last executing test programs: 25.270551941s ago: executing program 4 (id=4278): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x5421, &(0x7f0000000000)) 25.217680314s ago: executing program 4 (id=4280): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r1, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000580)=0x80) dup3(r0, r2, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0) 25.146667503s ago: executing program 4 (id=4282): r0 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 25.093515286s ago: executing program 4 (id=4284): pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x10800) read$hiddev(r0, &(0x7f0000000480)=""/63, 0x3f) 21.032250769s ago: executing program 0 (id=4337): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SIOCGETMIFCNT_IN6(r2, 0x89e0, 0x0) 20.859321164s ago: executing program 0 (id=4339): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) sendmsg$NL80211_CMD_VENDOR(r0, 0x0, 0x0) 20.774244962s ago: executing program 0 (id=4340): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuacct.stat\x00', 0x26e1, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r0, 0x0, 0x0) 20.579447205s ago: executing program 0 (id=4342): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14}, 0x14}}, 0x4004880) 4.789002888s ago: executing program 2 (id=4471): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000fefffffb000000000000000085000000bc000000850000002a00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 4.732661602s ago: executing program 3 (id=4472): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x10, &(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRESHEX], 0x3, 0x18a, &(0x7f0000002480)="$eJzsks1O4lAUx/+3tHzMJJOZZFZsIBkywyxmaMuMMW50iXsfQFIKEosKbaIQFjXGsHBhXPoEPIQbE19AFsYHYM2CrYmpubenza2v4P0t+N9zON9w4A/9AoDX9dTBDgQ5fMGCMegAKiz2rbRYb0ifSK9jwSPF7ZL/grTsjyeHbc9zR9WtKr5lHCXKReryt881rESp5/XU4Y99AFEURdzXARafAcgxOQBDKaasA9/5Ei9RzHrq8EV4wi8AjWBw0vDHkz/9Qbvn9twj225umP9M87/d6PY91xSfEa0jWtAq4PobAL9XSRrBAHBJMZ+QhUmj0fcsyeXkpRvWfxiZXE3KTZThPu1bQPJ7AXv4iSKA05BJ3pqookMs1gLDnQF0c55r6dJ8ca+iiPrrHHudGRhYkjaHntawljBSw5aN5maYjD2je9XIbpHOSZeklXd/GV1UuCKrHgJ5PkYwsviRztpBMLL4wcTLTn3211A+GO96q2WXe9CgUCgUCoVCoVAoFB+dtwAAAP//r9t8wA==") openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) 4.561450919s ago: executing program 2 (id=4474): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010000104000020000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b12020000000000280012800b00010067656e657665000018000280060005004e20000004000600050008"], 0x58}}, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, 0x0, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000004c0)=0xfffffffffffffe10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x58, &(0x7f00000001c0)}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x3, 0x5) bind$inet(r4, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) connect$inet(r4, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000001100)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) write$binfmt_elf64(r4, &(0x7f0000000140)=ANY=[], 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="05030404d3fc02000000ab5d71acedd7c9560385dcb1894f84d7dc059806c52405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000700)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) write$cgroup_int(r8, &(0x7f0000000740)=0x8, 0x12) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'tunl0\x00', &(0x7f0000000780)={'sit0\x00', r7, 0x7, 0x10, 0x0, 0x7, {{0x6, 0x4, 0x3, 0x7, 0x18, 0x68, 0x0, 0x5, 0x2f, 0x0, @private, @empty, {[@ssrr={0x89, 0x3}]}}}}}) socket$inet6_sctp(0xa, 0x0, 0x84) socket$inet6_sctp(0xa, 0x0, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) 4.146980404s ago: executing program 3 (id=4476): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r5, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) recvmsg(r5, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r2, @ANYBLOB="a9418aab7463eb923f536a7c261c6c67d09c2ab00cc5b1329334f78b66bb6cd8b683ba7a475ebbbe36f8b2a43fd4d78b6722"], 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="4f06011805"], 0x5) r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r8) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r9 = inotify_init1(0x0) fcntl$setown(r9, 0x8, 0xffffffffffffffff) fcntl$getownex(r9, 0x10, &(0x7f0000000140)={0x0, 0x0}) r11 = syz_open_procfs(r10, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r11, 0x4004662b, &(0x7f0000000180)={@id={0x2, 0x0, @auto="ffee8e7268b4fecd2fce2d54fbd909e4"}}) 3.831845645s ago: executing program 2 (id=4477): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 3.724806121s ago: executing program 2 (id=4478): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x5}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8}]}}]}, 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.463302708s ago: executing program 1 (id=4479): openat$incfs(0xffffffffffffffff, 0x0, 0x159242, 0x0) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10128, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$video4linux(&(0x7f0000000840), 0x6, 0x0) ioctl$VIDIOC_QUERYSTD(r3, 0x8008563f, 0x0) 2.289966198s ago: executing program 1 (id=4480): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000b"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x1, 0x5}, 0x48) 2.125053867s ago: executing program 2 (id=4481): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @typedef={0x0, 0x0, 0x0, 0x10, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20) 2.003322121s ago: executing program 1 (id=4482): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = dup2(r1, r1) close_range(r1, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x484}]}) 1.99467419s ago: executing program 2 (id=4483): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r2 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) 1.948128488s ago: executing program 3 (id=4484): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) close_range(r0, r1, 0x0) 1.591275756s ago: executing program 3 (id=4485): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) socket$inet_sctp(0x2, 0x1, 0x84) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xe3, 0x1b1c07}) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) 1.527387989s ago: executing program 1 (id=4486): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010000104000020000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b12020000000000280012800b00010067656e657665000018000280060005004e20000004000600050008"], 0x58}}, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, 0x0, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000004c0)=0xfffffffffffffe10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x58, &(0x7f00000001c0)}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x3, 0x5) bind$inet(r4, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) connect$inet(r4, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000001100)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) write$binfmt_elf64(r4, &(0x7f0000000140)=ANY=[], 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="05030404d3fc02000000ab5d71acedd7c9560385dcb1894f84d7dc059806c52405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000700)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) write$cgroup_int(r8, &(0x7f0000000740)=0x8, 0x12) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'tunl0\x00', &(0x7f0000000780)={'sit0\x00', r7, 0x7, 0x10, 0x0, 0x7, {{0x6, 0x4, 0x3, 0x7, 0x18, 0x68, 0x0, 0x5, 0x2f, 0x0, @private, @empty, {[@ssrr={0x89, 0x3}]}}}}}) socket$inet6_sctp(0xa, 0x0, 0x84) socket$inet6_sctp(0xa, 0x0, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) 1.109633563s ago: executing program 4 (id=4285): msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) prlimit64(0x0, 0x0, 0x0, 0x0) getpid() recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYRES8], 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000008c0)={{0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffffff}) 977.656413ms ago: executing program 1 (id=4487): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2, 0x0, 0x0, 0x4}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, &(0x7f0000005280)) 895.218931ms ago: executing program 4 (id=4488): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000000)=0x6) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac010902"], 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d56549b, 0x0, [0xffffffffffffffff, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x11]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 687.478061ms ago: executing program 3 (id=4489): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x200000, &(0x7f0000000140)={[{@fat=@usefree}, {@numtail}, {@shortname_mixed}, {@numtail}, {@shortname_lower}, {@uni_xlateno}, {@shortname_lower}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@numtail}, {@shortname_win95}, {@numtail}]}, 0x3, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 449.095041ms ago: executing program 0 (id=4344): r0 = socket$unix(0x1, 0x5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f00000016c0)={0x14}, 0x14}}, 0x0) 323.183379ms ago: executing program 0 (id=4490): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x1007ffffc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040804c8000200"], 0x7) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xf}, 0x1c) write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90012000e00050014010a00c4e05ef81b9f5dce0e4d00000700ffff00000700"], 0x17) syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="03c800a897a2aa95abc3fc514673cd0b437485a583d648b7a50fe710543f3a7dbbd82338f0d0bcba784b7eff4a9352b48a89c78e6127aa72ae3cefa72c59c14c3559f2e70d1d09c516318567371c3baf2d571b837de60bc53aa0a65c57d05865d97a1716ad93886f37d604cecddf7ced3c14cfbaae1891cff43c22049e6b1f02dc3f51de2e386fa894dce1817104c3e0d3bb8a875ed01264e1312b3e2d131a1edf16e11161d611839313955679a2d48d146081ad5b9ff30476865324c66adadfdab1e1fdd3f1dcb15199d455dd26d4d30fc6740597c6b1f68042f1bf978cddbcd5283429e0e05f509f8cda49a04a28afd53f4802ef3f5ec9f9e51a14f9ec0f35b0c0fc8f0ee7376aa35478d51637fce78246f274b1292323bc3a1d8eb77a6968ed26f82fb30fd1fc4ca0e1c1cc4c5a825fff8426f462b3478cc9cd8aeed145a2522f413c563edf39556c638d040ec717e8fa6a3e07b5240ca6f7de93287e99271ad5f2743ae432526e117ef5f8b590614401fdbcd435103758b2d6685fd8462d2b0e0c6fb38125f2ddfadf835b2841c37060977d3eef4d7b696d0718182abad78ef74b2baca3177d037d903c1750dbfbdc76975d43532af132fe"], 0x1ac) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x3, &(0x7f0000000240)=0x7) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f0000000080)) 139.876124ms ago: executing program 3 (id=4491): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000a40)=ANY=[], 0x0) 0s ago: executing program 1 (id=4492): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r4, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) recvmsg(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r2, @ANYBLOB="a9418aab7463eb923f536a7c261c6c67d09c2ab00cc5b1329334f78b66bb6cd8b683ba7a475ebbbe36f8b2a43fd4d78b6722"], 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="4f06011805"], 0x5) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r7) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r8 = inotify_init1(0x0) fcntl$setown(r8, 0x8, 0xffffffffffffffff) fcntl$getownex(r8, 0x10, &(0x7f0000000140)={0x0, 0x0}) r10 = syz_open_procfs(r9, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r10, 0x4004662b, &(0x7f0000000180)={@id={0x2, 0x0, @auto="ffee8e7268b4fecd2fce2d54fbd909e4"}}) kernel console output (not intermixed with test programs): .186396][T15259] veth1_vlan: entered promiscuous mode [ 1057.243854][ T5228] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1057.258732][ T5228] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1057.274728][ T5228] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 1057.287163][ T5228] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1057.298119][ T5228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1057.330988][T12892] Bluetooth: hci0: command tx timeout [ 1057.340023][T15452] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1057.349556][ T5228] hub 2-1:1.0: bad descriptor, ignoring hub [ 1057.370546][ T5228] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1057.394584][ T5228] cdc_wdm 2-1:1.0: skipping garbage [ 1057.400548][ T5228] cdc_wdm 2-1:1.0: skipping garbage [ 1057.421329][ T5228] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1057.427748][ T5228] cdc_wdm 2-1:1.0: Unknown control protocol [ 1057.559805][T15452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1057.576620][T15452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1057.608337][T15263] veth0_vlan: entered promiscuous mode [ 1057.650259][T15259] veth0_macvtap: entered promiscuous mode [ 1057.719992][T15259] veth1_macvtap: entered promiscuous mode [ 1057.728342][ T8] usb 2-1: USB disconnect, device number 55 [ 1057.773725][T15263] veth1_vlan: entered promiscuous mode [ 1057.825933][T15259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.837619][T15259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.853618][T15259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.866302][T15259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.895886][T15259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1057.926379][T15259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.937088][T15259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.948159][T15259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.959213][T15259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.977362][T15259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1058.022875][T15259] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1058.036406][T15259] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1058.047009][T15259] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1058.057131][T15259] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1058.144644][T15263] veth0_macvtap: entered promiscuous mode [ 1058.169005][T15263] veth1_macvtap: entered promiscuous mode [ 1058.349177][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.400748][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.411310][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.424342][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.000231][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1059.012617][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.049200][T15263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1059.065277][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1059.084446][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.095901][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1059.116558][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.128500][T15263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1059.145537][T15263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.186731][T15263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1059.342760][T15263] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.357162][T15263] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.374508][T15263] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.387773][T15263] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.486505][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1059.519168][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1059.635185][ T29] audit: type=1326 audit(1720396198.027:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15474 comm="syz.3.