last executing test programs: 1m44.665662636s ago: executing program 0: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x0, 0x0, @prog_id}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00'}, 0x70) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r4, r3, 0x2, 0x6, 0x4000}, 0x10) 1m44.518409409s ago: executing program 0: r0 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 1m0.618420595s ago: executing program 0: r0 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 36.637730593s ago: executing program 0: r0 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 35.523303776s ago: executing program 0: r0 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 2.8376057s ago: executing program 2: arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x13) 2.754271552s ago: executing program 2: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) mount$nfs4(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x1) 2.656988624s ago: executing program 3: syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000a80)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@nodiscard}, {@order_strict}, {@nobarrier}, {@norecovery}, {@discard}, {@discard}, {@nobarrier}, {@nodiscard}, {@nobarrier}]}, 0x1, 0xa75, &(0x7f0000000ac0)="$eJzs3V2IXNUBAOBzZ3c2f2szsUldNWpaW7Q/7roxabWpJmKglEII9KGgfQkxpiFrWhqRKkJTH0pfREHMUx9i6UtflLYU9aUEH4oUlFJahD5Z6WsKQh+koFN25pzZ2ZMZ7kyyu3dm5/vgzJl7z517zp25c+fOvecnABOr1no8cGBrCOGVt14+etur77y4POdwZ4lG63G6a6oeQiji9HS2vg+m2vEnHz13sldchP2txzQdjl3pvHZHCOFC2Bcuh0Z44bGL0++/cey918LZp48ffffN9dn6FcV6ZwAAACPg+OVDB/b866+37vrf67cfCVs689P5eSNOz8bz/iPxRDmdL9fC6umiK3SbyZabjqGWLTfVY7nufOrZctN98p/J1lvvs9yWkvynuub12m4YZ2k/boSiNr9qulabn2//Jw+t//Uzxfy5M0tPnK+ooMCa++8dIYR9giBMYmjurPoIBNCW3y+8yoW1vVPXWdv0YPlfebjW+/Vd6mtaQibC1na00ft/Tv6jnf9vfq6mAmtnE+5Nf7+ha7vS92g2Tuf3EfL6S8N+/9P68vsRg54D9LuPMC73F/qVc2qDy3Gt+pU/3y82qwdjnN6Hh7L0+D1o3U7LP9Nx+YyB3j52/V8Q1iTcXFRfhmFDs+oDEDCy8npzzSil5/X68vQtJelbS9K3laRvL0nfUZIOk+wPT70YXipWrnfl/+mHvR42m63iM0OWJ78eOWz+eb3fYV1v/nl9YhhpO/588f7HH/1bu/5/0dn/P437+7443YjfrctxgXS9ML+u3qn731idTa3Pcjdmxbmhx/Kt57tXL1fsXllP6DrOXFWOufSK9hXdnf2W27t6/Y1suW0xbM3Km5+fbM9el84/0kFxdlVpVra3nm3HTFaOdFzZFeO8HHAt0v64uv7/8t7Xqv/fuY01F+rFE2eWTt0bp9N++s5Ufcvy/MWNLjhw3QZt/zMXVrf/me3Mr9e6jws7V+YX3ceFRjZ/f5/598Xp9Dv3w6ltrfnzJ3+09PhabzxMuPPPPHv2xNLSqZ94MmpPwoUQRqAYnkzSk3RcOLFU7XEJWH8LTz3544Xzzzx7z5knT5w+dfrUucWDi/c/cHBx8esPLLTO6xe6z+43Y3VhmFwrv/5VlwQAAAAAAAAAAAAY1OkPFy794+1v/LPd/n+l/V9q/59q/qb2/7/M2v9nzfw7FYRTO8DUju+q9vZZB6sz2XL1GD6brX93ls+e7HWfi3FnHL/Y/j9ll/frmspzUzY/7783LTeXzc/7S5nJ+iApwi+2d5fvCzF+Psa/DlChYlvv2TEu69867eupfwr9Uoyn9LmlvSH1Y5Laf6f23qm/ktT/Qzr+79qAMrL2NqJdYdXbCPT2n83c/3c6iam6HIIwoqHZNIoHMBqqHv8zXfdM8bk/fWfrckiLXXl49fEy778Urseojz8p/8rH/1zT4YU7498NfPzLRszLbwAN6NDz3/13V7bhlkHzz8c/Tf1A7x4u/2/F/NPW3BUGy7/5apZ/fkNoQA9m+W8fMP+rtn/vteX/UMw/vW133zlo/u0SF7XV5civG6f7f+m68fez/A9n25/69hx6+69xoMYjMX+YZOMyzuywxmX8337yehgH43Q6EKZ6Dvl4J8OWP9WvSL8De7L1FyW/b5tw/N/mz5rNX03KOC7fjHHZ92E2fqZpf2z0mK51Tdd7vLeb9VgD4+qDzXz/Txj/sG0EynD9of2z2j0v/RhWXLZms1lpn746FK5W1e9/1f8Tqs6/6ve/TD7+b34On4//m6fn4/9+L0vPx//NX5+Pr5en5+P/5u9nPv5vnn5Ttt58fOC5kvSbS9JvKUm/tSR9b0n6bSXpny9Jv70k/Y6S9BtL0u8sSf9iSfqX+qd/3L1ov9ffXbL+L5ekb3apPcqkbj9Msrx9nu8/TI50/6ff9393STowvi6+vvjIo7//QaPd/n+mcz0k3cc7Eqfr8b/zT+N0ft87dE0vp70dpz/M0kf9egdMkrz/jPz3/a6SdGB8pXpevt8wgYrePfbk99v69VvV7zyf8fKVGH81xl+L8T0xno/xQowXY7x/g8rH+njkd3889FKx8n9/Z5Y+aH3yvD1Q3k/UfQOWJ78+MGx99rwfv2Fdb/7X2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgMrXW44EDc0UIr7z18tFLf/n2b5fnHO4s0Wg9TndN1TuvC+HeGE/F+FJ88slHz53sjj+NcRH2hyIUnfnh2JVOTjtCCBfCvnA5NMILj12cfv+NY++9Fs4+ffzou2+u3zvQVqx3BgAAAFCh/wcAAP//z2EOoA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x80086e8a, 0x0) 2.535611387s ago: executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) r1 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x48e9, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1}) 2.234188033s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x275a, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/137, 0x89}], 0x1, 0x80000001, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000002e80)={'tunl0\x00', 0x0, 0x20, 0x1, 0xe55, 0x5b5, {{0xa, 0x4, 0x3, 0x4, 0x28, 0x67, 0x0, 0x81, 0x4, 0x0, @empty, @rand_addr=0x64010100, {[@generic={0x88, 0xa, "dc84feabe0888d50"}, @generic={0x0, 0x5, "afc700"}, @lsrr={0x83, 0x3, 0x9b}]}}}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000140)={@mcast1}, &(0x7f0000000180)=0x14) preadv(r0, &(0x7f0000003140)=[{&(0x7f0000002f80)=""/109, 0x6d}, {&(0x7f0000003000)=""/83, 0x53}, {&(0x7f00000000c0)=""/33, 0x21}, {&(0x7f0000003080)=""/133, 0x85}], 0x4, 0x0, 0x2) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x4, 0x2, {0x0, "0000a700"}}}]}, 0x48}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'sit0\x00', &(0x7f00000001c0)}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000380)={'erspan0\x00', 0x0, 0x10, 0x20, 0x7f, 0x3, {{0x22, 0x4, 0x1, 0x26, 0x88, 0x68, 0x0, 0x5, 0x0, 0x0, @broadcast, @multicast1, {[@rr={0x7, 0x17, 0x1c, [@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010101, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_addr={0x44, 0x1c, 0x6c, 0x1, 0x1, [{@empty, 0x1}, {@empty, 0x5}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x3}]}, @noop, @timestamp={0x44, 0x14, 0x75, 0x0, 0x2, [0x7, 0x0, 0x8, 0x6322]}, @lsrr={0x83, 0x23, 0xf4, [@broadcast, @private=0xa010101, @local, @empty, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @private=0xa010100]}, @ssrr={0x89, 0x7, 0xf0, [@multicast2]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000440)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x8, 0xb56b, 0x40, @local, @remote, 0x8, 0x7807, 0xffffff58, 0xfa}}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$unix(r2, &(0x7f0000002f00)=@file={0x1, './file0\x00'}, 0x6e) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0xf4, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xc4, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xb4, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x4, 0x3}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x4, 0x2}}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xa54, 0x18}}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x800}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x6}}]}, @IFLA_VLAN_INGRESS_QOS={0x70, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10000, 0x10010}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x68}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x95ee}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x8001}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xb22, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x2}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xae7f, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x80, 0x6}}]}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0xf4}, 0x1, 0xba01}, 0x0) 2.132938795s ago: executing program 1: r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000000)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000380)}) 2.064336492s ago: executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x800803fe) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xfb, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 2.034583677s ago: executing program 1: io_setup(0x7, &(0x7f0000000000)=0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000001f40)=ANY=[], &(0x7f0000001000)='GPL\x00'}, 0x90) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0), 0x24) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xc, 0x0, 0x0, 0x3, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @dev, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@empty}, {@empty}, {@loopback}]}, @cipso={0x86, 0xd, 0x0, [{0x0, 0x5, "4eb8a6"}, {0x0, 0x2}]}]}}}}}}}, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000140)=""/112, 0x70) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 1.960248171s ago: executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file0\x00', 0x804, &(0x7f0000000640)=ANY=[@ANYBLOB='check=strict,shortname=mixed,utf8=1,utf8=1,shortname=lower,shortname=winnt,rodir,iocharset=iso8859-13,uni_xlate=1,shortname=lower,nonumtail=0,shortname=mixed,allow_utime=00000000000000000072055,umask=000000\x00\x00\x00\x000000000000004,uni_xlate=0,\x00'], 0x3, 0x276, &(0x7f00000003c0)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) 1.955750561s ago: executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000040)=0xd) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) readv(r1, &(0x7f00000004c0)=[{&(0x7f0000000240)=""/18, 0x12}], 0x1) 1.87492394s ago: executing program 0: r0 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_ZEROPAGE(r2, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 1.863713562s ago: executing program 2: getpid() sched_setscheduler(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000780)=0x426b) readv(r0, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSETD(r0, 0x5437, 0x0) 1.85249637s ago: executing program 4: r0 = eventfd(0x0) r1 = syz_io_uring_setup(0xed0, &(0x7f00000003c0)={0x0, 0x0, 0x10300}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0xff39) read$eventfd(r0, &(0x7f0000000040), 0x8) write$eventfd(r0, &(0x7f0000000080)=0xfffffffffffffff7, 0x8) 1.839867448s ago: executing program 1: syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000a80)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@nodiscard}, {@order_strict}, {@nobarrier}, {@norecovery}, {@discard}, {@discard}, {@nobarrier}, {@nodiscard}, {@nobarrier}]}, 0x1, 0xa75, &(0x7f0000000ac0)="$eJzs3V2IXNUBAOBzZ3c2f2szsUldNWpaW7Q/7roxabWpJmKglEII9KGgfQkxpiFrWhqRKkJTH0pfREHMUx9i6UtflLYU9aUEH4oUlFJahD5Z6WsKQh+koFN25pzZ2ZMZ7kyyu3dm5/vgzJl7z517zp25c+fOvecnABOr1no8cGBrCOGVt14+etur77y4POdwZ4lG63G6a6oeQiji9HS2vg+m2vEnHz13sldchP2txzQdjl3pvHZHCOFC2Bcuh0Z44bGL0++/cey918LZp48ffffN9dn6FcV6ZwAAACPg+OVDB/b866+37vrf67cfCVs689P5eSNOz8bz/iPxRDmdL9fC6umiK3SbyZabjqGWLTfVY7nufOrZctN98p/J1lvvs9yWkvynuub12m4YZ2k/boSiNr9qulabn2//Jw+t//Uzxfy5M0tPnK+ooMCa++8dIYR9giBMYmjurPoIBNCW3y+8yoW1vVPXWdv0YPlfebjW+/Vd6mtaQibC1na00ft/Tv6jnf9vfq6mAmtnE+5Nf7+ha7vS92g2Tuf3EfL6S8N+/9P68vsRg54D9LuPMC73F/qVc2qDy3Gt+pU/3y82qwdjnN6Hh7L0+D1o3U7LP9Nx+YyB3j52/V8Q1iTcXFRfhmFDs+oDEDCy8npzzSil5/X68vQtJelbS9K3laRvL0nfUZIOk+wPT70YXipWrnfl/+mHvR42m63iM0OWJ78eOWz+eb3fYV1v/nl9YhhpO/588f7HH/1bu/5/0dn/P437+7443YjfrctxgXS9ML+u3qn731idTa3Pcjdmxbmhx/Kt57tXL1fsXllP6DrOXFWOufSK9hXdnf2W27t6/Y1suW0xbM3Km5+fbM9el84/0kFxdlVpVra3nm3HTFaOdFzZFeO8HHAt0v64uv7/8t7Xqv/fuY01F+rFE2eWTt0bp9N++s5Ufcvy/MWNLjhw3QZt/zMXVrf/me3Mr9e6jws7V+YX3ceFRjZ/f5/598Xp9Dv3w6ltrfnzJ3+09PhabzxMuPPPPHv2xNLSqZ94MmpPwoUQRqAYnkzSk3RcOLFU7XEJWH8LTz3544Xzzzx7z5knT5w+dfrUucWDi/c/cHBx8esPLLTO6xe6z+43Y3VhmFwrv/5VlwQAAAAAAAAAAAAY1OkPFy794+1v/LPd/n+l/V9q/59q/qb2/7/M2v9nzfw7FYRTO8DUju+q9vZZB6sz2XL1GD6brX93ls+e7HWfi3FnHL/Y/j9ll/frmspzUzY/7783LTeXzc/7S5nJ+iApwi+2d5fvCzF+Psa/DlChYlvv2TEu69867eupfwr9Uoyn9LmlvSH1Y5Laf6f23qm/ktT/Qzr+79qAMrL2NqJdYdXbCPT2n83c/3c6iam6HIIwoqHZNIoHMBqqHv8zXfdM8bk/fWfrckiLXXl49fEy778Urseojz8p/8rH/1zT4YU7498NfPzLRszLbwAN6NDz3/13V7bhlkHzz8c/Tf1A7x4u/2/F/NPW3BUGy7/5apZ/fkNoQA9m+W8fMP+rtn/vteX/UMw/vW133zlo/u0SF7XV5civG6f7f+m68fez/A9n25/69hx6+69xoMYjMX+YZOMyzuywxmX8337yehgH43Q6EKZ6Dvl4J8OWP9WvSL8De7L1FyW/b5tw/N/mz5rNX03KOC7fjHHZ92E2fqZpf2z0mK51Tdd7vLeb9VgD4+qDzXz/Txj/sG0EynD9of2z2j0v/RhWXLZms1lpn746FK5W1e9/1f8Tqs6/6ve/TD7+b34On4//m6fn4/9+L0vPx//NX5+Pr5en5+P/5u9nPv5vnn5Ttt58fOC5kvSbS9JvKUm/tSR9b0n6bSXpny9Jv70k/Y6S9BtL0u8sSf9iSfqX+qd/3L1ov9ffXbL+L5ekb3apPcqkbj9Msrx9nu8/TI50/6ff9393STowvi6+vvjIo7//QaPd/n+mcz0k3cc7Eqfr8b/zT+N0ft87dE0vp70dpz/M0kf9egdMkrz/jPz3/a6SdGB8pXpevt8wgYrePfbk99v69VvV7zyf8fKVGH81xl+L8T0xno/xQowXY7x/g8rH+njkd3889FKx8n9/Z5Y+aH3yvD1Q3k/UfQOWJ78+MGx99rwfv2Fdb/7X2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgMrXW44EDc0UIr7z18tFLf/n2b5fnHO4s0Wg9TndN1TuvC+HeGE/F+FJ88slHz53sjj+NcRH2hyIUnfnh2JVOTjtCCBfCvnA5NMILj12cfv+NY++9Fs4+ffzou2+u3zvQVqx3BgAAAFCh/wcAAP//z2EOoA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x80086e8a, 0x0) 1.784264371s ago: executing program 3: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x20000005) r1 = socket$inet6(0xa, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r5, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.441273048s ago: executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f00000003c0)) 996.919332ms ago: executing program 2: syz_usbip_server_init(0x4) syz_usbip_server_init(0x5) syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) 602.925871ms ago: executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x4, 0x0, 0x0) 574.110048ms ago: executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)) r1 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0x40184152, &(0x7f0000000000)) 571.634512ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000e90f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc0600000000000000a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f0452ffc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b5860ec182dcfbad421493b000e3806f905f1d0da2a304e06543b56d35235d96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3a0f3abda0f01e27f9e61fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281848b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f957473ea0f89c162c61f090e756576bc3000820395ad40597d5cd115280e312fce05d99c6e4dc8792d2c7fb55eb75eb9e6819869e1a3cbc4c3b6b6e119c0cdad6956787858750ffbf6d543932b03623d3a16a303b7bce2a9b514a0c74584356a0363f3644e3abbe4c08b411868f5f94528424cb6e1921ee4d1b1f4670b740c66e2ce440ca7b9402e0de12478fddd2e52061d7b78347d9452177e524f38bb778c8be93fb25bac014a55572e0b9db8a638ccfe27ab61c8f54ee59cc53b31b8482c0f9bd48e4db93a7556036aa593cd91dfa3b96e0c6e057daaa53ff7d515da024a09836c7330"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9}, 0x48) 413.377737ms ago: executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) process_mrelease(0xffffffffffffffff, 0x2) 294.011048ms ago: executing program 4: r0 = socket(0x22, 0x2, 0x2) ioctl$IMGETCOUNT(r0, 0x80044944, &(0x7f0000000000)) 190.360843ms ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x20}) write$cgroup_int(r0, &(0x7f0000000040), 0xfea0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x1, 0xbb3e, 0x404}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x2, 0x0, 0x7}) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x2880008, r0, 0x0, 0x7, 0xa}) 104.808084ms ago: executing program 4: io_setup(0x7, &(0x7f0000000000)=0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000001f40)=ANY=[], &(0x7f0000001000)='GPL\x00'}, 0x90) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0), 0x24) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xc, 0x0, 0x0, 0x3, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @dev, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@empty}, {@empty}, {@loopback}]}, @cipso={0x86, 0xd, 0x0, [{0x0, 0x5, "4eb8a6"}, {0x0, 0x2}]}]}}}}}}}, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000140)=""/112, 0x70) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 0s ago: executing program 3: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') preadv(r5, &(0x7f0000000b00)=[{&(0x7f0000000300)=""/30, 0x1e}], 0x1, 0x80000001, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000080)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r6, 0x0, 0x200) kernel console output (not intermixed with test programs): rongly recommended to keep mac addresses unique to avoid problems! [ 1176.789583][T26342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.818999][T26342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.831753][T26342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.842609][T26342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.864736][T26342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.893427][T26342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.949414][T26342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1176.970100][T26342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.991492][T26342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1177.038149][T26342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1177.059534][T26342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1177.301234][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.323622][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.438292][ T5164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1177.480514][ T5164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1177.526044][ T7554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1177.545384][ T7554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1177.846053][ T25] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1178.170731][ T25] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1179.109629][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1179.124288][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1179.132520][ T25] usb 5-1: SerialNumber: syz [ 1179.570046][T26620] loop2: detected capacity change from 0 to 40427 [ 1179.604335][T26620] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 1179.627819][T26620] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1179.656824][T26620] F2FS-fs (loop2): invalid crc value [ 1179.678304][T26620] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1179.832707][T26620] F2FS-fs (loop2): Try to recover 1th superblock, ret: -30 [ 1179.851563][T26620] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 1179.988011][ T25] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 1180.033646][ T25] usb 5-1: USB disconnect, device number 19 [ 1180.062933][T25708] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1181.539483][T26680] loop1: detected capacity change from 0 to 32768 [ 1181.578121][T26680] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (26680) [ 1181.606816][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1181.632296][T26680] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1181.652692][T26680] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1181.669692][T26680] BTRFS