Warning: Permanently added '[localhost]:26118' (ED25519) to the list of known hosts. 2025/10/22 10:03:17 parsed 1 programs syzkaller login: [ 83.503136][ T5310] cgroup: Unknown subsys name 'net' [ 83.572312][ T5310] cgroup: Unknown subsys name 'cpuset' [ 83.577572][ T5310] cgroup: Unknown subsys name 'rlimit' [ 85.176841][ T5310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.279297][ T5338] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.283079][ T5338] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.286544][ T5338] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.296344][ T5338] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.300719][ T5338] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.132965][ T5331] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.197512][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.220742][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.505435][ T1043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.537827][ T1043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.973516][ T45] cfg80211: failed to load regulatory.db [ 95.580955][ T5368] chnl_net:caif_netlink_parms(): no params data found [ 95.799381][ T5368] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.809606][ T5368] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.812880][ T5368] bridge_slave_0: entered allmulticast mode [ 95.827871][ T5368] bridge_slave_0: entered promiscuous mode [ 95.841171][ T5368] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.844515][ T5368] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.847838][ T5368] bridge_slave_1: entered allmulticast mode [ 95.861175][ T5368] bridge_slave_1: entered promiscuous mode [ 95.906790][ T5368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.921941][ T5368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.972176][ T5368] team0: Port device team_slave_0 added [ 95.978262][ T5368] team0: Port device team_slave_1 added [ 96.015172][ T5368] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.018263][ T5368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.049216][ T5368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.059435][ T5368] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.061852][ T5368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.089222][ T5368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.153205][ T5368] hsr_slave_0: entered promiscuous mode [ 96.156577][ T5368] hsr_slave_1: entered promiscuous mode [ 96.318296][ T5368] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 96.327478][ T5368] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 96.334273][ T5368] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 96.340821][ T5368] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 96.367162][ T5368] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.370508][ T5368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.375674][ T5368] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.380688][ T5368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.437650][ T5368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.450743][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.455018][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.467076][ T5368] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.476366][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.479651][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.495438][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.499645][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.870883][ T5368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.196965][ T5368] veth0_vlan: entered promiscuous mode [ 97.214731][ T5368] veth1_vlan: entered promiscuous mode [ 97.257562][ T5368] veth0_macvtap: entered promiscuous mode [ 97.272944][ T5368] veth1_macvtap: entered promiscuous mode [ 97.299702][ T5368] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.314960][ T5368] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.337216][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.350950][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.354867][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.374277][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/10/22 10:03:33 executed programs: 0 [ 97.672058][ T4667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.676442][ T4667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.680710][ T4667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.701401][ T4667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.713744][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.717280][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.721073][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.725129][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.730271][ T5338] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.733917][ T5338] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.817024][ T5444] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.823211][ T5444] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.826982][ T5444] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.831308][ T5444] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.834589][ T5444] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.114946][ T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.120482][ T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.133789][ T5368] syz-executor (5368) used greatest stack depth: 19576 bytes left [ 98.139138][ T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.142379][ T48] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 