last executing test programs: 23.643630149s ago: executing program 5 (id=1533): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) listen(r0, 0x0) 23.47302916s ago: executing program 5 (id=1535): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}, 0x1, 0x8100000018000000}, 0x0) 23.076722686s ago: executing program 5 (id=1539): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x6, [@typedef={0x4, 0x0, 0x0, 0x7}, @restrict={0x0, 0x0, 0x0, 0xb, 0x1}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0, 0xda]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 22.86693823s ago: executing program 5 (id=1541): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x0, 0x4, {{0x3b, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) 22.660065104s ago: executing program 5 (id=1542): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x7}]}}]}, 0x38}}, 0x0) 22.425332407s ago: executing program 5 (id=1545): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000180)={0x0, 0x24ff, 0x13580}, &(0x7f0000000080)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITEV={0x2, 0x3, 0x0, @fd_index=0x3, 0x7, 0x0, 0x0, 0xb}) io_uring_enter(r0, 0x45e0, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x0, 0x3, 0x7, 0x0, 0x0) 12.441920866s ago: executing program 2 (id=1607): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x7d243a6ea807936d, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 10.911048397s ago: executing program 3 (id=1611): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=") open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) renameat2(r0, &(0x7f0000000140)='./file1\x00', r0, &(0x7f0000000980)='./bus\x00', 0x5) 10.910010538s ago: executing program 2 (id=1612): r0 = syz_io_uring_setup(0xd7a, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000004c0)=0x0) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x0, 0x0}) io_uring_enter(r0, 0x200688a, 0x0, 0x0, 0x0, 0x0) 10.332098112s ago: executing program 2 (id=1615): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) syz_emit_ethernet(0xce, &(0x7f0000000240)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x28, 0x0, {0x28, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @dev, {[@cipso={0x86, 0x81, 0x0, [{0x0, 0xc, "e256b28c599d1681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706444dbe3df8"}, {0x0, 0x12, "cf9518ab1ab54f5d8baf2c5332bb1ab8"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0x11, "0a2f07a0ab678d701b05bb2514cb64"}]}, @cipso={0x86, 0x8, 0x0, [{0x0, 0x2}]}]}}, "2947d6b8"}}}}}, 0x0) 9.941366971s ago: executing program 2 (id=1617): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 9.379786141s ago: executing program 2 (id=1619): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="050000001b0800"/16, @ANYRES64=r0], 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000208"], 0x80}}, 0x0) 9.013481874s ago: executing program 2 (id=1622): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) 8.928182169s ago: executing program 3 (id=1623): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000), 0xe) listen(r0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x76, @fixed, 0x0, 0x2}, 0xe) 7.632452037s ago: executing program 3 (id=1630): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)=r0}, 0x20) 7.164858098s ago: executing program 4 (id=1632): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@ipv4_newaddr={0x28, 0x14, 0x509, 0x0, 0x0, {0x2, 0x18, 0x10, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @local}, @IFA_BROADCAST={0x8, 0x4, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) 6.796841882s ago: executing program 3 (id=1634): socket$packet(0x11, 0x0, 0x300) socket$kcm(0x10, 0x0, 0x10) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="0401020028000b05d25a806f8c6394f90a24fc600d00090009000100ff3582c137153e370248018002000000d1bd", 0x33fe0}], 0x1}, 0x0) 6.624571805s ago: executing program 4 (id=1636): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe207c05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}}) 6.309872855s ago: executing program 1 (id=1637): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001340)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0xc, 0x2, [@TCA_GRED_LIMIT={0x1a}]}}]}, 0x3c}}, 0x0) 5.691171037s ago: executing program 4 (id=1638): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) process_mrelease(0xffffffffffffffff, 0x0) 5.542308503s ago: executing program 1 (id=1639): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read(r1, &(0x7f0000000580)=""/119, 0x77) 5.341525571s ago: executing program 0 (id=1640): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='\t'], 0xb0) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 5.050309502s ago: executing program 1 (id=1641): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001900), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000001940)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x70bd23, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x18, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48001}, 0x4) 4.924568384s ago: executing program 3 (id=1642): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x264e33, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000f00)={0x5, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x4e21, @rand_addr=0x64010100}}}, 0x108) 4.793907313s ago: executing program 0 (id=1643): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000aa63d9ae50003800800010000000008080003"], 0x28}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000004"], 0x24d8}], 0x1}, 0x0) 3.962075768s ago: executing program 0 (id=1644): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x245e, 0x6) sendmsg$key(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000180)={0x2, 0x5, 0x0, 0x0, 0x2}, 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 3.921759908s ago: executing program 1 (id=1645): r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x301002}, &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3.482298518s ago: executing program 0 (id=1646): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x3}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x3}) 2.99353423s ago: executing program 0 (id=1647): r0 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000600), 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x0) 2.792276934s ago: executing program 1 (id=1648): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x209, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x88}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 2.079990832s ago: executing program 0 (id=1649): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x264e33, 0x0) setsockopt$sock_int(r0, 0x1, 