last executing test programs: 7.941148676s ago: executing program 2 (id=181): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='highspeed', 0x9) shutdown(r0, 0x1) 7.815537757s ago: executing program 2 (id=182): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x5, 0x24, &(0x7f0000000280)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0)=0x18) 4.727151119s ago: executing program 2 (id=215): openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x802, 0x0) socket(0x11, 0x2, 0xfffffffe) epoll_create1(0x0) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x5}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8003, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_usb_connect$cdc_ecm(0x5, 0x4d, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) 2.956624584s ago: executing program 0 (id=236): mount(0x0, &(0x7f0000000100)='./file0/../file0/../file0\x00', 0x0, 0x140041, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x143862, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 2.853390932s ago: executing program 0 (id=237): r0 = msgget$private(0x0, 0x7ac) msgrcv(r0, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000) msgsnd(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="3e75cf9f8d4b035f"], 0x8, 0x8fa2496c381b7ad5) 2.174717027s ago: executing program 1 (id=249): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x1000}], 0x1) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 2.101613882s ago: executing program 1 (id=252): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x4) 1.999378778s ago: executing program 1 (id=254): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000280ffffff05000500000000000a"], 0x80}}, 0x0) 1.920306877s ago: executing program 0 (id=256): r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f00000074c0)=[{{&(0x7f0000000440)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000001dc0)=[{0x0}, {&(0x7f0000000840)="bb0d4d6c", 0x4}], 0x2, &(0x7f0000001f40)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x80}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x42}}}}], 0x38}}, {{&(0x7f0000001fc0)={0x2, 0x4e22, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000002540)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}]}}}], 0x18}}], 0x2, 0x0) 1.803922706s ago: executing program 1 (id=257): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) close(0x4) 1.761139482s ago: executing program 0 (id=259): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg', 0x3) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 1.660966759s ago: executing program 2 (id=260): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x14, 0x21, 0x21, 0x2000000, 0xfffffffd, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4040) 1.431215541s ago: executing program 2 (id=261): ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x24048011}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000002000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0) 1.430818193s ago: executing program 1 (id=263): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.327341067s ago: executing program 1 (id=264): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, 0x0, 0x310) 1.230533806s ago: executing program 2 (id=265): r0 = socket$kcm(0x10, 0x2, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x48000) 753.823788ms ago: executing program 0 (id=266): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000004c0)={0x12, 0x10, 0xfa00, {0x0}}, 0x18) 706.720261ms ago: executing program 0 (id=267): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 343.910001ms ago: executing program 3 (id=270): ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) close(0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xe}, 0x1c) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 286.000604ms ago: executing program 3 (id=271): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_BITWISE_DATA={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x10c}}, 0x0) 180.03693ms ago: executing program 3 (id=272): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x1, 0x0) 166.118572ms ago: executing program 3 (id=273): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x1}}}, 0x10) 100.228954ms ago: executing program 3 (id=274): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000080)={0x4f, 0x4, 0x9, 0x4, 0x2, 0x81}) 0s ago: executing program 3 (id=275): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74dc2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. [ 82.373945][ T5815] cgroup: Unknown subsys name 'net' [ 82.510097][ T5815] cgroup: Unknown subsys name 'cpuset' [ 82.519256][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.168672][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.585054][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.593347][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.601105][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.608915][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.618199][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.620519][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.626679][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.640921][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.647728][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.651105][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.663048][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.667054][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.678923][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.679944][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.686930][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.696901][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.707323][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.708046][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.718113][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.728821][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.199952][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 