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa4575bd9 code=0x7fc00000 [ 1060.150809][T15395] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1060.188012][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1060.202141][T15395] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1060.251331][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1060.271298][T15395] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1060.380706][T15395] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1060.605801][ T2779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1060.606133][T15497] loop2: detected capacity change from 0 to 128 [ 1060.631249][ T2779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1060.716106][T15500] 9pnet_fd: p9_fd_create_unix (15500): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1061.129776][T15499] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1061.567202][T15497] loop2: detected capacity change from 0 to 8192 [ 1061.595607][ T3451] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1061.610924][ T3451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1061.636977][T15395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1061.659854][T15504] xt_hashlimit: overflow, try lower: 1024/72057594037927936 [ 1061.669618][T15504] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1061.723344][T15395] 8021q: adding VLAN 0 to HW filter on device team0 [ 1061.774375][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state [ 1061.781688][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1061.817003][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.824238][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1061.956203][T15508] loop1: detected capacity change from 0 to 1024 [ 1061.956927][T15395] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1061.984978][T15510] loop4: detected capacity change from 0 to 64 [ 1062.026797][T15395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1062.028290][T15508] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1062.108688][T15508] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1062.117791][T15508] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1062.141511][T15508] EXT4-fs error (device loop1): ext4_free_blocks:6590: comm syz.1.2166: Freeing blocks not in datazone - block = 0, count = 4096 [ 1062.166208][T15508] EXT4-fs (loop1): 1 orphan inode deleted [ 1062.176161][T15508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1062.273205][T15508] EXT4-fs error (device loop1): ext4_search_dir:1504: inode #2: block 16: comm syz.1.2166: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1062.695243][T13910] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1062.716780][T15531] loop4: detected capacity change from 0 to 512 [ 1062.755015][T15531] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1062.783844][T15537] loop2: detected capacity change from 0 to 4096 [ 1062.839197][T15531] EXT4-fs (loop4): 1 truncate cleaned up [ 1062.876975][T15531] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1063.055950][T15395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1063.211005][T15395] veth0_vlan: entered promiscuous mode [ 1063.259578][T15395] veth1_vlan: entered promiscuous mode [ 1063.355466][ T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1063.427455][T15553] : renamed from bond0 (while UP) [ 1063.541992][T15395] veth0_macvtap: entered promiscuous mode [ 1063.581045][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1063.586561][T15395] veth1_macvtap: entered promiscuous mode [ 1063.599320][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1063.619249][ T9] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1063.634479][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1063.669808][ T9] usb 4-1: config 0 descriptor?? [ 1063.762551][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1063.793916][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1063.827267][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1063.871534][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1063.892114][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1063.923498][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1063.950972][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1063.977728][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.010382][T15395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1064.044769][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1064.083549][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.125488][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1064.145188][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.165916][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1064.183992][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.227924][T15395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1064.242716][T15395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1064.273170][T15560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1064.280031][T15395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1064.316544][T15560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1064.348804][T15395] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.371044][ T9] hid (null): report_id 0 is invalid [ 1064.406940][T15395] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.417332][ T9] hid (null): unknown global tag 0xc [ 1064.425463][T15395] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.431678][ T9] hid-generic 0003:0158:0100.002D: unknown main item tag 0x1 [ 1064.473904][ T9] hid-generic 0003:0158:0100.002D: unexpected long global item [ 1064.489714][T15395] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.498002][ T9] hid-generic 0003:0158:0100.002D: probe with driver hid-generic failed with error -22 [ 1064.627385][ T9] usb 4-1: USB disconnect, device number 28 [ 1064.853144][ T9955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1064.873258][ T9955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1064.980286][ T3451] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.010725][ T3451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.025949][T15552] loop1: detected capacity change from 0 to 40427 [ 1065.087795][T15552] F2FS-fs (loop1): invalid crc value [ 1065.140981][T15552] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1065.179479][T15558] loop2: detected capacity change from 0 to 32768 [ 1065.358853][ T29] audit: type=1326 audit(1720396203.747:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15525 comm="syz.4.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf4c775bd9 code=0x7fc00000 [ 1065.408768][T15552] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1065.457708][T15531] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1065.558319][T15572] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2181'. [ 1065.607541][T15572] FAULT_INJECTION: forcing a failure. [ 1065.607541][T15572] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.654543][T15572] CPU: 0 UID: 0 PID: 15572 Comm: syz.0.2181 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 1065.664959][T15572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1065.675060][T15572] Call Trace: [ 1065.678378][T15572] [ 1065.681339][T15572] dump_stack_lvl+0x241/0x360 [ 1065.686050][T15572] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1065.691451][T15572] ? __pfx__printk+0x10/0x10 [ 1065.696072][T15572] should_fail_ex+0x3b0/0x4e0 [ 1065.700770][T15572] ? dst_alloc+0x12b/0x190 [ 1065.705211][T15572] should_failslab+0x9/0x20 [ 1065.709732][T15572] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1065.715222][T15572] dst_alloc+0x12b/0x190 [ 1065.719487][T15572] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 1065.725684][T15572] ip_route_output_key_hash+0x193/0x2b0 [ 1065.731369][T15572] ? ip_route_output_key_hash+0xdf/0x2b0 [ 1065.737130][T15572] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1065.743239][T15572] ? format_decode+0x6bc/0x1bb0 [ 1065.748202][T15572] ? ip_cmsg_send+0x9cd/0xa80 [ 1065.752939][T15572] ip_route_output_flow+0x29/0x140 [ 1065.758102][T15572] udp_sendmsg+0x174a/0x2a60 [ 1065.762750][T15572] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 1065.768325][T15572] ? __pfx_udp_sendmsg+0x10/0x10 [ 1065.773481][T15572] ? __lock_acquire+0x1359/0x2000 [ 1065.778630][T15572] udpv6_sendmsg+0x1383/0x3270 [ 1065.783505][T15572] ? release_sock+0x30/0x1f0 [ 1065.788133][T15572] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 1065.793355][T15572] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1065.799828][T15572] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1065.805768][T15572] ? inet_send_prepare+0x1b7/0x260 [ 1065.810931][T15572] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1065.816159][T15572] ? inet_send_prepare+0x1b7/0x260 [ 1065.821300][T15572] __sock_sendmsg+0xef/0x270 [ 1065.825914][T15572] ____sys_sendmsg+0x525/0x7d0 [ 1065.830705][T15572] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1065.836025][T15572] __sys_sendmmsg+0x3b2/0x740 [ 1065.840741][T15572] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1065.846009][T15572] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1065.851927][T15572] ? ksys_write+0x23e/0x2c0 [ 1065.856454][T15572] ? __pfx_lock_release+0x10/0x10 [ 1065.861505][T15572] ? vfs_write+0x7c4/0xc90 [ 1065.866030][T15572] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1065.871680][T15572] ? __pfx_vfs_write+0x10/0x10 [ 1065.876510][T15572] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1065.882603][T15572] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1065.889102][T15572] ? do_syscall_64+0x100/0x230 [ 1065.893903][T15572] __x64_sys_sendmmsg+0xa0/0xb0 [ 1065.898808][T15572] do_syscall_64+0xf3/0x230 [ 1065.903333][T15572] ? clear_bhb_loop+0x35/0x90 [ 1065.908044][T15572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.914041][T15572] RIP: 0033:0x7f20c2d75bd9 [ 1065.918669][T15572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1065.938650][T15572] RSP: 002b:00007f20c3a9c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1065.947265][T15572] RAX: ffffffffffffffda RBX: 00007f20c2f03f60 RCX: 00007f20c2d75bd9 [ 1065.955259][T15572] RDX: 0000000000000001 RSI: 00000000200017c0 RDI: 0000000000000003 [ 1065.963422][T15572] RBP: 00007f20c3a9c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1065.971679][T15572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1065.979799][T15572] R13: 000000000000000b R14: 00007f20c2f03f60 R15: 00007ffd99456ec8 [ 1065.987821][T15572] [ 1066.056933][T13910] syz-executor: attempt to access beyond end of device [ 1066.056933][T13910] loop1: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 1066.087459][T13910] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1066.106454][T13910] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1066.130569][T13910] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1066.440982][T11460] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1066.739010][T11460] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1066.790471][T11460] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.812021][T11460] usb 5-1: Product: syz [ 1066.817476][T11460] usb 5-1: Manufacturer: syz [ 1066.831168][T11460] usb 5-1: SerialNumber: syz [ 1066.851556][T11460] usb 5-1: config 0 descriptor?? [ 1066.864531][T11460] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 037 [ 1066.882656][T15583] loop2: detected capacity change from 0 to 128 [ 1067.133776][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.151209][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.158975][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.175626][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.201416][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.219410][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.250244][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.270895][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.278779][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.317540][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.347925][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.370035][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.385166][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.401056][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.421654][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.429974][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.438281][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.446141][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.454167][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.494908][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.526369][ T29] audit: type=1326 audit(1720396205.907:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15577 comm="syz.4.2185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf4c775bd9 code=0x0 [ 1067.567027][T15587] syzkaller0: entered promiscuous mode [ 1067.579198][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.596736][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.608939][T15587] syzkaller0: entered allmulticast mode [ 1067.609263][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.646413][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.664824][T15600] loop1: detected capacity change from 0 to 64 [ 1067.665906][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.740184][T15567] loop3: detected capacity change from 0 to 32768 [ 1067.934420][T15600] hfs: request for non-existent node 293 in B*Tree [ 1067.937413][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.948923][T15600] hfs: request for non-existent node 293 in B*Tree [ 1067.950961][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1067.959051][T15600] hfs: get root inode failed [ 1067.968941][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.022865][T15587] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1068.105027][T15567] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1068.143565][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.206388][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.352557][T15567] XFS (loop3): Ending clean mount [ 1068.382642][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.391073][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.407643][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.418584][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.490497][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.555223][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.636436][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.733277][T15585] loop2: detected capacity change from 0 to 32768 [ 1068.760644][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.797388][T15567] XFS (loop3): Quotacheck needed: Please wait. [ 1068.824899][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.896675][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.940263][T11460] (null): failure setting delay to 10us [ 1068.969192][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1068.984611][T11460] i2c-tiny-usb 5-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 1069.020905][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1069.028746][ T8] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 1069.053994][T15567] XFS (loop3): Quotacheck: Done. [ 1069.094562][ T8] hid-generic 0000:0000:0000.002E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1069.155062][T15071] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1069.420844][ T8] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1069.620505][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1069.653690][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1069.686894][T10017] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1069.702574][ T8] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1069.746920][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.772834][ T8] usb 2-1: config 0 descriptor?? [ 1069.881578][T10017] usb 3-1: Using ep0 maxpacket: 16 [ 1069.894780][T10017] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97 [ 1069.904844][T10017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.916012][T10017] usb 3-1: config 0 descriptor?? [ 1069.925373][T10017] gspca_main: sq905c-2.14.0 probing 2770:9050 [ 1070.198593][ T9] usb 5-1: USB disconnect, device number 37 [ 1070.265910][T15611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1070.301636][T15611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1070.313824][ T8] hid (null): report_id 0 is invalid [ 1070.334020][ T8] hid (null): unknown global tag 0xc [ 1070.347952][ T8] hid-generic 0003:0158:0100.002F: unknown main item tag 0x1 [ 1070.364136][ T8] hid-generic 0003:0158:0100.002F: unexpected long global item [ 1070.433980][ T8] hid-generic 0003:0158:0100.002F: probe with driver hid-generic failed with error -22 [ 1070.650843][T10017] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 1070.658373][T10017] sq905c 3-1:0.0: Reading version command failed [ 1070.668747][T10017] sq905c 3-1:0.0: probe with driver sq905c failed with error -110 [ 1070.805156][ T9] usb 2-1: USB disconnect, device number 56 [ 1070.954960][T15625] loop4: detected capacity change from 0 to 512 [ 1070.994636][T15625] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1071.019591][T15630] loop3: detected capacity change from 0 to 128 [ 1071.161135][T15625] EXT4-fs (loop4): 1 truncate cleaned up [ 1071.190777][T15625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1071.286679][T15625] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1071.701100][T15635] loop1: detected capacity change from 0 to 128 [ 1071.726459][T15635] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1071.763557][T15635] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1073.054306][T13910] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1073.312849][ T29] audit: type=1326 audit(1720396211.707:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15618 comm="syz.4.