0x44, &(0x7f0000000080), 0x4) 1.439225739s ago: executing program 4 (id=1650): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="c3c4166ac276cea454a9291d3541aea08bd5ad16f142b046337bfce1fff9101f4f21745bcbfb83aa860254", 0x2b}, {&(0x7f0000000000)="fc547f3c08d825fb0fffff325780089aef349a71f4f318f752ca699bfa7954e3b7cda3e9c6b04af6593edccd3d7ee20ff10a2b10cb9fd0f09d34e4717a04e56c34aacaba5227f32a23923c907d12d72659d61c74f3a2d5319748a3f400d6c3ab503aafc8957094c47f5097cf119a797cf630bf4b9d14a970858a0e15feae4de39e3b0d5a9dd3a3628efad06c89b17b226ddbe7134f", 0x95}, {&(0x7f00000002c0)='t', 0x1}], 0x3}}], 0x1, 0x0) 1.015216685s ago: executing program 1 (id=1651): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x34}}, 0x0) 831.339512ms ago: executing program 4 (id=1652): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000080)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) writev(r0, &(0x7f0000000880)=[{0x0}, {&(0x7f0000000540)="e3535e9c7f", 0x5}], 0x2) 363.663088ms ago: executing program 3 (id=1653): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000020c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a31000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c00)=ANY=[@ANYBLOB="2c000000170a030c0000000000000000020000000900010073797a3000000000090002"], 0x2c}}, 0x0) 0s ago: executing program 4 (id=1654): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x54000002, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r0 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x81\x84\xb8\x92P\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r0, 0x0, 0x400000000000000, 0x7) kernel console output (not intermixed with test programs): unt option is deprecated. [ 162.973085][ T29] audit: type=1804 audit(1727302329.877:30): pid=7883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.819" name="/newroot/44/file0/file2" dev="loop4" ino=1048640 res=1 errno=0 [ 163.017098][ T7876] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 163.033997][ T9] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 163.043751][ T9] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 163.070235][ T9] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 163.105587][ T7884] loop5: detected capacity change from 0 to 4096 [ 163.138650][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.141342][ T7896] Bluetooth: MGMT ver 1.23 [ 163.151502][ T7896] Bluetooth: hci3: too big key_count value 34945 [ 163.226576][ T7876] XFS (loop1): Ending clean mount [ 163.258428][ T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 163.329855][ T6030] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 163.383700][ T7904] loop4: detected capacity change from 0 to 128 [ 163.464644][ T9] gspca_sn9c2028: read1 error -32 [ 163.482066][ T9] gspca_sn9c2028: read1 error -32 [ 163.690706][ T7914] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 163.709556][ T5369] usb 4-1: USB disconnect, device number 4 [ 164.460977][ T7943] sctp: [Deprecated]: syz.0.850 (pid 7943) Use of int in maxseg socket option. [ 164.460977][ T7943] Use struct sctp_assoc_value instead [ 164.490149][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 164.735115][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 164.775061][ T9] usb 2-1: config 0 has an invalid interface number: 151 but max is 1 [ 164.783659][ T9] usb 2-1: config 0 has no interface number 1 [ 164.789772][ T9] usb 2-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 164.820133][ T9] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 164.876270][ T9] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024 [ 164.909249][ T9] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 164.932042][ T9] usb 2-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 164.950606][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 164.962746][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 164.977287][ T9] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 164.986585][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.995778][ T9] usb 2-1: Product: syz [ 165.000251][ T9] usb 2-1: Manufacturer: syz [ 165.004873][ T9] usb 2-1: SerialNumber: syz [ 165.011746][ T9] usb 2-1: config 0 descriptor?? [ 165.017553][ T7933] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 165.028016][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 165.049505][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 165.057570][ T9] usb 2-1: invalid MIDI in EP 0 [ 165.085674][ T9] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 165.234211][ T5284] usb 2-1: USB disconnect, device number 9 [ 165.481138][ T7990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.870'. [ 165.525956][ T7990] bataNāDž­2žØ_0: renamed from lo (while UP) [ 165.679076][ T8004] loop0: detected capacity change from 0 to 64 [ 165.880146][ T46] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 166.060155][ T46] usb 4-1: Using ep0 maxpacket: 8 [ 166.080513][ T46] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 166.103795][ T46] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.156710][ T46] usb 4-1: config 0 has no interface number 0 [ 166.180060][ T46] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 166.214071][ T46] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 166.236112][ T8001] loop2: detected capacity change from 0 to 32768 [ 166.251528][ T8001] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.874 (8001) [ 166.260030][ T46] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 166.278037][ T8001] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 166.308882][ T8001] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 166.316187][ T46] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 166.332520][ T8001] BTRFS info (device loop2): using free-space-tree [ 166.370033][ T46] usb 4-1: config 0 interface 52 has no altsetting 0 [ 166.390057][ T46] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 166.402897][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.417160][ T46] usb 4-1: config 0 descriptor?? [ 166.564571][ T8003] loop4: detected capacity change from 0 to 32768 [ 166.589663][ T29] audit: type=1800 audit(1727302333.497:31): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.874" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 166.610079][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.628300][ T5240] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 166.652171][ T46] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input15 [ 166.907782][ T8003] JBD2: Ignoring recovery information on journal [ 166.980270][ T8044] loop0: detected capacity change from 0 to 32768 [ 166.987403][ T8044] btrfs: Deprecated parameter 'usebackuproot' [ 