88.451970][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.459932][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.467684][ T5825] bridge_slave_0: entered allmulticast mode [ 88.475174][ T5825] bridge_slave_0: entered promiscuous mode [ 88.515142][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 88.527799][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.535046][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.542642][ T5825] bridge_slave_1: entered allmulticast mode [ 88.550293][ T5825] bridge_slave_1: entered promiscuous mode [ 88.678129][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.689449][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 88.706546][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 88.720099][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.846996][ T5825] team0: Port device team_slave_0 added [ 88.858959][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.866274][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.873446][ T5828] bridge_slave_0: entered allmulticast mode [ 88.881484][ T5828] bridge_slave_0: entered promiscuous mode [ 88.897531][ T5825] team0: Port device team_slave_1 added [ 88.909287][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.916586][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.923756][ T5828] bridge_slave_1: entered allmulticast mode [ 88.931484][ T5828] bridge_slave_1: entered promiscuous mode [ 89.033641][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.041018][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.067252][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.094804][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.118367][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.125362][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.151493][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.163133][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.170773][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.178077][ T5827] bridge_slave_0: entered allmulticast mode [ 89.185391][ T5827] bridge_slave_0: entered promiscuous mode [ 89.197079][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.206486][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.213643][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.221268][ T5826] bridge_slave_0: entered allmulticast mode [ 89.229006][ T5826] bridge_slave_0: entered promiscuous mode [ 89.244983][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.252281][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.259703][ T5827] bridge_slave_1: entered allmulticast mode [ 89.267395][ T5827] bridge_slave_1: entered promiscuous mode [ 89.291953][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.299456][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.306745][ T5826] bridge_slave_1: entered allmulticast mode [ 89.314089][ T5826] bridge_slave_1: entered promiscuous mode [ 89.387684][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.412700][ T5828] team0: Port device team_slave_0 added [ 89.433946][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.446390][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.458471][ T5828] team0: Port device team_slave_1 added [ 89.492057][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.520227][ T5825] hsr_slave_0: entered promiscuous mode [ 89.527078][ T5825] hsr_slave_1: entered promiscuous mode [ 89.573192][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.580920][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.607047][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.621142][ T5826] team0: Port device team_slave_0 added [ 89.642084][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.649513][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.675497][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.688793][ T5826] team0: Port device team_slave_1 added [ 89.709792][ T5827] team0: Port device team_slave_0 added [ 89.743048][ T5827] team0: Port device team_slave_1 added [ 89.766798][ T5831] Bluetooth: hci2: command tx timeout [ 89.767027][ T5841] Bluetooth: hci3: command tx timeout [ 89.772683][ T5840] Bluetooth: hci0: command tx timeout [ 89.779927][ T52] Bluetooth: hci1: command tx timeout [ 89.812938][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.820507][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.846472][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.890803][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.897836][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.924527][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.942194][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.949216][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.975194][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.015543][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.022562][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.048516][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.065033][ T5828] hsr_slave_0: entered promiscuous mode [ 90.072026][ T5828] hsr_slave_1: entered promiscuous mode [ 90.078894][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 90.084712][ T5828] Cannot create hsr debugfs directory [ 90.187606][ T5826] hsr_slave_0: entered promiscuous mode [ 90.194178][ T5826] hsr_slave_1: entered promiscuous mode [ 90.200789][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 90.206648][ T5826] Cannot create hsr debugfs directory [ 90.281108][ T5827] hsr_slave_0: entered promiscuous mode [ 90.287808][ T5827] hsr_slave_1: entered promiscuous mode [ 90.294363][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 90.300989][ T5827] Cannot create hsr debugfs directory [ 