info (device loop1): using free-space-tree [ 1181.797770][ T25] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1181.839082][ T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1181.864084][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1181.889498][ T25] usb 4-1: SerialNumber: syz [ 1181.923607][T24594] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1182.265107][ T5234] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.720087][ T5234] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.781183][ T25] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 1182.837528][ T25] usb 4-1: USB disconnect, device number 24 [ 1183.081872][T26747] loop4: detected capacity change from 0 to 256 [ 1183.185663][T26747] FAT-fs (loop4): Directory bread(block 64) failed [ 1183.198509][T26747] FAT-fs (loop4): Directory bread(block 65) failed [ 1183.231311][T26747] FAT-fs (loop4): Directory bread(block 66) failed [ 1183.245605][ T5234] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1183.285328][T26747] FAT-fs (loop4): Directory bread(block 67) failed [ 1183.317167][T26747] FAT-fs (loop4): Directory bread(block 68) failed [ 1183.353690][T26747] FAT-fs (loop4): Directory bread(block 69) failed [ 1183.366205][T26747] FAT-fs (loop4): Directory bread(block 70) failed [ 1183.403663][T26747] FAT-fs (loop4): Directory bread(block 71) failed [ 1183.419149][T19034] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1183.438553][T26747] FAT-fs (loop4): Directory bread(block 72) failed [ 1183.453700][T19034] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1183.478273][T19034] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1183.486482][T19034] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1183.494106][T19034] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1183.501686][T19034] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1183.516629][T26747] FAT-fs (loop4): Directory bread(block 73) failed [ 1183.703199][T19034] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1183.719854][T19034] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1183.735337][T19034] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1183.750710][T19034] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1183.761585][T19034] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1183.769135][T19034] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1183.864771][T15543] libceph: connect (1)[c::]:6789 error -101 [ 1183.870995][T15543] libceph: mon0 (1)[c::]:6789 connect error [ 1183.944110][ T5234] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.183859][ T25] libceph: connect (1)[c::]:6789 error -101 [ 1184.210582][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 1184.283511][T26767] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1184.524798][ T5234] bridge_slave_1: left allmulticast mode [ 1184.542803][ T5234] bridge_slave_1: left promiscuous mode [ 1184.560195][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1184.592775][ T5234] bridge_slave_0: left allmulticast mode [ 1184.602329][ T5234] bridge_slave_0: left promiscuous mode [ 1184.609784][T26757] ceph: No mds server is up or the cluster is laggy [ 1184.629242][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1185.227829][T26785] loop1: detected capacity change from 0 to 32768 [ 1185.326977][T26785] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 1185.360628][T26785] XFS (loop1): Ending clean mount [ 1185.368658][T26785] XFS (loop1): Quotacheck needed: Please wait. [ 1185.518366][T26785] XFS (loop1): Quotacheck: Done. [ 1185.617569][T19034] Bluetooth: hci1: command tx timeout [ 1185.683273][T24594] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 1185.692717][ T29] kauditd_printk_skb: 95 callbacks suppressed [ 1185.692734][ T29] audit: type=1804 audit(2253841205.535:3495): pid=26797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1629899398/syzkaller.1IDKyW/286/file0" dev="sda1" ino=1937 res=1 errno=0 [ 1185.765054][T26797] loop3: detected capacity change from 0 to 512 [ 1185.870777][T19034] Bluetooth: hci4: command tx timeout [ 1185.956357][T26797] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 1186.033027][T26797] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 1186.093741][T26797] EXT4-fs (loop3): Remounting filesystem read-only [ 1186.107502][T26797] EXT4-fs (loop3): 1 truncate cleaned up [ 1186.114806][T26797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1186.129359][T26797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1186.228372][ T29] audit: type=1800 audit(2253841206.085:3496): pid=26801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 1186.254877][ T5234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1186.275834][ T5234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1186.292678][ T5234] bond0 (unregistering): Released all slaves [ 1186.439034][T26754] chnl_net:caif_netlink_parms(): no params data found [ 1186.581919][T26750] chnl_net:caif_netlink_parms(): no params data found [ 1186.654867][ T5162] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1186.796690][T26754] bridge0: port 1(bridge_slave_0) entered blocking state [ 1186.837861][T26754] bridge0: port 1(bridge_slave_0) entered disabled state [ 1186.845250][T26754] bridge_slave_0: entered allmulticast mode [ 1186.846680][ T5162] usb 4-1: Using ep0 maxpacket: 16 [ 1186.871346][T26754] bridge_slave_0: entered promiscuous mode [ 1186.873335][ T5162] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=94.d7 [ 1186.887194][ T5162] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.893860][ T29] audit: type=1800 audit(2253841206.735:3497): pid=26822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1943 res=0 errno=0 [ 1186.895381][ T5162] usb 4-1: Product: syz [ 1186.925370][ T5162] usb 4-1: Manufacturer: syz [ 1186.930250][ T5162] usb 4-1: SerialNumber: syz [ 1186.955770][ T5162] usb 4-1: config 0 descriptor?? [ 1186.969780][ T5162] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1187.031340][T26754] bridge0: port 2(bridge_slave_1) entered blocking state [ 1187.042446][T26754] bridge0: port 2(bridge_slave_1) entered disabled state [ 1187.055636][T26754] bridge_slave_1: entered allmulticast mode [ 1187.087695][T26754] bridge_slave_1: entered promiscuous mode [ 1187.102325][T26830] loop1: detected capacity change from 0 to 512 [ 1187.205415][T26805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1187.214188][T26805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1187.228071][ T5162] usb 4-1: USB disconnect, device number 25 [ 1187.283826][T26830] EXT4-fs (loop1): failed to open journal device unknown-block(0,0) -6 [ 1187.322340][T26754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1187.334818][T26750] bridge0: port 1(bridge_slave_0) entered blocking state [ 1187.352781][T26750] bridge0: port 1(bridge_slave_0) entered disabled state [ 1187.375591][T26750] bridge_slave_0: entered allmulticast mode [ 1187.384250][T26750] bridge_slave_0: entered promiscuous mode [ 1187.415694][ T5234] hsr_slave_0: left promiscuous mode [ 1187.431821][ T5234] hsr_slave_1: left promiscuous mode [ 1187.449508][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1187.472487][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1187.490923][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1187.507952][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1187.570950][ T5234] veth1_macvtap: left promiscuous mode [ 1187.586331][ T5234] veth0_macvtap: left promiscuous mode [ 1187.592017][ T5234] veth1_vlan: left promiscuous mode [ 1187.606036][ T5234] veth0_vlan: left promiscuous mode [ 1187.683776][ T29] audit: type=1800 audit(2253841207.525:3498): pid=26844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1955 res=0 errno=0 [ 1187.696055][T19034] Bluetooth: hci1: command tx timeout [ 1187.939453][T19034] Bluetooth: hci4: command tx timeout [ 1188.834962][ T5234] team0 (unregistering): Port device team_slave_1 removed [ 1188.943854][ T5234] team0 (unregistering): Port device team_slave_0 removed [ 1189.776207][T19034] Bluetooth: hci1: command tx timeout [ 1190.016455][T19034] Bluetooth: hci4: command tx timeout [ 1190.084321][T26754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1190.114061][T26750] bridge0: port 2(bridge_slave_1) entered blocking state [ 1190.128609][T26750] bridge0: port 2(bridge_slave_1) entered disabled state [ 1190.140769][T26750] bridge_slave_1: entered allmulticast mode [ 1190.148845][T26750] bridge_slave_1: entered promiscuous mode [ 1190.257547][T26860] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1190.272619][T26860] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 1190.368035][T26750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1190.413478][T26754] team0: Port device team_slave_0 added [ 1190.532120][T26750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1190.549734][T26754] team0: Port device team_slave_1 added [ 1190.686108][ T29] audit: type=1804 audit(2253841210.505:3499): pid=26870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1629899398/syzkaller.1IDKyW/291/file0" dev="sda1" ino=1952 res=1 errno=0 [ 1190.774765][T26872] loop3: detected capacity change from 0 to 512 [ 1190.834303][T26872] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 1190.846627][T26872] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 1190.865401][T26872] EXT4-fs (loop3): Remounting filesystem read-only [ 1190.889277][T26872] EXT4-fs (loop3): 1 truncate cleaned up [ 1190.895593][T26872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1190.928366][T26872] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1191.048823][T26750] team0: Port device team_slave_0 added [ 1191.085615][T26754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1191.104169][T26754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.146037][T26754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1191.178756][T26750] team0: Port device team_slave_1 added [ 1191.222350][T26754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1191.236277][T26754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.269099][T26883] loop4: detected capacity change from 0 to 2048 [ 1191.282377][T26754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1191.322905][T26884] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1191.430962][T26750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1191.451314][T26750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.480859][T26750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1191.487171][T16139] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1191.495296][T26750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1191.507288][T26750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1191.572530][T26750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1191.664251][T26880] loop1: detected capacity change from 0 to 32768 [ 1191.691985][T26880] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (26880) [ 1191.710066][T26754] hsr_slave_0: entered promiscuous mode [ 1191.719667][T26880] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1191.730730][T26754] hsr_slave_1: entered promiscuous mode [ 1191.739445][T16139] usb 4-1: Using ep0 maxpacket: 16 [ 1191.744815][T26754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1191.752850][T26880] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 1191.763897][T26754] Cannot create hsr debugfs directory [ 1191.777002][T26880] BTRFS info (device loop1): disk space caching is enabled [ 1191.779287][T26750] hsr_slave_0: entered promiscuous mode [ 1191.793166][T16139] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=94.d7 [ 1191.803812][T16139] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.812519][T26750] hsr_slave_1: entered promiscuous mode [ 1191.813020][T16139] usb 4-1: Product: syz [ 1191.822965][T16139] usb 4-1: Manufacturer: syz [ 1191.828926][T16139] usb 4-1: SerialNumber: syz [ 1191.833667][T26750] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1191.844190][T16139] usb 4-1: config 0 descriptor?? [ 1191.852689][T16139] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1191.856412][T19034] Bluetooth: hci1: command tx timeout [ 1191.876126][T26750] Cannot create hsr debugfs directory [ 1191.930601][ T29] audit: type=1800 audit(2253841211.785:3500): pid=26902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 1191.964757][T26880] BTRFS info (device loop1): rebuilding free space tree [ 1192.037756][T26880] BTRFS info (device loop1): disabling free space tree [ 1192.048566][ T5234] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1192.056292][T26880] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1192.080043][T26880] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1192.101911][T19034] Bluetooth: hci4: command tx timeout [ 1192.103900][T26871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1192.131116][T26871] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1192.221565][ T25] usb 4-1: USB disconnect, device number 26 [ 1192.257135][T24594] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1192.268928][T26908] loop4: detected capacity change from 0 to 1024 [ 1192.670302][ T5234] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.238425][T26921] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1193.250885][T26921] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 1193.259934][T26921] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 1193.274524][T26921] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1193.408682][ T5234] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.561904][T26924] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1193.701674][ T5234] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1193.873034][T26930] loop4: detected capacity change from 0 to 256 [ 1194.011533][T26934] loop3: detected capacity change from 0 to 1024 [ 1194.037978][T26934] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1194.052531][T26934] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1194.083945][ T29] audit: type=1326 audit(2253841213.935:3501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26935 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdff627cee9 code=0x0 [ 1194.106324][ C1] vkms_vblank_simulate: vblank timer overrun [ 1194.148232][T26934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1194.184356][T26940] loop4: detected capacity change from 0 to 1024 [ 1194.191566][T26941] loop1: detected capacity change from 0 to 2048 [ 1194.205177][T26934] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #12: comm syz-executor.3: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1194.247770][T22684] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1194.250611][T26941] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1194.312505][T26941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1194.412120][ T5234] bridge_slave_1: left allmulticast mode [ 1194.436340][ T5234] bridge_slave_1: left promiscuous mode [ 1194.442141][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1194.480810][ T5234] bridge_slave_0: left allmulticast mode [ 1194.489035][ T5234] bridge_slave_0: left promiscuous mode [ 1194.506151][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1195.007399][ C1] vkms_vblank_simulate: vblank timer overrun [ 1195.394043][ T29] audit: type=1804 audit(2253841215.245:3502): pid=26964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2084288818/syzkaller.IDJ0cv/145/file0/bus" dev="loop1" ino=1367 res=1 errno=0 [ 1195.420177][ C1] vkms_vblank_simulate: vblank timer overrun [ 1196.019917][T26966] loop4: detected capacity change from 0 to 40427 [ 1196.042135][T26966] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1196.052410][T26966] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1196.063027][ T5234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1196.079520][T26966] F2FS-fs (loop4): invalid crc value [ 1196.101520][T26966] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1196.101781][ T5234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1196.130793][ T5234] bond0 (unregistering): Released all slaves [ 1196.245544][T26957] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1196.261285][T26966] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1196.291409][T26966] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1196.473893][T25265] syz-executor.4: attempt to access beyond end of device [ 1196.473893][T25265] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 1196.489770][T26973] loop3: detected capacity change from 0 to 1024 [ 1196.491084][T25265] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1196.506828][T25265] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1196.837550][ C1] vkms_vblank_simulate: vblank timer overrun [ 1197.846108][ T5234] hsr_slave_0: left promiscuous mode [ 1197.855576][T26985] loop3: detected capacity change from 0 to 256 [ 1197.918463][ T5234] hsr_slave_1: left promiscuous mode [ 1197.931581][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1197.943980][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1197.961288][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1197.987185][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1198.074830][ T5234] veth1_macvtap: left promiscuous mode [ 1198.088038][ T5234] veth0_macvtap: left promiscuous mode [ 1198.099619][ T5234] veth1_vlan: left promiscuous mode [ 1198.110185][ T5234] veth0_vlan: left promiscuous mode [ 1198.509860][T26995] binder: 26994:26995 ioctl c0046209 0 returned -22 [ 1198.894799][T26992] loop4: detected capacity change from 0 to 32768 [ 1198.929178][T26992] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (26992) [ 1198.946338][T26992] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1198.956922][T26992] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 