166.993601][ T8044] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 167.013615][ T8044] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.887 (8044) [ 167.029471][ T46] usb 4-1: USB disconnect, device number 5 [ 167.074123][ T8044] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 167.084398][ T8044] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 167.093883][ T8044] BTRFS info (device loop0): disk space caching is enabled [ 167.101161][ T8044] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 167.134322][ T8003] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 167.494817][ T2582] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xab36da95f7d629ca8cc302fd0fd3c25f2e0c358a27b6cae5b3699304a6c15a5c level 0 [ 167.538409][ T6848] ocfs2: Unmounting device (7,4) on (node local) [ 167.585934][ T8044] BTRFS error (device loop0): failed to load root extent [ 167.593471][ T8044] BTRFS warning (device loop0): try to load backup roots slot 1 [ 167.682030][ T8044] BTRFS info (device loop0 state M): disabling free space tree [ 167.690333][ T8044] BTRFS info (device loop0 state M): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 167.701055][ T8044] BTRFS info (device loop0 state M): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.736196][ T8044] BTRFS info (device loop0 state M): use compression, level 0 [ 167.851741][ T6856] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 168.383279][ T8080] loop1: detected capacity change from 0 to 32768 [ 168.444776][ T8080] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 168.601815][ T5369] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 168.622168][ T8080] XFS (loop1): Ending clean mount [ 168.767797][ T6030] XFS (loop1): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 168.810089][ T5369] usb 6-1: Using ep0 maxpacket: 32 [ 168.835169][ T5369] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.838647][ T8141] loop4: detected capacity change from 0 to 512 [ 168.853420][ T8141] EXT4-fs: Ignoring removed nobh option [ 168.870389][ T5369] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.936077][ T5369] usb 6-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 168.968570][ T8150] netlink: 20 bytes leftover after parsing attributes in process `syz.3.923'. [ 168.971226][ T5369] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.993859][ T5369] usb 6-1: config 0 descriptor?? [ 169.005404][ T8141] fscrypt (loop4, inode 2): Error -61 getting encryption context [ 169.022129][ T8141] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61 [ 169.037911][ T8141] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #13: comm syz.4.918: casefold flag without casefold feature [ 169.052416][ T8141] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.918: couldn't read orphan inode 13 (err -117) [ 169.104936][ T8141] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.240674][ T8157] veth1_macvtap: left promiscuous mode [ 169.248179][ T8157] macsec0: entered allmulticast mode [ 169.277036][ T8157] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 169.278274][ T6848] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.404645][ T46] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 169.469632][ T5369] elecom 0003:056E:00E6.0014: item fetching failed at offset 2/5 [ 169.488862][ T5369] elecom 0003:056E:00E6.0014: probe with driver elecom failed with error -22 [ 169.610621][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 169.620695][ T46] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 169.629933][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.638157][ T46] usb 1-1: Product: syz [ 169.666425][ T46] usb 1-1: Manufacturer: syz [ 169.699706][ T5280] usb 6-1: USB disconnect, device number 8 [ 169.718376][ T46] usb 1-1: SerialNumber: syz [ 169.737453][ T46] usb 1-1: config 0 descriptor?? [ 169.759214][ T46] gspca_main: sq930x-2.14.0 probing 2770:930c [ 170.293354][ T8171] loop1: detected capacity change from 0 to 32768 [ 170.426017][ T8164] loop3: detected capacity change from 0 to 40427 [ 170.450265][ T8164] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 170.458045][ T8164] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 170.495542][ T8164] F2FS-fs (loop3): Found nat_bits in checkpoint [ 170.506887][ T8171] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 170.619656][ T8171] XFS (loop1): Ending clean mount [ 170.637629][ T8171] XFS (loop1): Quotacheck needed: Please wait. [ 170.695442][ T8164] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 170.707319][ T8171] XFS (loop1): Quotacheck: Done. [ 170.720393][ T8164] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 170.730350][ T46] gspca_sq930x: ucbus_write failed -71 [ 170.762721][ T8164] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 170.772331][ T930] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 170.818674][ T8164] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 170.868309][ T6030] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 170.956191][ T46] gspca_sq930x: Sensor ov9630 not yet treated [ 170.962459][ T930] usb 3-1: Using ep0 maxpacket: 16 [ 170.969032][ T46] sq930x 1-1:0.0: probe with driver sq930x failed with error -22 [ 170.986465][ T46] usb 1-1: USB disconnect, device number 7 [ 171.000085][ T930] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 171.016011][ T930] usb 3-1: config 0 has no interface number 0 [ 171.022308][ T930] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 171.032340][ T930] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 171.046383][ T930] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 171.068151][ T8182] loop4: detected capacity change from 0 to 32768 [ 171.076744][ T930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.093271][ T930] usb 3-1: Product: syz [ 171.097455][ T930] usb 3-1: Manufacturer: syz [ 171.120205][ T930] usb 3-1: SerialNumber: syz [ 171.175181][ T930] usb 3-1: config 0 descriptor?? [ 171.192808][ T8197] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 171.207916][ T8197] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 171.218928][ T8182] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 171.306640][ T29] audit: type=1800 audit(1727302338.227:32): pid=8182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.937" name="bus" dev="loop4" ino=17058 res=0 errno=0 [ 171.326996][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.444151][ T8197] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 171.470242][ T8197] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 171.556018][ T6848] ocfs2: Unmounting device (7,4) on (node local) [ 171.759862][ T5283] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 