98.147106][ T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.153501][ T48] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 98.157543][ T4667] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.172085][ T48] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 98.182577][ T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 98.190579][ T4667] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 98.289808][ T4667] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 98.312961][ T4667] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 98.320557][ T4667] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 98.341672][ T4667] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 98.345403][ T4667] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 99.591483][ T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.790962][ T4667] Bluetooth: hci0: command tx timeout [ 99.802321][ T5438] chnl_net:caif_netlink_parms(): no params data found [ 99.873441][ T4667] Bluetooth: hci2: command tx timeout [ 99.876024][ T4667] Bluetooth: hci1: command tx timeout [ 99.937523][ T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.082844][ T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.147830][ T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.190801][ T4667] Bluetooth: hci3: command tx timeout [ 100.343692][ T5438] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.346814][ T5438] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.350791][ T4667] Bluetooth: hci4: command tx timeout [ 100.369990][ T5438] bridge_slave_0: entered allmulticast mode [ 100.374886][ T5438] bridge_slave_0: entered promiscuous mode [ 100.390620][ T5438] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.393468][ T5438] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.396441][ T5438] bridge_slave_1: entered allmulticast mode [ 100.409970][ T5438] bridge_slave_1: entered promiscuous mode [ 100.510340][ T4667] Bluetooth: hci5: command tx timeout [ 100.626494][ T5438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.642065][ T5438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.843404][ T5446] chnl_net:caif_netlink_parms(): no params data found [ 100.901768][ T5438] team0: Port device team_slave_0 added [ 100.917414][ T5438] team0: Port device team_slave_1 added [ 101.051334][ T13] bridge_slave_1: left allmulticast mode [ 101.054119][ T13] bridge_slave_1: left promiscuous mode [ 101.057300][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.082243][ T13] bridge_slave_0: left allmulticast mode [ 101.084967][ T13] bridge_slave_0: left promiscuous mode [ 101.087639][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.419037][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.424580][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.429770][ T13] bond0 (unregistering): Released all slaves [ 101.558392][ T5440] chnl_net:caif_netlink_parms(): no params data found [ 101.734363][ T13] hsr_slave_0: left promiscuous mode [ 101.745489][ T13] hsr_slave_1: left promiscuous mode [ 101.752323][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.755640][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.768375][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.780481][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.803118][ T13] veth1_macvtap: left promiscuous mode [ 101.805761][ T13] veth0_macvtap: left promiscuous mode [ 101.809586][ T13] veth1_vlan: left promiscuous mode [ 101.812052][ T13] veth0_vlan: left promiscuous mode [ 101.869567][ T4667] Bluetooth: hci0: command tx timeout [ 101.951558][ T4667] Bluetooth: hci1: command tx timeout [ 101.953904][ T4667] Bluetooth: hci2: command tx timeout [ 102.090461][ T13] team0 (unregistering): Port device team_slave_1 removed [ 102.110296][ T13] team0 (unregistering): Port device team_slave_0 removed [ 102.270187][ T48] Bluetooth: hci3: command tx timeout [ 102.405489][ T5438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.420906][ T5438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.438937][ T48] Bluetooth: hci4: command tx timeout [ 102.469063][ T5438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.475802][ T5438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.487193][ T5438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.500721][ T5438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.536120][ T5453] chnl_net:caif_netlink_parms(): no params data found [ 102.552920][ T5458] chnl_net:caif_netlink_parms(): no params data found [ 102.590196][ T48] Bluetooth: hci5: command tx timeout [ 102.800898][ T5438] hsr_slave_0: entered promiscuous mode [ 102.824659][ T5438] hsr_slave_1: entered promiscuous mode [ 102.935408][ T5454] chnl_net:caif_netlink_parms(): no params data found [ 103.013826][ T5446] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.016956][ T5446] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.037044][ T5446] bridge_slave_0: entered allmulticast mode [ 103.061995][ T5446] bridge_slave_0: entered promiscuous mode [ 103.082339][ T5446] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.085596][ T5446] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.099967][ T5446] bridge_slave_1: entered allmulticast mode [ 103.104134][ T5446] bridge_slave_1: entered promiscuous mode [ 103.234611][ T5440] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.237680][ T5440] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.257250][ T5440] bridge_slave_0: entered allmulticast mode [ 103.261396][ T5440] bridge_slave_0: entered promiscuous mode [ 103.311248][ T5440] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.314405][ T5440] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.317635][ T5440] bridge_slave_1: entered allmulticast mode [ 103.325089][ T5440] bridge_slave_1: entered promiscuous mode [ 103.371102][ T5446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.457486][ T5453] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.469238][ T5453] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.472583][ T5453] bridge_slave_0: entered allmulticast mode [ 103.489113][ T5453] bridge_slave_0: entered promiscuous mode [ 103.493484][ T5453] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.496570][ T5453] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.508123][ T5453] bridge_slave_1: entered allmulticast mode [ 103.520147][ T5453] bridge_slave_1: entered promiscuous mode [ 103.543394][ T5446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.551250][ T5440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.570922][ T5458] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.574093][ T5458] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.577130][ T5458] bridge_slave_0: entered allmulticast mode [ 103.591286][ T5458] bridge_slave_0: entered promiscuous mode [ 103.681510][ T5440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.692634][ T5458] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.695890][ T5458] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.707384][ T5458] bridge_slave_1: entered allmulticast mode [ 103.720521][ T5458] bridge_slave_1: entered promiscuous mode [ 103.773576][ T5453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.804294][ T5446] team0: Port device team_slave_0 added [ 103.816408][ T5454] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.820514][ T5454] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.825202][ T5454] bridge_slave_0: entered allmulticast mode [ 103.836793][ T5454] bridge_slave_0: entered promiscuous mode [ 103.844359][ T5453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.849721][ T5454] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.852980][ T5454] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.856115][ T5454] bridge_slave_1: entered allmulticast mode [ 103.860230][ T5454] bridge_slave_1: entered promiscuous mode [ 103.875136][ T5446] team0: Port device team_slave_1 added [ 103.887763][ T5458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.924345][ T5440] team0: Port device team_slave_0 added [ 103.941996][ T5458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.950674][ T48] Bluetooth: hci0: command tx timeout [ 103.978271][ T5454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.988430][ T5440] team0: Port device team_slave_1 added [ 104.000724][ T5446] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.003702][ T5446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.015614][ T5446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.029076][ T48] Bluetooth: hci2: command tx timeout [ 104.031627][ T48] Bluetooth: hci1: command tx timeout [ 104.059464][ T5453] team0: Port device team_slave_0 added [ 104.077793][ T5454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.092278][ T5446] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.095362][ T5446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.106597][ T5446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.121958][ T5453] team0: Port device team_slave_1 added [ 104.152755][ T5458] team0: Port device team_slave_0 added [ 104.189465][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.192721][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.213206][ T5440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.236367][ T5458] team0: Port device team_slave_1 added [ 104.285343][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.299081][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.319690][ T5440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.348924][ T4667] Bluetooth: hci3: command tx timeout [ 104.370674][ T5454] team0: Port device team_slave_0 added [ 104.400859][ T5453] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.404041][ T5453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.440333][ T5453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.480670][ T5454] team0: Port device team_slave_1 added [ 104.484301][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.487444][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.510524][ T4667] Bluetooth: hci4: command tx timeout [ 104.530136][ T5458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.551808][ T5446] hsr_slave_0: entered promiscuous mode [ 104.555716][ T5446] hsr_slave_1: entered promiscuous mode [ 104.559917][ T5446] debugfs: 'hsr0' already exists in 'hsr' [ 104.562682][ T5446] Cannot create hsr debugfs directory [ 104.574932][ T5453] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.578070][ T5453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.593760][ T5453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.612387][ T5458] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.615375][ T5458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.627866][ T5458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.664790][ T5438] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.669785][ T4667] Bluetooth: hci5: command tx timeout [ 104.728246][ T5440] hsr_slave_0: entered promiscuous mode [ 104.732265][ T5440] hsr_slave_1: entered promiscuous mode [ 104.735327][ T5440] debugfs: 'hsr0' already exists in 'hsr' [ 104.738013][ T5440] Cannot create hsr debugfs directory [ 104.753470][ T5438] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.759766][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.762897][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.775340][ T5454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.791587][ T5438] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.807108][ T5438] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.825387][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.832898][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.844978][ T5454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.912794][ T5453] hsr_slave_0: entered promiscuous mode [ 104.927487][ T5453] hsr_slave_1: entered promiscuous mode [ 104.932481][ T5453] debugfs: 'hsr0' already exists in 'hsr' [ 104.934928][ T5453] Cannot create hsr debugfs directory [ 104.980222][ T5458] hsr_slave_0: entered promiscuous mode [ 104.983555][ T5458] hsr_slave_1: entered promiscuous mode [ 104.990566][ T5458] debugfs: 'hsr0' already exists in 'hsr' [ 104.992829][ T5458] Cannot create hsr debugfs directory [ 105.110118][ T5454] hsr_slave_0: entered promiscuous mode [ 105.113976][ T5454] hsr_slave_1: entered promiscuous mode [ 105.117043][ T5454] debugfs: 'hsr0' already exists in 'hsr' [ 105.129376][ T5454] Cannot create hsr debugfs directory [ 105.580732][ T5446] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.587315][ T5446] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.616207][ T5446] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.635739][ T5446] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.656344][ T5438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.688293][ T5440] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.729719][ T5440] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.736194][ T5440] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.754364][ T5438] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.764320][ T5440] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.802812][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.806119][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.857254][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.860460][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.881753][ T5453] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 105.991061][ T5453] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 106.031564][ T4667] Bluetooth: hci0: command tx timeout [ 106.073677][ T5453] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 106.090222][ T5453] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 106.110930][ T4667] Bluetooth: hci1: command tx timeout [ 106.113232][ T4667] Bluetooth: hci2: command tx timeout [ 106.429274][ T48] Bluetooth: hci3: command tx timeout [ 106.443625][ T5440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.453419][ T5446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.593590][ T48] Bluetooth: hci4: command tx timeout [ 106.608970][ T5440] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.614971][ T5446] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.697453][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.700727][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.731271][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.734523][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.752459][ T48] Bluetooth: hci5: command tx timeout [ 106.769886][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.773057][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.850376][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.852973][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.967450][ T5458] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 107.031347][ T5438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.077071][ T5458] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 107.092023][ T5458] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 107.199961][ T5458] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 107.377162][ T5453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.419326][ T5438] veth0_vlan: entered promiscuous mode [ 107.426178][ T5438] veth1_vlan: entered promiscuous mode [ 107.481159][ T5454] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.501760][ T5454] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.601218][ T5453] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.604544][ T5454] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.649784][ T5454] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.741824][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.744993][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.754189][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.757619][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.812247][ T5446] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.828146][ T5440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.844564][ T5438] veth0_macvtap: entered promiscuous mode [ 107.888156][ T5438] veth1_macvtap: entered promiscuous mode [ 107.986346][ T5438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.007386][ T5446] veth0_vlan: entered promiscuous mode [ 108.043601][ T5438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.077664][ T5446] veth1_vlan: entered promiscuous mode [ 108.094119][ T5440] veth0_vlan: entered promiscuous mode [ 108.124409][ T149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.157968][ T149] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.169803][ T149] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.173733][ T149] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.213538][ T5440] veth1_vlan: entered promiscuous mode [ 108.307300][ T5458] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.345875][ T5446] veth0_macvtap: entered promiscuous mode [ 108.395292][ T5458] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.425682][ T5446] veth1_macvtap: entered promiscuous mode [ 108.531138][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.534410][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.601285][ T5454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.674924][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.677708][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.737989][ T5446] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.771614][ T5454] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.776977][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.787403][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.814680][ T5440] veth0_macvtap: entered promiscuous mode [ 108.852075][ T5446] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.915501][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.918726][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.939457][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.942580][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.954373][ T5440] veth1_macvtap: entered promiscuous mode [ 109.006622][ T5453] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.080778][ T1138] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.086164][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.109152][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.134030][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.175069][ T1042] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.191056][ T1042] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.194881][ T1042] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.282394][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.352717][ T1138] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.356617][ T1138] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 2025/10/22 10:03:45 executed programs: 12 [ 109.499835][ T1138] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.586317][ T5659] loop0: detected capacity change from 0 to 2048 [ 109.612909][ T1138] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.665913][ T5659] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362 [ 109.749023][ T5659] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 109.797963][ T5659] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 109.874253][ T5659] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 109.948033][ T25] audit: type=1800 audit(1761127426.257:2): pid=5659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 110.024313][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.027628][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.146451][ T5454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.177750][ T5458] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.226719][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.241138][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.412532][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 110.421077][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.424778][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.566890][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.609463][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.628240][ T5454] veth0_vlan: entered promiscuous mode [ 110.811353][ T5454] veth1_vlan: entered promiscuous mode [ 111.126250][ T5453] veth0_vlan: entered promiscuous mode [ 111.236565][ T5686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.328977][ T5454] veth0_macvtap: entered promiscuous mode [ 111.424902][ T5454] veth1_macvtap: entered promiscuous mode [ 111.437861][ T5686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.505212][ T5453] veth1_vlan: entered promiscuous mode [ 111.606837][ T5690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.737130][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.754573][ T5690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.846201][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.973076][ T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.100134][ T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.125593][ T31] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.149857][ T5453] veth0_macvtap: entered promiscuous mode [ 112.194449][ T31] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.241079][ T5453] veth1_macvtap: entered promiscuous mode [ 112.432664][ T5659] [ 112.433901][ T5659] ============================================ [ 112.436514][ T5659] WARNING: possible recursive locking detected [ 112.439188][ T5659] syzkaller #0 Not tainted [ 112.442012][ T5659] -------------------------------------------- [ 112.444714][ T5659] syz.0.17/5659 is trying to acquire lock: [ 112.447260][ T5659] ffff888053628528 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_free_blocks+0x9e2/0x17f0 [ 112.451436][ T5659] [ 112.451436][ T5659] but task is already holding lock: [ 112.454558][ T5659] ffff888053628528 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0xfab/0x1ba0 [ 112.458601][ T5659] [ 112.458601][ T5659] other info that might help us debug this: [ 112.462209][ T5659] Possible unsafe locking scenario: [ 112.462209][ T5659] [ 112.465503][ T5659] CPU0 [ 112.467017][ T5659] ---- [ 112.468462][ T5659] lock(&sbi->s_alloc_mutex); [ 112.470618][ T5659] lock(&sbi->s_alloc_mutex); [ 112.472650][ T5659] [ 112.472650][ T5659] *** DEADLOCK *** [ 112.472650][ T5659] [ 112.476072][ T5659] May be due to missing lock nesting notation [ 112.476072][ T5659] [ 112.479762][ T5659] 4 locks held by syz.0.17/5659: [ 112.481925][ T5659] #0: ffff888011d88420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 112.486110][ T5659] #1: ffff8880447a0f40 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: udf_file_write_iter+0x6e/0x6c0 [ 112.490622][ T5659] #2: ffff8880447a0d70 (&ei->i_data_sem#2){++++}-{4:4}, at: udf_map_block+0x283/0x45f0 [ 112.494571][ T5659] #3: ffff888053628528 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0xfab/0x1ba0 [ 112.498742][ T5659] [ 112.498742][ T5659] stack backtrace: [ 112.501158][ T5659] CPU: 0 UID: 0 PID: 5659 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 112.501171][ T5659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 112.501178][ T5659] Call Trace: [ 112.501185][ T5659] [ 112.501189][ T5659] dump_stack_lvl+0x189/0x250 [ 112.501207][ T5659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.501219][ T5659] ? __pfx__printk+0x10/0x10 [ 112.501230][ T5659] ? print_lock_name+0xde/0x100 [ 112.501240][ T5659] print_deadlock_bug+0x28b/0x2a0 [ 112.501253][ T5659] validate_chain+0x1a3f/0x2140 [ 112.501266][ T5659] ? is_bpf_text_address+0x26/0x2b0 [ 112.501279][ T5659] __lock_acquire+0xab9/0xd20 [ 112.501289][ T5659] ? udf_free_blocks+0x9e2/0x17f0 [ 112.501303][ T5659] lock_acquire+0x120/0x360 [ 112.501311][ T5659] ? udf_free_blocks+0x9e2/0x17f0 [ 112.501325][ T5659] ? stack_trace_save+0x9c/0xe0 [ 112.501340][ T5659] __mutex_lock+0x187/0x1350 [ 112.501397][ T5659] ? udf_free_blocks+0x9e2/0x17f0 [ 112.501409][ T5659] ? folio_mark_accessed+0x42c/0x8b0 [ 112.501425][ T5659] ? __lock_acquire+0xab9/0xd20 [ 112.501434][ T5659] ? __pfx_folio_mark_accessed+0x10/0x10 [ 112.501449][ T5659] ? udf_free_blocks+0x9e2/0x17f0 [ 112.501463][ T5659] ? __pfx___mutex_lock+0x10/0x10 [ 112.501476][ T5659] ? __pfx___might_resched+0x10/0x10 [ 112.501483][ T5659] ? fs_reclaim_acquire+0x7d/0x100 [ 112.501492][ T5659] udf_free_blocks+0x9e2/0x17f0 [ 112.501505][ T5659] ? udf_get_fileshortad+0x6e/0x1b0 [ 112.501517][ T5659] ? udf_current_aext+0x698/0xb00 [ 112.501526][ T5659] ? __pfx_udf_free_blocks+0x10/0x10 [ 112.501545][ T5659] udf_delete_aext+0x4df/0xbc0 [ 112.501557][ T5659] ? __pfx_udf_delete_aext+0x10/0x10 [ 112.501570][ T5659] udf_new_block+0x1404/0x1ba0 [ 112.501585][ T5659] ? fs_reclaim_acquire+0x7d/0x100 [ 112.501596][ T5659] ? bdev_getblk+0x80/0x660 [ 112.501605][ T5659] ? __pfx_udf_new_block+0x10/0x10 [ 112.501623][ T5659] udf_map_block+0x13a8/0x45f0 [ 112.501638][ T5659] ? percpu_ref_get_many+0x19/0x140 [ 112.501659][ T5659] ? __pfx_udf_map_block+0x10/0x10 [ 112.501673][ T5659] ? percpu_ref_get_many+0x19/0x140 [ 112.501685][ T5659] ? percpu_ref_get_many+0x19/0x140 [ 112.501707][ T5659] ? do_raw_spin_lock+0x121/0x290 [ 112.501726][ T5659] ? do_raw_spin_unlock+0x4d/0x240 [ 112.501740][ T5659] __udf_get_block+0x52/0x250 [ 112.501749][ T5659] ? create_empty_buffers+0x465/0x530 [ 112.501758][ T5659] __block_write_begin_int+0x6b5/0x1900 [ 112.501765][ T5659] ? __pfx_workingset_update_node+0x10/0x10 [ 112.501773][ T5659] ? __pfx_udf_get_block+0x10/0x10 [ 112.501782][ T5659] ? __pfx___block_write_begin_int+0x10/0x10 [ 112.501797][ T5659] ? __pfx_udf_get_block+0x10/0x10 [ 112.501805][ T5659] block_write_begin+0x8a/0x120 [ 112.501814][ T5659] ? udf_write_begin+0x92/0x270 [ 112.501829][ T5659] udf_write_begin+0x115/0x270 [ 112.501844][ T5659] generic_perform_write+0x2c5/0x900 [ 112.501857][ T5659] ? __pfx_generic_perform_write+0x10/0x10 [ 112.501866][ T5659] ? generic_file_direct_write+0x385/0x3e0 [ 112.501873][ T5659] ? file_update_time+0x416/0x490 [ 112.501880][ T5659] __generic_file_write_iter+0x1ae/0x230 [ 112.501886][ T5659] udf_file_write_iter+0x2d5/0x6c0 [ 112.501896][ T5659] iter_file_splice_write+0x975/0x10e0 [ 112.501908][ T5659] ? __pfx_iter_file_splice_write+0x10/0x10 [ 112.501917][ T5659] ? rcu_read_lock_any_held+0xb3/0x120 [ 112.501925][ T5659] ? direct_splice_actor+0x10c/0x160 [ 112.501934][ T5659] ? __pfx_iter_file_splice_write+0x10/0x10 [ 112.501942][ T5659] direct_splice_actor+0x101/0x160 [ 112.501950][ T5659] splice_direct_to_actor+0x5a8/0xcc0 [ 112.501961][ T5659] ? __pfx_direct_splice_actor+0x10/0x10 [ 112.501969][ T5659] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 112.501980][ T5659] do_splice_direct+0x181/0x270 [ 112.501993][ T5659] ? __pfx_do_splice_direct+0x10/0x10 [ 112.502005][ T5659] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 112.502019][ T5659] ? rw_verify_area+0x255/0x4d0 [ 112.502032][ T5659] do_sendfile+0x4da/0x7e0 [ 112.502046][ T5659] ? __pfx_do_sendfile+0x10/0x10 [ 112.502059][ T5659] ? __se_sys_futex+0x36f/0x400 [ 112.502074][ T5659] __se_sys_sendfile64+0x13e/0x190 [ 112.502088][ T5659] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 112.502100][ T5659] ? do_syscall_64+0xbe/0xfa0 [ 112.502111][ T5659] do_syscall_64+0xfa/0xfa0 [ 112.502121][ T5659] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.502132][ T5659] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.502141][ T5659] ? clear_bhb_loop+0x60/0xb0 [ 112.502151][ T5659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.502160][ T5659] RIP: 0033:0x7fb4fc58efc9 [ 112.502171][ T5659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.502178][ T5659] RSP: 002b:00007fb4fd41f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 112.502189][ T5659] RAX: ffffffffffffffda RBX: 00007fb4fc7e5fa0 RCX: 00007fb4fc58efc9 [ 112.502196][ T5659] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 112.502202][ T5659] RBP: 00007fb4fc611f91 R08: 0000000000000000 R09: 0000000000000000 [ 112.502208][ T5659] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000000 [ 112.502214][ T5659] R13: 00007fb4fc7e6038 R14: 00007fb4fc7e5fa0 R15: 00007ffc9c253d88 [ 