1198.966904][T26992] BTRFS info (device loop4): using free-space-tree [ 1198.974376][ C1] vkms_vblank_simulate: vblank timer overrun [ 1199.638036][T25265] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1199.738539][ T5234] team0 (unregistering): Port device team_slave_1 removed [ 1200.042963][T27018] loop4: detected capacity change from 0 to 1024 [ 1200.095731][ T5234] team0 (unregistering): Port device team_slave_0 removed [ 1200.729157][T27031] loop4: detected capacity change from 0 to 128 [ 1200.845522][T27031] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1200.884296][T27031] ext4 filesystem being mounted at /root/syzkaller-testdir2132519443/syzkaller.dw1wPb/112/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1201.006789][T27031] loop4: detected capacity change from 128 to 64 [ 1201.083368][T27031] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5731: Out of memory [ 1201.093249][T27031] EXT4-fs error (device loop4): ext4_ext_tree_init:879: inode #15: comm syz-executor.4: mark_inode_dirty error [ 1201.106004][T27031] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5731: Out of memory [ 1201.115400][T27031] EXT4-fs error (device loop4): __ext4_new_inode:1344: inode #15: comm syz-executor.4: mark_inode_dirty error [ 1201.136325][T27031] EXT4-fs error (device loop4) in __ext4_new_inode:1346: Out of memory [ 1201.145187][T27031] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5731: Out of memory [ 1201.177791][T27031] EXT4-fs error (device loop4): ext4_evict_inode:251: inode #15: comm syz-executor.4: mark_inode_dirty error [ 1201.191071][T27031] EXT4-fs warning (device loop4): ext4_evict_inode:254: couldn't mark inode dirty (err -12) [ 1201.285458][T25265] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5731: Out of memory [ 1201.309230][T25265] EXT4-fs error (device loop4): ext4_dirty_inode:5935: inode #2: comm syz-executor.4: mark_inode_dirty error [ 1201.347665][T25265] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5731: Out of memory [ 1201.808691][T25265] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1201.880649][T26754] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1201.930197][T26754] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1202.172538][T26754] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1202.208253][T26754] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1202.614962][ T5234] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1202.741275][T27039] loop1: detected capacity change from 0 to 32768 [ 1202.756772][T27039] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (27039) [ 1202.790489][T11252] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1202.793426][T27039] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1202.816205][T11252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1202.818661][T27039] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 1202.860368][T11252] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1202.873406][T11252] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1202.875827][T27039] BTRFS info (device loop1): using free-space-tree [ 1202.891403][T11252] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1202.973247][ T5234] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1203.049380][T26754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1203.083388][T11252] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1203.330577][ T5234] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1203.719580][T27065] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 1203.741532][T24594] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1203.800582][T26754] 8021q: adding VLAN 0 to HW filter on device team0 [ 1203.968686][ T5234] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1204.222319][T15543] bridge0: port 1(bridge_slave_0) entered blocking state [ 1204.229550][T15543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1204.395262][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state [ 1204.402809][ T5115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1204.434955][T26750] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1204.503198][T26750] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1204.641641][T26750] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1204.675716][T26750] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1204.735433][T27067] loop3: detected capacity change from 0 to 32768 [ 1204.785427][T27067] XFS (loop3): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 1204.855208][T27067] XFS (loop3): Ending clean mount [ 1204.884566][ T5234] bridge_slave_1: left allmulticast mode [ 1204.898314][ T5234] bridge_slave_1: left promiscuous mode [ 1204.904328][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1204.913794][ T5234] bridge_slave_0: left allmulticast mode [ 1204.920484][T22684] XFS (loop3): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 1204.922664][ T5234] bridge_slave_0: left promiscuous mode [ 1204.940927][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1205.147422][T11252] Bluetooth: hci3: command tx timeout [ 1205.460595][T27089] loop3: detected capacity change from 0 to 17 [ 1205.478365][T27089] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop3 [ 1205.623517][ T29] audit: type=1800 audit(2253841225.475:3503): pid=27093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 1205.986079][T27097] loop3: detected capacity change from 0 to 256 [ 1206.303015][ T5234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1206.320344][ T5234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1206.339661][ T5234] bond0 (unregistering): Released all slaves [ 1206.455046][T26754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1206.572289][T27107] loop3: detected capacity change from 0 to 512 [ 1206.597043][T27107] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 1206.724648][T27107] loop3: detected capacity change from 0 to 2048 [ 1206.897964][T27046] chnl_net:caif_netlink_parms(): no params data found [ 1206.974917][ T5234] hsr_slave_0: left promiscuous mode [ 1207.013216][ T5234] hsr_slave_1: left promiscuous mode [ 1207.026685][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1207.034159][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1207.042824][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1207.050575][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1207.118316][ T5234] veth1_macvtap: left promiscuous mode [ 1207.123924][ T5234] veth0_macvtap: left promiscuous mode [ 1207.146113][ T5234] veth1_vlan: left promiscuous mode [ 1207.151498][ T5234] veth0_vlan: left promiscuous mode [ 1207.161656][T27122] loop3: detected capacity change from 0 to 1024 [ 1207.171169][T27122] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 1207.216262][T11252] Bluetooth: hci3: command tx timeout [ 1207.324240][T27118] loop3: detected capacity change from 0 to 2048 [ 1207.435434][T27118] EXT4-fs error (device loop3): ext4_orphan_get:1420: comm syz-executor.3: bad orphan inode 8192 [ 1207.489820][T27118] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1207.535500][T27118] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1207.859318][T27133] loop3: detected capacity change from 0 to 256 [ 1208.127474][T27141] loop3: detected capacity change from 0 to 128 [ 1208.366505][T27141] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1208.399200][T27141] qnx6: wrong signature (magic) in superblock #1. [ 1208.405826][T27141] qnx6: unable to read the first superblock [ 1208.637154][ T5234] team0 (unregistering): Port device team_slave_1 removed [ 1208.770892][ T5234] team0 (unregistering): Port device team_slave_0 removed [ 1209.296271][T11252] Bluetooth: hci3: command tx timeout [ 1210.104541][T11252] Bluetooth: hci2: command 0x0406 tx timeout [ 1210.149343][T26754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1210.290372][T26750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1210.405374][T27162] loop1: detected capacity change from 0 to 2048 [ 1210.421513][T27163] loop3: detected capacity change from 0 to 256 [ 1210.494613][T27164] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1210.567841][T27046] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.580141][T27046] bridge0: port 1(bridge_slave_0) entered disabled state [ 1210.607554][T27046] bridge_slave_0: entered allmulticast mode [ 1210.618732][ T29] audit: type=1800 audit(2253841230.475:3504): pid=27162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=2097152 res=0 errno=0 [ 1210.640851][T27046] bridge_slave_0: entered promiscuous mode [ 1210.659457][T27046] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.667067][T27046] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.674545][T27046] bridge_slave_1: entered allmulticast mode [ 1210.690857][T27046] bridge_slave_1: entered promiscuous mode [ 1210.733875][T26750] 8021q: adding VLAN 0 to HW filter on device team0 [ 1210.779270][T27163] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1210.850243][T27046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1210.870414][T15543] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.877714][T15543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1210.922236][T27046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1210.956827][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.964011][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1210.983790][T26754] veth0_vlan: entered promiscuous mode [ 1210.990237][T27168] loop3: detected capacity change from 0 to 2048 [ 1211.004341][T27168] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1211.011274][ T5234] IPVS: stop unused estimator thread 0... [ 1211.120128][T27046] team0: Port device team_slave_0 added [ 1211.151294][T26754] veth1_vlan: entered promiscuous mode [ 1211.196863][T27046] team0: Port device team_slave_1 added [ 1211.333089][T27046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1211.347179][T27046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1211.380120][T19034] Bluetooth: hci3: command tx timeout [ 1211.429401][T27046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1211.431185][T27179] loop1: detected capacity change from 0 to 1024 [ 1211.458656][ T5234] bridge_slave_1: left allmulticast mode [ 1211.464443][ T5234] bridge_slave_1: left promiscuous mode [ 1211.471293][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1211.481135][ T5234] bridge_slave_0: left allmulticast mode [ 1211.490610][ T5234] bridge_slave_0: left promiscuous mode [ 1211.496628][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1211.560875][T27176] hfsplus: xattr searching failed [ 1211.788595][T27176] hfsplus: xattr searching failed [ 1211.795525][ T29] audit: type=1800 audit(2253841231.655:3505): pid=27176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="loop1" ino=6 res=0 errno=0 [ 1211.817010][T19034] Bluetooth: hci2: unexpected event for opcode 0x0401 [ 1211.835239][T27176] input: syz0 as /devices/virtual/input/input30 [ 1212.002566][ T5638] hfsplus: b-tree write err: -5, ino 3 [ 1212.338157][T27194] loop1: detected capacity change from 0 to 256 [ 1212.464022][T27196] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1212.981905][ T5234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1212.990936][ T5234] bond_slave_0: left promiscuous mode [ 1212.999367][ T5234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1213.060546][ T5234] bond_slave_1: left promiscuous mode [ 1213.171147][T27211] loop1: detected capacity change from 0 to 2048 [ 1213.289972][T27211] Alternate GPT is invalid, using primary GPT. [ 1213.296853][T27211] loop1: p2 p3 p7 [ 1213.492887][ T5234] bond0 (unregistering): (slave macvlan2): Releasing backup interface [ 1213.576971][ T5234] macvlan2: left promiscuous mode [ 1213.618013][ T5234] team0: left promiscuous mode [ 1213.677920][ T5234] team_slave_0: left promiscuous mode [ 1213.683455][ T5234] team_slave_1: left promiscuous mode [ 1213.821322][ T5234] bond0 (unregistering): Released all slaves [ 1213.899999][T27046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1213.913774][T27046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.997613][T27046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1214.285316][T27220] loop1: detected capacity change from 0 to 64 [ 1214.347843][T26754] veth0_macvtap: entered promiscuous mode [ 1214.433958][T27046] hsr_slave_0: entered promiscuous mode [ 1214.450674][T27046] hsr_slave_1: entered promiscuous mode [ 1214.461954][T27046] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1214.473393][T27046] Cannot create hsr debugfs directory [ 1214.716546][T26754] veth1_macvtap: entered promiscuous mode [ 1214.763835][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.802669][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.835954][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.848634][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.858835][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.869438][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.879960][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1214.892866][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1214.966275][T27234] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 1215.100799][T26754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1215.758659][ T5234] hsr_slave_0: left promiscuous mode [ 1215.764946][ T5234] hsr_slave_1: left promiscuous mode [ 1215.773100][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1215.782384][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1215.790642][ T5164] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1215.800313][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1215.808431][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1215.855658][ T5234] veth1_macvtap: left promiscuous mode [ 1215.862383][T19034] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1215.874554][T19034] Bluetooth: hci2: Injecting HCI hardware error event [ 1215.878963][ T5234] veth0_macvtap: left promiscuous mode [ 1215.887696][T19034] Bluetooth: hci2: hardware error 0x00 [ 1215.902736][ T5234] veth1_vlan: left promiscuous mode [ 1215.909668][ T5234] veth0_vlan: left promiscuous mode [ 1215.979420][ T5164] usb 4-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 1215.988929][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1216.003100][ T5164] usb 4-1: config 0 descriptor?? [ 1216.029309][ T5164] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input31 [ 1216.221790][T16140] usb 4-1: USB disconnect, device number 27 [ 1217.009926][T27244] loop3: detected capacity change from 0 to 2048 [ 1217.111272][T27244] Alternate GPT is invalid, using primary GPT. [ 1217.118411][T27244] loop3: p2 p3 p7 [ 1217.967437][T19034] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1218.008709][ C1] vkms_vblank_simulate: vblank timer overrun [ 1218.034974][T27250] Bluetooth: MGMT ver 1.23 [ 1218.050901][ T5234] team0 (unregistering): Port device team_slave_1 removed [ 1218.194379][ T5234] team0 (unregistering): Port device team_slave_0 removed [ 1219.590281][T26750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1219.619087][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.639675][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.650184][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.661964][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.671937][T26754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.682819][T26754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.695218][T26754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1219.791190][ C1] vkms_vblank_simulate: vblank timer overrun [ 1219.960358][T26754] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.000401][T26754] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.046592][T26754] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.093355][T26754] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.474719][T16140] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1220.681793][T16140] usb 4-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 1220.696207][T16140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1220.735727][T16140] usb 4-1: config 0 descriptor?? [ 1220.762572][T16140] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input32 [ 1220.801055][T26750] veth0_vlan: entered promiscuous mode [ 1220.851027][T10088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1220.863218][T10088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.944582][T26750] veth1_vlan: entered promiscuous mode [ 1221.017477][ T25] usb 4-1: USB disconnect, device number 28 [ 1221.108611][ T7554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1221.114653][T26750] veth0_macvtap: entered promiscuous mode [ 1221.122382][ T7554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1221.143488][T26750] veth1_macvtap: entered promiscuous mode [ 1221.216635][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.242562][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.260998][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.274315][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.293687][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.315979][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.326749][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1221.338506][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.362396][T26750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1221.413782][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.432609][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.445908][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.461871][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.472461][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.488507][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.501401][T26750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1221.518612][T27282] loop2: detected capacity change from 0 to 256 [ 1221.534232][T27282] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 1221.552917][T26750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1221.595718][T26750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1221.675643][T26750] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.689886][T26750] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.704462][T26750] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.719503][T26750] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1222.190793][T27046] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1222.200585][T16140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.211533][T16140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1222.218397][T27046] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1222.269190][T27046] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1222.326419][T27046] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1222.402664][T27295] loop1: detected capacity change from 0 to 512 [ 1222.408879][ T5168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1222.417393][ T5168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1222.488507][T27295] EXT4-fs: Ignoring removed bh option [ 1222.547139][T27295] EXT4-fs error (device loop1): __ext4_iget:4906: inode #11: block 1: comm syz-executor.1: invalid block [ 1222.597084][T27295] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 11 (err -117) [ 1222.696818][T27295] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1222.772736][T27301] loop2: detected capacity change from 0 to 64 [ 1223.390384][ C1] vkms_vblank_simulate: vblank timer overrun [ 1223.473967][T27308] loop3: detected capacity change from 0 to 1024 [ 1223.579924][T27046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1223.614436][T27046] 8021q: adding VLAN 0 to HW filter on device team0 [ 1223.642149][T27271] bridge0: port 1(bridge_slave_0) entered blocking state [ 1223.649465][T27271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1223.674205][T16140] bridge0: port 2(bridge_slave_1) entered blocking state [ 1223.681384][T16140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1223.740431][T24594] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1223.877180][T27271] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1224.059165][T27046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1224.093325][T27271] usb 3-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 1224.107097][T27271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.124599][T27271] usb 3-1: config 0 descriptor?? [ 1224.148083][T27271] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input33 [ 1224.196943][T16140] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1224.407788][T16140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1224.454870][T27046] veth0_vlan: entered promiscuous mode [ 1224.471292][ T783] usb 3-1: USB disconnect, device number 31 [ 1224.478188][T16140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 58576, setting to 1024 [ 1224.510529][T16140] usb 2-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 1224.510600][T27046] veth1_vlan: entered promiscuous mode [ 1224.545494][T16140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.568959][T16140] usb 2-1: config 0 descriptor?? [ 1224.578475][T27322] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1224.594671][T27046] veth0_macvtap: entered promiscuous mode [ 1224.618097][T27046] veth1_macvtap: entered promiscuous mode [ 1224.653363][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.664960][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.683599][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.694274][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.704151][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.716663][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.727092][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.743003][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.753091][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.764119][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.778133][T27046] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1224.810110][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.835173][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.845880][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.856446][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.867452][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.877985][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.888080][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.900004][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.914400][T27046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.924953][T27046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.937380][T27046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1224.961500][T27046] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.978591][T27046] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.993198][T27046] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1225.002832][T27046] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1225.022157][T16140] hid-rmi 0003:17EF:6085.001B: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.1-1/input0 [ 1225.165228][T27338] loop3: detected capacity change from 0 to 256 [ 1225.195396][T27338] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 1225.223938][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1225.260560][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1225.282276][T27322] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1225.418162][ T5164] usb 2-1: USB disconnect, device number 24 [ 1225.529547][T10088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1225.560987][T10088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1225.841255][ T5234] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1226.128507][ T5234] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1226.486330][T27356] loop1: detected capacity change from 0 to 64 [ 1227.414736][T11252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1227.434582][T11252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1227.452106][ T5234] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1227.452368][T11252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1227.490402][T11252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1227.505574][T11252] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1227.516872][T11252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1227.756662][ T29] audit: type=1326 audit(2253841247.605:3506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x0 [ 1228.103783][ T5234] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1228.194253][T27381] loop3: detected capacity change from 0 to 64 [ 1228.296142][T16140] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1228.973942][T16140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1228.988794][T16140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 58576, setting to 1024 [ 1229.004009][T16140] usb 2-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 1229.063809][T16140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1229.165686][T16140] usb 2-1: config 0 descriptor?? [ 1229.186725][T27375] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1229.289209][T27360] chnl_net:caif_netlink_parms(): no params data found [ 1229.457612][T27389] netlink: 65051 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1229.555933][ T25] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1229.626194][T19034] Bluetooth: hci1: command tx timeout [ 1229.689989][T27398] loop2: detected capacity change from 0 to 64 [ 1230.277889][T16140] hid-rmi 0003:17EF:6085.001C: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.1-1/input0 [ 1230.337145][T27397] loop3: detected capacity change from 0 to 2048 [ 1230.338526][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1230.356671][T27360] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.370186][ T25] usb 5-1: New USB device found, idVendor=046d, idProduct=1017, bcdDevice= 0.00 [ 1230.389537][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1230.408666][ T25] usb 5-1: config 0 descriptor?? [ 1230.422738][T27360] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.439007][T27360] bridge_slave_0: entered allmulticast mode [ 1230.457403][T27360] bridge_slave_0: entered promiscuous mode [ 1230.481556][T27397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1230.483923][T27360] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.503074][T27360] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.522753][T27360] bridge_slave_1: entered allmulticast mode [ 1230.530557][T27360] bridge_slave_1: entered promiscuous mode [ 1230.550830][T27375] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1230.566879][T27397] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1230.589739][ T25] usb 2-1: USB disconnect, device number 25 [ 1230.636025][T27397] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 9 with error 28 [ 1230.654885][ T5164] usb 5-1: USB disconnect, device number 20 [ 1230.667572][T27404] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1230.676277][T27397] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1230.676277][T27397] [ 1230.689803][T27397] EXT4-fs (loop3): Total free blocks count 0 [ 1230.701718][T27360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1230.711174][T27397] EXT4-fs (loop3): Free/Dirty block details [ 1230.728853][T27360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1230.740574][T27397] EXT4-fs (loop3): free_blocks=2415919104 [ 1230.756708][T27397] EXT4-fs (loop3): dirty_blocks=32 [ 1230.762106][ T5234] bridge_slave_1: left allmulticast mode [ 1230.770360][T27397] EXT4-fs (loop3): Block reservation details [ 1230.776808][ T5234] bridge_slave_1: left promiscuous mode [ 1230.782541][T27397] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 1230.789273][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.811065][ T5234] bridge_slave_0: left allmulticast mode [ 1230.818912][ T5234] bridge_slave_0: left promiscuous mode [ 1230.824963][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.825283][T25708] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 1230.971670][T19034] Bluetooth: hci0: unexpected event for opcode 0x2029 [ 1231.350351][T27414] loop1: detected capacity change from 0 to 4096 [ 1231.361258][T27414] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1231.427430][T27414] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1231.706315][T19034] Bluetooth: hci1: command tx timeout [ 1231.806605][T27427] nbd3: detected capacity change from 0 to 8388607 [ 1231.813821][T27427] block nbd3: shutting down sockets [ 1232.274407][ T5234] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1232.292896][ T5234] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1232.314624][ T5234] bond0 (unregistering): Released all slaves [ 1232.386936][T27406] veth1_macvtap: left promiscuous mode [ 1232.591238][T27438] loop3: detected capacity change from 0 to 64 [ 1233.408240][T27360] team0: Port device team_slave_0 added [ 1233.523817][T27448] ptrace attach of "/root/syz-executor.4 exec"[27046] was attempted by "/root/syz-executor.4 exec"[27448] [ 1233.543376][T27447] loop3: detected capacity change from 0 to 64 [ 1233.554237][T27360] team0: Port device team_slave_1 added [ 1233.580939][T27447] BFS-fs: bfs_iget(): Bad inode number loop3:00000002 [ 1233.678348][T27450] loop2: detected capacity change from 0 to 4096 [ 1233.691338][T27450] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1233.729535][T27452] loop4: detected capacity change from 0 to 1764 [ 1233.753070][T27450] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1233.791051][T19034] Bluetooth: hci1: command tx timeout [ 1233.851507][T27360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1233.865567][T27360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1233.944983][T27456] loop3: detected capacity change from 0 to 1024 [ 1233.948990][T27360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1233.968073][T27456] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1233.985536][T27456] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 1233.988195][T27360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1234.001500][T27456] System zones: 0-1, 3-36 [ 1234.013892][T27456] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1234.046101][T27360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1234.080610][T27456] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.3: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 1234.113488][T27360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1234.304824][ T5234] hsr_slave_0: left promiscuous mode [ 1234.314079][ T5234] hsr_slave_1: left promiscuous mode [ 1234.343421][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1234.368164][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1234.399353][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1234.415474][ T5234] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1234.480485][ T5234] veth1_macvtap: left promiscuous mode [ 1234.535950][ T5234] veth0_macvtap: left promiscuous mode [ 1234.556074][ T5234] veth1_vlan: left promiscuous mode [ 1234.561469][ T5234] veth0_vlan: left promiscuous mode [ 1234.566033][T15543] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1234.611450][T22684] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1234.767315][T15543] usb 3-1: Using ep0 maxpacket: 16 [ 1234.786119][T15543] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 1234.797207][T15543] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1234.827444][T27479] loop1: detected capacity change from 0 to 512 [ 1234.835026][T15543] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1234.859434][T15543] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1234.874248][T27479] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1234.888226][T15543] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1234.898776][T15543] usb 3-1: config 0 has no interface number 0 [ 1234.905129][T15543] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1234.918402][T27479] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 1234.926823][T15543] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1234.937231][T27479] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1234.945123][T27479] EXT4-fs warning (device loop1): ext4_enable_quotas:7078: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 1234.962843][T15543] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1234.973441][T27479] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 1234.974338][T15543] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1234.993626][T19034] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1235.003655][T19034] Bluetooth: hci0: Injecting HCI hardware error event [ 1235.014820][T11252] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1235.019682][T19034] Bluetooth: hci0: hardware error 0x00 [ 1235.025703][T11252] Bluetooth: hci4: Injecting HCI hardware error event [ 1235.039925][T15543] usb 3-1: config 0 interface 125 has no altsetting 0 [ 1235.044283][T21523] Bluetooth: hci4: hardware error 0x00 [ 1235.108456][T27479] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #13: comm syz-executor.1: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1235.112467][T15543] usb 3-1: config 0 interface 125 has no altsetting 2 [ 1235.154688][T27484] loop3: detected capacity change from 0 to 64 [ 1235.198719][T27479] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 13 (err -117) [ 1235.211451][T15543] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1235.220955][T15543] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.229765][T15543] usb 3-1: Product: syz [ 1235.235133][T27479] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1235.247722][T15543] usb 3-1: Manufacturer: syz [ 1235.252348][T15543] usb 3-1: SerialNumber: syz [ 1235.263213][T15543] usb 3-1: config 0 descriptor?? [ 1235.271476][T15543] usb 3-1: selecting invalid altsetting 2 [ 1235.485585][T27479] EXT4-fs error (device loop1): ext4_lookup:1858: inode #2: comm syz-executor.1: deleted inode referenced: 12 [ 1235.556359][T27487] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 1235.579642][T27487] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 1235.586420][T27489] loop3: detected capacity change from 0 to 64 [ 1235.696824][T27487] EXT4-fs warning (device loop1): ext4_enable_quotas:7078: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 1235.820942][T24594] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1235.861575][T11252] Bluetooth: hci1: command tx timeout [ 1236.318807][T11252] Bluetooth: hci0: unexpected event for opcode 0x202d [ 1236.330255][T27500] nfs: Unknown parameter '1' [ 1236.333842][T15543] usb 3-1: USB disconnect, device number 32 [ 1236.512842][ C0] vkms_vblank_simulate: vblank timer overrun [ 1236.812425][ C0] vkms_vblank_simulate: vblank timer overrun [ 1237.029972][ C0] vkms_vblank_simulate: vblank timer overrun [ 1237.115330][ C0] vkms_vblank_simulate: vblank timer overrun [ 1237.136318][T19034] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1237.143937][T21523] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1238.072378][ T5234] team0 (unregistering): Port device team_slave_1 removed [ 1238.367003][ T5234] team0 (unregistering): Port device team_slave_0 removed [ 1238.743886][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.750720][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.879647][ T29] audit: type=1800 