171.843849][ T8223] loop4: detected capacity change from 0 to 64 [ 171.891271][ T930] asix 3-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 171.925691][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.930708][ T930] asix 3-1:0.251: probe with driver asix failed with error -524 [ 171.969761][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.988838][ T5283] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 171.998197][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.037598][ T5283] usb 1-1: config 0 descriptor?? [ 172.134509][ T8210] loop5: detected capacity change from 0 to 32768 [ 172.153032][ T5284] usb 3-1: USB disconnect, device number 13 [ 172.206627][ T8210] XFS (loop5): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 172.341674][ T8219] loop1: detected capacity change from 0 to 32768 [ 172.386964][ T8210] XFS (loop5): Ending clean mount [ 172.416385][ T8210] XFS (loop5): User initiated shutdown received. [ 172.433065][ T8210] XFS (loop5): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xe2/0x160 (fs/xfs/xfs_fsops.c:457). Shutting down filesystem. [ 172.475279][ T5283] steelseries 0003:1038:12B6.0015: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.0-1/input0 [ 172.506939][ T8210] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 172.620879][ T6864] XFS (loop5): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 172.675212][ T5283] steelseries 0003:1038:12B6.0015: hid_hw_raw_request() failed with -71 [ 172.689375][ T5283] usb 1-1: USB disconnect, device number 8 [ 173.891642][ T8250] loop2: detected capacity change from 0 to 40427 [ 173.952386][ T8250] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 173.988448][ T8250] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 173.991142][ T8259] loop5: detected capacity change from 0 to 32768 [ 173.998747][ T930] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 174.051880][ T8250] F2FS-fs (loop2): invalid crc value [ 174.058310][ T8278] macsec1: entered allmulticast mode [ 174.112493][ T8259] XFS (loop5): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 174.114212][ T8250] F2FS-fs (loop2): Found nat_bits in checkpoint [ 174.203678][ T930] usb 1-1: config 0 has no interfaces? [ 174.209221][ T930] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.278711][ T930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.312017][ T930] usb 1-1: config 0 descriptor?? [ 174.348069][ T8250] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 174.358365][ T8250] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 174.390941][ T8259] XFS (loop5): Ending clean mount [ 174.524253][ T6864] XFS (loop5): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 174.575350][ T8297] batadv0: entered promiscuous mode [ 174.636140][ T8297] macsec1: entered promiscuous mode [ 174.642092][ T8297] macsec1: entered allmulticast mode [ 174.647585][ T8297] batadv0: entered allmulticast mode [ 174.668369][ T8268] dvmrp0: entered allmulticast mode [ 174.690098][ T1159] usb 1-1: USB disconnect, device number 9 [ 175.666275][ T3035] dvmrp0 (unregistering): left allmulticast mode [ 176.173821][ T8335] loop4: detected capacity change from 0 to 8 [ 176.530176][ T5284] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 176.580237][ T8346] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 176.619938][ T8320] loop1: detected capacity change from 0 to 40427 [ 176.689030][ T8320] F2FS-fs (loop1): Found nat_bits in checkpoint [ 176.711808][ T5284] usb 3-1: config index 0 descriptor too short (expected 4114, got 18) [ 176.729301][ T5284] usb 3-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 176.733383][ T8351] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 176.758886][ T5284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.779129][ T5284] usb 3-1: Product: syz [ 176.806941][ T5284] usb 3-1: Manufacturer: syz [ 176.810147][ T8351] batman_adv: batadv0: Adding interface: gretap1 [ 176.818182][ T8351] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.843908][ T5284] usb 3-1: SerialNumber: syz [ 176.845913][ T5284] usb 3-1: config 0 descriptor?? [ 176.875395][ T8320] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 176.888793][ T8351] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 176.908690][ T8320] syz.1.982: attempt to access beyond end of device [ 176.908690][ T8320] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 176.991489][ T6030] syz-executor: attempt to access beyond end of device [ 176.991489][ T6030] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 177.030901][ T6030] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 177.141994][ T1159] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 177.365102][ T1159] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 177.378198][ T1159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.407858][ T1159] usb 1-1: config 0 descriptor?? [ 177.419280][ T1159] cp210x 1-1:0.0: cp210x converter detected [ 177.708862][ T5284] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 177.729286][ T5284] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 177.760241][ T5284] asix 3-1:0.0: probe with driver asix failed with error -71 [ 177.774476][ T5284] usb 3-1: USB disconnect, device number 14 [ 177.833867][ T1159] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 177.856065][ T1159] usb 1-1: cp210x converter now attached to ttyUSB0 [ 178.075502][ T5284] usb 1-1: USB disconnect, device number 10 [ 178.101059][ T5284] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 178.128764][ T5284] cp210x 1-1:0.0: device disconnected [ 178.421562][ T8375] loop2: detected capacity change from 0 to 2048 [ 178.480516][ T8366] loop5: detected capacity change from 0 to 32768 [ 178.494188][ T8375] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.530235][ T8375] ext4 filesystem being mounted at /207/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.554941][ T8366] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 178.590340][ T29] audit: type=1800 audit(1727302345.497:33): pid=8375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1006" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 178.610496][ C0] vkms_vblank_simulate: vblank timer overrun [ 178.652990][ T8366] XFS (loop5): Ending clean mount [ 178.673552][ T8366] XFS (loop5): Quotacheck needed: Please wait. [ 178.719844][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.742471][ T8366] XFS (loop5): Quotacheck: Done. [ 178.800249][ T5369] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 178.868142][ T8371] loop1: detected capacity change from 0 to 32768 [ 178.885023][ T6864] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 