last executing test programs: 3.88347904s ago: executing program 0 (id=19): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0x1}, 0x2) 3.589904616s ago: executing program 0 (id=29): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)={0x0, 0x1, 0x6, "cc17fc47a9ae"}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 1.401273049s ago: executing program 1 (id=89): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x382) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x820061, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2) 1.387789165s ago: executing program 1 (id=90): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xd, r1, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) 1.311028836s ago: executing program 1 (id=91): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) sendmmsg$sock(r0, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="15", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x48889) 1.310836318s ago: executing program 1 (id=92): mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = dup(r0) prlimit64(0x0, 0x7, &(0x7f0000000000)={0x5, 0x978d}, 0x0) ioctl$PTP_EXTTS_REQUEST2(r1, 0xc0603d06, 0x0) 1.298250013s ago: executing program 1 (id=94): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x10, 0x7, 0x10}) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80982, 0x0) write$vga_arbiter(r1, 0x0, 0xff35) socket$inet6(0xa, 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, &(0x7f0000000040)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) 759.735896ms ago: executing program 2 (id=114): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000840)=ANY=[@ANYBLOB="12010000199c4f20c9070e004f5d010203010902240001000010000904d60202ffff00000905020200020200000905820210"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000003d40)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 670.911878ms ago: executing program 3 (id=116): read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) r0 = openat$null(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000800)) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x398a0bdb) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) syz_usb_connect(0x2, 0x3f, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x48, 0xdd, 0x34, 0x40, 0x5f9, 0xffff, 0x1e69, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x2, 0xf, 0x8a, 0x60, 0x1, [{{0x9, 0x4, 0x9f, 0x1, 0x2, 0x89, 0x58, 0x9a, 0x53, [], [{{0x9, 0x5, 0x2, 0x12, 0x20, 0x0, 0x7, 0x49}}, {{0x9, 0x5, 0x6, 0x2, 0x3ff, 0x40, 0xfa, 0x4}}]}}, {{0x9, 0x4, 0xea, 0x2, 0x0, 0xff, 0x3, 0xd, 0x7}}]}}]}}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0}) 670.540708ms ago: executing program 4 (id=118): ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448df, &(0x7f0000000400)="b93fe504852bd23589322d4b917a66ca11bf65cf8e8963ba2032353afaa4b96ef2e0d0") sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000000000000000000005000500000000000a00000000000000f65e0190536134fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000800120002000200ff"], 0xa0}}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r0, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269d47147"], 0xd0060) 649.751624ms ago: executing program 4 (id=119): socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000100)=0x10000281, 0x16) 603.114122ms ago: executing program 4 (id=120): r0 = socket$inet6(0xa, 0x80001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)={0x5c, r2, 0x1, 0x0, 0x4, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PEERS={0x40, 0x8, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @empty}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 543.037904ms ago: executing program 4 (id=121): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x802, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 542.797974ms ago: executing program 4 (id=122): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x3c, 0x20, 0x98, 0x40, 0x2001, 0x1a00, 0x38f5, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x66, 0x0, 0x0, 0x54, 0xef, 0x55}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000240)={0x0, 0x14, 0x6, "8e886c9db619"}, 0x0, 0x0}) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000) 542.38144ms ago: executing program 0 (id=123): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r1, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) socket$inet_tcp(0x2, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 540.540366ms ago: executing program 0 (id=124): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000c80), r1) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000b00), r1) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40000) 525.44253ms ago: executing program 0 (id=125): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r2 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) sendfile(r2, r1, 0x0, 0x80000000) r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) sendfile(r3, r0, 0x0, 0x80000000) 511.931756ms ago: executing program 0 (id=126): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="c6547e22bade76f1a03b79e954ee20b943f7fe47218a02ff8ba942478a7b6946e9a6000055002cc15e854564e7d309f20d222f9220c8d9b1b0d196137252587ab1794808000000000000000e647c2e70"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000400)={@ptr={0x70742a85, 0x1, 0x0, 0x0, 0x4, 0x8000000000040}, @fd, @fda={0x66646185, 0x9, 0x2, 0x2f}}, &(0x7f0000000480)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 398.991653ms ago: executing program 1 (id=127): connect$tipc(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085503, &(0x7f0000000080)) 238.490661ms ago: executing program 2 (id=128): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="cc0000001b00010027bd7000fcdbdf250000000000000000000001fc01000000000000000000004e2180014e0dfff00200a100e32200e2ffffffffffffff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="810000000000000023000000000000007a00000000000000810000000000000005000000000000000500000000000000060000000000000005000000000000000600000000000000a9240000008000000000000000a000000800000000000000faffffffb36b6e000201020100000000d1000000000000000a00100001"], 0xcc}, 0x1, 0x0, 0x0, 0x405c844}, 0x20000010) 221.728029ms ago: executing program 2 (id=129): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000020101010000000000000000020000072400028014000180cd67d1861258ebb988735f08000100ffffffff08000200e0000002"], 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x4008040) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500c00108005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) gettid() 168.60104ms ago: executing program 3 (id=130): setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0xa, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x11, 0x2, 0x2) setsockopt(r0, 0x107, 0x1, &(0x7f00000001c0)="110000000200060000071a806d8be255", 0x10) 111.105559ms ago: executing program 3 (id=131): getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, &(0x7f00000015c0)) mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='f2fs\x00', 0x0, 0x0) 110.906456ms ago: executing program 3 (id=132): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x6b325000) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000180)) 110.686862ms ago: executing program 2 (id=133): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x2, 0x6, 0x1, "ff0aa69154820400"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000002140)={0x2020}, 0x2020) 110.513691ms ago: executing program 3 (id=134): mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x4, 0x0, 0x3}}, 0x28) 94.653846ms ago: executing program 3 (id=135): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x54, 0x0, &(0x7f0000000100)="ba47245b1b09a8bf0efe865c4ab5b93456de7a8f310399c48e6f12e80a2677143c77644c58902f61d6fe2ea4a97ec4bbf3827bed9120df5aba7d95a5d4b0014eaf5e12539742b5aae524bcf4e82424489d3af253"}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) 53.059703ms ago: executing program 2 (id=136): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz1\x00', 0x10}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$evdev(&(0x7f0000000340), 0x3f, 0x0) close(0x3) ioctl$EVIOCSFF(r1, 0x40304580, 0x0) 3.089829ms ago: executing program 4 (id=137): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b00"], 0x20}], 0x1}, 0x0) 0s ago: executing program 2 (id=138): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) r1 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x1, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108590000224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x9, 0x2000000000001]}}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000880)='/sys/kernel/address_bits', 0x40000, 0x2d) write$tun(r2, &(0x7f0000000000)=ANY=[], 0x26) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts. [ 27.386119][ T6537] cgroup: Unknown subsys name 'net' [ 27.514644][ T6537] cgroup: Unknown subsys name 'cpuset' [ 27.516716][ T6537] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.645441][ T6537] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 29.612753][ T6550] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 29.614683][ T6550] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 29.619017][ T6550] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 29.620903][ T6550] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 29.622695][ T6550] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 29.636370][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 29.639148][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 29.640646][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 29.641136][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 29.641360][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 29.658183][ T6116] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 29.659818][ T6116] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 29.661232][ T6116] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 29.663362][ T6116] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 29.667313][ T6116] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 29.674083][ T6556] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 29.675620][ T6556] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 29.677361][ T6556] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 29.679032][ T6556] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 29.680887][ T6556] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 29.698523][ T6550] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 29.700842][ T6550] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 29.703445][ T6550] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 29.703969][ T6550] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 29.704165][ T6550] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 29.769936][ T6547] chnl_net:caif_netlink_parms(): no params data found [ 29.808865][ T6548] chnl_net:caif_netlink_parms(): no params data found [ 29.852778][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.854505][ T6547] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.856142][ T6547] bridge_slave_0: entered allmulticast mode [ 29.857822][ T6547] bridge_slave_0: entered promiscuous mode [ 29.860187][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.861458][ T6547] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.862708][ T6547] bridge_slave_1: entered allmulticast mode [ 29.863869][ T6547] bridge_slave_1: entered promiscuous mode [ 