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf4c775bd9 code=0x7fc00000 [ 1073.365162][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2196'. [ 1073.402093][ C1] DEBUG: holding rtnl_mutex for 519 jiffies. [ 1073.408249][ C1] task:syz.0.2188 state:R running task stack:24672 pid:15586 tgid:15586 ppid:15395 flags:0x0000400e [ 1073.420197][ C1] Call Trace: [ 1073.423562][ C1] [ 1073.426470][ C1] sched_show_task+0x506/0x6d0 [ 1073.431664][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 1073.437013][ C1] ? __pfx__printk+0x10/0x10 [ 1073.441836][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 1073.447171][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1073.453148][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1073.459532][ C1] report_rtnl_holders+0x320/0x3f0 [ 1073.464767][ C1] call_timer_fn+0x18e/0x650 [ 1073.469382][ C1] ? call_timer_fn+0xc0/0x650 [ 1073.474143][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 1073.479841][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 1073.485115][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 1073.490823][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 1073.496505][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 1073.502207][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1073.507424][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1073.512708][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 1073.518387][ C1] __run_timer_base+0x66a/0x8e0 [ 1073.523416][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 1073.528842][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1073.535247][ C1] run_timer_softirq+0xb7/0x170 [ 1073.540150][ C1] handle_softirqs+0x2c4/0x970 [ 1073.545037][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 1073.549896][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1073.555294][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 1073.560588][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 1073.565216][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1073.570509][ C1] irq_exit_rcu+0x9/0x30 [ 1073.574809][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1073.580620][ C1] [ 1073.583689][ C1] [ 1073.586762][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1073.592807][ C1] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 1073.598730][ C1] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 15 24 c8 f5 e8 10 c3 00 f6 fb bf 01 00 00 00 55 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 45 de 5f f6 48 [ 1073.618632][ C1] RSP: 0018:ffffc900031bf6a0 EFLAGS: 00000286 [ 1073.624773][ C1] RAX: e112d727c58ef400 RBX: 1ffff92000637edc RCX: ffffffff816fddda [ 1073.632794][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcac900 RDI: 0000000000000001 [ 1073.640815][ C1] RBP: ffffc900031bf760 R08: ffffffff9301078f R09: 1ffffffff26020f1 [ 1073.648887][ C1] R10: dffffc0000000000 R11: fffffbfff26020f2 R12: 1ffff92000637ed4 [ 1073.656922][ C1] R13: 1ffff92000637ed8 R14: ffffc900031bf6c0 R15: dffffc0000000000 [ 1073.665173][ C1] ? mark_lock+0x9a/0x360 [ 1073.669554][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 1073.675836][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 1073.681470][ C1] irqentry_exit+0x5e/0x90 [ 1073.685922][ C1] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1073.691472][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 1073.697688][ C1] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 1073.717396][ C1] RSP: 0018:ffffc900031bf820 EFLAGS: 00000246 [ 1073.723594][ C1] RAX: dffffc0000000000 RBX: 1ffff92000637f0c RCX: ffffffff947f4803 [ 1073.731753][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 1073.739756][ C1] RBP: ffffc900031bf8f8 R08: ffffffff930072b7 R09: 1ffffffff2600e56 [ 1073.747795][ C1] R10: dffffc0000000000 R11: fffffbfff2600e57 R12: ffffc900031bf860 [ 1073.755821][ C1] R13: 1ffff92000637f08 R14: 0000000000000000 R15: 0000000000000a02 [ 1073.763954][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 1073.769872][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1073.775163][ C1] ? __qdisc_destroy+0x150/0x410 [ 1073.780124][ C1] ? kfree+0x149/0x360 [ 1073.784355][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 1073.789929][ C1] __qdisc_destroy+0x165/0x410 [ 1073.794786][ C1] dev_shutdown+0x9b/0x440 [ 1073.799220][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 1073.805632][ C1] ? mark_lock+0x9a/0x360 [ 1073.809994][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1073.816828][ C1] ? irqentry_exit+0x63/0x90 [ 1073.821506][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1073.826773][ C1] ? queue_delayed_work_on+0x237/0x390 [ 1073.832312][ C1] ? queue_delayed_work_on+0x267/0x390 [ 1073.837834][ C1] ? queue_delayed_work_on+0x271/0x390 [ 1073.843423][ C1] unregister_netdevice_queue+0x303/0x370 [ 1073.849189][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1073.855498][ C1] __tun_detach+0x6b6/0x1600 [ 1073.860217][ C1] tun_chr_close+0x108/0x1b0 [ 1073.864890][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 1073.870022][ C1] __fput+0x24a/0x8a0 [ 1073.874123][ C1] task_work_run+0x24f/0x310 [ 1073.878735][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1073.883933][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1073.889725][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 1073.895541][ C1] do_syscall_64+0x100/0x230 [ 1073.900163][ C1] ? clear_bhb_loop+0x35/0x90 [ 1073.904912][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.910853][ C1] RIP: 0033:0x7f20c2d75bd9 [ 1073.915282][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1073.934950][ C1] RSP: 002b:00007ffd99456fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1073.943421][ C1] RAX: 0000000000000000 RBX: 00007f20c2f05a60 RCX: 00007f20c2d75bd9 [ 1073.951471][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1073.959549][ C1] RBP: 00007f20c2f05a60 R08: 0000000000000006 R09: 0000001e994572df [ 1073.967844][ C1] R10: 00000000003ffbdc R11: 0000000000000246 R12: 0000000000104c79 [ 1073.976003][ C1] R13: 0000000000000032 R14: 00007f20c2f05a60 R15: 00007ffd99457090 [ 1073.984073][ C1] [ 1073.987220][ C1] DEBUG: waiting rtnl_mutex for 562 jiffies. [ 1073.993321][ C1] task:kworker/0:5 state:D stack:21136 pid:14144 tgid:14144 ppid:2 flags:0x00004000 [ 1074.003578][ C1] Workqueue: events linkwatch_event [ 1074.008849][ C1] Call Trace: [ 1074.012225][ C1] [ 1074.015205][ C1] __schedule+0x1800/0x4a60 [ 1074.019757][ C1] ? __pfx___schedule+0x10/0x10 [ 1074.024702][ C1] ? __pfx_lock_release+0x10/0x10 [ 1074.029798][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 1074.035442][ C1] ? schedule+0x90/0x320 [ 1074.039885][ C1] schedule+0x14b/0x320 [ 1074.044099][ C1] schedule_preempt_disabled+0x13/0x30 [ 1074.050120][ C1] __mutex_lock+0x6a4/0xd70 [ 1074.054773][ C1] ? __mutex_lock+0x527/0xd70 [ 1074.059488][ C1] ? linkwatch_event+0xe/0x60 [ 1074.064219][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 1074.069269][ C1] ? get_rtnl_holder+0x144/0x190 [ 1074.074263][ C1] ? process_scheduled_works+0x945/0x1830 [ 1074.080004][ C1] linkwatch_event+0xe/0x60 [ 1074.084558][ C1] process_scheduled_works+0xa2c/0x1830 [ 1074.090142][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1074.096191][ C1] ? assign_work+0x364/0x3d0 [ 1074.100833][ C1] worker_thread+0x86d/0xd40 [ 1074.105467][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1074.111416][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1074.116478][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1074.121682][ C1] kthread+0x2f0/0x390 [ 1074.125784][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1074.131001][ C1] ? __pfx_kthread+0x10/0x10 [ 1074.135750][ C1] ret_from_fork+0x4b/0x80 [ 1074.140217][ C1] ? __pfx_kthread+0x10/0x10 [ 1074.144937][ C1] ret_from_fork_asm+0x1a/0x30 [ 1074.149856][ C1] [ 1074.152916][ C1] [ 1074.152916][ C1] Showing all locks held in the system: [ 1074.160710][ C1] 1 lock held by jbd2/sda1-8/4510: [ 1074.166114][ C1] #0: ffff88802f9a43e8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_commit_transaction+0x434/0x67a0 [ 1074.178541][ C1] 2 locks held by getty/4848: [ 1074.183278][ C1] #0: ffff88802ac9a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1074.193216][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 1074.203401][ C1] 3 locks held by kworker/0:5/14144: [ 1074.208693][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1074.219756][ C1] #1: ffffc90004317d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1074.230822][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1074.239887][ C1] 3 locks held by syz.0.2188/15586: [ 1074.245134][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1074.254216][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 1074.264405][ C1] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1074.274317][ C1] 3 locks held by syz.2.2191/15620: [ 1074.279518][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1074.288043][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1074.297105][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tipc_nl_net_set+0x17/0x40 [ 1074.306397][ C1] 2 locks held by syz.4.2192/15621: [ 1074.311824][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1074.320043][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1074.329170][ C1] 2 locks held by syz.3.2193/15630: [ 1074.334601][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1074.343057][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1074.352178][ C1] 2 locks held by syz.1.2196/15641: [ 1074.357400][ C1] #0: ffff88807eacb678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 1074.367883][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210 [ 1074.376970][ C1] [ 1074.379316][ C1] ============================================= [ 1074.379316][ C1] [ 1075.400888][ C1] DEBUG: holding rtnl_mutex for 719 jiffies. [ 1075.406956][ C1] task:syz.0.2188 state:D stack:24672 pid:15586 tgid:15586 ppid:15395 flags:0x00004006 [ 1075.417230][ C1] Call Trace: [ 1075.420615][ C1] [ 1075.423637][ C1] __schedule+0x1800/0x4a60 [ 1075.428305][ C1] ? __pfx___schedule+0x10/0x10 [ 1075.433251][ C1] ? __pfx_lock_release+0x10/0x10 [ 1075.438332][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1075.444286][ C1] ? schedule+0x90/0x320 [ 1075.448813][ C1] schedule+0x14b/0x320 [ 1075.453033][ C1] synchronize_rcu_expedited+0x684/0x830 [ 1075.458819][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 1075.465185][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1075.470563][ C1] ? __pfx___might_resched+0x10/0x10 [ 1075.475881][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1075.481908][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1075.488094][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1075.494625][ C1] synchronize_rcu+0x11b/0x360 [ 1075.499592][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 1075.505005][ C1] lockdep_unregister_key+0x556/0x610 [ 1075.510474][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 1075.516462][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1075.521755][ C1] ? __qdisc_destroy+0x150/0x410 [ 1075.526700][ C1] ? kfree+0x149/0x360 [ 1075.530921][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 1075.536498][ C1] __qdisc_destroy+0x165/0x410 [ 1075.541367][ C1] dev_shutdown+0x9b/0x440 [ 1075.545819][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 1075.552203][ C1] ? mark_lock+0x9a/0x360 [ 1075.556576][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1075.563422][ C1] ? irqentry_exit+0x63/0x90 [ 1075.568082][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1075.573371][ C1] ? queue_delayed_work_on+0x237/0x390 [ 1075.578862][ C1] ? queue_delayed_work_on+0x267/0x390 [ 1075.584405][ C1] ? queue_delayed_work_on+0x271/0x390 [ 1075.589923][ C1] unregister_netdevice_queue+0x303/0x370 [ 1075.595794][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1075.602097][ C1] __tun_detach+0x6b6/0x1600 [ 1075.606789][ C1] tun_chr_close+0x108/0x1b0 [ 1075.611453][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 1075.616622][ C1] __fput+0x24a/0x8a0 [ 1075.620708][ C1] task_work_run+0x24f/0x310 [ 1075.625426][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1075.630622][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1075.636402][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 1075.642872][ C1] do_syscall_64+0x100/0x230 [ 1075.647475][ C1] ? clear_bhb_loop+0x35/0x90 [ 1075.652245][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.658172][ C1] RIP: 0033:0x7f20c2d75bd9 [ 1075.662624][ C1] RSP: 002b:00007ffd99456fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1075.671121][ C1] RAX: 0000000000000000 RBX: 00007f20c2f05a60 RCX: 00007f20c2d75bd9 [ 1075.679213][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1075.687426][ C1] RBP: 00007f20c2f05a60 R08: 0000000000000006 R09: 0000001e994572df [ 1075.695473][ C1] R10: 00000000003ffbdc R11: 0000000000000246 R12: 0000000000104c79 [ 1075.703516][ C1] R13: 0000000000000032 R14: 00007f20c2f05a60 R15: 00007ffd99457090 [ 1075.711594][ C1] [ 1075.714625][ C1] DEBUG: waiting rtnl_mutex for 735 jiffies. [ 1075.720740][ C1] task:kworker/0:5 state:D stack:21136 pid:14144 tgid:14144 ppid:2 flags:0x00004000 [ 1075.731088][ C1] Workqueue: events linkwatch_event [ 1075.736355][ C1] Call Trace: [ 1075.739734][ C1] [ 1075.742763][ C1] __schedule+0x1800/0x4a60 [ 1075.747338][ C1] ? __pfx___schedule+0x10/0x10 [ 1075.752363][ C1] ? __pfx_lock_release+0x10/0x10 [ 1075.757478][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 1075.763029][ C1] ? schedule+0x90/0x320 [ 1075.767325][ C1] schedule+0x14b/0x320 [ 1075.771677][ C1] schedule_preempt_disabled+0x13/0x30 [ 1075.777216][ C1] __mutex_lock+0x6a4/0xd70 [ 1075.781813][ C1] ? __mutex_lock+0x527/0xd70 [ 1075.786612][ C1] ? linkwatch_event+0xe/0x60 [ 1075.791363][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 1075.796435][ C1] ? get_rtnl_holder+0x144/0x190 [ 1075.801565][ C1] ? process_scheduled_works+0x945/0x1830 [ 1075.807422][ C1] linkwatch_event+0xe/0x60 [ 1075.812158][ C1] process_scheduled_works+0xa2c/0x1830 [ 1075.817769][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1075.823837][ C1] ? assign_work+0x364/0x3d0 [ 1075.828577][ C1] worker_thread+0x86d/0xd40 [ 1075.833336][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1075.839269][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1075.844398][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1075.849735][ C1] kthread+0x2f0/0x390 [ 1075.853907][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1075.859081][ C1] ? __pfx_kthread+0x10/0x10 [ 1075.863772][ C1] ret_from_fork+0x4b/0x80 [ 1075.868232][ C1] ? __pfx_kthread+0x10/0x10 [ 1075.873110][ C1] ret_from_fork_asm+0x1a/0x30 [ 1075.878045][ C1] [ 1075.881142][ C1] DEBUG: waiting rtnl_mutex for 543 jiffies. [ 1075.887151][ C1] task:syz.2.2191 state:D stack:25984 pid:15620 tgid:15612 ppid:15259 flags:0x00004004 [ 1075.897457][ C1] Call Trace: [ 1075.900792][ C1] [ 1075.903747][ C1] __schedule+0x1800/0x4a60 [ 1075.908303][ C1] ? __pfx___schedule+0x10/0x10 [ 1075.913231][ C1] ? __pfx_lock_release+0x10/0x10 [ 1075.918293][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 1075.923800][ C1] ? schedule+0x90/0x320 [ 1075.928067][ C1] schedule+0x14b/0x320 [ 1075.932313][ C1] schedule_preempt_disabled+0x13/0x30 [ 1075.937905][ C1] __mutex_lock+0x6a4/0xd70 [ 1075.942664][ C1] ? __mutex_lock+0x527/0xd70 [ 1075.947381][ C1] ? tipc_nl_net_set+0x17/0x40 [ 1075.952194][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 1075.957240][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1075.963593][ C1] ? __nla_parse+0x40/0x60 [ 1075.968062][ C1] ? get_rtnl_holder+0x144/0x190 [ 1075.973293][ C1] tipc_nl_net_set+0x17/0x40 [ 1075.977953][ C1] genl_rcv_msg+0xb14/0xec0 [ 1075.982585][ C1] ? mark_lock+0x9a/0x360 [ 1075.986968][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1075.992188][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1075.997518][ C1] ? __pfx_tipc_nl_net_set+0x10/0x10 [ 1076.002878][ C1] ? __pfx___might_resched+0x10/0x10 [ 1076.008208][ C1] netlink_rcv_skb+0x1e3/0x430 [ 1076.013048][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1076.018170][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1076.023606][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 1076.029084][ C1] genl_rcv+0x28/0x40 [ 1076.033124][ C1] netlink_unicast+0x7f0/0x990 [ 1076.037946][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 1076.043464][ C1] ? __virt_addr_valid+0x183/0x530 [ 1076.048596][ C1] ? __check_object_size+0x49c/0x900 [ 1076.053926][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 1076.059056][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 1076.063978][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1076.069406][ C1] ? __import_iovec+0x536/0x820 [ 1076.074508][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 1076.079494][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1076.085162][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 1076.090687][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1076.096102][ C1] __sock_sendmsg+0x221/0x270 [ 1076.100873][ C1] ____sys_sendmsg+0x525/0x7d0 [ 1076.105697][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1076.111090][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 1076.115825][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 1076.121022][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1076.127076][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1076.133488][ C1] ? do_syscall_64+0x100/0x230 [ 1076.138300][ C1] ? do_syscall_64+0xb6/0x230 [ 1076.143233][ C1] do_syscall_64+0xf3/0x230 [ 1076.147843][ C1] ? clear_bhb_loop+0x35/0x90 [ 1076.152589][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.158533][ C1] RIP: 0033:0x7f664fb75bd9 [ 1076.163014][ C1] RSP: 002b:00007f66508bc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1076.171519][ C1] RAX: ffffffffffffffda RBX: 00007f664fd04038 RCX: 00007f664fb75bd9 [ 1076.179557][ C1] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000006 [ 1076.187603][ C1] RBP: 00007f664fbe4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 1076.195661][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1076.203707][ C1] R13: 000000000000006e R14: 00007f664fd04038 R15: 00007ffd547e2118 [ 1076.211772][ C1] [ 1076.214813][ C1] [ 1076.214813][ C1] Showing all locks held in the system: [ 1076.222615][ C1] 2 locks held by kworker/u8:7/2779: [ 1076.228024][ C1] #0: ffff8880b943ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 1076.238046][ C1] #1: ffffc900096d7d00 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1076.250982][ C1] 2 locks held by getty/4848: [ 1076.255689][ C1] #0: ffff88802ac9a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1076.265571][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 1076.275783][ C1] 3 locks held by kworker/0:5/14144: [ 1076.281126][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1076.292197][ C1] #1: ffffc90004317d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1076.303226][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1076.312284][ C1] 2 locks held by syz.0.2188/15586: [ 1076.317600][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1076.326732][ C1] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 1076.337698][ C1] 3 locks held by syz.2.2191/15620: [ 1076.342955][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1076.351372][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1076.360500][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tipc_nl_net_set+0x17/0x40 [ 1076.370182][ C1] 2 locks held by syz.4.2192/15621: [ 1076.375471][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1076.383787][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1076.392889][ C1] 2 locks held by syz.3.2193/15630: [ 1076.398121][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1076.406431][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 1076.415689][ C1] 2 locks held by syz.1.2196/15641: [ 1076.420963][ C1] #0: ffff88807eacb678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 1076.431472][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210 [ 1076.440595][ C1] [ 1076.442951][ C1] ============================================= [ 1076.442951][ C1] [ 1077.032667][T15620] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2191'. [ 1077.041862][T15620] tipc: Started in network mode [ 1077.046732][T15620] tipc: Node identity , cluster identity 8 [ 1077.052951][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2196'. [ 1077.150845][T14122] usb 3-1: USB disconnect, device number 31 [ 1077.304545][T15645] FAULT_INJECTION: forcing a failure. [ 1077.304545][T15645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1077.318798][T15645] CPU: 1 UID: 0 PID: 15645 Comm: syz.1.2199 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 1077.329097][T15645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1077.339201][T15645] Call Trace: [ 1077.342514][T15645] [ 1077.345452][T15645] dump_stack_lvl+0x241/0x360 [ 1077.350176][T15645] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1077.355397][T15645] ? __pfx__printk+0x10/0x10 [ 1077.360017][T15645] ? shmem_get_folio_gfp+0x1cc3/0x2660 [ 1077.365505][T15645] should_fail_ex+0x3b0/0x4e0 [ 1077.370349][T15645] copy_page_from_iter_atomic+0x24f/0x1aa0 [ 1077.376194][T15645] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1077.381856][T15645] ? fault_in_readable+0x1a6/0x2b0 [ 1077.387083][T15645] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 1077.393357][T15645] ? shmem_write_begin+0x23f/0x4d0 [ 1077.398483][T15645] ? __pfx_shmem_write_begin+0x10/0x10 [ 1077.403980][T15645] generic_perform_write+0x4a1/0x840 [ 1077.409347][T15645] ? __pfx_generic_perform_write+0x10/0x10 [ 1077.415258][T15645] ? __pfx_generic_write_checks+0x10/0x10 [ 1077.421019][T15645] ? rcu_read_lock_any_held+0xb7/0x160 [ 1077.426522][T15645] ? file_update_time+0x2a6/0x430 [ 1077.431590][T15645] shmem_file_write_iter+0xfc/0x120 [ 1077.437153][T15645] vfs_write+0xa72/0xc90 [ 1077.441431][T15645] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1077.447252][T15645] ? __pfx_vfs_write+0x10/0x10 [ 1077.452041][T15645] ksys_write+0x1a0/0x2c0 [ 1077.456385][T15645] ? __pfx_ksys_write+0x10/0x10 [ 1077.461244][T15645] ? exc_page_fault+0x590/0x8c0 [ 1077.466114][T15645] ? do_syscall_64+0xb6/0x230 [ 1077.470805][T15645] do_syscall_64+0xf3/0x230 [ 1077.475316][T15645] ? clear_bhb_loop+0x35/0x90 [ 1077.480007][T15645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.485914][T15645] RIP: 0033:0x7f163697475f [ 1077.490339][T15645] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 1077.509955][T15645] RSP: 002b:00007f16377bfe00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1077.518413][T15645] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f163697475f [ 1077.526421][T15645] RDX: 0000000000010000 RSI: 00007f162c600000 RDI: 0000000000000004 [ 1077.534404][T15645] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000002f0 [ 1077.542471][T15645] R10: 00000000000001d4 R11: 0000000000000293 R12: 0000000000000004 [ 1077.550449][T15645] R13: 00007f16377bff00 R14: 00007f16377bfec0 R15: 00007f162c600000 [ 1077.558540][T15645] [ 1077.614653][T15645] loop1: detected capacity change from 0 to 128 [ 1077.628498][T15645] FAT-fs (loop1): bogus logical sector size 12 [ 1077.637287][T15645] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1079.105514][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1079.118477][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1079.131891][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1079.141890][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1079.159443][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1079.167396][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1079.499938][T15672] syzkaller0: entered promiscuous mode [ 1079.509446][T15672] syzkaller0: entered allmulticast mode [ 1079.672905][ T4470] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.760202][ T2779] nci: nci_rsp_packet: unsupported rsp opcode 0xf06 [ 1079.805693][T15682] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1080.101103][ T4470] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1081.330710][ T5110] Bluetooth: hci0: command tx timeout [ 1082.141406][T15700] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1083.408144][ T5110] Bluetooth: hci0: command tx timeout [ 1085.480740][ T5110] Bluetooth: hci0: command tx timeout [ 1085.534371][ T4470] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.846727][ T4470] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.496198][ T4470] bridge_slave_1: left allmulticast mode [ 1086.516773][ T4470] bridge_slave_1: left promiscuous mode [ 1086.530141][ T4470] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.576282][ T4470] bridge_slave_0: left allmulticast mode [ 1086.588478][ T4470] bridge_slave_0: left promiscuous mode [ 1086.610332][ T4470] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.571253][ T5110] Bluetooth: hci0: command tx timeout [ 1088.065106][ T4470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1088.078991][ T4470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1088.092679][ T4470] bond0 (unregistering): Released all slaves [ 1088.126061][T15669] chnl_net:caif_netlink_parms(): no params data found [ 1088.587667][T15669] bridge0: port 1(bridge_slave_0) entered blocking state [ 1088.607432][T15669] bridge0: port 1(bridge_slave_0) entered disabled state [ 1088.616552][T15669] bridge_slave_0: entered allmulticast mode [ 1088.628964][T15669] bridge_slave_0: entered promiscuous mode [ 1088.691854][T15669] bridge0: port 2(bridge_slave_1) entered blocking state [ 1088.730630][T15669] bridge0: port 2(bridge_slave_1) entered disabled state [ 1088.738125][T15669] bridge_slave_1: entered allmulticast mode [ 1088.772735][T15669] bridge_slave_1: entered promiscuous mode [ 1088.908235][T15669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1089.005413][ T4470] hsr_slave_0: left promiscuous mode [ 1089.039495][ T4470] hsr_slave_1: left promiscuous mode [ 1089.058191][ T4470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1089.073015][ T4470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1089.111576][ T4470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1089.127327][ T4470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1089.204087][ T4470] veth1_macvtap: left promiscuous mode [ 1089.228508][ T4470] veth0_macvtap: left promiscuous mode [ 1089.252247][ T4470] veth1_vlan: left promiscuous mode [ 1089.260807][ T4470] veth0_vlan: left promiscuous mode [ 1091.395252][ T4470] team0 (unregistering): Port device team_slave_1 removed [ 1091.548909][ T4470] team0 (unregistering): Port device team_slave_0 removed [ 1092.543568][T15957] sctp: [Deprecated]: syz.4.2329 (pid 15957) Use of int in max_burst socket option. [ 1092.543568][T15957] Use struct sctp_assoc_value instead [ 1093.794449][T15669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1094.007077][T15669] team0: Port device team_slave_0 added [ 1094.062596][T15669] team0: Port device team_slave_1 added [ 1094.232100][T15669] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1094.241578][T15669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1094.292777][T15669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1094.352500][T15669] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1094.359584][T15669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1094.464547][T15669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1094.659961][T15669] hsr_slave_0: entered promiscuous mode [ 1094.691003][T15669] hsr_slave_1: entered promiscuous mode [ 1094.703998][T15669] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1094.724859][T15669] Cannot create hsr debugfs directory [ 1094.882691][ T8] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1095.097563][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 1095.108180][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1095.145259][ T8] usb 5-1: New USB device found, idVendor=046d, idProduct=c26e, bcdDevice= 0.40 [ 1095.160548][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.168619][ T8] usb 5-1: Product: syz [ 1095.199856][ T8] usb 5-1: Manufacturer: syz [ 1095.211567][ T8] usb 5-1: SerialNumber: syz [ 1095.237141][ T8] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 1095.444339][T14122] usb 5-1: USB disconnect, device number 38 [ 1095.694928][T15669] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1095.714584][T15669] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1095.744786][T15669] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1095.765971][T15669] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1095.987420][T15669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1096.038539][T15669] 8021q: adding VLAN 0 to HW filter on device team0 [ 1096.086737][T14122] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.094014][T14122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1096.155337][T14122] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.162793][T14122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1096.797754][T15669] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1096.916041][T15669] veth0_vlan: entered promiscuous mode [ 1096.955757][T15669] veth1_vlan: entered promiscuous mode [ 1097.033260][T15669] veth0_macvtap: entered promiscuous mode [ 1097.068639][T15669] veth1_macvtap: entered promiscuous mode [ 1097.129550][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.156288][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.176291][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.189330][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.230958][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.251667][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.273896][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.295039][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.322605][T15669] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1097.380024][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1097.420491][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.448171][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1097.469414][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.503961][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1097.536080][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.561482][T15669] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1097.592072][T15669] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.612968][T15669] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1097.658841][T15669] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.688842][T15669] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.704063][T15669] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1097.719917][T15669] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.085566][ T2779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1098.102900][ T2779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1098.163851][ T4470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1098.179771][ T4470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1098.642691][ T9] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1098.833446][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 1098.881896][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 1098.917037][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1098.942475][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1098.958940][ T9] usb 1-1: config 0 descriptor?? [ 1098.965745][T16139] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1100.043030][ T9] ath6kl: Failed to submit usb control message: -110 [ 1100.055289][ T9] ath6kl: unable to send the bmi data to the device: -110 [ 1100.063644][ T9] ath6kl: Unable to send get target info: -110 [ 1100.092526][ T9] ath6kl: Failed to init ath6kl core: -110 [ 1100.104452][ T9] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1100.369476][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 1100.989437][T16247] xt_limit: Overflow, try lower: 0/0 [ 1101.475255][ T9] usb 1-1: USB disconnect, device number 46 [ 1107.297016][T12892] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1107.311905][T12892] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1107.331361][T12892] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1107.341915][T12892] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1107.354642][T12892] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1107.367255][T12892] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1108.143310][ T3451] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.318936][ T3451] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.386140][T16489] chnl_net:caif_netlink_parms(): no params data found [ 1108.561914][ T3451] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.727068][ T3451] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.355783][T16489] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.410688][T16489] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.418042][T16489] bridge_slave_0: entered allmulticast mode [ 1109.447483][T16489] bridge_slave_0: entered promiscuous mode [ 1109.480913][ T5110] Bluetooth: hci3: command tx timeout [ 1109.503729][T16489] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.527715][T16489] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.579410][T16544] serio: Serial port pts0 [ 1109.579571][T16489] bridge_slave_1: entered allmulticast mode [ 1109.610739][T16489] bridge_slave_1: entered promiscuous mode [ 1109.766763][ T3451] bridge_slave_1: left allmulticast mode [ 1109.780951][ T3451] bridge_slave_1: left promiscuous mode [ 1109.802064][ T3451] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.854039][ T3451] bridge_slave_0: left allmulticast mode [ 1109.859856][ T3451] bridge_slave_0: left promiscuous mode [ 1109.910743][ T3451] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.296514][T16590] serio: Serial port pts0 [ 1111.564153][ T5110] Bluetooth: hci3: command tx timeout [ 1111.847972][ T35] nci: nci_rsp_packet: unsupported rsp opcode 0xf06 [ 1111.892860][T16619] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1112.081831][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1112.156811][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1112.246589][ T3451] bond0 (unregistering): Released all slaves [ 1112.317970][T16489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1112.453196][T16489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1112.787010][T16489] team0: Port device team_slave_0 added [ 1112.835586][T16489] team0: Port device team_slave_1 added [ 1113.012629][T16489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1113.033422][T16489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1113.074593][T16489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1113.107283][ T3451] hsr_slave_0: left promiscuous mode [ 1113.117830][ T3451] hsr_slave_1: left promiscuous mode [ 1113.133352][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1113.151313][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1113.166461][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1113.187361][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1113.262280][ T3451] veth1_macvtap: left promiscuous mode [ 1113.275708][ T3451] veth0_macvtap: left promiscuous mode [ 1113.281902][ T3451] veth1_vlan: left promiscuous mode [ 1113.300725][ T3451] veth0_vlan: left promiscuous mode [ 1113.640835][ T5110] Bluetooth: hci3: command tx timeout [ 1115.174195][ T3451] team0 (unregistering): Port device team_slave_1 removed [ 1115.268944][ T3451] team0 (unregistering): Port device team_slave_0 removed [ 1115.725946][ T5110] Bluetooth: hci3: command tx timeout [ 1116.149863][T16489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1116.165065][T16489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1116.194663][T16489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1116.409857][T16489] hsr_slave_0: entered promiscuous mode [ 1116.448630][T16489] hsr_slave_1: entered promiscuous mode [ 1116.461069][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.467463][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.378343][ T5148] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1117.494256][T16489] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1117.507338][T16489] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1117.536234][T16489] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1117.570603][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 1117.579375][T16489] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1117.588443][ T5148] usb 1-1: config 0 has no interfaces? [ 1117.596677][ T5148] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1117.619997][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.654107][ T5148] usb 1-1: config 0 descriptor?? [ 1117.809507][T16489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1117.874778][T16489] 8021q: adding VLAN 0 to HW filter on device team0 [ 1117.909144][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.916441][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1117.969756][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.977095][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1118.227562][T16849] loop2: detected capacity change from 0 to 64 [ 1118.582798][T16489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1119.164504][T16489] veth0_vlan: entered promiscuous mode [ 1119.208285][T16489] veth1_vlan: entered promiscuous mode [ 1119.331095][T16489] veth0_macvtap: entered promiscuous mode [ 1119.352527][T16489] veth1_macvtap: entered promiscuous mode [ 1119.418448][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.455088][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.475510][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.488480][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.499987][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.540485][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.558407][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.585028][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.617793][T16489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1119.664592][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.696474][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.719829][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.740504][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.760496][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.783885][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.804531][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.831102][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.858285][T16489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.914952][T16489] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.942693][T16489] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.962920][T16489] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.986001][T16489] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.083579][ T5148] usb 1-1: USB disconnect, device number 47 [ 1120.251779][ T4470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.282040][ T4470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1120.396482][ T4470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.450813][ T4470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.591776][T16928] loop3: detected capacity change from 0 to 64 [ 1122.627675][T16928] hfs: request for non-existent node 293 in B*Tree [ 1122.640448][T16928] hfs: request for non-existent node 293 in B*Tree [ 1122.647110][T16928] hfs: get root inode failed [ 1123.641747][T12892] Bluetooth: hci1: command 0x0406 tx timeout [ 1123.992018][T16974] loop3: detected capacity change from 0 to 64 [ 1124.044595][T16974] hfs: request for non-existent node 293 in B*Tree [ 1124.059569][T16974] hfs: request for non-existent node 293 in B*Tree [ 1124.066536][T16974] hfs: get root inode failed [ 1126.712397][T17082] serio: Serial port pts0 [ 1131.860730][T14144] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1132.080843][T14144] usb 2-1: Using ep0 maxpacket: 32 [ 1132.148170][T14144] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1132.165398][T14144] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1132.192771][T14144] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1132.213861][T14144] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=5 [ 1132.238993][T14144] usb 2-1: Manufacturer: syz [ 1132.263660][T14144] usb 2-1: SerialNumber: syz [ 1132.540971][T14144] usb 2-1: cannot find UAC_HEADER [ 1132.582964][T14144] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1132.735649][T14144] usb 2-1: USB disconnect, device number 57 [ 1133.457044][T17372] serio: Serial port pts0 [ 1135.955431][T12892] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1135.969920][T12892] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1135.989563][T12892] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1136.004502][T12892] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1136.025464][T12892] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1136.038020][T12892] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1136.355469][ T9955] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.586604][ T9955] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.767782][ T9955] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.969784][ T9955] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.594943][T17480] chnl_net:caif_netlink_parms(): no params data found [ 1137.628104][ T9955] bridge_slave_1: left allmulticast mode [ 1137.637782][ T9955] bridge_slave_1: left promiscuous mode [ 1137.653674][ T9955] bridge0: port 2(bridge_slave_1) entered disabled state [ 1137.701676][ T9955] bridge_slave_0: left allmulticast mode [ 1137.707411][ T9955] bridge_slave_0: left promiscuous mode [ 1137.739333][ T9955] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.130912][ T5110] Bluetooth: hci3: command tx timeout [ 1138.759195][ T9955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1138.773108][ T9955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1138.786736][ T9955] bond0 (unregistering): Released all slaves [ 1139.674711][T17480] bridge0: port 1(bridge_slave_0) entered blocking state [ 1139.704172][T17480] bridge0: port 1(bridge_slave_0) entered disabled state [ 1139.722165][T17480] bridge_slave_0: entered allmulticast mode [ 1139.738133][T17480] bridge_slave_0: entered promiscuous mode [ 1139.759976][T17480] bridge0: port 2(bridge_slave_1) entered blocking state [ 1139.787594][T17480] bridge0: port 2(bridge_slave_1) entered disabled state [ 1139.801095][T17480] bridge_slave_1: entered allmulticast mode [ 1139.815570][T17480] bridge_slave_1: entered promiscuous mode [ 1139.881789][ T9955] hsr_slave_0: left promiscuous mode [ 1139.906060][ T9955] hsr_slave_1: left promiscuous mode [ 1139.938276][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1139.961853][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1139.985989][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1140.000553][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1140.050247][ T9955] veth1_macvtap: left promiscuous mode [ 1140.070690][ T9955] veth0_macvtap: left promiscuous mode [ 1140.087747][ T9955] veth1_vlan: left promiscuous mode [ 1140.093296][ T9955] veth0_vlan: left promiscuous mode [ 1140.211666][ T5110] Bluetooth: hci3: command tx timeout [ 1142.307719][ T5110] Bluetooth: hci3: command tx timeout [ 1142.449122][T17645] loop3: detected capacity change from 0 to 64 [ 1142.487132][ T9955] team0 (unregistering): Port device team_slave_1 removed [ 1142.540135][T17645] hfs: request for non-existent node 293 in B*Tree [ 1142.546967][T17645] hfs: request for non-existent node 293 in B*Tree [ 1142.553960][T17645] hfs: get root inode failed [ 1142.711550][ T9955] team0 (unregistering): Port device team_slave_0 removed [ 1143.180860][ T5148] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1143.412035][ T5148] usb 1-1: Using ep0 maxpacket: 32 [ 1143.460741][ T5148] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1143.482792][ T5148] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1143.500527][ T5148] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1143.509200][ T5148] usb 1-1: Product: syz [ 1143.527291][ T5148] usb 1-1: Manufacturer: syz [ 1143.532906][ T5148] usb 1-1: SerialNumber: syz [ 1143.562073][ T5148] usb 1-1: config 0 descriptor?? [ 1143.568047][T17655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1143.816802][ T5148] usb 1-1: USB disconnect, device