178.925648][ T8371] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1004 (8371) [ 178.949937][ T8371] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 178.979287][ T8371] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 178.989327][ T8371] BTRFS info (device loop1): using free-space-tree [ 179.004940][ T5369] usb 5-1: Using ep0 maxpacket: 8 [ 179.016119][ T5369] usb 5-1: config 0 has no interfaces? [ 179.025819][ T5369] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 179.035076][ T5369] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.043222][ T5369] usb 5-1: Product: syz [ 179.047428][ T5369] usb 5-1: Manufacturer: syz [ 179.052144][ T5369] usb 5-1: SerialNumber: syz [ 179.114923][ T8400] loop0: detected capacity change from 0 to 128 [ 179.131494][ T5369] usb 5-1: config 0 descriptor?? [ 179.149638][ T8400] FAT-fs (loop0): invalid media value (0x00) [ 179.155896][ T8400] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 179.165442][ T8400] FAT-fs (loop0): Can't find a valid FAT filesystem [ 179.312699][ T8410] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 179.340381][ T8410] macvtap1: entered promiscuous mode [ 179.349580][ T46] usb 5-1: USB disconnect, device number 6 [ 179.366511][ T8410] macvtap1: entered allmulticast mode [ 179.440858][ T8410] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 179.746435][ T8421] netlink: 'syz.5.1010': attribute type 1 has an invalid length. [ 179.811588][ T6030] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 180.581191][ T8450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'. [ 180.696415][ T8455] loop2: detected capacity change from 0 to 8 [ 181.238262][ T8455] SQUASHFS error: Failed to read block 0x2d7: -5 [ 181.440312][ T8455] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 181.915928][ T8472] loop2: detected capacity change from 0 to 2048 [ 181.984362][ T8475] Bluetooth: MGMT ver 1.23 [ 182.739170][ T8500] loop1: detected capacity change from 0 to 64 [ 182.746539][ T8472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.759254][ T8497] tipc: Started in network mode [ 182.776567][ T8497] tipc: Node identity :, cluster identity 4711 [ 182.800161][ T8472] ext4 filesystem being mounted at /216/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.812016][ T8497] tipc: Enabling of bearer rejected, failed to enable media [ 182.979889][ T4617] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 182.988681][ T4617] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 182.997091][ T4617] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 183.005432][ T4617] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 183.013047][ T4617] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 183.020835][ T4617] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 183.353949][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.556579][ T8501] chnl_net:caif_netlink_parms(): no params data found [ 184.791647][ T8525] loop0: detected capacity change from 0 to 2048 [ 184.847211][ T8527] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 184.887694][ T8499] loop4: detected capacity change from 0 to 40427 [ 184.962439][ T8499] F2FS-fs (loop4): heap/no_heap options were deprecated [ 184.981919][ T8499] F2FS-fs (loop4): invalid crc value [ 185.298634][ T8499] F2FS-fs (loop4): Found nat_bits in checkpoint [ 185.308907][ T4617] Bluetooth: hci6: command tx timeout [ 185.453278][ T8501] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.500378][ T8501] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.549383][ T8501] bridge_slave_0: entered allmulticast mode [ 185.586619][ T8521] loop1: detected capacity change from 0 to 32768 [ 185.610899][ T8501] bridge_slave_0: entered promiscuous mode [ 185.639741][ T8521] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1057 (8521) [ 185.673468][ T8501] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.718471][ T8501] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.767535][ T8521] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 185.793739][ T8501] bridge_slave_1: entered allmulticast mode [ 185.831460][ T8501] bridge_slave_1: entered promiscuous mode [ 185.840219][ T8521] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 185.923180][ T8521] BTRFS info (device loop1): using free-space-tree [ 185.996165][ T8540] loop0: detected capacity change from 0 to 4096 [ 186.025394][ T8540] NILFS (loop0): invalid segment: Checksum error in segment payload [ 186.081973][ T8540] NILFS (loop0): trying rollback from an earlier position [ 186.135925][ T8547] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1065'. [ 186.159168][ T8501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.174577][ T8501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.332998][ T8555] loop4: detected capacity change from 0 to 8 [ 186.398699][ T8555] SQUASHFS error: Failed to read block 0x260685: -5 [ 186.421467][ T8557] loop2: detected capacity change from 0 to 1024 [ 186.428513][ T8557] EXT4-fs: Ignoring removed orlov option [ 186.434409][ T8555] SQUASHFS error: Unable to read metadata cache entry [260685] [ 186.448956][ T8555] SQUASHFS error: Unable to read directory block [260685:0] [ 186.456377][ T8557] EXT4-fs: Ignoring removed nomblk_io_submit option [ 186.481528][ T8540] NILFS (loop0): recovery complete [ 186.523438][ T8501] team0: Port device team_slave_0 added [ 186.546092][ T8560] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 186.575495][ T8501] team0: Port device team_slave_1 added [ 186.635934][ T8557] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.678211][ T8521] BTRFS info (device loop1): rebuilding free space tree [ 186.730159][ T29] audit: type=1804 audit(1727302353.627:34): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1063" name="/newroot/101/file1/bus" dev="loop0" ino=12 res=1 errno=0 [ 186.903981][ T8501] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.960104][ T8501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.073776][ T29] audit: type=1800 audit(1727302353.967:35): pid=8521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1057" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 187.200779][ T8501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.342144][ T6030] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 187.361127][ T8501] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.370421][ T4617] Bluetooth: hci6: command tx timeout [ 187.383980][ T8576] loop5: detected capacity change from 0 to 164 [ 187.406974][ T8501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.492510][ T8576] isofs: isofs_export_get_parent(): child directory not normalized! [ 