audit(2253841258.715:3507): pid=27525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 1238.926185][ T29] audit: type=1800 audit(2253841258.725:3508): pid=27525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 1240.303002][T27534] nfs: Unknown parameter '1' [ 1240.512067][ C0] vkms_vblank_simulate: vblank timer overrun [ 1240.786498][ T5221] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1240.878011][ C0] vkms_vblank_simulate: vblank timer overrun [ 1240.960160][ C0] vkms_vblank_simulate: vblank timer overrun [ 1241.016104][ T5221] usb 3-1: Using ep0 maxpacket: 16 [ 1241.025782][ T5221] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 1241.045947][ T5221] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1241.058760][ T5221] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1241.078194][ T5221] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 1241.097237][ T5221] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1241.106305][ T5221] usb 3-1: config 0 has no interface number 0 [ 1241.112518][ T5221] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1241.123733][ T5221] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1241.133734][ T5221] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1241.152480][ T5221] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1241.190660][ T5221] usb 3-1: config 0 interface 125 has no altsetting 0 [ 1241.198983][ T5221] usb 3-1: config 0 interface 125 has no altsetting 2 [ 1241.215598][T27496] veth1_macvtap: left promiscuous mode [ 1241.221429][ T5221] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1241.236143][ T5221] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.244178][ T5221] usb 3-1: Product: syz [ 1241.273585][ T5221] usb 3-1: Manufacturer: syz [ 1241.285899][ T5221] usb 3-1: SerialNumber: syz [ 1241.299186][ T5221] usb 3-1: config 0 descriptor?? [ 1241.318299][ T5221] usb 3-1: selecting invalid altsetting 2 [ 1241.411292][ C0] vkms_vblank_simulate: vblank timer overrun [ 1241.486711][T27360] hsr_slave_0: entered promiscuous mode [ 1241.526588][T27360] hsr_slave_1: entered promiscuous mode [ 1241.546061][T27360] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1241.553695][T27360] Cannot create hsr debugfs directory [ 1241.579237][T27541] loop3: detected capacity change from 0 to 1024 [ 1241.844601][T27543] loop1: detected capacity change from 0 to 256 [ 1241.869614][T27543] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1242.569769][ T783] usb 3-1: USB disconnect, device number 33 [ 1242.592114][T27543] Process accounting resumed [ 1243.324177][ T29] audit: type=1800 audit(2253841263.175:3509): pid=27558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 1243.345233][ C0] vkms_vblank_simulate: vblank timer overrun [ 1243.391515][ T29] audit: type=1800 audit(2253841263.215:3510): pid=27558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 1243.424246][T27360] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1243.464462][T27360] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1243.494838][T27360] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1243.521245][T27360] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1243.745951][ T783] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1243.763758][T27360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1243.810514][T27360] 8021q: adding VLAN 0 to HW filter on device team0 [ 1243.845628][ T5221] bridge0: port 1(bridge_slave_0) entered blocking state [ 1243.852938][ T5221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1243.908024][ T5221] bridge0: port 2(bridge_slave_1) entered blocking state [ 1243.915344][ T5221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1243.971081][ T783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1244.000802][ T783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 58576, setting to 1024 [ 1244.001208][T19034] Bluetooth: hci5: sending frame failed (-49) [ 1244.027034][T21523] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 1244.054198][ T783] usb 3-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 1244.095395][T27360] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1244.139307][ T783] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1244.198814][ T783] usb 3-1: config 0 descriptor?? [ 1244.212518][T27360] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1244.214446][T27552] loop3: detected capacity change from 0 to 32768 [ 1244.239525][T27560] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1244.276783][ C0] vkms_vblank_simulate: vblank timer overrun [ 1244.344924][ C0] vkms_vblank_simulate: vblank timer overrun [ 1244.426829][T27552] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1244.653947][T27552] XFS (loop3): Ending clean mount [ 1244.703493][ T783] hid-rmi 0003:17EF:6085.001D: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.2-1/input0 [ 1244.732329][T27552] XFS (loop3): Quotacheck needed: Please wait. [ 1244.904359][T27360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1244.957685][T27560] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1245.032632][T27552] XFS (loop3): Quotacheck: Done. [ 1245.041397][ T783] usb 3-1: USB disconnect, device number 34 [ 1245.130114][T27360] veth0_vlan: entered promiscuous mode [ 1245.131285][ T29] audit: type=1800 audit(2253841264.975:3511): pid=27552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=9291 res=0 errno=0 [ 1245.207351][T27360] veth1_vlan: entered promiscuous mode [ 1245.300669][T27360] veth0_macvtap: entered promiscuous mode [ 1245.350177][T27360] veth1_macvtap: entered promiscuous mode [ 1245.427131][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1245.451917][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.472402][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1245.499836][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.518888][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1245.541401][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.557754][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1245.577505][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.595272][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1245.618981][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.645410][T27360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1245.656607][T22684] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1245.689095][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1245.722832][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.766352][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1245.777738][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.792511][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1245.817675][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.828082][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1245.839333][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.849488][T27360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1245.865300][T27360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1245.911303][T27360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1246.006259][T27360] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.039048][T27360] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.083124][T27360] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.096057][T27360] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.167650][T27587] loop2: detected capacity change from 0 to 256 [ 1246.193834][T27587] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1246.289682][T27587] Process accounting resumed [ 1246.454669][T25708] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1246.468824][T27592] : renamed from wg1 (while UP) [ 1246.499940][T25708] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1246.570909][T25708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1246.579121][T25708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1247.809012][ T29] audit: type=1800 audit(2253841267.665:3512): pid=27602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1951 res=0 errno=0 [ 1247.886097][ T29] audit: type=1800 audit(2253841267.665:3513): pid=27602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1951 res=0 errno=0 [ 1248.052493][T27589] loop3: detected capacity change from 0 to 32768 [ 1248.066015][T27589] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (27589) [ 1248.088640][T27589] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1248.116444][T27589] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1248.125167][T27589] BTRFS info (device loop3): using free-space-tree [ 1248.181749][ T29] audit: type=1326 audit(2253841268.035:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.205568][ T29] audit: type=1326 audit(2253841268.035:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.232208][ T29] audit: type=1326 audit(2253841268.085:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.313934][ T29] audit: type=1326 audit(2253841268.085:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.400972][ T29] audit: type=1326 audit(2253841268.085:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.427235][ T29] audit: type=1326 audit(2253841268.085:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.478773][ T29] audit: type=1326 audit(2253841268.125:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27620 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdff627cee9 code=0x7ffc0000 [ 1248.554878][T22684] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1249.329415][T27639] loop3: detected capacity change from 0 to 512 [ 1249.383329][T27639] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1249.450978][T27639] EXT4-fs (loop3): 1 orphan inode deleted [ 1249.463504][T27639] EXT4-fs (loop3): 1 truncate cleaned up [ 1249.477863][T27639] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1249.559354][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1250.026717][T19034] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1250.139593][T21523] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1250.159571][T21523] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1250.172114][T21523] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1250.181573][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 1250.181591][ T29] audit: type=1326 audit(2253841270.025:3577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.213133][ T29] audit: type=1326 audit(2253841270.025:3578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.236988][ T29] audit: type=1326 audit(2253841270.045:3579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.262309][ T29] audit: type=1326 audit(2253841270.045:3580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.285628][T21523] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1250.298407][ T29] audit: type=1326 audit(2253841270.045:3581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.323453][T21523] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1250.331050][T21523] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1250.340688][ T29] audit: type=1326 audit(2253841270.195:3582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1250.369993][ T29] audit: type=1326 audit(2253841270.215:3583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1240c7a667 code=0x7ffc0000 [ 1250.393108][ T29] audit: type=1326 audit(2253841270.215:3584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1240c40329 code=0x7ffc0000 [ 1250.436036][ T29] audit: type=1326 audit(2253841270.215:3585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1240c7a667 code=0x7ffc0000 [ 1250.519325][T22684] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1250.519368][ T29] audit: type=1326 audit(2253841270.215:3586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27650 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1240c40329 code=0x7ffc0000 [ 1250.599059][T27656] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1250.889317][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1251.122855][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1251.162838][T27675] loop2: detected capacity change from 0 to 256 [ 1251.201100][T27669] block device autoloading is deprecated and will be removed. [ 1251.394281][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1251.487777][T19034] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1251.504190][T19034] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1251.514633][T19034] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1251.525681][T19034] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1251.540590][T19034] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1251.548387][T19034] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1252.042996][ T11] bridge_slave_1: left allmulticast mode [ 1252.068509][ T11] bridge_slave_1: left promiscuous mode [ 1252.074339][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1252.137253][ T11] bridge_slave_0: left allmulticast mode [ 1252.142958][ T11] bridge_slave_0: left promiscuous mode [ 1252.175704][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1252.249931][T27688] loop3: detected capacity change from 0 to 512 [ 1252.279298][T27688] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1252.327102][T27688] EXT4-fs (loop3): 1 orphan inode deleted [ 1252.332892][T27688] EXT4-fs (loop3): 1 truncate cleaned up [ 1252.401275][T27688] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1252.805522][T27684] loop2: detected capacity change from 0 to 40427 [ 1252.829971][T27684] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1252.857971][T27684] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1252.878671][T27684] F2FS-fs (loop2): invalid crc value [ 1252.988947][T27684] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1253.043780][T22684] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1253.279660][T27684] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1253.303031][T27684] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1253.326822][T27692] loop1: detected capacity change from 0 to 32768 [ 1253.335254][T27692] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (27692) [ 1253.357537][T27692] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1253.367857][T27692] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1253.377692][T27692] BTRFS info (device loop1): using free-space-tree [ 1253.437730][ T5234] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1253.459908][ T5234] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1253.618786][T21523] Bluetooth: hci1: command tx timeout [ 1253.669516][T24594] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1254.427765][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1254.484016][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1254.532316][ T11] bond0 (unregistering): Released all slaves [ 1254.897761][T27724] loop3: detected capacity change from 0 to 8192 [ 1254.969483][T27724] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1255.696435][T21523] Bluetooth: hci1: command tx timeout [ 1255.898400][T27720] loop2: detected capacity change from 0 to 32768 [ 1255.961081][T27720] XFS: ikeep mount option is deprecated. [ 1255.969635][T27720] XFS: ikeep mount option is deprecated. [ 1256.107267][T27720] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1256.666171][ T11] hsr_slave_0: left promiscuous mode [ 1256.691071][ T11] hsr_slave_1: left promiscuous mode [ 1256.741386][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1256.760167][T27720] XFS (loop2): Ending clean mount [ 1256.772770][T27720] XFS (loop2): Quotacheck needed: Please wait. [ 1256.780618][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1256.814607][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1256.866075][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1256.942202][T27720] XFS (loop2): Quotacheck: Done. [ 1256.988334][ T11] veth1_macvtap: left promiscuous mode [ 1256.993919][ T11] veth0_macvtap: left promiscuous mode [ 1257.012814][ T11] veth1_vlan: left promiscuous mode [ 1257.020364][ T11] veth0_vlan: left promiscuous mode [ 1257.166563][T26754] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1257.866110][T21523] Bluetooth: hci1: command tx timeout [ 1258.398704][ T29] kauditd_printk_skb: 97 callbacks suppressed [ 1258.398720][ T29] audit: type=1326 audit(2253841278.255:3684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.475757][ T29] audit: type=1326 audit(2253841278.285:3685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.547646][ T29] audit: type=1326 audit(2253841278.285:3686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.622696][ T29] audit: type=1326 audit(2253841278.285:3687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.689379][ T29] audit: type=1326 audit(2253841278.285:3688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.722854][ T29] audit: type=1326 audit(2253841278.285:3689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.777102][T27760] input: syz0 as /devices/virtual/input/input34 [ 1258.783541][ T29] audit: type=1326 audit(2253841278.285:3690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1240c7a667 code=0x7ffc0000 [ 1258.842869][ T29] audit: type=1326 audit(2253841278.285:3691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1240c40329 code=0x7ffc0000 [ 1258.897404][ T29] audit: type=1326 audit(2253841278.285:3692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1240c7cee9 code=0x7ffc0000 [ 1258.951595][ T29] audit: type=1326 audit(2253841278.285:3693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27752 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1240c7a667 code=0x7ffc0000 [ 1259.747131][T27761] loop2: detected capacity change from 0 to 40427 [ 1259.755768][T27761] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1259.770927][T27761] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1259.782062][T27761] F2FS-fs (loop2): invalid crc value [ 1259.820837][T27761] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1259.904578][T27761] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1259.932357][T27761] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1259.956191][T21523] Bluetooth: hci1: command tx timeout [ 1260.064222][ T5638] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1260.123477][ T5638] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1260.270478][T27764] loop3: detected capacity change from 0 to 32768 [ 1260.367250][T27764] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz" [ 1260.375338][T27764] dlm: no local IP address has been set [ 1260.381057][T27764] dlm: cannot start dlm midcomms -107 [ 1260.386595][T27764] gfs2: fsid=syz:syz: dlm_new_lockspace error -107 [ 1260.705301][T27772] loop2: detected capacity change from 0 to 16 [ 1260.719182][T27772] erofs: (device loop2): mounted with root inode @ nid 36. [ 1260.854687][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1261.013208][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1261.262849][T27784] loop3: detected capacity change from 0 to 512 [ 1261.281297][T27784] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 1262.593483][T27794] input: syz0 as /devices/virtual/input/input35 [ 1263.210141][T27679] chnl_net:caif_netlink_parms(): no params data found [ 1263.460010][T27679] bridge0: port 1(bridge_slave_0) entered blocking state [ 1263.473804][T27679] bridge0: port 1(bridge_slave_0) entered disabled state [ 1263.507552][T27679] bridge_slave_0: entered allmulticast mode [ 1263.515145][T27679] bridge_slave_0: entered promiscuous mode [ 1263.572049][T27679] bridge0: port 2(bridge_slave_1) entered blocking state [ 1263.601920][T27679] bridge0: port 2(bridge_slave_1) entered disabled state [ 1263.641604][T27679] bridge_slave_1: entered allmulticast mode [ 1263.667332][T27679] bridge_slave_1: entered promiscuous mode [ 1263.724035][T27817] loop3: detected capacity change from 0 to 128 [ 1263.842983][T27817] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 1263.857450][T27679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1263.894823][T27679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1263.941993][T27817] syz-executor.3: attempt to access beyond end of device [ 1263.941993][T27817] loop3: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 1263.973996][T27817] Buffer I/O error on dev loop3, logical block 8767744, async page read [ 1263.989323][T27817] syz-executor.3: attempt to access beyond end of device [ 1263.989323][T27817] loop3: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 1264.014887][T27817] Buffer I/O error on dev loop3, logical block 13269809, async page read [ 1264.020085][T19034] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1264.044816][T19034] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1264.048589][T27679] team0: Port device team_slave_0 added [ 1264.061536][T19034] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1264.066428][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.066428][T27817] loop3: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 1264.099869][T27679] team0: Port device team_slave_1 added [ 1264.103594][T19034] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1264.108715][T27817] Buffer I/O error on dev loop3, logical block 1157, async page read [ 1264.126220][T19034] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1264.133100][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.133100][T27817] loop3: rw=0, sector=3211264, nr_sectors = 1 limit=128 [ 1264.148975][T19034] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1264.153660][T27817] Buffer I/O error on dev loop3, logical block 3211264, async page read [ 1264.183697][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.183697][T27817] loop3: rw=0, sector=8768635, nr_sectors = 1 limit=128 [ 1264.226018][T27817] Buffer I/O error on dev loop3, logical block 8768635, async page read [ 1264.253268][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.253268][T27817] loop3: rw=0, sector=13466417, nr_sectors = 1 limit=128 [ 1264.302002][T27817] Buffer I/O error on dev loop3, logical block 13466417, async page read [ 1264.311410][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.311410][T27817] loop3: rw=0, sector=209285, nr_sectors = 1 limit=128 [ 1264.326183][T27817] Buffer I/O error on dev loop3, logical block 209285, async page read [ 1264.342686][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.342686][T27817] loop3: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 1264.356801][T27817] Buffer I/O error on dev loop3, logical block 8767744, async page read [ 1264.368511][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.368511][T27817] loop3: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 1264.382724][T27817] Buffer I/O error on dev loop3, logical block 13269809, async page read [ 1264.422673][T27817] syz-executor.3: attempt to access beyond end of device [ 1264.422673][T27817] loop3: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 1264.443536][T27827] loop2: detected capacity change from 0 to 8192 [ 1264.465170][T27817] Buffer I/O error on dev loop3, logical block 1157, async page read [ 1264.471260][T27827] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1264.479226][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.495743][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 1264.495760][ T29] audit: type=1800 audit(2253841284.345:3705): pid=27817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="/" dev="loop3" ino=2 res=0 errno=0 [ 1264.594463][T22684] sysv_free_block: trying to free block not in datazone [ 1264.621289][T22684] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1264.676079][T27679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1264.691363][T27679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1264.719345][T27679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1264.733644][T27679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1264.742158][T27679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1264.779854][T27679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1264.853586][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.549430][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.688797][T27679] hsr_slave_0: entered promiscuous mode [ 1265.716969][T27679] hsr_slave_1: entered promiscuous mode [ 1265.739362][T27679] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1265.755277][T27679] Cannot create hsr debugfs directory [ 1265.836282][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1265.879617][T27852] loop2: detected capacity change from 0 to 64 [ 1266.170897][T27860] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1266.183130][T27860] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1266.192942][T27860] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1266.256781][T21523] Bluetooth: hci3: command tx timeout [ 1266.343135][T27824] chnl_net:caif_netlink_parms(): no params data found [ 1266.391349][T27867] loop1: detected capacity change from 0 to 512 [ 1266.401160][T27867] EXT4-fs: Ignoring removed oldalloc option [ 1266.419437][T27867] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b842e02d, mo2=0002] [ 1266.427290][ T11] bridge_slave_1: left allmulticast mode [ 1266.433130][ T11] bridge_slave_1: left promiscuous mode [ 1266.433387][T27867] System zones: 1-12 [ 1266.450708][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.463857][ T11] bridge_slave_0: left allmulticast mode [ 1266.466886][T27867] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 1 (level 1) [ 1266.472314][T16140] usb 3-1: new full-speed USB device number 35 using dummy_hcd [ 1266.497975][T27867] EXT4-fs (loop1): Remounting filesystem read-only [ 1266.504600][T27867] EXT4-fs (loop1): 1 truncate cleaned up [ 1266.506794][ T11] bridge_slave_0: left promiscuous mode [ 1266.512965][T27867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1266.526235][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.575214][T24594] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1266.719167][T27871] loop1: detected capacity change from 0 to 256 [ 1266.738389][T16140] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1266.749827][T16140] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1266.764609][T16140] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1266.775066][T16140] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1266.783605][T16140] usb 3-1: SerialNumber: syz [ 1266.823081][T27862] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1266.937862][T27873] loop3: detected capacity change from 0 to 8192 [ 1266.959317][T27873] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1267.200877][T27862] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1268.442566][T21523] Bluetooth: hci3: command tx timeout [ 1269.977244][T27899] loop3: detected capacity change from 0 to 4096 [ 1269.993718][T27899] EXT4-fs (loop3): #clusters per group too big: 67141632 [ 1270.020483][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1270.032312][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1270.043868][ T11] bond0 (unregistering): Released all slaves [ 1270.178877][T16140] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 1270.251815][T27902] loop1: detected capacity change from 0 to 64 [ 1270.292395][T27902] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. leaving read-only. [ 1270.453442][T27907] loop1: detected capacity change from 0 to 256 [ 1270.483100][T27824] bridge0: port 1(bridge_slave_0) entered blocking state [ 1270.491025][T27824] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.499774][T21523] Bluetooth: hci3: command tx timeout [ 1270.505654][T27824] bridge_slave_0: entered allmulticast mode [ 1270.513645][T27824] bridge_slave_0: entered promiscuous mode [ 1270.543679][T27824] bridge0: port 2(bridge_slave_1) entered blocking state [ 1270.560705][T27824] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.571283][T16140] usb 3-1: USB disconnect, device number 35 [ 1270.576963][T27824] bridge_slave_1: entered allmulticast mode [ 1270.579213][T16140] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 1270.617791][T27824] bridge_slave_1: entered promiscuous mode [ 1270.705192][ T11] hsr_slave_0: left promiscuous mode [ 1270.712411][ T11] hsr_slave_1: left promiscuous mode [ 1270.808433][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1270.820511][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1270.847663][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1270.866582][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1270.933819][ T11] veth1_macvtap: left promiscuous mode [ 1270.939602][ T11] veth0_macvtap: left promiscuous mode [ 1270.945228][ T11] veth1_vlan: left promiscuous mode [ 1270.950865][ T11] veth0_vlan: left promiscuous mode [ 1271.216388][ T25] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1271.469484][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 1271.699950][T27271] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1271.785640][ T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1271.801426][ T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1271.810794][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1271.820768][ T25] usb 4-1: SerialNumber: syz [ 1271.830405][ T25] cdc_acm 4-1:1.0: invalid descriptor buffer length [ 1271.844894][ T25] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 1271.855299][ T25] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 1271.866247][ T25] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 1271.910030][T27271] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1271.926982][T27271] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1271.946539][T27271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.041627][T16140] usb 4-1: USB disconnect, device number 29 [ 1272.061760][T27271] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 1272.180416][T27271] usb 2-1: USB disconnect, device number 26 [ 1272.584035][T21523] Bluetooth: hci3: command tx timeout [ 1272.864735][T27932] loop1: detected capacity change from 0 to 256 [ 1272.996192][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1273.134046][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1273.178836][T27943] loop1: detected capacity change from 0 to 512 [ 1273.196851][T27943] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 1273.204467][T27943] UDF-fs: Scanning with blocksize 512 failed [ 1273.230305][T27943] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 1273.238391][T27943] UDF-fs: Scanning with blocksize 1024 failed [ 1273.246706][T27943] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 1273.254404][T27943] UDF-fs: Scanning with blocksize 2048 failed [ 1273.263383][T27943] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1273.277076][T27943] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1274.456285][T16140] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1274.677802][T16140] usb 2-1: Using ep0 maxpacket: 16 [ 1274.684703][T27824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1274.710763][T16140] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1274.736723][T16140] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1274.747695][T16140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1274.764677][T16140] usb 2-1: SerialNumber: syz [ 1274.792843][T16140] cdc_acm 2-1:1.0: invalid descriptor buffer length [ 1274.813263][T16140] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 1274.832650][T16140] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 1274.843689][T27824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1274.853243][T16140] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 1274.958792][T27954] loop3: detected capacity change from 0 to 512 [ 1274.977296][T27954] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 1274.982231][T27679] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1275.069258][T27824] team0: Port device team_slave_0 added [ 1275.072037][ T25] usb 2-1: USB disconnect, device number 27 [ 1275.092081][T27679] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1275.142566][T27824] team0: Port device team_slave_1 added [ 1275.175375][T27679] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1275.284461][T27679] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1275.307789][T27824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1275.314849][T27824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1275.346521][T27824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1275.378689][T27824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1275.388800][T27824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1275.418584][T27824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1275.472581][T27824] hsr_slave_0: entered promiscuous mode [ 1275.479653][T27824] hsr_slave_1: entered promiscuous mode [ 1275.490564][T27824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1275.499382][T27824] Cannot create hsr debugfs directory [ 1275.748764][T27966] loop1: detected capacity change from 0 to 128 [ 1275.785409][T27966] VFS: unable to find oldfs superblock on device loop1 [ 1275.807521][T27679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1275.998357][T27679] 8021q: adding VLAN 0 to HW filter on device team0 [ 1276.013256][T16139] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.020693][T16139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1277.427057][T27679] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1277.463889][T27679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1277.538530][T16139] bridge0: port 2(bridge_slave_1) entered blocking state [ 1277.545876][T16139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1277.751954][T27824] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1277.792964][T27824] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1277.846037][T27824] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1277.893902][T27824] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1277.919699][T27995] nftables ruleset with unbound chain [ 1277.999551][T27679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1278.142325][T28005] loop3: detected capacity change from 0 to 512 [ 1278.197326][T28005] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 1278.222158][T28005] EXT4-fs (loop3): group descriptors corrupted! [ 1278.249069][T27679] veth0_vlan: entered promiscuous mode [ 1278.284110][T27679] veth1_vlan: entered promiscuous mode [ 1278.342223][T27824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1278.428933][T27824] 8021q: adding VLAN 0 to HW filter on device team0 [ 1278.461604][T16140] bridge0: port 1(bridge_slave_0) entered blocking state [ 1278.468833][T16140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1278.508032][T27679] veth0_macvtap: entered promiscuous mode [ 1278.531626][T27679] veth1_macvtap: entered promiscuous mode [ 1278.567543][T16140] bridge0: port 2(bridge_slave_1) entered blocking state [ 