number 48 [ 1144.360687][ T5110] Bluetooth: hci3: command tx timeout [ 1145.014168][T17480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1145.083751][T17480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1145.234429][T17480] team0: Port device team_slave_0 added [ 1145.264491][T17480] team0: Port device team_slave_1 added [ 1145.330847][T17480] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1145.355411][T17480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1145.439014][T17480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1145.473209][T17480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1145.480712][T17480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1145.514192][T17480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1145.657780][T17722] serio: Serial port pts0 [ 1145.663331][T17721] loop1: detected capacity change from 0 to 64 [ 1145.697106][T17721] hfs: request for non-existent node 293 in B*Tree [ 1145.703848][T17721] hfs: request for non-existent node 293 in B*Tree [ 1145.711194][T17721] hfs: get root inode failed [ 1145.752168][T17480] hsr_slave_0: entered promiscuous mode [ 1145.771801][T17480] hsr_slave_1: entered promiscuous mode [ 1146.855664][T17480] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1146.885502][T17480] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1146.912781][T17480] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1146.939873][T17480] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1147.228885][T17480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1147.319875][T17480] 8021q: adding VLAN 0 to HW filter on device team0 [ 1147.335808][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.343196][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1147.383239][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.390549][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1147.674123][T17756] loop2: detected capacity change from 0 to 64 [ 1147.863777][T17480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1148.503648][T17480] veth0_vlan: entered promiscuous mode [ 1148.545073][T17480] veth1_vlan: entered promiscuous mode [ 1148.633770][T17480] veth0_macvtap: entered promiscuous mode [ 1148.682366][T17480] veth1_macvtap: entered promiscuous mode [ 1148.754731][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.800439][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.830532][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.850539][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.890539][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.922110][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.940585][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.960611][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.992632][T17480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1149.004214][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.030776][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.042267][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.053009][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.063131][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.073918][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.089531][T17480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.100770][T17480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.145770][T17480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1149.199362][T17480] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1149.234266][T17480] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1149.243941][T12892] Bluetooth: hci4: command 0x0406 tx timeout [ 1149.254071][T17797] loop2: detected capacity change from 0 to 64 [ 1149.262849][T17480] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1149.280605][T17480] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1149.704695][ T1034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1149.737629][ T1034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1149.822804][ T3451] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1149.838033][ T3451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1153.793179][T17981] loop4: detected capacity change from 0 to 64 [ 1153.847289][T17981] hfs: request for non-existent node 293 in B*Tree [ 1153.856403][T17981] hfs: request for non-existent node 293 in B*Tree [ 1153.869508][T17981] hfs: get root inode failed [ 1154.960621][T18036] loop2: detected capacity change from 0 to 64 [ 1156.130512][ T5146] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1156.310616][ T5146] usb 4-1: device descriptor read/64, error -71 [ 1156.590655][ T5146] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1156.770928][ T5146] usb 4-1: device descriptor read/64, error -71 [ 1156.849772][T18140] fuse: Bad value for 'fd' [ 1156.894262][ T5146] usb usb4-port1: attempt power cycle [ 1157.331066][ T5146] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1157.375651][ T5146] usb 4-1: device descriptor read/8, error -71 [ 1157.671901][ T5146] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1157.713704][ T5146] usb 4-1: device descriptor read/8, error -71 [ 1157.847656][ T5146] usb usb4-port1: unable to enumerate USB device [ 1159.012323][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 1161.298818][ T29] audit: type=1326 audit(1720396299.687:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18353 comm="syz.2.3406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f664fb75bd9 code=0x0 [ 1165.749389][T10017] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1165.932658][T10017] usb 4-1: device descriptor read/64, error -71 [ 1166.232642][T10017] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1166.428559][T10017] usb 4-1: device descriptor read/64, error -71 [ 1166.565172][T10017] usb usb4-port1: attempt power cycle [ 1166.879463][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x1 [ 1166.893425][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.904225][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.912197][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.920014][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.929798][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.938853][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x4 [ 1166.946569][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1166.958280][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x2 [ 1167.002419][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.020972][T10017] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1167.030733][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.038235][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.071126][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.080805][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x4 [ 1167.081156][T10017] usb 4-1: device descriptor read/8, error -71 [ 1167.088273][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.104328][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.146489][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.170980][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.178605][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.197934][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.229374][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.237028][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.252841][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.275124][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.287949][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.301959][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.309685][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.323790][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.340516][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.354131][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.390524][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.392700][T10017] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1167.398238][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.398280][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.459083][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.471947][T10017] usb 4-1: device descriptor read/8, error -71 [ 1167.490486][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.507683][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.521330][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.536791][T14144] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 1167.570791][T14144] hid-generic 0000:0000:0000.0030: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1167.611149][T10017] usb usb4-port1: unable to enumerate USB device [ 1168.714830][T18623] 8021q: VLANs not supported on hsr0 [ 1169.175199][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 1177.890779][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.897349][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 1180.735017][T19057] serio: Serial port pts0 [ 1183.503280][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 1186.807176][T19249] syz.4.3823[19249] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1186.807370][T19249] syz.4.3823[19249] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1188.556969][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1189.094130][T19396] serio: Serial port pts0 [ 1189.750712][T19433] syzkaller0: entered promiscuous mode [ 1189.761532][T19433] syzkaller0: entered allmulticast mode [ 1195.080689][ C1] DEBUG: holding rtnl_mutex for 529 jiffies. [ 1195.086885][ C1] task:syz.4.3909 state:R running task stack:24672 pid:19431 tgid:19431 ppid:17480 flags:0x00004006 [ 1195.098777][ C1] Call Trace: [ 1195.102130][ C1] [ 1195.105121][ C1] __schedule+0x1800/0x4a60 [ 1195.109703][ C1] ? __pfx___schedule+0x10/0x10 [ 1195.114642][ C1] ? __pfx_lock_release+0x10/0x10 [ 1195.119720][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1195.125731][ C1] ? schedule+0x90/0x320 [ 1195.130052][ C1] schedule+0x14b/0x320 [ 1195.134324][ C1] synchronize_rcu_expedited+0x684/0x830 [ 1195.140111][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 1195.146370][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1195.151762][ C1] ? __pfx___might_resched+0x10/0x10 [ 1195.157107][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1195.163199][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1195.169733][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1195.176389][ C1] synchronize_rcu+0x11b/0x360 [ 1195.181346][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 1195.186779][ C1] lockdep_unregister_key+0x556/0x610 [ 1195.192344][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 1195.198328][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1195.203649][ C1] ? __qdisc_destroy+0x150/0x410 [ 1195.208662][ C1] ? kfree+0x149/0x360 [ 1195.212842][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 1195.218456][ C1] __qdisc_destroy+0x165/0x410 [ 1195.223431][ C1] dev_shutdown+0x9b/0x440 [ 1195.227922][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 1195.234404][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1195.241290][ C1] ? mark_lock+0x9a/0x360 [ 1195.245789][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1195.251950][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1195.258394][ C1] ? queue_delayed_work_on+0x1eb/0x390 [ 1195.264054][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1195.269342][ C1] unregister_netdevice_queue+0x303/0x370 [ 1195.275254][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1195.281623][ C1] __tun_detach+0x6b6/0x1600 [ 1195.286295][ C1] tun_chr_close+0x108/0x1b0 [ 1195.290983][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 1195.296150][ C1] __fput+0x24a/0x8a0 [ 1195.300220][ C1] task_work_run+0x24f/0x310 [ 1195.304922][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1195.310186][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1195.316058][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 1195.321833][ C1] do_syscall_64+0x100/0x230 [ 1195.326566][ C1] ? clear_bhb_loop+0x35/0x90 [ 1195.331359][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.337312][ C1] RIP: 0033:0x7f8bc9975bd9 [ 1195.341820][ C1] RSP: 002b:00007ffddebaee78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1195.350298][ C1] RAX: 0000000000000000 RBX: 00007f8bc9b05a60 RCX: 00007f8bc9975bd9 [ 1195.358397][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1195.366903][ C1] RBP: 00007f8bc9b05a60 R08: 00007f8bc9001000 R09: 00000008debaf1af [ 1195.375294][ C1] R10: 00000000003ffd50 R11: 0000000000000246 R12: 00000000001229c5 [ 1195.383453][ C1] R13: 0000000000000032 R14: 00007f8bc9b05a60 R15: 00007f8bc9b04038 [ 1195.391541][ C1] [ 1195.394602][ C1] DEBUG: waiting rtnl_mutex for 560 jiffies. [ 1195.400660][ C1] task:kworker/1:8 state:D stack:21328 pid:10017 tgid:10017 ppid:2 flags:0x00004000 [ 1195.411296][ C1] Workqueue: events linkwatch_event [ 1195.416562][ C1] Call Trace: [ 1195.419878][ C1] [ 1195.422899][ C1] __schedule+0x1800/0x4a60 [ 1195.427488][ C1] ? __pfx___schedule+0x10/0x10 [ 1195.432477][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1195.438516][ C1] ? __pfx_lock_release+0x10/0x10 [ 1195.443758][ C1] ? kick_pool+0x1bd/0x620 [ 1195.448250][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1195.453552][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1195.458822][ C1] ? schedule+0x90/0x320 [ 1195.463172][ C1] schedule+0x14b/0x320 [ 1195.467395][ C1] schedule_preempt_disabled+0x13/0x30 [ 1195.472948][ C1] __mutex_lock+0x6a4/0xd70 [ 1195.477527][ C1] ? __mutex_lock+0x527/0xd70 [ 1195.482311][ C1] ? linkwatch_event+0xe/0x60 [ 1195.487048][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 1195.492171][ C1] ? get_rtnl_holder+0x144/0x190 [ 1195.497176][ C1] ? process_scheduled_works+0x945/0x1830 [ 1195.503000][ C1] linkwatch_event+0xe/0x60 [ 1195.507558][ C1] process_scheduled_works+0xa2c/0x1830 [ 1195.513233][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1195.519292][ C1] ? assign_work+0x364/0x3d0 [ 1195.524011][ C1] worker_thread+0x86d/0xd40 [ 1195.528693][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1195.533828][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1195.539012][ C1] kthread+0x2f0/0x390 [ 1195.543224][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1195.548400][ C1] ? __pfx_kthread+0x10/0x10 [ 1195.553093][ C1] ret_from_fork+0x4b/0x80 [ 1195.557579][ C1] ? __pfx_kthread+0x10/0x10 [ 1195.562261][ C1] ret_from_fork_asm+0x1a/0x30 [ 1195.567109][ C1] [ 1195.570257][ C1] [ 1195.570257][ C1] Showing all locks held in the system: [ 1195.578080][ C1] 3 locks held by kworker/u8:5/1034: [ 1195.583472][ C1] 5 locks held by kworker/u8:8/3451: [ 1195.588887][ C1] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1195.601202][ C1] #1: ffffc9000aa37d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1195.613777][ C1] #2: ffff888065a38768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 1195.623937][ C1] #3: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 1195.634198][ C1] #4: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1195.644193][ C1] 2 locks held by getty/4848: [ 1195.648910][ C1] #0: ffff88802ac9a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1195.659007][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 1195.669346][ C1] 3 locks held by kworker/1:8/10017: [ 1195.674732][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1195.685845][ C1] #1: ffffc9000de97d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1195.696966][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1195.706072][ C1] 2 locks held by syz.4.3909/19431: [ 1195.711344][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1195.720460][ C1] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 1195.731483][ C1] 1 lock held by syz.0.3935/19488: [ 1195.736735][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x15b/0x1190 [ 1195.746656][ C1] 1 lock held by syz.1.3942/19499: [ 1195.751863][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1195.760978][ C1] 1 lock held by syz.3.3956/19533: [ 1195.766192][ C1] 1 lock held by syz.2.3961/19545: [ 1195.771562][ C1] 1 lock held by syz.2.3961/19547: [ 1195.776818][ C1] #0: ffff888069ac0070 (&dev->mutex#4){+.