90.682892][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.709288][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.736144][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.771905][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.857950][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.881374][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.919147][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.931319][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.033887][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.044904][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.061094][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.073981][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.243522][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.265518][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.278172][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.293402][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.329702][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.400128][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.440781][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.448258][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.484994][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.502639][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.509813][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.538686][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.581231][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.612067][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.619366][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.633218][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.655989][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.663190][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.689641][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.696832][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.722157][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.729543][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.789253][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.846434][ T52] Bluetooth: hci0: command tx timeout [ 91.847475][ T5840] Bluetooth: hci2: command tx timeout [ 91.858168][ T5840] Bluetooth: hci1: command tx timeout [ 91.858803][ T52] Bluetooth: hci3: command tx timeout [ 91.893273][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.945079][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.952378][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.018477][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.025741][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.195307][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.408614][ T5825] veth0_vlan: entered promiscuous mode [ 92.422940][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.449818][ T5825] veth1_vlan: entered promiscuous mode [ 92.505260][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.591735][ T5825] veth0_macvtap: entered promiscuous mode [ 92.618107][ T5825] veth1_macvtap: entered promiscuous mode [ 92.633632][ T5828] veth0_vlan: entered promiscuous mode [ 92.670591][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.691842][ T5828] veth1_vlan: entered promiscuous mode [ 92.705306][ T5826] veth0_vlan: entered promiscuous mode [ 92.718242][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.744612][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.754761][ T5826] veth1_vlan: entered promiscuous mode [ 92.780048][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.790905][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.801205][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.819233][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.894946][ T5828] veth0_macvtap: entered promiscuous mode [ 92.928519][ T5828] veth1_macvtap: entered promiscuous mode [ 92.949419][ T5827] veth0_vlan: entered promiscuous mode [ 92.980203][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.996107][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.011936][ T5826] veth0_macvtap: entered promiscuous mode [ 93.033251][ T5827] veth1_vlan: entered promiscuous mode [ 93.043788][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.053456][ T5826] veth1_macvtap: entered promiscuous mode [ 93.088635][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.108324][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.116794][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.133366][ T2207] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.142874][ T2207] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.155532][ T2207] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.179924][ T2207] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.203364][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.228908][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.257139][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.307951][ T2207] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.331746][ T2207] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.342054][ T2207] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.363506][ T5827] veth0_macvtap: entered promiscuous mode [ 93.391519][ T2207] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.443718][ T2207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.444179][ T5827] veth1_macvtap: entered promiscuous mode [ 93.460284][ T2207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.524424][ T2207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.540696][ T2207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.569039][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.601959][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.643899][ T4172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.660335][ T2207] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.673838][ T4172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.686432][ T2207] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.693764][ T44] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 93.730977][ T2207] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.762957][ T4172] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.800618][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.810599][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.879831][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.901329][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.913304][ T44] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 93.926614][ T52] Bluetooth: hci1: command tx timeout [ 93.927235][ T5840] Bluetooth: hci2: command tx timeout [ 93.933342][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.938552][ T5840] Bluetooth: hci3: command tx timeout [ 93.938581][ T5840] Bluetooth: hci0: command tx timeout [ 93.989886][ T44] usb 1-1: config 0 descriptor?? [ 94.018066][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.037488][ T5900] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 94.055650][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.161561][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.178838][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.212113][ T5900] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 94.236229][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.249859][ T5900] usb 4-1: Product: syz [ 94.254105][ T5900] usb 4-1: Manufacturer: syz [ 94.260374][ T5900] usb 4-1: SerialNumber: syz [ 94.274513][ T5900] usb 4-1: config 0 descriptor?? [ 94.300859][ T5900] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 94.758089][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 94.916071][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 94.924118][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 94.936329][ T9] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 94.964543][ T9] usb 3-1: New USB device found, idVendor=06f8, idProduct=3004, bcdDevice=37.e5 [ 94.981240][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.990303][ T9] usb 3-1: Product: syz [ 94.994585][ T9] usb 3-1: Manufacturer: syz [ 95.003097][ T9] usb 3-1: SerialNumber: syz [ 95.097243][ T5900] gspca_sunplus: reg_r err -71 [ 95.107603][ T5900] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 95.148997][ T5900] usb 4-1: USB disconnect, device number 2 [ 95.228525][ T9] gspca_main: sonixj-2.14.0 probing 06f8:3004 [ 95.247734][ T9] gspca_sonixj: reg_w1 err -71 [ 95.252868][ T9] sonixj 3-1:8.0: probe with driver sonixj failed with error -71 [ 95.269333][ T9] usb 3-1: USB disconnect, device number 2 [ 95.361838][ T5948] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.833918][ T5956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.899091][ T5954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.914129][ T5954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.930249][ T5954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.945259][ T5954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.006491][ T52] Bluetooth: hci0: command tx timeout [ 96.011882][ T5831] Bluetooth: hci2: command tx timeout [ 96.017474][ T5840] Bluetooth: hci3: command tx timeout [ 96.020016][ T52] Bluetooth: hci1: command tx timeout [ 96.499844][ T44] usbhid 1-1:0.0: can't add hid device: -71 [ 96.520033][ T44] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 96.547996][ T44] usb 1-1: USB disconnect, device number 2 [ 96.673469][ T30] audit: type=1326 audit(1766838811.294:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5971 comm="syz.3.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 96.765985][ T30] audit: type=1326 audit(1766838811.334:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5971 comm="syz.3.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe47898df90 code=0x7ffc0000 [ 96.834684][ T30] audit: type=1326 audit(1766838811.394:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5971 comm="syz.3.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 96.896868][ T30] audit: type=1326 audit(1766838811.394:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5971 comm="syz.3.16" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 97.130742][ T106] cfg80211: failed to load regulatory.db [ 97.452058][ T5990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.603493][ T5994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.666314][ T5994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.690618][ T5994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.732945][ T5994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23'. [ 98.279726][ C0] af_packet: tpacket_rcv: packet too big, clamped from 70 to 4294967286. macoff=82 [ 99.042649][ T6011] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 99.093486][ T6011] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 99.738561][ T6019] add_ndev_hash(syz_tun) on ffff8880789e8000 done [ 99.981069][ T6019] infiniband syz1: set active [ 99.986117][ T6019] infiniband syz1: added syz_tun [ 100.048613][ T6019] RDS/IB: syz1: added [ 100.053213][ T6019] smc: adding ib device syz1 with port count 1 [ 100.060137][ T6019] smc: ib device syz1 port 1 has no pnetid [ 100.471232][ T6032] capability: warning: `syz.1.37' uses deprecated v2 capabilities in a way that may be insecure [ 100.516881][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 100.639051][ T6022] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 100.655659][ T6022] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 100.697039][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 100.722967][ T24] usb 4-1: config 0 has no interfaces? [ 100.730460][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 100.750771][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.775803][ T6022] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 100.794281][ T24] usb 4-1: config 0 descriptor?? [ 100.816009][ T6022] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 100.874324][ T6022] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 