1278.574777][T16140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1278.670796][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1278.701789][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1278.722199][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1278.739478][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1278.749618][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1278.760671][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1278.781652][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1278.801738][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1278.813070][T27679] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1278.855600][T27824] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1278.876158][T27824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1278.908781][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1278.933845][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1278.963850][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1278.981119][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.009232][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.026985][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.041774][T27679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.052713][T27679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.072545][T27679] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1279.208215][T27679] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.234720][T27679] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.716821][T27679] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.993558][T27679] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.201918][T28030] loop3: detected capacity change from 0 to 4096 [ 1280.241377][T28030] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1280.364765][T16140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.386363][T16140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1280.450095][T27824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1280.500454][ T5221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.508921][ T5221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1280.564143][T28030] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1280.661401][T28030] ntfs3: loop3: Failed to load $Extend (-22). [ 1280.817894][T28030] ntfs3: loop3: Failed to initialize $Extend. [ 1281.347539][ T29] audit: type=1800 audit(2253841557.172:3706): pid=28030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 1281.724049][T27824] veth0_vlan: entered promiscuous mode [ 1281.772549][T27824] veth1_vlan: entered promiscuous mode [ 1281.909660][T27824] veth0_macvtap: entered promiscuous mode [ 1281.922998][T27824] veth1_macvtap: entered promiscuous mode [ 1281.980425][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.012921][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.036808][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.061260][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.072143][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.089684][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.102240][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.113225][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.123543][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.134652][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.152463][T27824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1282.206361][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1282.246169][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.316445][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1282.396714][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.492677][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1282.536022][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.567128][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1282.579969][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.590328][T27824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1282.609316][T27824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.621683][T27824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1282.650175][T27824] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1282.677958][T27824] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1282.695950][T27824] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1282.705766][T27824] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1282.930275][T28125] loop1: detected capacity change from 0 to 128 [ 1282.961583][T28125] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1282.990046][ T5115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.000907][T28125] ext4 filesystem being mounted at /root/syzkaller-testdir2084288818/syzkaller.IDJ0cv/274/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1283.008690][T28127] loop3: detected capacity change from 0 to 2048 [ 1283.016037][ T5115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.045337][T28127] NILFS (loop3): invalid segment: Magic number mismatch [ 1283.055574][T16140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.066404][T28127] NILFS (loop3): trying rollback from an earlier position [ 1283.069599][T16140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.118196][T28127] NILFS (loop3): recovery complete [ 1283.130872][T28125] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D. [ 1283.148317][T28131] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1283.162514][T28125] EXT4-fs error (device loop1): __ext4_find_entry:1695: inode #2: comm syz-executor.1: checksumming directory block 0 [ 1283.190897][T28136] loop4: detected capacity change from 0 to 512 [ 1283.199378][T28135] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D. [ 1283.219759][T28136] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 1283.237994][T28135] EXT4-fs error (device loop1): __ext4_find_entry:1695: inode #2: comm syz-executor.1: checksumming directory block 0 [ 1283.280586][T28125] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D. [ 1283.333115][T28125] EXT4-fs error (device loop1): __ext4_find_entry:1695: inode #2: comm syz-executor.1: checksumming directory block 0 [ 1283.419965][T24594] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1283.510755][T28144] loop3: detected capacity change from 0 to 2048 [ 1283.542234][T28144] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1283.570814][T28148] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1283.571132][T28144] bio_check_eod: 4 callbacks suppressed [ 1283.571147][T28144] syz-executor.3: attempt to access beyond end of device [ 1283.571147][T28144] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1283.854163][T28157] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1283.923430][T28157] bridge0: port 3(vlan2) entered blocking state [ 1283.944723][T28157] bridge0: port 3(vlan2) entered disabled state [ 1283.971937][T28157] vlan2: entered allmulticast mode [ 1284.006842][T28157] vlan2: left allmulticast mode [ 1284.022865][T28167] loop2: detected capacity change from 0 to 256 [ 1284.247732][T28173] loop1: detected capacity change from 0 to 2048 [ 1284.337649][T28173] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1284.473737][T28180] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1284.474071][T28173] syz-executor.1: attempt to access beyond end of device [ 1284.474071][T28173] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1284.882990][T28105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1285.369654][T28188] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 1285.376264][T28188] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1285.407970][T28188] vhci_hcd vhci_hcd.0: Device attached [ 1285.425976][T28192] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 1285.432540][T28192] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1285.457233][T28192] vhci_hcd vhci_hcd.0: Device attached [ 1285.496487][T28188] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 1285.503079][T28188] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1285.606058][ T5168] vhci_hcd: vhci_device speed not set [ 1285.618793][ T29] audit: type=1326 audit(2253841561.462:3707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.650124][T28188] vhci_hcd vhci_hcd.0: Device attached [ 1285.670868][T28105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1285.687073][T28192] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(8) [ 1285.693633][T28192] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1285.706174][ T29] audit: type=1326 audit(2253841561.462:3708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.742216][ T5168] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 1285.762744][ T29] audit: type=1326 audit(2253841561.502:3709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.783130][T28192] vhci_hcd vhci_hcd.0: Device attached [ 1285.825645][T28189] vhci_hcd: connection reset by peer [ 1285.825884][T28193] vhci_hcd: connection closed [ 1285.833555][T28197] vhci_hcd: connection closed [ 1285.838324][ T29] audit: type=1326 audit(2253841561.532:3710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.838374][ T29] audit: type=1326 audit(2253841561.532:3711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.838413][ T29] audit: type=1326 audit(2253841561.532:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.868132][T28204] vhci_hcd: connection closed [ 1285.914534][ T11] vhci_hcd: stop threads [ 1285.935995][ T11] vhci_hcd: release socket [ 1285.949365][ T11] vhci_hcd: disconnect device [ 1285.968752][ T29] audit: type=1326 audit(2253841561.532:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1285.969298][ T11] vhci_hcd: stop threads [ 1286.043421][ T29] audit: type=1326 audit(2253841561.532:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1286.066023][ T11] vhci_hcd: release socket [ 1286.089629][T19034] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1286.091863][T28105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1286.108704][T19034] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1286.124070][ T29] audit: type=1326 audit(2253841561.532:3715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3193240329 code=0x7ffc0000 [ 1286.124117][T19034] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1286.149859][ T11] vhci_hcd: disconnect device [ 1286.206231][T28219] [ 1286.206244][T28219] ===================================================== [ 1286.206252][T28219] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 1286.206262][T28219] 6.10.0-rc1-next-20240529-syzkaller #0 Not tainted [ 1286.206273][T28219] ----------------------------------------------------- [ 1286.206280][T28219] syz-executor.3/28219 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1286.206302][T28219] ffffffff8e00a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xfc/0x360 [ 1286.206359][T28219] [ 1286.206359][T28219] and this task is already holding: [ 1286.206366][T28219] ffff88806c73e118 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x33/0x360 [ 1286.206406][T28219] which would create a new lock dependency: [ 1286.206412][T28219] (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 1286.206450][T28219] [ 1286.206450][T28219] but this new dependency connects a HARDIRQ-irq-safe lock: [ 1286.206459][T28219] (&client->buffer_lock){-.-.}-{2:2} [ 1286.206475][T28219] [ 1286.206475][T28219] ... which became HARDIRQ-irq-safe at: [ 1286.206483][T28219] lock_acquire+0x1ed/0x550 [ 1286.206502][T28219] _raw_spin_lock+0x2e/0x40 [ 1286.206590][T28219] evdev_pass_values+0xf2/0xad0 [ 1286.206611][T28219] evdev_events+0x1c2/0x300 [ 1286.206630][T28219] input_pass_values+0x84d/0x1200 [ 1286.206650][T28219] input_event_dispose+0x36c/0x650 [ 1286.206666][T28219] input_handle_event+0xa71/0xbe0 [ 1286.206683][T28219] input_event+0xa4/0xd0 [ 1286.206699][T28219] hidinput_report_event+0x93/0x100 [ 1286.206715][T28219] hid_report_raw_event+0x165c/0x18a0 [ 1286.206737][T28219] hid_input_report+0x416/0x500 [ 1286.206758][T28219] hid_irq_in+0x4a0/0x6d0 [ 1286.206774][T28219] __usb_hcd_giveback_urb+0x373/0x530 [ 1286.206796][T28219] dummy_timer+0x830/0x45d0 [ 1286.206816][T28219] __hrtimer_run_queues+0x59b/0xd50 [ 1286.206831][T28219] hrtimer_interrupt+0x396/0x990 [ 1286.206846][T28219] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1286.206870][T28219] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1286.206888][T28219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1286.206910][T28219] acpi_safe_halt+0x21/0x30 [ 1286.206930][T28219] acpi_idle_enter+0xe4/0x140 [ 1286.206950][T28219] cpuidle_enter_state+0x112/0x480 [ 1286.206968][T28219] cpuidle_enter+0x5d/0xa0 [ 1286.206986][T28219] do_idle+0x375/0x5d0 [ 1286.207009][T28219] cpu_startup_entry+0x42/0x60 [ 1286.207031][T28219] rest_init+0x2dc/0x300 [ 1286.207051][T28219] start_kernel+0x47a/0x500 [ 1286.207068][T28219] x86_64_start_reservations+0x2a/0x30 [ 1286.207086][T28219] x86_64_start_kernel+0x9f/0xa0 [ 1286.207105][T28219] common_startup_64+0x13e/0x147 [ 1286.207121][T28219] [ 1286.207121][T28219] to a HARDIRQ-irq-unsafe lock: [ 1286.207128][T28219] (tasklist_lock){.+.+}-{2:2} [ 1286.207144][T28219] [ 1286.207144][T28219] ... which became HARDIRQ-irq-unsafe at: [ 1286.207153][T28219] ... [ 1286.207156][T28219] lock_acquire+0x1ed/0x550 [ 1286.207171][T28219] _raw_read_lock+0x36/0x50 [ 1286.207187][T28219] __do_wait+0x12d/0x850 [ 1286.207205][T28219] do_wait+0x1e9/0x560 [ 1286.207221][T28219] kernel_wait+0xe9/0x240 [ 1286.207237][T28219] call_usermodehelper_exec_work+0xbd/0x230 [ 1286.207252][T28219] process_scheduled_works+0xa2c/0x1830 [ 1286.207266][T28219] worker_thread+0x86d/0xd50 [ 1286.207279][T28219] kthread+0x2f0/0x390 [ 1286.207293][T28219] ret_from_fork+0x4b/0x80 [ 1286.207309][T28219] ret_from_fork_asm+0x1a/0x30 [ 1286.207334][T28219] [ 1286.207334][T28219] other info that might help us debug this: [ 1286.207334][T28219] [ 1286.207340][T28219] Chain exists of: [ 1286.207340][T28219] &client->buffer_lock --> &f->f_owner.lock --> tasklist_lock [ 1286.207340][T28219] [ 1286.207363][T28219] Possible interrupt unsafe locking scenario: [ 1286.207363][T28219] [ 1286.207368][T28219] CPU0 CPU1 [ 1286.207373][T28219] ---- ---- [ 1286.207378][T28219] lock(tasklist_lock); [ 1286.207387][T28219] local_irq_disable(); [ 1286.207392][T28219] lock(&client->buffer_lock); [ 1286.207402][T28219] lock(&f->f_owner.lock); [ 1286.207413][T28219] [ 1286.207417][T28219] lock(&client->buffer_lock); [ 1286.207427][T28219] [ 1286.207427][T28219] *** DEADLOCK *** [ 1286.207427][T28219] [ 1286.207431][T28219] 5 locks held by syz-executor.3/28219: [ 1286.207440][T28219] #0: ffffffff8e493470 (file_rwsem){++++}-{0:0}, at: __break_lease+0x3b3/0x1820 [ 1286.207478][T28219] #1: ffff88802976fc78 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x3c0/0x1820 [ 1286.207515][T28219] #2: ffffffff8e3341e0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 1286.207549][T28219] #3: ffff8880111067f8 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 1286.207583][T28219] #4: ffff88806c73e118 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x33/0x360 [ 1286.207621][T28219] [ 1286.207621][T28219] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 1286.207630][T28219] -> (&client->buffer_lock){-.-.}-{2:2} { [ 1286.207653][T28219] IN-HARDIRQ-W at: [ 1286.207660][T28219] lock_acquire+0x1ed/0x550 [ 1286.207675][T28219] _raw_spin_lock+0x2e/0x40 [ 1286.207693][T28219] evdev_pass_values+0xf2/0xad0 [ 1286.207711][T28219] evdev_events+0x1c2/0x300 [ 1286.207726][T28219] input_pass_values+0x84d/0x1200 [ 1286.207743][T28219] input_event_dispose+0x36c/0x650 [ 1286.207756][T28219] input_handle_event+0xa71/0xbe0 [ 1286.207769][T28219] input_event+0xa4/0xd0 [ 1286.207781][T28219] hidinput_report_event+0x93/0x100 [ 1286.207794][T28219] hid_report_raw_event+0x165c/0x18a0 [ 1286.207811][T28219] hid_input_report+0x416/0x500 [ 1286.207828][T28219] hid_irq_in+0x4a0/0x6d0 [ 1286.207841][T28219] __usb_hcd_giveback_urb+0x373/0x530 [ 1286.207859][T28219] dummy_timer+0x830/0x45d0 [ 1286.207874][T28219] __hrtimer_run_queues+0x59b/0xd50 [ 1286.207887][T28219] hrtimer_interrupt+0x396/0x990 [ 1286.207900][T28219] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1286.207919][T28219] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1286.207933][T28219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1286.207949][T28219] acpi_safe_halt+0x21/0x30 [ 1286.207964][T28219] acpi_idle_enter+0xe4/0x140 [ 1286.207980][T28219] cpuidle_enter_state+0x112/0x480 [ 1286.207995][T28219] cpuidle_enter+0x5d/0xa0 [ 1286.208009][T28219] do_idle+0x375/0x5d0 [ 1286.208026][T28219] cpu_startup_entry+0x42/0x60 [ 1286.208043][T28219] rest_init+0x2dc/0x300 [ 1286.208059][T28219] start_kernel+0x47a/0x500 [ 1286.208072][T28219] x86_64_start_reservations+0x2a/0x30 [ 1286.208092][T28219] x86_64_start_kernel+0x9f/0xa0 [ 1286.208109][T28219] common_startup_64+0x13e/0x147 [ 1286.208123][T28219] IN-SOFTIRQ-W at: [ 1286.208132][T28219] lock_acquire+0x1ed/0x550 [ 1286.208147][T28219] _raw_spin_lock+0x2e/0x40 [ 1286.208163][T28219] evdev_pass_values+0xf2/0xad0 [ 1286.208179][T28219] evdev_events+0x1c2/0x300 [ 1286.208193][T28219] input_pass_values+0x84d/0x1200 [ 1286.208208][T28219] input_repeat_key+0x3fd/0x6c0 [ 1286.208222][T28219] call_timer_fn+0x18e/0x650 [ 1286.208239][T28219] __run_timer_base+0x66a/0x8e0 [ 1286.208255][T28219] run_timer_softirq+0xb7/0x170 [ 1286.208271][T28219] handle_softirqs+0x2c4/0x970 [ 1286.208284][T28219] __irq_exit_rcu+0xf4/0x1c0 [ 1286.208297][T28219] irq_exit_rcu+0x9/0x30 [ 1286.208310][T28219] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1286.208328][T28219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1286.208345][T28219] acpi_safe_halt+0x21/0x30 [ 1286.208360][T28219] acpi_idle_enter+0xe4/0x140 [ 1286.208375][T28219] cpuidle_enter_state+0x112/0x480 [ 1286.208391][T28219] cpuidle_enter+0x5d/0xa0 [ 1286.208406][T28219] do_idle+0x375/0x5d0 [ 1286.208426][T28219] cpu_startup_entry+0x42/0x60 [ 1286.208445][T28219] rest_init+0x2dc/0x300 [ 1286.208463][T28219] start_kernel+0x47a/0x500 [ 1286.208476][T28219] x86_64_start_reservations+0x2a/0x30 [ 1286.208497][T28219] x86_64_start_kernel+0x9f/0xa0 [ 1286.208513][T28219] common_startup_64+0x13e/0x147 [ 1286.208528][T28219] INITIAL USE at: [ 1286.208536][T28219] lock_acquire+0x1ed/0x550 [ 1286.208550][T28219] _raw_spin_lock+0x2e/0x40 [ 1286.208567][T28219] evdev_pass_values+0xf2/0xad0 [ 1286.208583][T28219] evdev_events+0x1c2/0x300 [ 1286.208599][T28219] input_pass_values+0x84d/0x1200 [ 1286.208615][T28219] input_event_dispose+0x36c/0x650 [ 1286.208628][T28219] input_handle_event+0xa71/0xbe0 [ 1286.208641][T28219] input_inject_event+0x22f/0x340 [ 1286.208653][T28219] evdev_write+0x672/0x7c0 [ 1286.208669][T28219] vfs_write+0x2a2/0xc90 [ 1286.208685][T28219] ksys_write+0x1a0/0x2c0 [ 1286.208701][T28219] do_syscall_64+0xf3/0x230 [ 1286.208716][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.208731][T28219] } [ 1286.208736][T28219] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 1286.208757][T28219] -> (&new->fa_lock){...