+.}-{3:3}, at: vhost_net_ioctl+0x298/0x14d0 [ 1195.786623][ C1] [ 1195.788998][ C1] ============================================= [ 1195.788998][ C1] [ 1196.333388][T19563] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1196.840941][ C1] DEBUG: holding rtnl_mutex for 705 jiffies. [ 1196.847113][ C1] task:syz.4.3909 state:R running task stack:24672 pid:19431 tgid:19431 ppid:17480 flags:0x00004006 [ 1196.858988][ C1] Call Trace: [ 1196.862355][ C1] [ 1196.865308][ C1] __schedule+0x1800/0x4a60 [ 1196.869900][ C1] ? __pfx___schedule+0x10/0x10 [ 1196.874868][ C1] ? __pfx_lock_release+0x10/0x10 [ 1196.880112][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1196.886190][ C1] ? schedule+0x90/0x320 [ 1196.890520][ C1] schedule+0x14b/0x320 [ 1196.894735][ C1] synchronize_rcu_expedited+0x684/0x830 [ 1196.900482][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 1196.906771][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1196.912164][ C1] ? __pfx___might_resched+0x10/0x10 [ 1196.917511][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1196.923602][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1196.929793][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1196.936237][ C1] synchronize_rcu+0x11b/0x360 [ 1196.941099][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 1196.946492][ C1] lockdep_unregister_key+0x556/0x610 [ 1196.952074][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 1196.958052][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1196.963401][ C1] ? __qdisc_destroy+0x150/0x410 [ 1196.968393][ C1] ? kfree+0x149/0x360 [ 1196.972516][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 1196.978114][ C1] __qdisc_destroy+0x165/0x410 [ 1196.982965][ C1] dev_shutdown+0x9b/0x440 [ 1196.987497][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 1196.994123][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1197.001009][ C1] ? mark_lock+0x9a/0x360 [ 1197.005478][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1197.011589][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1197.018303][ C1] ? queue_delayed_work_on+0x1eb/0x390 [ 1197.023871][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1197.029164][ C1] unregister_netdevice_queue+0x303/0x370 [ 1197.034994][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1197.041387][ C1] __tun_detach+0x6b6/0x1600 [ 1197.046069][ C1] tun_chr_close+0x108/0x1b0 [ 1197.050791][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 1197.055953][ C1] __fput+0x24a/0x8a0 [ 1197.059969][ C1] task_work_run+0x24f/0x310 [ 1197.064610][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1197.069780][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1197.075609][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 1197.081415][ C1] do_syscall_64+0x100/0x230 [ 1197.086247][ C1] ? clear_bhb_loop+0x35/0x90 [ 1197.091126][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.097301][ C1] RIP: 0033:0x7f8bc9975bd9 [ 1197.101811][ C1] RSP: 002b:00007ffddebaee78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1197.110435][ C1] RAX: 0000000000000000 RBX: 00007f8bc9b05a60 RCX: 00007f8bc9975bd9 [ 1197.118493][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1197.126559][ C1] RBP: 00007f8bc9b05a60 R08: 00007f8bc9001000 R09: 00000008debaf1af [ 1197.134628][ C1] R10: 00000000003ffd50 R11: 0000000000000246 R12: 00000000001229c5 [ 1197.142685][ C1] R13: 0000000000000032 R14: 00007f8bc9b05a60 R15: 00007f8bc9b04038 [ 1197.150850][ C1] [ 1197.153895][ C1] DEBUG: waiting rtnl_mutex for 736 jiffies. [ 1197.159937][ C1] task:kworker/1:8 state:D stack:21328 pid:10017 tgid:10017 ppid:2 flags:0x00004000 [ 1197.170876][ C1] Workqueue: events linkwatch_event [ 1197.176307][ C1] Call Trace: [ 1197.179646][ C1] [ 1197.182672][ C1] __schedule+0x1800/0x4a60 [ 1197.187347][ C1] ? __pfx___schedule+0x10/0x10 [ 1197.192352][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1197.198386][ C1] ? __pfx_lock_release+0x10/0x10 [ 1197.203570][ C1] ? kick_pool+0x1bd/0x620 [ 1197.208101][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1197.213552][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1197.218845][ C1] ? schedule+0x90/0x320 [ 1197.223669][ C1] schedule+0x14b/0x320 [ 1197.227886][ C1] schedule_preempt_disabled+0x13/0x30 [ 1197.233482][ C1] __mutex_lock+0x6a4/0xd70 [ 1197.238058][ C1] ? __mutex_lock+0x527/0xd70 [ 1197.242829][ C1] ? linkwatch_event+0xe/0x60 [ 1197.247600][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 1197.252959][ C1] ? get_rtnl_holder+0x144/0x190 [ 1197.257945][ C1] ? process_scheduled_works+0x945/0x1830 [ 1197.263707][ C1] linkwatch_event+0xe/0x60 [ 1197.268451][ C1] process_scheduled_works+0xa2c/0x1830 [ 1197.274075][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1197.280148][ C1] ? assign_work+0x364/0x3d0 [ 1197.284786][ C1] worker_thread+0x86d/0xd40 [ 1197.289429][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1197.294504][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1197.299666][ C1] kthread+0x2f0/0x390 [ 1197.303878][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1197.309143][ C1] ? __pfx_kthread+0x10/0x10 [ 1197.313844][ C1] ret_from_fork+0x4b/0x80 [ 1197.318436][ C1] ? __pfx_kthread+0x10/0x10 [ 1197.323113][ C1] ret_from_fork_asm+0x1a/0x30 [ 1197.327937][ C1] [ 1197.330993][ C1] [ 1197.330993][ C1] Showing all locks held in the system: [ 1197.338769][ C1] 5 locks held by kworker/u8:7/2779: [ 1197.344155][ C1] #0: ffff88802adaa148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1197.355670][ C1] #1: ffffc900096d7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1197.368903][ C1] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610 [ 1197.378621][ C1] #3: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 1197.388849][ C1] #4: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1197.398924][ C1] 2 locks held by getty/4848: [ 1197.403761][ C1] #0: ffff88802ac9a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1197.414325][ C1] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 1197.424642][ C1] 6 locks held by kworker/1:4/5146: [ 1197.430021][ C1] 3 locks held by kworker/1:8/10017: [ 1197.435373][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1197.446685][ C1] #1: ffffc9000de97d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1197.457854][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1197.467097][ C1] 2 locks held by syz.4.3909/19431: [ 1197.472338][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1197.481409][ C1] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 1197.492373][ C1] 1 lock held by syz.0.3935/19488: [ 1197.497529][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x15b/0x1190 [ 1197.507439][ C1] 1 lock held by syz.1.3942/19499: [ 1197.512607][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 1197.521758][ C1] 2 locks held by syz.2.3968/19561: [ 1197.526995][ C1] #0: ffff88805c9c2008 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 1197.537423][ C1] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 1197.548538][ C1] [ 1197.550951][ C1] ============================================= [ 1197.550951][ C1] [ 1197.632148][ T5146] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1197.830537][ T5146] usb 4-1: Using ep0 maxpacket: 32 [ 1197.852265][ T5146] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 1197.861033][ T5146] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1197.869799][ T5146] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1197.879748][ T5146] usb 4-1: config 1 has no interface number 0 [ 1197.887362][ T5146] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1197.900431][ T5146] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1197.938421][ T5146] usb 4-1: New USB device found, idVendor=1941, idProduct=5051, bcdDevice=d5.e8 [ 1197.948098][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1198.189303][ T5146] usb 4-1: USB disconnect, device number 37 [ 1199.503215][T19636] "syz.2.4003" (19636) uses obsolete ecb(arc4) skcipher [ 1202.101968][T19787] serio: Serial port pts0 [ 1204.362381][T19909] serio: Serial port pts1 [ 1205.566793][ T5110] Bluetooth: hci0: command 0x0406 tx timeout [ 1205.579083][T19976] : renamed from ipvlan1 [ 1205.897680][T19995] serio: Serial port pts0 [ 1208.452743][T20123] serio: Serial port pts1 [ 1211.015687][T20276] sctp: [Deprecated]: syz.3.4292 (pid 20276) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1211.015687][T20276] Use struct sctp_sack_info instead [ 1211.034678][ T5110] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1211.051736][ T5110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1211.067837][ T5110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1211.101418][ T5110] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1211.121209][ T5110] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1211.128881][ T5110] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1211.525014][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1211.865093][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1212.105080][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1212.364800][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1212.634700][T20324] block device autoloading is deprecated and will be removed. [ 1212.815358][T20273] chnl_net:caif_netlink_parms(): no params data found [ 1212.872612][ T35] bridge_slave_1: left allmulticast mode [ 1212.889538][ T35] bridge_slave_1: left promiscuous mode [ 1212.899002][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1212.953469][ T35] bridge_slave_0: left allmulticast mode [ 1212.959277][ T35] bridge_slave_0: left promiscuous mode [ 1212.977795][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1213.240928][ T5110] Bluetooth: hci5: command tx timeout [ 1214.646337][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1214.666733][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1214.702627][ T35] bond0 (unregistering): Released all slaves [ 1215.163757][T20273] bridge0: port 1(bridge_slave_0) entered blocking state [ 1215.176813][T20273] bridge0: port 1(bridge_slave_0) entered disabled state [ 1215.195381][T20273] bridge_slave_0: entered allmulticast mode [ 1215.222086][T20273] bridge_slave_0: entered promiscuous mode [ 1215.260181][T20273] bridge0: port 2(bridge_slave_1) entered blocking state [ 1215.270639][T20273] bridge0: port 2(bridge_slave_1) entered disabled state [ 1215.289237][T20273] bridge_slave_1: entered allmulticast mode [ 1215.321433][ T5110] Bluetooth: hci5: command tx timeout [ 1215.329742][T20273] bridge_slave_1: entered promiscuous mode [ 1215.673250][T20273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1215.721644][T20273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1215.821291][T12892] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1215.835299][T12892] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1215.850797][T12892] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1215.881551][T12892] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1215.894639][T12892] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1215.904334][T12892] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1215.912475][ T35] hsr_slave_0: left promiscuous mode [ 1215.920220][ T35] hsr_slave_1: left promiscuous mode [ 1215.967205][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1216.001573][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1216.037950][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1216.067780][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1216.169361][ T35] veth1_macvtap: left promiscuous mode [ 1216.186551][ T35] veth0_macvtap: left promiscuous mode [ 1216.200202][ T35] veth1_vlan: left promiscuous mode [ 1216.210663][ T35] veth0_vlan: left promiscuous mode [ 1217.400734][T12892] Bluetooth: hci5: command tx timeout [ 1217.977564][T12892] Bluetooth: hci0: command tx timeout [ 1218.061686][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1218.356481][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1219.492325][T12892] Bluetooth: hci5: command tx timeout [ 1220.050810][T12892] Bluetooth: hci0: command tx timeout [ 1220.093905][T20273] team0: Port device team_slave_0 added [ 1220.113511][T20273] team0: Port device team_slave_1 added [ 1220.317329][T20273] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1220.324734][T20273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1220.351048][T20273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1220.402859][T20273] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1220.409875][T20273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1220.442938][T20273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1220.730162][T20273] hsr_slave_0: entered promiscuous mode [ 1220.767506][T20273] hsr_slave_1: entered promiscuous mode [ 1221.426841][T20399] chnl_net:caif_netlink_parms(): no params data found [ 1221.637795][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1221.927417][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.120518][T12892] Bluetooth: hci0: command tx timeout [ 1222.189598][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.467040][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1222.566519][T20399] bridge0: port 1(bridge_slave_0) entered blocking state [ 1222.598553][T20399] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.625091][T20399] bridge_slave_0: entered allmulticast mode [ 1222.641542][T20399] bridge_slave_0: entered promiscuous mode [ 1222.662043][T20399] bridge0: port 2(bridge_slave_1) entered blocking state [ 1222.679705][T20399] bridge0: port 2(bridge_slave_1) entered disabled state [ 1222.697515][T20399] bridge_slave_1: entered allmulticast mode [ 1222.712292][T20399] bridge_slave_1: entered promiscuous mode [ 1222.846931][T20399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1222.889897][T20399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1223.122704][T20399] team0: Port device team_slave_0 added [ 1223.178501][T20399] team0: Port device team_slave_1 added [ 1223.259049][ T35] bridge_slave_1: left allmulticast mode [ 1223.270864][ T35] bridge_slave_1: left promiscuous mode [ 1223.276823][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.302904][ T35] bridge_slave_0: left allmulticast mode [ 1223.308673][ T35] bridge_slave_0: left promiscuous mode [ 1223.330718][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1223.537536][T20506] serio: Serial port pts0 [ 1224.210665][T12892] Bluetooth: hci0: command tx timeout [ 1224.277323][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1224.296855][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1224.313118][ T35] bond0 (unregistering): Released all slaves [ 