100.916229][ T6022] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 101.012098][ T6022] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.027564][ T24] usb 4-1: USB disconnect, device number 3 [ 101.039920][ T6022] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 101.386108][ T106] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 101.569871][ T106] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.590439][ T106] usb 2-1: config 0 has no interfaces? [ 101.609858][ T106] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 101.622856][ T106] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 101.638514][ T106] usb 2-1: Product: syz [ 101.645995][ T106] usb 2-1: Manufacturer: syz [ 101.652929][ T106] usb 2-1: SerialNumber: syz [ 101.673840][ T106] usb 2-1: config 0 descriptor?? [ 101.998170][ T6051] netlink: 'syz.1.39': attribute type 10 has an invalid length. [ 102.018098][ T6049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.091655][ T6049] bond0: (slave rose0): Enslaving as an active interface with an up link [ 102.285817][ T6051] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 102.919569][ T6058] Zero length message leads to an empty skb [ 102.951849][ T5820] usb 2-1: USB disconnect, device number 2 [ 103.207186][ T52] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 104.376276][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 104.502782][ T6115] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 104.516387][ T6115] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 104.565081][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.608739][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.631209][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 104.659169][ T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 104.670621][ T6117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.690849][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.732239][ T10] usb 1-1: config 0 descriptor?? [ 104.751864][ T6117] netlink: 32 bytes leftover after parsing attributes in process `syz.1.56'. [ 105.232041][ T10] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 105.607361][ T106] usb 1-1: USB disconnect, device number 3 [ 107.144107][ T6180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'. [ 107.171598][ T6180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'. [ 108.046130][ T5882] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 108.276252][ T5882] usb 1-1: Using ep0 maxpacket: 16 [ 108.284956][ T5882] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 108.309453][ T5882] usb 1-1: config 0 has no interface number 0 [ 108.320312][ T5882] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 108.337938][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.346567][ T5882] usb 1-1: Product: syz [ 108.350776][ T5882] usb 1-1: Manufacturer: syz [ 108.355443][ T5882] usb 1-1: SerialNumber: syz [ 108.371208][ T5882] usb 1-1: config 0 descriptor?? [ 108.379062][ T5882] hub 1-1:0.132: bad descriptor, ignoring hub [ 108.398347][ T5882] hub 1-1:0.132: probe with driver hub failed with error -5 [ 108.421453][ T5882] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.132/input/input5 [ 108.836576][ T5184] usb 1-1: reset high-speed USB device number 4 using dummy_hcd [ 109.153214][ T6052] Set syz1 is full, maxelem 65536 reached [ 109.356947][ T24] usb 1-1: USB disconnect, device number 4 [ 109.385751][ T6248] tipc: Started in network mode [ 109.409468][ T6248] tipc: Node identity 4, cluster identity 4711 [ 109.419998][ T6248] tipc: Node number set to 4 [ 109.597036][ T6255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.630099][ T6254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.906018][ T5820] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 110.944397][ T6299] program syz.1.89 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.046408][ T5820] usb 4-1: device descriptor read/64, error -71 [ 111.084611][ T6303] netlink: 56 bytes leftover after parsing attributes in process `syz.1.92'. [ 111.214759][ T6307] netlink: 8 bytes leftover after parsing attributes in process `syz.1.94'. [ 111.288022][ T5820] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 111.426306][ T5820] usb 4-1: device descriptor read/64, error -71 [ 111.536381][ T5820] usb usb4-port1: attempt power cycle [ 111.748363][ T30] audit: type=1326 audit(1766838826.384:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 111.804634][ T6330] netlink: 24 bytes leftover after parsing attributes in process `syz.0.105'. [ 111.806326][ T30] audit: type=1326 audit(1766838826.404:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 111.838577][ T6327] syz.1.102 uses obsolete (PF_INET,SOCK_PACKET) [ 111.861213][ T30] audit: type=1326 audit(1766838826.474:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f887c98df90 code=0x7ffc0000 [ 111.906817][ T5820] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 111.936761][ T5820] usb 4-1: device descriptor read/8, error -71 [ 111.943059][ T30] audit: type=1326 audit(1766838826.474:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f887c990f77 code=0x7ffc0000 [ 112.001637][ T30] audit: type=1326 audit(1766838826.474:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 112.034591][ T6334] add_ndev_hash(bond0) on ffff888033d54000 done [ 112.051286][ T30] audit: type=1326 audit(1766838826.474:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f887c990f77 code=0x7ffc0000 [ 112.078288][ T30] audit: type=1326 audit(1766838826.474:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f887c98e3aa code=0x7ffc0000 [ 112.177975][ T30] audit: type=1326 audit(1766838826.474:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 112.196330][ T5820] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 112.210475][ T30] audit: type=1326 audit(1766838826.474:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 112.253583][ T30] audit: type=1326 