187.520519][ T5369] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 187.553049][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.578796][ T8501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.726159][ T5369] usb 5-1: Using ep0 maxpacket: 16 [ 187.750525][ T5369] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 187.844394][ T5369] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 187.961809][ T5369] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 188.004577][ T5369] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.029282][ T8501] hsr_slave_0: entered promiscuous mode [ 188.050076][ T5369] usb 5-1: Product: syz [ 188.075005][ T8501] hsr_slave_1: entered promiscuous mode [ 188.090574][ T5369] usb 5-1: Manufacturer: syz [ 188.118171][ T5369] usb 5-1: SerialNumber: syz [ 188.151501][ T5369] usb 5-1: config 0 descriptor?? [ 188.182184][ T5369] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 188.227906][ T46] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 188.276680][ T5369] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 188.967073][ T8501] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.295803][ T8501] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.355518][ T8607] vlan2: entered allmulticast mode [ 189.378689][ T8607] gretap0: entered allmulticast mode [ 189.425225][ T8607] gretap0: left allmulticast mode [ 189.490178][ T4617] Bluetooth: hci6: command tx timeout [ 189.797025][ T8501] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.000617][ T8501] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.014811][ T8613] loop2: detected capacity change from 0 to 1024 [ 190.066076][ T8613] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 190.125759][ T8613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.201472][ T8617] loop1: detected capacity change from 0 to 512 [ 190.266361][ T8617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.359736][ T8617] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.497816][ T8501] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 190.557385][ T8501] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 190.586620][ T8617] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 190.642305][ T8501] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 190.679621][ T8617] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 190.724861][ T8617] EXT4-fs error (device loop1): __ext4_remount:6522: comm syz.1.1090: Abort forced by user [ 190.736855][ T8501] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.751770][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.785968][ T8617] EXT4-fs (loop1): Remounting filesystem read-only [ 190.854140][ T8617] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 191.095585][ T6030] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.221118][ T8501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.276399][ T8630] loop4: detected capacity change from 0 to 512 [ 191.314300][ T8501] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.355730][ T8630] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.421825][ T2582] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.428989][ T2582] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.477960][ T8630] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.523166][ T2582] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.530342][ T2582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.550822][ T4617] Bluetooth: hci6: command tx timeout [ 191.792288][ T8501] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.870998][ T8501] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.945609][ T6848] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.150869][ T5283] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 192.350371][ T5283] usb 2-1: Using ep0 maxpacket: 16 [ 192.390814][ T5283] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 192.451751][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.505606][ T8648] loop4: detected capacity change from 0 to 4096 [ 192.532963][ T5283] usb 2-1: config 0 descriptor?? [ 192.593054][ T5283] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 192.709597][ T8660] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 193.001080][ T8501] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.273621][ T8663] loop0: detected capacity change from 0 to 4096 [ 193.318189][ T8501] veth0_vlan: entered promiscuous mode [ 193.351829][ T8663] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 193.391506][ T5283] gspca_sonixj: reg_r err -71 [ 193.396253][ T5283] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 193.427881][ T8501] veth1_vlan: entered promiscuous mode [ 193.471770][ T5283] usb 2-1: USB disconnect, device number 10 [ 193.520242][ T8663] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 193.590548][ T5369] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 193.598869][ T46] usb 1-1: device descriptor read/all, error -71 [ 193.618008][ T5369] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 193.634154][ T8501] veth0_macvtap: entered promiscuous mode [ 193.645887][ T5369] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 193.660316][ T8673] tun0: tun_chr_ioctl cmd 2147767511 [ 193.665991][ T5369] em28xx 5-1:0.0: No AC97 audio processor [ 193.681944][ T5369] usb 5-1: USB disconnect, device number 7 [ 193.691676][ T1258] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.699860][ T5369] em28xx 5-1:0.0: Disconnecting em28xx [ 193.712493][ T5369] em28xx 5-1:0.0: Freeing device [ 193.923399][ T8501] veth1_macvtap: entered promiscuous mode [ 194.008355][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.097919][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.154835][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.200528][ T8671] loop2: detected capacity change from 0 to 32768 [ 194.208293][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.258351][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.293777][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.294011][ T8671] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 194.340271][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.386633][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.437432][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.474064][ T8675] loop4: detected capacity change from 0 to 32768 [ 194.484847][ T8675] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1112 (8675) [ 194.485800][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.518274][ T8675] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 194.523711][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.539010][ T8675] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 194.539133][ T8675] BTRFS info (device loop4): using free-space-tree [ 194.556733][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.571832][ T29] audit: type=1326 audit(1727302361.497:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8692 comm="syz.1.1117" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0eaad7def9 code=0x0 [ 194.580748][ T8501] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.724101][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.747608][ T8671] XFS (loop2): Ending clean mount [ 194.777026][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.801959][ T8671] XFS (loop2): Quotacheck needed: Please wait. [ 194.820162][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.831102][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.841123][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.851757][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.862171][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.873429][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.886270][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.890724][ T8671] XFS (loop2): Quotacheck: Done. [ 194.939171][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.975311][ T8501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.006344][ T8501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.031465][ T8501] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.051157][ T29] audit: type=1800 audit(1727302361.977:37): pid=8675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1112" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 195.100140][ T5240] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 195.110985][ T8715] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.119640][ T8715] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.194214][ T8501] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.236036][ T8501] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.257238][ T8501] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.257806][ T6848] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 195.276348][ T8501] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.778679][ T8720] loop2: detected capacity change from 0 to 32768 [ 195.871581][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.882952][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.035909][ T2582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.050816][ T2582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.100632][ T8720] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 196.191007][ T8729] loop1: detected capacity change from 0 to 32768 [ 196.208047][ T8729] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1127 (8729) [ 196.302805][ T8729] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 196.314032][ T8729] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 196.323363][ T8729] BTRFS info (device loop1): using free-space-tree [ 196.386687][ T5240] ocfs2: Unmounting device (7,2) on (node local) [ 196.628558][ T8731] loop5: detected capacity change from 0 to 32768 [ 196.635840][ T8731] XFS: ikeep mount option is deprecated. [ 196.773280][ T8753] netlink: 'syz.3.1131': attribute type 10 has an invalid length. [ 196.899280][ T8731] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 197.078397][ T8731] XFS (loop5): Ending clean mount [ 197.099582][ T8731] XFS (loop5): Quotacheck needed: Please wait. [ 197.111817][ T8729] BTRFS info (device loop1): device stats zeroed by syz.1.1127 (8729) [ 197.235676][ T6030] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 197.386894][ T9] kernel write not supported for file /amidi2 (pid: 9 comm: kworker/0:1) [ 197.423037][ T8731] XFS (loop5): Quotacheck: Done. [ 197.546202][ T4617] Bluetooth: hci6: command tx timeout [ 197.565377][ T6864] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 197.665332][ T8794] loop2: detected capacity change from 0 to 4096 [ 197.824838][ T8799] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.848159][ T8803] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 198.039349][ T8809] loop0: detected capacity change from 0 to 64 [ 198.050575][ T8810] dccp_invalid_packet: P.Data Offset(68) too large [ 198.286663][ T8816] netlink: 'syz.4.1152': attribute type 29 has an invalid length. [ 198.346769][ T8819] netlink: 'syz.4.1152': attribute type 29 has an invalid length. [ 198.371681][ T8816] netlink: 'syz.4.1152': attribute type 29 has an invalid length. [ 198.523470][ T8826] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1156'. [ 198.561098][ T8826] netlink: 89 bytes leftover after parsing attributes in process `syz.2.1156'. [ 198.717201][ T8835] loop1: detected capacity change from 0 to 1024 [ 198.860300][ T29] audit: type=1800 audit(1727302365.777:38): pid=8835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1159" name="bus" dev="loop1" ino=25 res=0 errno=0 [ 199.744361][ T8865] Process accounting resumed [ 199.766009][ T8869] pimreg: entered allmulticast mode [ 199.868562][ T8868] pimreg: left allmulticast mode [ 199.887624][ T8872] loop4: detected capacity change from 0 to 1024 [ 200.005376][ T8872] Process accounting resumed [ 200.224569][ T8875] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode [ 200.277362][ T8875] macvlan2: entered allmulticast mode [ 200.324717][ T8875] mac80211_hwsim hwsim20 wlan0: entered allmulticast mode [ 200.825036][ T8894] loop3: detected capacity change from 0 to 16 [ 200.850926][ T5283] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 200.893644][ T4617] Bluetooth: hci5: command 0x0406 tx timeout [ 200.936933][ T8894] erofs: (device loop3): mounted with root inode @ nid 36. [ 200.976656][ T8891] loop1: detected capacity change from 0 to 32768 [ 201.050685][ T5283] usb 6-1: Using ep0 maxpacket: 32 [ 201.093883][ T5283] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 201.131460][ T5283] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 201.143458][ T8900] loop2: detected capacity change from 0 to 256 [ 201.178937][ T5283] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 201.205947][ T8900] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 201.228744][ T5283] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 201.267443][ T5283] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 201.287789][ T8903] loop4: detected capacity change from 0 to 64 [ 201.308018][ T5283] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 201.356464][ T5283] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 201.390242][ T5283] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.439789][ T5283] usb 6-1: config 0 descriptor?? [ 