acquire+0x120/0x360 [ 83.692863][ T6144] ? __simple_recursive_removal+0x95/0x510 [ 83.692886][ T6144] down_write+0x96/0x1f0 [ 83.692908][ T6144] ? __simple_recursive_removal+0x95/0x510 [ 83.692926][ T6144] ? __pfx_down_write+0x10/0x10 [ 83.692950][ T6144] __simple_recursive_removal+0x95/0x510 [ 83.692971][ T6144] bm_entry_write+0x4f7/0x540 [ 83.692992][ T6144] ? __pfx_bm_entry_write+0x10/0x10 [ 83.693014][ T6144] ? __pfx_bm_entry_write+0x10/0x10 [ 83.693034][ T6144] vfs_write+0x27e/0xa90 [ 83.693055][ T6144] ? __pfx_vfs_write+0x10/0x10 [ 83.693073][ T6144] ? __fget_files+0x2a/0x420 [ 83.693094][ T6144] ? __fget_files+0x3a0/0x420 [ 83.693113][ T6144] ? __fget_files+0x2a/0x420 [ 83.693135][ T6144] ksys_write+0x145/0x250 [ 83.693154][ T6144] ? __pfx_ksys_write+0x10/0x10 [ 83.693171][ T6144] ? rcu_is_watching+0x15/0xb0 [ 83.693188][ T6144] ? do_syscall_64+0xbe/0x3b0 [ 83.693216][ T6144] do_syscall_64+0xfa/0x3b0 [ 83.693235][ T6144] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.693253][ T6144] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.693268][ T6144] ? clear_bhb_loop+0x60/0xb0 [ 83.693286][ T6144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.693301][ T6144] RIP: 0033:0x7fd39998e929 [ 83.693324][ T6144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.693336][ T6144] RSP: 002b:00007fd39a851038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 83.693353][ T6144] RAX: ffffffffffffffda RBX: 00007fd399bb5fa0 RCX: 00007fd39998e929 [ 83.693365][ T6144] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000003 [ 83.693375][ T6144] RBP: 00007fd399a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 83.693385][ T6144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.693394][ T6144] R13: 0000000000000000 R14: 00007fd399bb5fa0 R15: 00007ffdc3af32e8 [ 83.693411][ T6144] [ 83.997537][ T5852] usb 3-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75 [ 84.006775][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.014804][ T5852] usb 3-1: Product: syz [ 84.018955][ T5852] usb 3-1: Manufacturer: syz [ 84.023519][ T5852] usb 3-1: SerialNumber: syz [ 84.029437][ T5852] usb 3-1: config 0 descriptor?? [ 84.238766][ T5852] cdc_subset 3-1:0.132: probe with driver cdc_subset failed with error -71 [ 84.251167][ T5852] usb 3-1: USB disconnect, device number 3 [ 86.689928][ T10] cfg80211: failed to load regulatory.db