audit(1766838826.474:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6322 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 112.257876][ T5820] usb 4-1: device descriptor read/8, error -71 [ 112.426393][ T5820] usb usb4-port1: unable to enumerate USB device [ 112.442748][ T6334] infiniband syz2: set active [ 112.448177][ T6334] infiniband syz2: added bond0 [ 112.520223][ T6334] RDS/IB: syz2: added [ 112.524463][ T6334] smc: adding ib device syz2 with port count 1 [ 112.530814][ T6334] smc: ib device syz2 port 1 has no pnetid [ 112.988363][ T6363] netlink: 224 bytes leftover after parsing attributes in process `syz.1.119'. [ 112.998037][ T6363] ksmbd: Unknown IPC event: 8, ignore. [ 113.036176][ T981] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 113.186011][ T981] usb 1-1: device descriptor read/64, error -71 [ 113.446135][ T981] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 113.586973][ T981] usb 1-1: device descriptor read/64, error -71 [ 113.696780][ T981] usb usb1-port1: attempt power cycle [ 113.767983][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 113.786029][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 113.797570][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 113.808086][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 114.056069][ T981] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 114.088181][ T981] usb 1-1: device descriptor read/8, error -71 [ 114.326151][ T981] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 114.349839][ T6394] netlink: 'syz.2.132': attribute type 4 has an invalid length. [ 114.375321][ T981] usb 1-1: device descriptor read/8, error -71 [ 114.494534][ T981] usb usb1-port1: unable to enumerate USB device [ 114.578652][ T6400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.137'. [ 114.641565][ T6404] capability: warning: `syz.2.136' uses 32-bit capabilities (legacy support in use) [ 114.705064][ T6406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 114.736859][ T6406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 114.745793][ T6406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 115.174627][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 115.199034][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 115.217876][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 115.228508][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 115.552345][ T6440] program syz.2.153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 116.181625][ T6471] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.958275][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 116.958294][ T30] audit: type=1326 audit(1766838831.594:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.1.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 117.014896][ T30] audit: type=1326 audit(1766838831.624:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.1.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 117.038973][ T30] audit: type=1326 audit(1766838831.624:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.1.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f887c98f749 code=0x7ffc0000 [ 117.317392][ T5820] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 117.485988][ T5820] usb 3-1: device descriptor read/64, error -71 [ 117.746500][ T5820] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.813600][ T6532] netlink: 'syz.1.198': attribute type 1 has an invalid length. [ 117.906224][ T5820] usb 3-1: device descriptor read/64, error -71 [ 118.027446][ T5820] usb usb3-port1: attempt power cycle [ 118.380069][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 118.400521][ T5820] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 118.408257][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 118.427193][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 118.439161][ T5820] usb 3-1: device descriptor read/8, error -71 [ 118.442708][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 118.458201][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 118.469646][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 118.483937][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 118.494568][ T67] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 118.695970][ T5820] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 118.738139][ T5820] usb 3-1: device descriptor read/8, error -71 [ 118.846878][ T5820] usb usb3-port1: unable to enumerate USB device [ 119.170299][ T6550] netlink: 12 bytes leftover after parsing attributes in process `syz.1.204'. [ 119.303616][ T30] audit: type=1326 audit(1766838833.934:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.355189][ T30] audit: type=1326 audit(1766838833.964:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.398537][ T30] audit: type=1326 audit(1766838833.964:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.421304][ T30] audit: type=1326 audit(1766838833.964:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.443831][ T30] audit: type=1326 audit(1766838833.964:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.498129][ T30] audit: type=1326 audit(1766838833.964:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.522661][ T30] audit: type=1326 audit(1766838833.964:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.3.