29.869186][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.869271][ T6548] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.869343][ T6548] bridge_slave_0: entered allmulticast mode [ 29.869756][ T6548] bridge_slave_0: entered promiscuous mode [ 29.870470][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.870488][ T6548] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.870533][ T6548] bridge_slave_1: entered allmulticast mode [ 29.870958][ T6548] bridge_slave_1: entered promiscuous mode [ 29.882328][ T6547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.901971][ T6547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.916345][ T6548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.919484][ T6548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.924957][ T6547] team0: Port device team_slave_0 added [ 29.925719][ T6547] team0: Port device team_slave_1 added [ 29.941134][ T6548] team0: Port device team_slave_0 added [ 29.941979][ T6548] team0: Port device team_slave_1 added [ 29.952981][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.954105][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.954127][ T6547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.956107][ T6554] chnl_net:caif_netlink_parms(): no params data found [ 29.967409][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.967440][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.967467][ T6548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.969358][ T6552] chnl_net:caif_netlink_parms(): no params data found [ 29.975362][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.975374][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.975389][ T6547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.992819][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.992847][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.992865][ T6548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.014294][ T6547] hsr_slave_0: entered promiscuous mode [ 30.015633][ T6547] hsr_slave_1: entered promiscuous mode [ 30.018306][ T6565] chnl_net:caif_netlink_parms(): no params data found [ 30.026254][ T6554] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.026333][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.026416][ T6554] bridge_slave_0: entered allmulticast mode [ 30.026852][ T6554] bridge_slave_0: entered promiscuous mode [ 30.028056][ T6554] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.028074][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.028120][ T6554] bridge_slave_1: entered allmulticast mode [ 30.028536][ T6554] bridge_slave_1: entered promiscuous mode [ 30.064808][ T6554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.065854][ T6554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.070544][ T6548] hsr_slave_0: entered promiscuous mode [ 30.070818][ T6548] hsr_slave_1: entered promiscuous mode [ 30.071013][ T6548] debugfs: 'hsr0' already exists in 'hsr' [ 30.071059][ T6548] Cannot create hsr debugfs directory [ 30.071298][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.071336][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.071404][ T6552] bridge_slave_0: entered allmulticast mode [ 30.072869][ T6552] bridge_slave_0: entered promiscuous mode [ 30.075983][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.076051][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.076106][ T6552] bridge_slave_1: entered allmulticast mode [ 30.076527][ T6552] bridge_slave_1: entered promiscuous mode [ 30.103513][ T6554] team0: Port device team_slave_0 added [ 30.107092][ T6554] team0: Port device team_slave_1 added [ 30.115507][ T6552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.121351][ T6565] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.122641][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.124004][ T6565] bridge_slave_0: entered allmulticast mode [ 30.125508][ T6565] bridge_slave_0: entered promiscuous mode [ 30.133063][ T6552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.143689][ T6552] team0: Port device team_slave_0 added [ 30.145041][ T6565] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.145111][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.145215][ T6565] bridge_slave_1: entered allmulticast mode [ 30.145661][ T6565] bridge_slave_1: entered promiscuous mode [ 30.146313][ T6552] team0: Port device team_slave_1 added [ 30.158672][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.160021][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.160265][ T6554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.179931][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.179954][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.179969][ T6554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.190409][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.190431][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.190447][ T6552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.191001][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.191008][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.191019][ T6552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.195437][ T6565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.196587][ T6565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.219434][ T6565] team0: Port device team_slave_0 added [ 30.236107][ T6552] hsr_slave_0: entered promiscuous mode [ 30.237584][ T6552] hsr_slave_1: entered promiscuous mode [ 30.238827][ T6552] debugfs: 'hsr0' already exists in 'hsr' [ 30.239902][ T6552] Cannot create hsr debugfs directory [ 30.241691][ T6565] team0: Port device team_slave_1 added [ 30.247107][ T6554] hsr_slave_0: entered promiscuous mode [ 30.247403][ T6554] hsr_slave_1: entered promiscuous mode [ 30.247564][ T6554] debugfs: 'hsr0' already exists in 'hsr' [ 30.247573][ T6554] Cannot create hsr debugfs directory [ 30.258061][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.259186][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.263434][ T6565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.271398][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.271437][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.271462][ T6565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.325219][ T6565] hsr_slave_0: entered promiscuous mode [ 30.325505][ T6565] hsr_slave_1: entered promiscuous mode [ 30.325883][ T6565] debugfs: 'hsr0' already exists in 'hsr' [ 30.325894][ T6565] Cannot create hsr debugfs directory [ 30.352051][ T6547] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.355312][ T6547] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.357467][ T6547] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.361273][ T6547] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.408917][ T6548] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.417364][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.417415][ T6547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.417590][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.417620][ T6547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.425018][ T6548] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.431689][ T6548] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.434608][ T6548] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.458372][ T6552] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.460798][ T6552] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.464558][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.464602][ T6548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.464670][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.464693][ T6548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.470140][ T6552] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.472520][ T6552] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.494287][ T6565] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.496593][ T6565] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.503118][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.503159][ T6552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.503237][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.503268][ T6552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.510544][ T6565] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.512931][ T6565] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.532226][ T6548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.544325][ T6554] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.546752][ T6554] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.549095][ T6554] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.551823][ T6554] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.557339][ T5295] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.558728][ T5295] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.559969][ T5295] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.561187][ T5295] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.568092][ T5295] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.569798][ T5295] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.576202][ T6547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.579956][ T6548] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.597169][ T5295] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.597225][ T5295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.607358][ T6547] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.610827][ T666] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.610878][ T666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.620222][ T666] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.620267][ T666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.631407][ T5295] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.631450][ T5295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.635801][ T6552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.640873][ T6565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.674051][ T6552] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.685743][ T6565] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.689660][ T6554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.702969][ T6552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.705816][ T6552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.717049][ T6565] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.718837][ T6565] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.726689][ T6554] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.732205][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.732256][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.732586][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.732600][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.735279][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.735301][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.735608][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.735623][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.766426][ T6554] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.768862][ T6554] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.776077][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.776124][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.776621][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.776637][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.789408][ T6548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.852920][ T6547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.870099][ T6552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.901794][ T6552] veth0_vlan: entered promiscuous mode [ 30.906789][ T6565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.911877][ T6552] veth1_vlan: entered promiscuous mode [ 30.915354][ T6547] veth0_vlan: entered promiscuous mode [ 30.926953][ T6547] veth1_vlan: entered promiscuous mode [ 30.932251][ T6554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.940579][ T6552] veth0_macvtap: entered promiscuous mode [ 30.941610][ T6552] veth1_macvtap: entered promiscuous mode [ 30.943110][ T6548] veth0_vlan: entered promiscuous mode [ 30.945832][ T6548] veth1_vlan: entered promiscuous mode [ 30.960844][ T6554] veth0_vlan: entered promiscuous mode [ 30.966981][ T6547] veth0_macvtap: entered promiscuous mode [ 30.973620][ T6565] veth0_vlan: entered promiscuous mode [ 30.976585][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.977552][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.980194][ T6547] veth1_macvtap: entered promiscuous mode [ 30.988294][ T6554] veth1_vlan: entered promiscuous mode [ 30.989759][ T41] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.990673][ T41] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.990698][ T41] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.990718][ T41] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.001111][ T6565] veth1_vlan: entered promiscuous mode [ 31.012897][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.019067][ T6565] veth0_macvtap: entered promiscuous mode [ 31.025469][ T6548] veth0_macvtap: entered promiscuous mode [ 31.029167][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.036435][ T666] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.036490][ T666] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.036512][ T666] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.036526][ T666] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.038871][ T6548] veth1_macvtap: entered promiscuous mode [ 31.042764][ T6565] veth1_macvtap: entered promiscuous mode [ 31.067311][ T6554] veth0_macvtap: entered promiscuous mode [ 31.069000][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.074508][ T6554] veth1_macvtap: entered promiscuous mode [ 31.080848][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.082996][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.085162][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.086987][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.097708][ T1184] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.097875][ T1184] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.097904][ T1184] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.097922][ T1184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.098678][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.110263][ T42] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.110392][ T42] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.110441][ T42] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.110482][ T42] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.129650][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.129681][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.136548][ T5295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.138152][ T5295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.139990][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.156545][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.162591][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.163576][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.168166][ T5295] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.168698][ T5295] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.168715][ T5295] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.168728][ T5295] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.182838][ T5295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.182871][ T5295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.197279][ T6552] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.216758][ T6657] loop0: detected capacity change from 0 to 128 [ 31.218068][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.219746][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.229202][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.229229][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.245343][ T5295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.248312][ T5295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.277365][ T1184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.277397][ T1184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.279948][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 31.280131][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 31.380554][ T5295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.380585][ T5295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.898623][ T6671] syz.0.1: attempt to access beyond end of device [ 31.898623][ T6671] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 31.921743][ T6670] loop4: detected capacity change from 0 to 32768 [ 31.922447][ T6550] Bluetooth: hci3: command tx timeout [ 31.922577][ T6550] Bluetooth: hci1: command tx timeout [ 31.922637][ T6550] Bluetooth: hci2: command tx timeout [ 31.922692][ T6550] Bluetooth: hci0: command tx timeout [ 31.922747][ T6550] Bluetooth: hci4: command tx timeout [ 32.078018][ T6670] loop4: p1 p9 p11 [ 32.170694][ T6164] loop4: p1 p9 p11 [ 32.193025][ T6674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6'. [ 32.205683][ T6675] loop4: detected capacity