-}-{2:2} { [ 1286.208774][T28219] IN-SOFTIRQ-R at: [ 1286.208782][T28219] lock_acquire+0x1ed/0x550 [ 1286.208796][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.208812][T28219] kill_fasync+0x19e/0x4d0 [ 1286.208828][T28219] sock_wake_async+0x147/0x170 [ 1286.208843][T28219] sock_def_readable+0x3df/0x5b0 [ 1286.208914][T28219] tcp_data_queue+0x20fa/0x76c0 [ 1286.208953][T28219] tcp_rcv_established+0xfb7/0x2020 [ 1286.208970][T28219] tcp_v4_do_rcv+0x965/0xc60 [ 1286.209014][T28219] tcp_v4_rcv+0x2d9e/0x37c0 [ 1286.209033][T28219] ip_protocol_deliver_rcu+0x225/0x430 [ 1286.209053][T28219] ip_local_deliver_finish+0x341/0x5f0 [ 1286.209074][T28219] NF_HOOK+0x3a4/0x450 [ 1286.209092][T28219] NF_HOOK+0x3a4/0x450 [ 1286.209109][T28219] __netif_receive_skb+0x2bf/0x650 [ 1286.209139][T28219] process_backlog+0x391/0x7d0 [ 1286.209153][T28219] __napi_poll+0xcb/0x490 [ 1286.209166][T28219] net_rx_action+0x7bb/0x10a0 [ 1286.209180][T28219] handle_softirqs+0x2c4/0x970 [ 1286.209194][T28219] run_ksoftirqd+0xca/0x130 [ 1286.209210][T28219] smpboot_thread_fn+0x544/0xa30 [ 1286.209228][T28219] kthread+0x2f0/0x390 [ 1286.209243][T28219] ret_from_fork+0x4b/0x80 [ 1286.209260][T28219] ret_from_fork_asm+0x1a/0x30 [ 1286.209278][T28219] INITIAL USE at: [ 1286.209286][T28219] lock_acquire+0x1ed/0x550 [ 1286.209300][T28219] _raw_write_lock_irq+0xd3/0x120 [ 1286.209317][T28219] fasync_remove_entry+0xff/0x1d0 [ 1286.209340][T28219] lease_modify+0x1a0/0x390 [ 1286.209358][T28219] locks_remove_file+0x57d/0x10c0 [ 1286.209372][T28219] __fput+0x36a/0x8b0 [ 1286.209389][T28219] __x64_sys_close+0x7f/0x110 [ 1286.209404][T28219] do_syscall_64+0xf3/0x230 [ 1286.209418][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.209433][T28219] INITIAL READ USE at: [ 1286.209441][T28219] lock_acquire+0x1ed/0x550 [ 1286.209455][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.209472][T28219] kill_fasync+0x19e/0x4d0 [ 1286.209487][T28219] sock_wake_async+0x147/0x170 [ 1286.209502][T28219] sock_def_readable+0x3df/0x5b0 [ 1286.209515][T28219] mptcp_data_ready+0x68b/0xb00 [ 1286.209553][T28219] subflow_data_ready+0x34a/0x920 [ 1286.209583][T28219] tcp_data_queue+0x20fa/0x76c0 [ 1286.209599][T28219] tcp_rcv_established+0xfb7/0x2020 [ 1286.209616][T28219] tcp_v4_do_rcv+0x965/0xc60 [ 1286.209635][T28219] __release_sock+0x214/0x350 [ 1286.209648][T28219] release_sock+0x61/0x1f0 [ 1286.209663][T28219] __mptcp_push_pending+0x6b5/0x9f0 [ 1286.209682][T28219] mptcp_sendmsg+0x10bb/0x1b10 [ 1286.209697][T28219] __sock_sendmsg+0x1a6/0x270 [ 1286.209711][T28219] __sys_sendto+0x3a4/0x4f0 [ 1286.209726][T28219] __x64_sys_sendto+0xde/0x100 [ 1286.209742][T28219] do_syscall_64+0xf3/0x230 [ 1286.209757][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.209772][T28219] } [ 1286.209776][T28219] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1286.209793][T28219] ... acquired at: [ 1286.209798][T28219] lock_acquire+0x1ed/0x550 [ 1286.209811][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.209827][T28219] kill_fasync+0x19e/0x4d0 [ 1286.209842][T28219] evdev_pass_values+0x58a/0xad0 [ 1286.209857][T28219] evdev_events+0x1c2/0x300 [ 1286.209871][T28219] input_pass_values+0x84d/0x1200 [ 1286.209886][T28219] input_event_dispose+0x36c/0x650 [ 1286.209898][T28219] input_handle_event+0xa71/0xbe0 [ 1286.209910][T28219] input_inject_event+0x22f/0x340 [ 1286.209922][T28219] evdev_write+0x672/0x7c0 [ 1286.209936][T28219] vfs_write+0x2a2/0xc90 [ 1286.209951][T28219] ksys_write+0x1a0/0x2c0 [ 1286.209966][T28219] do_syscall_64+0xf3/0x230 [ 1286.209979][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.209994][T28219] [ 1286.209997][T28219] -> (&f->f_owner.lock){...-}-{2:2} { [ 1286.210015][T28219] IN-SOFTIRQ-R at: [ 1286.210023][T28219] lock_acquire+0x1ed/0x550 [ 1286.210036][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.210053][T28219] send_sigurg+0x29/0x3c0 [ 1286.210069][T28219] sk_send_sigurg+0x75/0x2f0 [ 1286.210085][T28219] tcp_check_urg+0x207/0x740 [ 1286.210103][T28219] tcp_urg+0x15c/0x450 [ 1286.210117][T28219] tcp_rcv_established+0xfac/0x2020 [ 1286.210133][T28219] tcp_v4_do_rcv+0x965/0xc60 [ 1286.210150][T28219] tcp_v4_rcv+0x2d9e/0x37c0 [ 1286.210167][T28219] ip_protocol_deliver_rcu+0x225/0x430 [ 1286.210186][T28219] ip_local_deliver_finish+0x341/0x5f0 [ 1286.210204][T28219] NF_HOOK+0x3a4/0x450 [ 1286.210221][T28219] NF_HOOK+0x3a4/0x450 [ 1286.210238][T28219] __netif_receive_skb+0x2bf/0x650 [ 1286.210250][T28219] process_backlog+0x391/0x7d0 [ 1286.210264][T28219] __napi_poll+0xcb/0x490 [ 1286.210275][T28219] net_rx_action+0x7bb/0x10a0 [ 1286.210288][T28219] handle_softirqs+0x2c4/0x970 [ 1286.210302][T28219] __irq_exit_rcu+0xf4/0x1c0 [ 1286.210315][T28219] irq_exit_rcu+0x9/0x30 [ 1286.210333][T28219] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1286.210345][T28219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1286.210361][T28219] do_syscall_64+0xbc/0x230 [ 1286.210375][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.210390][T28219] INITIAL USE at: [ 1286.210399][T28219] lock_acquire+0x1ed/0x550 [ 1286.210413][T28219] _raw_write_lock_irq+0xd3/0x120 [ 1286.210430][T28219] f_modown+0x38/0x340 [ 1286.210443][T28219] generic_setlease+0xbdb/0x15a0 [ 1286.210461][T28219] fcntl_setlease+0x404/0x540 [ 1286.210473][T28219] do_fcntl+0x28f/0x1730 [ 1286.210488][T28219] __se_sys_fcntl+0xd2/0x1c0 [ 1286.210503][T28219] do_syscall_64+0xf3/0x230 [ 1286.210516][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.210532][T28219] INITIAL READ USE at: [ 1286.210540][T28219] lock_acquire+0x1ed/0x550 [ 1286.210554][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.210571][T28219] send_sigurg+0x29/0x3c0 [ 1286.210585][T28219] sk_send_sigurg+0x75/0x2f0 [ 1286.210599][T28219] tcp_check_urg+0x207/0x740 [ 1286.210616][T28219] tcp_urg+0x15c/0x450 [ 1286.210631][T28219] tcp_rcv_established+0xfac/0x2020 [ 1286.210646][T28219] tcp_v4_do_rcv+0x965/0xc60 [ 1286.210663][T28219] __release_sock+0x214/0x350 [ 1286.210675][T28219] release_sock+0x61/0x1f0 [ 1286.210690][T28219] tcp_sendmsg+0x3a/0x50 [ 1286.210729][T28219] __sock_sendmsg+0x1a6/0x270 [ 1286.210743][T28219] __sys_sendto+0x3a4/0x4f0 [ 1286.210758][T28219] __x64_sys_sendto+0xde/0x100 [ 1286.210778][T28219] do_syscall_64+0xf3/0x230 [ 1286.210792][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.210807][T28219] } [ 1286.210812][T28219] ... key at: [] init_file.__key+0x0/0x20 [ 1286.210828][T28219] ... acquired at: [ 1286.210832][T28219] lock_acquire+0x1ed/0x550 [ 1286.210845][T28219] _raw_read_lock_irqsave+0xdd/0x130 [ 1286.210861][T28219] send_sigio+0x33/0x360 [ 1286.210876][T28219] kill_fasync+0x23a/0x4d0 [ 1286.210890][T28219] sock_wake_async+0x147/0x170 [ 1286.210904][T28219] sock_def_readable+0x3df/0x5b0 [ 1286.210916][T28219] mptcp_data_ready+0x68b/0xb00 [ 1286.210932][T28219] subflow_data_ready+0x34a/0x920 [ 1286.210948][T28219] tcp_data_queue+0x20fa/0x76c0 [ 1286.210963][T28219] tcp_rcv_established+0xfb7/0x2020 [ 1286.210978][T28219] tcp_v4_do_rcv+0x965/0xc60 [ 1286.210994][T28219] __release_sock+0x214/0x350 [ 1286.211006][T28219] release_sock+0x61/0x1f0 [ 1286.211019][T28219] __mptcp_push_pending+0x6b5/0x9f0 [ 1286.211035][T28219] mptcp_sendmsg+0x10bb/0x1b10 [ 1286.211049][T28219] __sock_sendmsg+0x1a6/0x270 [ 1286.211061][T28219] __sys_sendto+0x3a4/0x4f0 [ 1286.211075][T28219] __x64_sys_sendto+0xde/0x100 [ 1286.211091][T28219] do_syscall_64+0xf3/0x230 [ 1286.211105][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.211119][T28219] [ 1286.211122][T28219] [ 1286.211122][T28219] the dependencies between the lock to be acquired [ 1286.211127][T28219] and HARDIRQ-irq-unsafe lock: [ 1286.211152][T28219] -> (tasklist_lock){.+.+}-{2:2} { [ 1286.211171][T28219] HARDIRQ-ON-R at: [ 1286.211178][T28219] lock_acquire+0x1ed/0x550 [ 1286.211193][T28219] _raw_read_lock+0x36/0x50 [ 1286.211208][T28219] __do_wait+0x12d/0x850 [ 1286.211225][T28219] do_wait+0x1e9/0x560 [ 1286.211240][T28219] kernel_wait+0xe9/0x240 [ 1286.211257][T28219] call_usermodehelper_exec_work+0xbd/0x230 [ 1286.211271][T28219] process_scheduled_works+0xa2c/0x1830 [ 1286.211286][T28219] worker_thread+0x86d/0xd50 [ 1286.211300][T28219] kthread+0x2f0/0x390 [ 1286.211314][T28219] ret_from_fork+0x4b/0x80 [ 1286.211336][T28219] ret_from_fork_asm+0x1a/0x30 [ 1286.211354][T28219] SOFTIRQ-ON-R at: [ 1286.211362][T28219] lock_acquire+0x1ed/0x550 [ 1286.211376][T28219] _raw_read_lock+0x36/0x50 [ 1286.211391][T28219] __do_wait+0x12d/0x850 [ 1286.211407][T28219] do_wait+0x1e9/0x560 [ 1286.211423][T28219] kernel_wait+0xe9/0x240 [ 1286.211440][T28219] call_usermodehelper_exec_work+0xbd/0x230 [ 1286.211453][T28219] process_scheduled_works+0xa2c/0x1830 [ 1286.211466][T28219] worker_thread+0x86d/0xd50 [ 1286.211481][T28219] kthread+0x2f0/0x390 [ 1286.211496][T28219] ret_from_fork+0x4b/0x80 [ 1286.211512][T28219] ret_from_fork_asm+0x1a/0x30 [ 1286.211529][T28219] INITIAL USE at: [ 1286.211536][T28219] lock_acquire+0x1ed/0x550 [ 1286.211550][T28219] _raw_write_lock_irq+0xd3/0x120 [ 1286.211567][T28219] copy_process+0x228b/0x3dc0 [ 1286.211580][T28219] kernel_clone+0x226/0x8f0 [ 1286.211594][T28219] user_mode_thread+0x132/0x1a0 [ 1286.211609][T28219] rest_init+0x23/0x300 [ 1286.211624][T28219] start_kernel+0x47a/0x500 [ 1286.211637][T28219] x86_64_start_reservations+0x2a/0x30 [ 1286.211654][T28219] x86_64_start_kernel+0x9f/0xa0 [ 1286.211670][T28219] common_startup_64+0x13e/0x147 [ 1286.211684][T28219] INITIAL READ USE at: [ 1286.211691][T28219] lock_acquire+0x1ed/0x550 [ 1286.211705][T28219] _raw_read_lock+0x36/0x50 [ 1286.211720][T28219] __do_wait+0x12d/0x850 [ 1286.211736][T28219] do_wait+0x1e9/0x560 [ 1286.211752][T28219] kernel_wait+0xe9/0x240 [ 1286.211769][T28219] call_usermodehelper_exec_work+0xbd/0x230 [ 1286.211783][T28219] process_scheduled_works+0xa2c/0x1830 [ 1286.211797][T28219] worker_thread+0x86d/0xd50 [ 1286.211811][T28219] kthread+0x2f0/0x390 [ 1286.211826][T28219] ret_from_fork+0x4b/0x80 [ 1286.211842][T28219] ret_from_fork_asm+0x1a/0x30 [ 1286.211859][T28219] } [ 1286.211863][T28219] ... key at: [] tasklist_lock+0x18/0x40 [ 1286.211879][T28219] ... acquired at: [ 1286.211883][T28219] lock_acquire+0x1ed/0x550 [ 1286.211896][T28219] _raw_read_lock+0x36/0x50 [ 1286.211911][T28219] send_sigio+0xfc/0x360 [ 1286.211925][T28219] kill_fasync+0x23a/0x4d0 [ 1286.211939][T28219] lease_break_callback+0x26/0x30 [ 1286.211953][T28219] __break_lease+0x6d5/0x1820 [ 1286.211969][T28219] do_dentry_open+0x89e/0x1720 [ 1286.211983][T28219] path_openat+0x289f/0x3280 [ 1286.211998][T28219] do_filp_open+0x235/0x490 [ 1286.212014][T28219] do_sys_openat2+0x13e/0x1d0 [ 1286.212027][T28219] __x64_sys_open+0x225/0x270 [ 1286.212040][T28219] do_syscall_64+0xf3/0x230 [ 1286.212053][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.212068][T28219] [ 1286.212071][T28219] [ 1286.212071][T28219] stack backtrace: [ 1286.212079][T28219] CPU: 0 PID: 28219 Comm: syz-executor.3 Not tainted 6.10.0-rc1-next-20240529-syzkaller #0 [ 1286.212095][T28219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1286.212103][T28219] Call Trace: [ 1286.212110][T28219] [ 1286.212116][T28219] dump_stack_lvl+0x241/0x360 [ 1286.212134][T28219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1286.212149][T28219] ? __pfx__printk+0x10/0x10 [ 1286.212167][T28219] ? print_shortest_lock_dependencies+0xf2/0x160 [ 1286.212183][T28219] validate_chain+0x4ebd/0x5920 [ 1286.212210][T28219] ? __pfx_validate_chain+0x10/0x10 [ 1286.212229][T28219] ? is_bpf_text_address+0x285/0x2a0 [ 1286.212247][T28219] ? __pfx_validate_chain+0x10/0x10 [ 1286.212266][T28219] ? look_up_lock_class+0x77/0x170 [ 1286.212287][T28219] ? __lock_acquire+0x1359/0x2000 [ 1286.212303][T28219] ? mark_lock+0x9a/0x360 [ 1286.212326][T28219] __lock_acquire+0x1359/0x2000 [ 1286.212348][T28219] lock_acquire+0x1ed/0x550 [ 1286.212363][T28219] ? send_sigio+0xfc/0x360 [ 1286.212379][T28219] ? __pfx_lock_acquire+0x10/0x10 [ 1286.212395][T28219] ? __pfx_lock_acquire+0x10/0x10 [ 1286.212413][T28219] ? do_raw_read_lock+0x3c/0x90 [ 1286.212426][T28219] ? _raw_read_lock_irqsave+0xe9/0x130 [ 1286.212443][T28219] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1286.212462][T28219] ? _raw_read_lock_irqsave+0xe9/0x130 [ 1286.212480][T28219] _raw_read_lock+0x36/0x50 [ 1286.212497][T28219] ? send_sigio+0xfc/0x360 [ 1286.212512][T28219] send_sigio+0xfc/0x360 [ 1286.212529][T28219] kill_fasync+0x23a/0x4d0 [ 1286.212545][T28219] ? kill_fasync+0x55/0x4d0 [ 1286.212562][T28219] lease_break_callback+0x26/0x30 [ 1286.212577][T28219] __break_lease+0x6d5/0x1820 [ 1286.212602][T28219] ? __pfx___break_lease+0x10/0x10 [ 1286.212620][T28219] ? __pfx_apparmor_file_open+0x10/0x10 [ 1286.212639][T28219] ? tomoyo_file_open+0x168/0x220 [ 1286.212656][T28219] ? security_file_open+0x5bc/0x730 [ 1286.212674][T28219] do_dentry_open+0x89e/0x1720 [ 1286.212695][T28219] path_openat+0x289f/0x3280 [ 1286.212715][T28219] ? mark_lock+0x9a/0x360 [ 1286.212734][T28219] ? mark_lock+0x9a/0x360 [ 1286.212753][T28219] ? __pfx_path_openat+0x10/0x10 [ 1286.212777][T28219] do_filp_open+0x235/0x490 [ 1286.212795][T28219] ? __pfx_do_filp_open+0x10/0x10 [ 1286.212820][T28219] ? _raw_spin_unlock+0x28/0x50 [ 1286.212836][T28219] ? alloc_fd+0x59d/0x640 [ 1286.212858][T28219] do_sys_openat2+0x13e/0x1d0 [ 1286.212873][T28219] ? __might_fault+0xaa/0x120 [ 1286.212889][T28219] ? __pfx_do_sys_openat2+0x10/0x10 [ 1286.212903][T28219] ? rcu_is_watching+0x15/0xb0 [ 1286.212920][T28219] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 1286.212943][T28219] __x64_sys_open+0x225/0x270 [ 1286.212959][T28219] ? __pfx___x64_sys_open+0x10/0x10 [ 1286.212976][T28219] ? do_syscall_64+0x100/0x230 [ 1286.212992][T28219] ? do_syscall_64+0xb6/0x230 [ 1286.213009][T28219] do_syscall_64+0xf3/0x230 [ 1286.213024][T28219] ? clear_bhb_loop+0x35/0x90 [ 1286.213041][T28219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.213058][T28219] RIP: 0033:0x7f319327cee9 [ 1286.213073][T28219] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1286.213087][T28219] RSP: 002b:00007f31940850c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1286.213102][T28219] RAX: ffffffffffffffda RBX: 00007f31933b4140 RCX: 00007f319327cee9 [ 1286.213113][T28219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 1286.213123][T28219] RBP: 00007f31932c947f R08: 0000000000000000 R09: 0000000000000000 [ 1286.213133][T28219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1286.213142][T28219] R13: 000000000000006e R14: 00007f31933b4140 R15: 00007fffaf464e18 [ 1286.213158][T28219] 2041/06/03 03:06:04 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1288.872653][T19034] Bluetooth: hci1: command 0x1009 tx timeout [ 1288.901262][T21523] Bluetooth: hci1: Opcode 0x1009 failed: -110 [ 1288.950360][T21523] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1288.971115][T21523] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1288.986090][T21523] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1288.999404][T21523] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1289.017271][T21523] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1289.029149][T21523] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1289.082325][ T11] vhci_hcd: stop threads [ 1289.202166][ T11] vhci_hcd: release socket [ 1289.404104][ T29] audit: type=1326 audit(2253841561.542:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f319327cee9 code=0x7ffc0000 [ 1289.494023][ T11] vhci_hcd: disconnect device [ 1289.577797][ T11] vhci_hcd: stop threads [ 1289.582079][ T11] vhci_hcd: release socket [ 1289.628907][ T11] vhci_hcd: disconnect device [ 1289.678670][T28105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.690981][ T29] audit: type=1326 audit(2253841561.542:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1289.727286][ T29] audit: type=1326 audit(2253841561.542:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3193240329 code=0x7ffc0000 [ 1289.815900][ T29] audit: type=1326 audit(2253841561.552:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1289.865886][ T29] audit: type=1326 audit(2253841561.552:3720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3193240329 code=0x7ffc0000 [ 1289.925931][ T29] audit: type=1326 audit(2253841561.552:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1289.986430][ T29] audit: type=1326 audit(2253841561.552:3722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3193240329 code=0x7ffc0000 [ 1290.016334][ T29] audit: type=1326 audit(2253841561.552:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1290.045774][ T29] audit: type=1326 audit(2253841561.552:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3193240329 code=0x7ffc0000 [ 1290.076958][ T29] audit: type=1326 audit(2253841561.552:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28201 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f319327a667 code=0x7ffc0000 [ 1290.139186][T28105] bridge_slave_1: left allmulticast mode [ 1290.147203][T28105] bridge_slave_1: left promiscuous mode [ 1290.152961][T28105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.181677][T28105] bridge_slave_0: left allmulticast mode [ 1290.206288][T28105] bridge_slave_0: left promiscuous mode [ 1290.212098][T28105] bridge0: port 1(bridge_slave_0) entered disabled state