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe47898f749 code=0x7ffc0000 [ 119.785649][ T6566] netlink: 'syz.1.210': attribute type 1 has an invalid length. [ 120.063800][ T981] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 120.090668][ T981] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 120.611734][ T6598] netlink: 28 bytes leftover after parsing attributes in process `syz.1.223'. [ 120.744160][ T6600] usb usb1: usbfs: process 6600 (syz.1.224) did not claim interface 0 before use [ 120.894300][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.907607][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.915318][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.936182][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.943747][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.954716][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.971582][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 120.990276][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 121.009145][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 121.066139][ T24] hid-generic 0000:0000:0000.0003: hidraw1: HID v8.00 Device [syz0] on syz1 [ 121.164717][ T6613] fido_id[6613]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 122.013427][ T6635] tipc: Started in network mode [ 122.019048][ T6635] tipc: Node identity ac14140f, cluster identity 4711 [ 122.029915][ T6635] tipc: New replicast peer: 255.255.255.255 [ 122.037300][ T6635] tipc: Enabled bearer , priority 10 [ 122.093226][ T6637] rtc_cmos 00:00: Alarms can be up to one day in the future [ 122.303499][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 122.314756][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 122.330308][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 122.332620][ T6647] netlink: 260 bytes leftover after parsing attributes in process `syz.3.245'. [ 122.338798][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 122.354342][ T24] rtc rtc0: __rtc_set_alarm: err=-22 [ 122.360047][ T6647] ksmbd: Unknown IPC event: 6, ignore. [ 122.427575][ T6651] netlink: 40 bytes leftover after parsing attributes in process `syz.1.247'. [ 122.438326][ T6651] netlink: 40 bytes leftover after parsing attributes in process `syz.1.247'. [ 122.861304][ T6676] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.060290][ T36] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 123.097416][ T36] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 123.118797][ T36] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 123.136125][ T36] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 123.158353][ T5882] tipc: Node number set to 2886997007 [ 123.350579][ T6697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.261'. [ 123.409174][ T6700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.261'. [ 124.558538][ T6726] tipc: Can't bind to reserved service type 1 [ 124.747666][ T6730] [ 124.750075][ T6730] ====================================================== [ 124.757120][ T6730] WARNING: possible circular locking dependency detected [ 124.764173][ T6730] syzkaller #0 Not tainted [ 124.768613][ T6730] ------------------------------------------------------ [ 124.775650][ T6730] syz.3.275/6730 is trying to acquire lock: [ 124.781739][ T6730] ffff88801d2b0220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 124.792047][ T6730] [ 124.792047][ T6730] but task is already holding lock: [ 124.799477][ T6730] ffff88802539dfb0 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 124.809265][ T6730] [ 124.809265][ T6730] which lock already depends on the new lock. [ 124.809265][ T6730] [ 124.819688][ T6730] [ 124.819688][ T6730] the existing dependency chain (in reverse order) is: [ 124.828740][ T6730] [ 124.828740][ T6730] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 124.837379][ T6730] blk_alloc_queue+0x52f/0x610 [ 124.842715][ T6730] __blk_mq_alloc_disk+0x15c/0x340 [ 124.848379][ T6730] loop_add+0x411/0xad0 [ 124.853076][ T6730] loop_init+0xd9/0x170 [ 124.857771][ T6730] do_one_initcall+0x1fb/0x820 [ 124.863072][ T6730] do_initcall_level+0x104/0x190 [ 124.868556][ T6730] do_initcalls+0x59/0xa0 [ 124.873428][ T6730] kernel_init_freeable+0x334/0x4b0 [ 124.879167][ T6730] kernel_init+0x1d/0x1d0 [ 124.884039][ T6730] ret_from_fork+0x599/0xb30 [ 124.889174][ T6730] ret_from_fork_asm+0x1a/0x30 [ 124.894494][ T6730] [ 124.894494][ T6730] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 124.901738][ T6730] fs_reclaim_acquire+0x72/0x100 [ 124.907231][ T6730] kmem_cache_alloc_noprof+0x45/0x710 [ 124.913157][ T6730] __kernfs_iattrs+0xd9/0x320 [ 124.918478][ T6730] kernfs_iop_setattr+0xea/0x3f0 [ 124.923963][ T6730] notify_change+0xc1a/0xf40 [ 124.929100][ T6730] do_truncate+0x1a4/0x220 [ 124.934072][ T6730] path_openat+0x2f62/0x3840 [ 124.939205][ T6730] do_filp_open+0x1fa/0x410 [ 124.944513][ T6730] do_sys_openat2+0x121/0x200 [ 124.949733][ T6730] __x64_sys_openat+0x138/0x170 [ 124.955122][ T6730] do_syscall_64+0xfa/0xf80 [ 124.960165][ T6730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.966600][ T6730] [ 124.966600][ T6730] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 124.975149][ T6730] __lock_acquire+0x15a6/0x2cf0 [ 124.980551][ T6730] lock_acquire+0x117/0x340 [ 124.985600][ T6730] down_read+0x47/0x2e0 [ 124.990295][ T6730] kernfs_iop_getattr+0x9e/0x450 [ 124.995783][ T6730] vfs_getattr_nosec+0x2e1/0x430 [ 125.001261][ T6730] loop_assign_backing_file+0x222/0x400 [ 125.007354][ T6730] lo_ioctl+0x167f/0x1c50 [ 125.012224][ T6730] blkdev_ioctl+0x60e/0x710 [ 125.017265][ T6730] __se_sys_ioctl+0xfc/0x170 [ 125.022396][ T6730] do_syscall_64+0xfa/0xf80 [ 125.027447][ T6730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.033874][ T6730] [ 125.033874][ T6730] other info that might help us debug this: [ 125.033874][ T6730] [ 125.044200][ T6730] Chain exists of: [ 125.044200][ T6730] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 125.044200][ T6730] [ 125.058915][ T6730] Possible unsafe locking scenario: [ 125.058915][ T6730] [ 125.066382][ T6730] CPU0 CPU1 [ 125.071762][ T6730] ---- ---- [ 125.077136][ T6730] lock(&q->q_usage_counter(io)#24); [ 125.082537][ T6730] lock(fs_reclaim); [ 125.089055][ T6730] lock(&q->q_usage_counter(io)#24); [ 125.096974][ T6730] rlock(&root->kernfs_iattr_rwsem); [ 125.102368][ T6730] [ 125.102368][ T6730] *** DEADLOCK *** [ 125.102368][ T6730] [ 125.110524][ T6730] 3 locks held by syz.3.275/6730: [ 125.115558][ T6730] #0: ffff888141fed448 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x11e4/0x1c50 [ 125.124640][ T6730] #1: ffff88802539dfb0 