change from 0 to 1024 [ 32.220510][ T6677] loop3: detected capacity change from 0 to 2048 [ 32.288453][ T6675] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.314213][ T6681] loop2: detected capacity change from 0 to 40427 [ 32.314603][ T6681] ======================================================= [ 32.314603][ T6681] WARNING: The mand mount option has been deprecated and [ 32.314603][ T6681] and is ignored by this kernel. Remove the mand [ 32.314603][ T6681] option from the mount to silence this warning. [ 32.314603][ T6681] ======================================================= [ 32.317481][ T6681] F2FS-fs (loop2): Image doesn't support compression [ 32.317498][ T6681] F2FS-fs (loop2): build fault injection rate: 690 [ 32.317508][ T6681] F2FS-fs (loop2): build fault injection type: 0x4 [ 32.318853][ T6681] F2FS-fs (loop2): invalid crc value [ 32.329201][ T6681] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 32.329810][ T6681] F2FS-fs (loop2): Start checkpoint disabled! [ 32.332981][ T6681] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 32.345739][ T6677] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.661000][ T6692] ptrace attach of "./syz-executor exec"[6554] was attempted by ""[6692] [ 33.669629][ T6697] ptrace attach of "./syz-executor exec"[6547] was attempted by "./syz-executor exec"[6697] [ 33.865076][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 33.911011][ T6662] udevd[6662]: inotify_add_watch(7, /dev/loop4p9, 10) failed: No such file or directory [ 33.911683][ T6667] udevd[6667]: inotify_add_watch(7, /dev/loop4p11, 10) failed: No such file or directory [ 33.912482][ T6548] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.919510][ T6565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.957664][ T6116] Bluetooth: hci4: command tx timeout [ 33.957730][ T6116] Bluetooth: hci0: command tx timeout [ 33.957761][ T6116] Bluetooth: hci2: command tx timeout [ 33.957779][ T6116] Bluetooth: hci1: command tx timeout [ 33.957798][ T6116] Bluetooth: hci3: command tx timeout [ 34.005362][ T6662] udevd[6662]: inotify_add_watch(7, /dev/loop4p9, 10) failed: No such file or directory [ 34.013369][ T6667] udevd[6667]: inotify_add_watch(7, /dev/loop4p11, 10) failed: No such file or directory [ 34.019611][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 34.057318][ T6709] loop3: detected capacity change from 0 to 40427 [ 34.059208][ T6709] F2FS-fs (loop3): Image doesn't support compression [ 34.059230][ T6709] F2FS-fs (loop3): build fault injection rate: 690 [ 34.059242][ T6709] F2FS-fs (loop3): build fault injection type: 0x4 [ 34.064080][ T6709] F2FS-fs (loop3): invalid crc value [ 34.072930][ T6709] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 34.073452][ T6709] F2FS-fs (loop3): Start checkpoint disabled! [ 34.076974][ T6709] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 34.152530][ T6683] loop0: detected capacity change from 0 to 32768 [ 34.164332][ T6683] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.6 (6683) [ 34.177392][ T6683] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 34.177464][ T6683] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 34.177490][ T6683] BTRFS info (device loop0): using free-space-tree [ 34.579803][ T6737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 34.636575][ T6552] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 34.649760][ T6736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 34.720996][ T6742] syz_tun: entered allmulticast mode [ 35.090341][ T6753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.090570][ T6753] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.096878][ T6754] loop4: detected capacity change from 0 to 8 [ 35.117098][ T6756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.22'. [ 35.206022][ T6768] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 35.207827][ T6769] sctp: [Deprecated]: syz.2.28 (pid 6769) Use of int in max_burst socket option deprecated. [ 35.207827][ T6769] Use struct sctp_assoc_value instead [ 35.228947][ T6769] loop2: detected capacity change from 0 to 4096 [ 35.231720][ T6769] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 35.234938][ T6769] ntfs3(loop2): It is recommened to use chkdsk. [ 35.267084][ T6773] loop8: detected capacity change from 0 to 16384 [ 35.348587][ T6780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.348798][ T6780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.423731][ T6788] loop4: detected capacity change from 0 to 1024 [ 35.516475][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.518853][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.543715][ T6770] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.703616][ T6770] usb 1-1: Using ep0 maxpacket: 16 [ 35.712240][ T6770] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 35.712287][ T6770] usb 1-1: config 0 has no interface number 0 [ 35.712304][ T6770] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 35.712316][ T6770] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 35.712324][ T6770] usb 1-1: config 0 interface 41 has no altsetting 0 [ 35.714890][ T6770] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 35.714900][ T6770] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.714907][ T6770] usb 1-1: Product: syz [ 35.714913][ T6770] usb 1-1: Manufacturer: syz [ 35.714917][ T6770] usb 1-1: SerialNumber: syz [ 35.717066][ T6770] usb 1-1: config 0 descriptor?? [ 35.717826][ T6774] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.717863][ T6774] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.739455][ T6808] loop3: detected capacity change from 0 to 8 [ 35.739848][ T6808] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 35.746844][ T6539] udevd[6539]: incorrect cramfs checksum on /dev/loop3 [ 35.760107][ T6539] udevd[6539]: incorrect cramfs checksum on /dev/loop3 [ 35.792873][ T6814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.793056][ T6814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.921922][ T6774] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.922848][ T6774] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.980354][ T6824] loop2: detected capacity change from 0 to 1024 [ 35.987763][ T6824] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 35.988224][ T6824] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 35.988240][ T6824] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.53: Failed to acquire dquot type 0 [ 35.989917][ T6824] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 35.990761][ T6824] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.53: corrupted inode contents [ 35.991240][ T6824] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #13: comm syz.2.53: mark_inode_dirty error [ 35.991401][ T6824] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.53: corrupted inode contents [ 35.991688][ T6824] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #13: comm syz.2.53: mark_inode_dirty error [ 35.991968][ T6824] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.53: corrupted inode contents [ 35.992136][ T6824] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 35.992270][ T6824] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.53: corrupted inode contents [ 35.992415][ T6824] EXT4-fs error (device loop2): ext4_truncate:4666: inode #13: comm syz.2.53: mark_inode_dirty error [ 35.992508][ T6824] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 35.994968][ T6824] EXT4-fs (loop2): 1 truncate cleaned up [ 35.995452][ T6824] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.023743][ T6550] Bluetooth: hci3: command tx timeout [ 36.023791][ T6550] Bluetooth: hci1: command tx timeout [ 36.023821][ T6550] Bluetooth: hci2: command tx timeout [ 36.023838][ T6550] Bluetooth: hci4: command tx timeout [ 36.077050][ T6824] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 36.091919][ T6830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.094164][ T6826] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 36.100503][ T6826] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 36.102062][ T6830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.120726][ T6554] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.210297][ T6116] Bluetooth: hci0: unexpected cc 0x204e length: 2 > 1 [ 36.253726][ T6844] loop1: detected capacity change from 0 to 128 [ 36.271410][ T6844] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 36.319977][ T6848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.320211][ T6848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.329888][ T6547] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 36.387178][ T6855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.387375][ T6855] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.391920][ T6857] capability: warning: `syz.2.68' uses 32-bit capabilities (legacy support in use) [ 36.528951][ T6770] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 36.919093][ T6887] capability: warning: `syz.3.80' uses deprecated v2 capabilities in a way that may be insecure [ 36.930202][ T6889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.930437][ T6889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.356875][ T6904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.357042][ T6904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.656650][ T6921] cgroup: Invalid name [ 37.715763][ T6925] binder: 6924:6925 ioctl 5000940f 0 returned -22 [ 37.747400][ T6770] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 37.747432][ T6770] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 37.748110][ T6770] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71 [ 37.757260][ T6770] usb 1-1: USB disconnect, device number 2 [ 37.820970][ T6933] binder: 6932:6933 got transaction to context manager from process owning it [ 37.822524][ T6933] binder: 6932:6933 transaction async to 6932:0 failed 2/29201/-22, code 0 size 88-24 line 3142 [ 37.825494][ T6933] binder: 6932:6933 ioctl c0306201 200004c0 returned -14 [ 37.826963][ T6933] binder: 6932:6933 ioctl c0306201 0 returned -14 [ 38.085731][ T6973] input: syz1 as /devices/virtual/input/input4 [ 38.092478][ T6975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.092652][ T6975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.103294][ T6116] Bluetooth: hci4: command tx timeout [ 38.103688][ T6550] Bluetooth: hci2: command tx timeout [ 38.103717][ T6550] Bluetooth: hci1: command tx timeout [ 38.103856][ T6556] Bluetooth: hci3: command tx timeout [ 38.142210][ T6980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.142776][ T6980] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.181695][ T6984] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 38.281193][ T6993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.281392][ T6993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.338081][ T7001] binder: 7001 RLIMIT_NICE not set [ 38.389031][ T7003] binder: 7000:7003 got transaction to context manager from process owning it [ 38.389059][ T7003] binder: 7000:7003 transaction call to 7000:0 failed 4/29201/-22, code 0 size 0-0 line 3142 [ 38.721065][ T7016] binder: 7014:7016 ioctl c018620c 20000180 returned -14 [ 38.761215][ T7021] binder: 7021 RLIMIT_NICE not set [ 38.807181][ T7025] input: syz1 as /devices/virtual/input/input6 [ 38.894705][ T7030] [ 38.895142][ T7030] ====================================================== [ 38.896323][ T7030] WARNING: possible circular locking