112.502225][ T5659] [ 113.100820][ T5458] veth0_vlan: entered promiscuous mode [ 113.113456][ T5458] veth1_vlan: entered promiscuous mode [ 113.173255][ T5453] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.291646][ T5453] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.322509][ T5454] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 113.396871][ T31] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.421741][ T5458] veth0_macvtap: entered promiscuous mode [ 113.427121][ T5458] veth1_macvtap: entered promiscuous mode [ 113.450883][ T1138] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.465007][ T1138] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.477302][ T1138] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.552392][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.556463][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.577171][ T5454] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 113.646183][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.691442][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.694969][ T5453] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 113.699798][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.708533][ T5458] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.779547][ T31] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.784626][ T31] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.815624][ T31] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.834589][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 113.838052][ T10] usb 5-1: no configurations [ 113.857324][ T31] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.864081][ T10] usb 5-1: can't read configurations, error -22 [ 113.876215][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.882021][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.910210][ T5453] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 113.991494][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.996307][ T5458] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 114.021952][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.076222][ T5702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.083697][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.096408][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.104401][ T5458] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 114.160904][ T5702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.190256][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.209305][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.329960][ T5709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.406991][ T5709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.415000][ T5712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.468130][ T5712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.573207][ T5717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.651790][ T5717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.659691][ T5718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.742279][ T5718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.213998][ T5703] syz.2.23 (5703) used greatest stack depth: 19504 bytes left 2025/10/22 10:03:53 executed programs: 20 [ 117.692095][ T5728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.695780][ T5728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.778727][ T5734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.850877][ T5734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.862616][ T5737] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.913154][ T5737] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.930926][ T5738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.998916][ T5738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.035308][ T5739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.055763][ T5739] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.142692][ T5760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.204210][ T5760] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.210537][ T5767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.295734][ T5767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.301062][ T5761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.311197][ T5766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.353255][ T5766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.361071][ T5761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.382302][ T5765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.451468][ T5765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 VM DIAGNOSIS: 10:03:48 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000072 RBX=0000000000000072 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000d44dfb0 R8 =ffff888031e38237 R9 =1ffff110063c7046 R10=dffffc0000000000 R11=ffffffff85165550 R12=dffffc0000000000 R13=ffffffff997e1900 R14=ffffffff99af5300 R15=0000000000000000 RIP=ffffffff851655cc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fb4fd41f6c0 ffffffff 00c00000 GS =0000 ffff88808d733000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055b567504e20 CR3=0000000052879000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc9c254110 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc612fdb ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc612fe8 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc612fe2 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc612ff6 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc61307c ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb4fc61315a ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000