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 125.134856][ T6730] #2: ffff88802539dfe8 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 125.145248][ T6730] [ 125.145248][ T6730] stack backtrace: [ 125.151176][ T6730] CPU: 1 UID: 0 PID: 6730 Comm: syz.3.275 Not tainted syzkaller #0 PREEMPT(full) [ 125.151196][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 125.151214][ T6730] Call Trace: [ 125.151221][ T6730] [ 125.151228][ T6730] dump_stack_lvl+0x189/0x250 [ 125.151250][ T6730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.151266][ T6730] ? __pfx__printk+0x10/0x10 [ 125.151293][ T6730] ? print_lock_name+0xde/0x100 [ 125.151318][ T6730] print_circular_bug+0x2e2/0x300 [ 125.151342][ T6730] check_noncircular+0x12e/0x150 [ 125.151360][ T6730] __lock_acquire+0x15a6/0x2cf0 [ 125.151393][ T6730] ? kernfs_iop_getattr+0x9e/0x450 [ 125.151417][ T6730] lock_acquire+0x117/0x340 [ 125.151443][ T6730] ? kernfs_iop_getattr+0x9e/0x450 [ 125.151476][ T6730] down_read+0x47/0x2e0 [ 125.151495][ T6730] ? kernfs_iop_getattr+0x9e/0x450 [ 125.151519][ T6730] kernfs_iop_getattr+0x9e/0x450 [ 125.151545][ T6730] vfs_getattr_nosec+0x2e1/0x430 [ 125.151564][ T6730] loop_assign_backing_file+0x222/0x400 [ 125.151587][ T6730] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 125.151607][ T6730] ? schedule+0x91/0x360 [ 125.151633][ T6730] lo_ioctl+0x167f/0x1c50 [ 125.151654][ T6730] ? __pfx_lo_ioctl+0x10/0x10 [ 125.151672][ T6730] ? stack_trace_save+0x9c/0xe0 [ 125.151695][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151722][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151747][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151771][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151794][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151818][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151840][ T6730] ? __lock_acquire+0x6b6/0x2cf0 [ 125.151876][ T6730] ? is_bpf_text_address+0x26/0x2b0 [ 125.151899][ T6730] ? is_bpf_text_address+0x292/0x2b0 [ 125.151920][ T6730] ? is_bpf_text_address+0x26/0x2b0 [ 125.151942][ T6730] ? kernel_text_address+0xa5/0xe0 [ 125.151961][ T6730] ? __kernel_text_address+0xd/0x40 [ 125.151979][ T6730] ? unwind_get_return_address+0x4d/0x90 [ 125.151994][ T6730] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 125.152015][ T6730] ? arch_stack_walk+0xfc/0x150 [ 125.152033][ T6730] ? stack_trace_save+0x9c/0xe0 [ 125.152054][ T6730] ? stack_depot_save_flags+0x40/0x850 [ 125.152073][ T6730] ? format_decode+0xc0/0xe10 [ 125.152098][ T6730] ? kasan_save_track+0x4f/0x80 [ 125.152121][ T6730] ? kasan_save_track+0x3e/0x80 [ 125.152143][ T6730] ? kasan_save_free_info+0x46/0x50 [ 125.152163][ T6730] ? __kasan_slab_free+0x5c/0x80 [ 125.152176][ T6730] ? kfree+0x1c0/0x660 [ 125.152195][ T6730] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 125.152210][ T6730] ? security_file_ioctl+0xcb/0x2d0 [ 125.152233][ T6730] ? __se_sys_ioctl+0x47/0x170 [ 125.152255][ T6730] ? do_syscall_64+0xfa/0xf80 [ 125.152271][ T6730] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.152292][ T6730] ? __asan_memset+0x22/0x50 [ 125.152312][ T6730] ? blk_get_meta_cap+0x18c/0x750 [ 125.152339][ T6730] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 125.152361][ T6730] ? blkdev_common_ioctl+0x11d9/0x2c70 [ 125.152382][ T6730] ? kasan_quarantine_put+0xdd/0x220 [ 125.152404][ T6730] ? lockdep_hardirqs_on+0x98/0x140 [ 125.152422][ T6730] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 125.152444][ T6730] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 125.152461][ T6730] ? do_vfs_ioctl+0xbe8/0x1430 [ 125.152482][ T6730] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 125.152498][ T6730] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 125.152527][ T6730] ? do_futex+0x395/0x420 [ 125.152557][ T6730] ? __pfx_lo_ioctl+0x10/0x10 [ 125.152575][ T6730] blkdev_ioctl+0x60e/0x710 [ 125.152596][ T6730] ? __pfx_blkdev_ioctl+0x10/0x10 [ 125.152615][ T6730] ? __fget_files+0x3a0/0x420 [ 125.152631][ T6730] ? __fget_files+0x2a/0x420 [ 125.152649][ T6730] ? bpf_lsm_file_ioctl+0x9/0x20 [ 125.152664][ T6730] ? __pfx_blkdev_ioctl+0x10/0x10 [ 125.152683][ T6730] __se_sys_ioctl+0xfc/0x170 [ 125.152706][ T6730] do_syscall_64+0xfa/0xf80 [ 125.152723][ T6730] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.152738][ T6730] ? clear_bhb_loop+0x60/0xb0 [ 125.152755][ T6730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.152771][ T6730] RIP: 0033:0x7fe47898f749 [ 125.152793][ T6730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.152808][ T6730] RSP: 002b:00007fe476bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.152826][ T6730] RAX: ffffffffffffffda RBX: 00007fe478be5fa0 RCX: 00007fe47898f749 [ 125.152838][ T6730] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 125.152848][ T6730] RBP: 00007fe478a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 125.152858][ T6730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.152868][ T6730] R13: 00007fe478be6038 R14: 00007fe478be5fa0 R15: 00007ffd2be47118 [ 125.152886][ T6730] [ 125.769941][ T6708] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.777497][ T6708] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.785578][ T6708] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.793419][ T6708] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.805398][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 125.819279][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 125.828979][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 125.840819][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end [ 125.851732][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 start [ 125.861902][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88807f5f0000 on ffff8880789e8000 end [ 125.871359][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 start [ 125.881119][ T1322] netdevice_event(NETDEV_UNREGISTER) for ffff88805bde8000 on ffff888033d54000 end