dependency detected [ 38.897445][ T7030] 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 Not tainted [ 38.898461][ T7030] ------------------------------------------------------ [ 38.899618][ T7030] syz.2.138/7030 is trying to acquire lock: [ 38.900421][ T7030] ffff0000c18a3a20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0xa0/0x410 [ 38.902055][ T7030] [ 38.902055][ T7030] but task is already holding lock: [ 38.903215][ T7030] ffff0000c9e2e278 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1130/0x16b0 [ 38.904790][ T7030] [ 38.904790][ T7030] which lock already depends on the new lock. [ 38.904790][ T7030] [ 38.906339][ T7030] [ 38.906339][ T7030] the existing dependency chain (in reverse order) is: [ 38.907791][ T7030] [ 38.907791][ T7030] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 38.909187][ T7030] blk_alloc_queue+0x48c/0x54c [ 38.910039][ T7030] __blk_mq_alloc_disk+0x124/0x304 [ 38.910886][ T7030] loop_add+0x324/0x880 [ 38.911708][ T7030] loop_init+0xe8/0x10c [ 38.912417][ T7030] do_one_initcall+0x250/0x990 [ 38.913280][ T7030] do_initcall_level+0x128/0x1c4 [ 38.914110][ T7030] do_initcalls+0x70/0xd0 [ 38.914879][ T7030] do_basic_setup+0x78/0x8c [ 38.915683][ T7030] kernel_init_freeable+0x268/0x39c [ 38.916587][ T7030] kernel_init+0x24/0x1dc [ 38.917467][ T7030] ret_from_fork+0x10/0x20 [ 38.918141][ T7030] [ 38.918141][ T7030] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 38.919353][ T7030] fs_reclaim_acquire+0x8c/0x118 [ 38.920211][ T7030] kmem_cache_alloc_noprof+0x58/0x3e8 [ 38.921148][ T7030] __kernfs_iattrs+0xd4/0x2d8 [ 38.921925][ T7030] kernfs_iop_setattr+0xdc/0x374 [ 38.922677][ T7030] notify_change+0x9a4/0xc50 [ 38.923410][ T7030] do_truncate+0x198/0x210 [ 38.924238][ T7030] path_openat+0x25a0/0x2c40 [ 38.925097][ T7030] do_filp_open+0x18c/0x36c [ 38.925877][ T7030] do_sys_openat2+0x11c/0x1b4 [ 38.926819][ T7030] __arm64_sys_openat+0x120/0x158 [ 38.927693][ T7030] invoke_syscall+0x98/0x2b8 [ 38.928465][ T7030] el0_svc_common+0x130/0x23c [ 38.929418][ T7030] do_el0_svc+0x48/0x58 [ 38.930185][ T7030] el0_svc+0x58/0x180 [ 38.930874][ T7030] el0t_64_sync_handler+0x84/0x12c [ 38.931758][ T7030] el0t_64_sync+0x198/0x19c [ 38.932718][ T7030] [ 38.932718][ T7030] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 38.934109][ T7030] __lock_acquire+0x1774/0x30a4 [ 38.935013][ T7030] lock_acquire+0x14c/0x2e0 [ 38.935904][ T7030] down_read+0x58/0x2f8 [ 38.936631][ T7030] kernfs_iop_getattr+0xa0/0x410 [ 38.937424][ T7030] vfs_getattr_nosec+0x254/0x38c [ 38.938268][ T7030] vfs_getattr+0x60/0x84 [ 38.938958][ T7030] loop_assign_backing_file+0x1d8/0x390 [ 38.939818][ T7030] lo_ioctl+0x1184/0x16b0 [ 38.940596][ T7030] blkdev_ioctl+0x610/0xac0 [ 38.941387][ T7030] __arm64_sys_ioctl+0x14c/0x1c4 [ 38.942324][ T7030] invoke_syscall+0x98/0x2b8 [ 38.943184][ T7030] el0_svc_common+0x130/0x23c [ 38.943977][ T7030] do_el0_svc+0x48/0x58 [ 38.944756][ T7030] el0_svc+0x58/0x180 [ 38.945549][ T7030] el0t_64_sync_handler+0x84/0x12c [ 38.946478][ T7030] el0t_64_sync+0x198/0x19c [ 38.947229][ T7030] [ 38.947229][ T7030] other info that might help us debug this: [ 38.947229][ T7030] [ 38.948904][ T7030] Chain exists of: [ 38.948904][ T7030] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 38.948904][ T7030] [ 38.951324][ T7030] Possible unsafe locking scenario: [ 38.951324][ T7030] [ 38.952544][ T7030] CPU0 CPU1 [ 38.953445][ T7030] ---- ---- [ 38.954332][ T7030] lock(&q->q_usage_counter(io)#24); [ 38.955203][ T7030] lock(fs_reclaim); [ 38.956272][ T7030] lock(&q->q_usage_counter(io)#24); [ 38.957546][ T7030] rlock(&root->kernfs_iattr_rwsem); [ 38.958480][ T7030] [ 38.958480][ T7030] *** DEADLOCK *** [ 38.958480][ T7030] [ 38.959751][ T7030] 3 locks held by syz.2.138/7030: [ 38.960580][ T7030] #0: ffff0000c9fc9400 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0xc78/0x16b0 [ 38.962050][ T7030] #1: ffff0000c9e2e278 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1130/0x16b0 [ 38.963593][ T7030] #2: ffff0000c9e2e2b0 (&q->q_usage_counter(queue)#22){+.+.}-{0:0}, at: lo_ioctl+0x1130/0x16b0 [ 38.965371][ T7030] [ 38.965371][ T7030] stack backtrace: [ 38.966308][ T7030] CPU: 1 UID: 0 PID: 7030 Comm: syz.2.138 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 38.968086][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 38.969701][ T7030] Call trace: [ 38.970150][ T7030] show_stack+0x2c/0x3c (C) [ 38.970823][ T7030] __dump_stack+0x30/0x40 [ 38.971418][ T7030] dump_stack_lvl+0xd8/0x12c [ 38.972046][ T7030] dump_stack+0x1c/0x28 [ 38.972679][ T7030] print_circular_bug+0x324/0x32c [ 38.973426][ T7030] check_noncircular+0x154/0x174 [ 38.974134][ T7030] __lock_acquire+0x1774/0x30a4 [ 38.974873][ T7030] lock_acquire+0x14c/0x2e0 [ 38.975560][ T7030] down_read+0x58/0x2f8 [ 38.976215][ T7030] kernfs_iop_getattr+0xa0/0x410 [ 38.976977][ T7030] vfs_getattr_nosec+0x254/0x38c [ 38.977663][ T7030] vfs_getattr+0x60/0x84 [ 38.978315][ T7030] loop_assign_backing_file+0x1d8/0x390 [ 38.979130][ T7030] lo_ioctl+0x1184/0x16b0 [ 38.979814][ T7030] blkdev_ioctl+0x610/0xac0 [ 38.980513][ T7030] __arm64_sys_ioctl+0x14c/0x1c4 [ 38.981319][ T7030] invoke_syscall+0x98/0x2b8 [ 38.982090][ T7030] el0_svc_common+0x130/0x23c [ 38.982868][ T7030] do_el0_svc+0x48/0x58 [ 38.983539][ T7030] el0_svc+0x58/0x180 [ 38.984137][ T7030] el0t_64_sync_handler+0x84/0x12c [ 38.984966][ T7030] el0t_64_sync+0x198/0x19c [ 39.174328][ T1791] binder: undelivered TRANSACTION_ERROR: 29201 [ 40.423120][ T6976] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 40.423150][ T6976] Bluetooth: hci0: Injecting HCI hardware error event [ 40.423481][ T6976] Bluetooth: hci0: hardware error 0x00 [ 42.583144][ T6976] Bluetooth: hci0: Opcode 0x0c03 failed: -110