1224.567982][T20399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1224.579513][T20399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.661522][T20399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1224.777828][T20399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1224.814353][T20399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.854725][T20399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1224.893855][T20273] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1224.989400][T20273] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1225.018782][T20273] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1225.047447][T20273] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1225.224997][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802c793800: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated. [ 1225.267042][ T35] hsr_slave_0: left promiscuous mode [ 1225.292242][ T35] hsr_slave_1: left promiscuous mode [ 1225.340310][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1225.347937][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1225.368737][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1225.383896][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1225.478373][ T35] veth1_macvtap: left promiscuous mode [ 1225.484226][ T35] veth0_macvtap: left promiscuous mode [ 1225.490153][ T35] veth1_vlan: left promiscuous mode [ 1225.512296][ T35] veth0_vlan: left promiscuous mode [ 1226.825959][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1226.949057][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1228.378808][T20399] hsr_slave_0: entered promiscuous mode [ 1228.386753][T20650] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1228.420195][T20399] hsr_slave_1: entered promiscuous mode [ 1228.457757][T20399] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1228.465652][T20399] Cannot create hsr debugfs directory [ 1229.097507][T20273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1229.239718][T20273] 8021q: adding VLAN 0 to HW filter on device team0 [ 1229.277302][T14144] bridge0: port 1(bridge_slave_0) entered blocking state [ 1229.284686][T14144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1229.392444][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1229.399737][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1230.054321][T20399] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1230.115665][T20399] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1230.138699][ T4470] nci: nci_rsp_packet: unsupported rsp opcode 0xf06 [ 1230.171560][T20399] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1230.198733][T20671] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1230.224863][T20399] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1230.347253][T20273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1230.659381][T20399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1230.738763][T20399] 8021q: adding VLAN 0 to HW filter on device team0 [ 1230.768011][T10017] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.775381][T10017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1230.823862][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.831144][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1230.972350][T20710] loop3: detected capacity change from 0 to 8 [ 1231.115141][T20710] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1231.133984][T20715] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4474'. [ 1231.135764][T20710] SQUASHFS error: Failed to read block 0x71: -5 [ 1231.169539][T20710] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1231.182474][T20715] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1231.243508][T20715] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1231.252830][T20710] SQUASHFS error: Failed to read block 0x71: -5 [ 1231.266812][ T29] audit: type=1800 audit(1720396369.657:3636): pid=20710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4472" name="file0" dev="loop3" ino=3 res=0 errno=0 [ 1231.301642][T20715] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1231.348676][T20715] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1231.388807][T20715] geneve2: entered allmulticast mode [ 1231.493807][T20273] veth0_vlan: entered promiscuous mode [ 1231.533861][T20273] veth1_vlan: entered promiscuous mode [ 1231.650378][T20273] veth0_macvtap: entered promiscuous mode [ 1231.719255][T20273] veth1_macvtap: entered promiscuous mode [ 1231.819916][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1231.869655][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1231.906764][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1231.920447][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1231.933368][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1231.956807][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1231.977924][T20273] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1232.114822][T20399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1232.359700][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1233.203930][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1233.306367][ T9215] nci: nci_rsp_packet: unsupported rsp opcode 0xf06 [ 1233.320739][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1233.330855][T20741] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 1233.331409][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1233.351184][T20273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1233.366572][T20273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1233.379340][T20273] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1233.420028][T20273] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1233.441633][T20273] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1233.452022][T20273] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1233.472923][T20273] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1233.748020][T20399] veth0_vlan: entered promiscuous mode [ 1233.827009][T20399] veth1_vlan: entered promiscuous mode [ 1233.850261][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1233.889730][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1233.931004][T10017] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1234.065053][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1234.083935][T20399] veth0_macvtap: entered promiscuous mode [ 1234.098602][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1234.106424][T20399] veth1_macvtap: entered promiscuous mode [ 1234.113948][T20768] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4486'. [ 1234.130794][T20768] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1234.139666][T20768] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1234.150103][T20768] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1234.162107][T20768] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1234.171713][T20768] geneve2: entered allmulticast mode [ 1234.208095][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1234.225690][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.235904][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1234.252188][T10017] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1234.268188][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.279248][T10017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1234.297931][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1234.308732][T10017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1234.331216][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.341470][T10017] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1234.362402][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1234.387388][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.414949][T10017] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1234.431271][T10017] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1234.439526][T10017] usb 3-1: Manufacturer: syz [ 1234.449452][T20399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1234.488331][T10017] usb 3-1: config 0 descriptor?? [ 1234.495100][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1234.527291][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.538874][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1234.549907][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.560099][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1234.571143][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.581135][T20399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1234.606436][T20399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1234.621011][T20399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1234.657166][T20399] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1234.666210][T20399] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1234.681636][T20399] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1234.700607][T20399] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1234.929692][T10017] appleir 0003:05AC:8243.0031: unknown main item tag 0x0 [ 1234.941969][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1234.955486][T10017] appleir 0003:05AC:8243.0031: No inputs registered, leaving [ 1234.977959][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1234.985765][T10017] appleir 0003:05AC:8243.0031: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1235.005934][T20786] loop3: detected capacity change from 0 to 256 [ 1235.036448][ T9215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1235.046364][ T9215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1235.061568][ T9] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1235.115668][T20786] FAT-fs (loop3): Directory bread(block 64) failed [ 1235.140521][T20786] FAT-fs (loop3): Directory bread(block 65) failed [ 1235.150713][T20786] FAT-fs (loop3): Directory bread(block 66) failed [ 1235.167778][T20786] FAT-fs (loop3): Directory bread(block 67) failed [ 1235.184870][T20786] FAT-fs (loop3): Directory bread(block 68) failed [ 1235.195948][T20786] FAT-fs (loop3): Directory bread(block 69) failed [ 1235.229297][ T5144] usb 3-1: USB disconnect, device number 32 [ 1235.243026][T20786] FAT-fs (loop3): Directory bread(block 70) failed [ 1235.249742][T20786] FAT-fs (loop3): Directory bread(block 71) failed [ 1235.267750][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1235.283778][T20786] FAT-fs (loop3): Directory bread(block 72) failed [ 1235.291786][ T9] usb 5-1: config 0 has no interfaces? [ 1235.309833][T20786] FAT-fs (loop3): Directory bread(block 73) failed [ 1235.319438][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1235.350519][ T9] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1235.366791][ T9] usb 5-1: Product: syz [ 1235.387083][ T9] usb 5-1: Manufacturer: syz [ 1235.393673][ T9] usb 5-1: SerialNumber: syz [ 1235.409616][ T9] usb 5-1: config 0 descriptor?? [ 1235.633034][T20796] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 1235.633071][T20796] CPU: 1 UID: 0 PID: 20796 Comm: syz.3.4491 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 1235.633100][T20796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1235.633114][T20796] RIP: 0010:cpu_map_redirect+0x5c/0x470 [ 1235.633150][T20796] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 62 6b 3d 00 4c 8b 2b 49 8d 5d 38 48 89 dd 48 c1 ed 03 <42> 0f b6 44 35 00 84 c0 0f 85 fd 02 00 00 44 8b 33 44 89 f6 83 e6 [ 1235.633171][T20796] RSP: 0018:ffffc9000374f960 EFLAGS: 00010202 [ 1235.633193][T20796] RAX: 1ffff1100c22fe40 RBX: 0000000000000038 RCX: 0000000000040000 [ 1235.633210][T20796] RDX: ffffc9000c769000 RSI: 00000000000001bf RDI: 00000000000001c0 [ 1235.633226][T20796] RBP: 0000000000000007 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 1235.633241][T20796] R10: 0000000000000004 R11: ffff88806117da00 R12: 000000000374f9b0 [ 1235.633257][T20796] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888024b2d000 [ 1235.633273][T20796] FS: 00007f4aa52b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1235.633293][T20796] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1235.633309][T20796] CR2: 000000002001d000 CR3: 000000007bf70000 CR4: 00000000003526f0 [ 1235.633328][T20796] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1235.633342][T20796] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1235.633356][T20796] Call Trace: [ 1235.633365][T20796] [ 1235.633375][T20796] ? __die_body+0x88/0xe0 [ 1235.633410][T20796] ? die+0xcf/0x110 [ 1235.633444][T20796] ? do_trap+0x15a/0x3a0 [ 1235.633477][T20796] ? do_error_trap+0x1dc/0x2c0 [ 1235.633511][T20796] ? __pfx_do_error_trap+0x10/0x10 [ 1235.633544][T20796] ? rcu_is_watching+0x15/0xb0 [ 1235.633579][T20796] ? exc_stack_segment+0x38/0x50 [ 1235.633605][T20796] ? asm_exc_stack_segment+0x26/0x30 [ 1235.633635][T20796] ? bpf_ringbuf_query+0x4f/0x150 [ 1235.633667][T20796] ? cpu_map_redirect+0x5c/0x470 [ 1235.633699][T20796] bpf_prog_ec9efaa32d58ce69+0x56/0x5a [ 1235.633721][T20796] tun_get_user+0x4273/0x4560 [ 1235.633748][T20796] ? tun_get_user+0x84c/0x4560 [ 1235.633780][T20796] ? __pfx_tun_get_user+0x10/0x10 [ 1235.633818][T20796] ? tun_get+0x1e/0x2f0 [ 1235.633849][T20796] ? tun_get+0x1e/0x2f0 [ 1235.633870][T20796] ? tun_get+0x27d/0x2f0 [ 1235.633892][T20796] tun_chr_write_iter+0x113/0x1f0 [ 1235.633918][T20796] vfs_write+0xa72/0xc90 [ 1235.633943][T20796] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1235.633967][T20796] ? __pfx_vfs_write+0x10/0x10 [ 1235.633987][T20796] ? do_futex+0x33b/0x560 [ 1235.634030][T20796] ksys_write+0x1a0/0x2c0 [ 1235.634054][T20796] ? __pfx_ksys_write+0x10/0x10 [ 1235.634077][T20796] ? do_syscall_64+0x100/0x230 [ 1235.634100][T20796] ? do_syscall_64+0xb6/0x230 [ 1235.634122][T20796] do_syscall_64+0xf3/0x230 [ 1235.634143][T20796] ? clear_bhb_loop+0x35/0x90 [ 1235.634172][T20796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.634200][T20796] RIP: 0033:0x7f4aa457475f [ 1235.634218][T20796] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 1235.634238][T20796] RSP: 002b:00007f4aa52b4010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1235.634263][T20796] RAX: ffffffffffffffda RBX: 00007f4aa4703f60 RCX: 00007f4aa457475f [ 1235.634281][T20796] RDX: 0000000000000022 RSI: 0000000020000a40 RDI: 00000000000000c8 [ 1235.634296][T20796] RBP: 00007f4aa45e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 1235.634310][T20796] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000000 [ 1235.634324][T20796] R13: 000000000000000b R14: 00007f4aa4703f60 R15: 00007fff98013d18 [ 1235.634351][T20796] [ 1235.634359][T20796] Modules linked in: [ 1235.634376][T20796] ---[ end trace 0000000000000000 ]--- [ 1235.654520][ T9] usb 5-1: USB disconnect, device number 39 [ 1235.662163][T20796] RIP: 0010:cpu_map_redirect+0x5c/0x470 [ 1235.662234][T20796] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 62 6b 3d 00 4c 8b 2b 49 8d 5d 38 48 89 dd 48 c1 ed 03 <42> 0f b6 44 35 00 84 c0 0f 85 fd 02 00 00 44 8b 33 44 89 f6 83 e6 [ 1235.662257][T20796] RSP: 0018:ffffc9000374f960 EFLAGS: 00010202 [ 1235.662289][T20796] RAX: 1ffff1100c22fe40 RBX: 0000000000000038 RCX: 0000000000040000 [ 1235.662321][T20796] RDX: ffffc9000c769000 RSI: 00000000000001bf RDI: 00000000000001c0 [ 1235.662338][T20796] RBP: 0000000000000007 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 1235.662356][T20796] R10: 0000000000000004 R11: ffff88806117da00 R12: 000000000374f9b0 [ 1235.662372][T20796] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888024b2d000 [ 1236.080939][T20796] FS: 00007f4aa52b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1236.089899][T20796] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1236.096620][T20796] CR2: 000000002001d000 CR3: 000000007bf70000 CR4: 00000000003526f0 [ 1236.104768][T20796] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1236.112951][T20796] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1236.120955][T20796] Kernel panic - not syncing: Fatal exception in interrupt [ 1236.128508][T20796] Kernel Offset: disabled [ 1236.132843][T20796] Rebooting in 86400 seconds..