201.522234][ T8907] netlink: 'syz.2.1194': attribute type 10 has an invalid length. [ 201.540182][ T8907] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1194'. [ 201.560874][ T8907] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 201.810378][ T8909] loop1: detected capacity change from 0 to 32768 [ 201.812184][ T5283] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 201.817576][ T8909] XFS: ikeep mount option is deprecated. [ 201.833668][ T8909] XFS: ikeep mount option is deprecated. [ 201.876913][ T8909] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 202.028549][ T8909] XFS (loop1): Ending clean mount [ 202.095192][ T8922] loop3: detected capacity change from 0 to 2048 [ 202.173506][ T5283] usb 6-1: USB disconnect, device number 9 [ 202.203961][ T5283] usblp0: removed [ 202.349515][ T8922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.368845][ T6030] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 202.623807][ T8501] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.949021][ T8954] loop3: detected capacity change from 0 to 2048 [ 203.005192][ T8954] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 203.039518][ T8959] loop1: detected capacity change from 0 to 2048 [ 203.152737][ T8959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.208587][ T8935] loop2: detected capacity change from 0 to 32768 [ 203.262749][ T8959] ext4 filesystem being mounted at /144/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.396748][ T8935] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 203.466875][ T8959] fs-verity (loop1, inode 13): Unknown hash algorithm number: 0 [ 203.552538][ T6030] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.710123][ T5280] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 203.724808][ T5240] ocfs2: Unmounting device (7,2) on (node local) [ 203.810710][ T46] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 203.879810][ T5280] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 203.901410][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 203.942639][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 203.963786][ T5280] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 203.986427][ T46] usb 6-1: Using ep0 maxpacket: 8 [ 204.006594][ T5280] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 204.017362][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.030645][ T46] usb 6-1: config 0 interface 0 has no altsetting 0 [ 204.055725][ T46] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 204.057951][ T8990] loop1: detected capacity change from 0 to 4096 [ 204.065536][ T5280] usb 1-1: config 0 descriptor?? [ 204.080411][ T46] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.089495][ T46] usb 6-1: Product: syz [ 204.106071][ T8975] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 204.114751][ T8990] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 204.118911][ T46] usb 6-1: Manufacturer: syz [ 204.140600][ T46] usb 6-1: SerialNumber: syz [ 204.148705][ T46] usb 6-1: config 0 descriptor?? [ 204.173301][ T46] gspca_main: se401-2.14.0 probing 047d:5003 [ 204.192713][ T8990] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 204.550140][ T5283] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 204.565478][ T5280] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 204.609102][ T5280] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 204.703176][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.725999][ T5283] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 204.755592][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.780982][ T5283] usb 3-1: config 0 descriptor?? [ 204.807115][ T8998] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.822776][ T5280] usb 1-1: USB disconnect, device number 13 [ 205.021848][ T46] usb 6-1: reset high-speed USB device number 10 using dummy_hcd [ 205.803722][ T46] gspca_se401: read req failed req 0x06 error -71 [ 205.813780][ T46] se401 6-1:0.0: probe with driver se401 failed with error -71 [ 205.854251][ T46] usb 6-1: USB disconnect, device number 10 [ 205.860914][ T5283] usbhid 3-1:0.0: can't add hid device: -71 [ 205.867034][ T5283] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 205.913207][ T5283] usb 3-1: USB disconnect, device number 15 [ 206.208594][ T9014] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1238'. [ 206.658897][ T29] audit: type=1326 audit(1727302373.577:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9006 comm="syz.3.1235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f25f7def9 code=0x0 [ 206.695638][ T9008] loop0: detected capacity change from 0 to 32768 [ 206.791280][ T9008] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 206.847299][ T29] audit: type=1800 audit(1727302373.767:40): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1236" name="bus" dev="loop0" ino=17058 res=0 errno=0 [ 206.956186][ T9029] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 207.034163][ T6856] ocfs2: Unmounting device (7,0) on (node local) [ 207.829222][ T9055] CUSE: zero length info key specified [ 207.961463][ T9058] loop3: detected capacity change from 0 to 8 [ 207.979468][ T9058] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 208.058149][ T9049] loop0: detected capacity change from 0 to 32768 [ 208.360508][ T9066] vlan2: entered allmulticast mode [ 208.406955][ T9066] gretap0: entered allmulticast mode [ 208.470989][ T9066] gretap0: left allmulticast mode [ 208.718252][ T9053] loop2: detected capacity change from 0 to 32768 [ 208.857767][ T9053] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 209.064046][ T5240] ocfs2: Unmounting device (7,2) on (node local) [ 209.151161][ T9083] netlink: 'syz.0.1268': attribute type 9 has an invalid length. [ 209.180196][ T9083] netlink: 91148 bytes leftover after parsing attributes in process `syz.0.1268'. [ 209.189640][ T9083] openvswitch: netlink: Key 2 has unexpected len 20 expected 4 [ 209.962303][ T9110] ceph: missing cluster fsid [ 209.990223][ T9110] ceph: separator ':' missing in source [ 210.049602][ T9086] loop5: detected capacity change from 0 to 32768 [ 210.227368][ T29] audit: type=1800 audit(1727302377.147:41): pid=9086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1270" name="bus" dev="loop5" ino=7 res=0 errno=0 [ 210.871729][ T9129] loop2: detected capacity change from 0 to 512 [ 210.932148][ T9132] netlink: 'syz.3.1289': attribute type 1 has an invalid length. [ 211.091545][ T9129] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.150211][ T9129] ext4 filesystem being mounted at /257/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.567424][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 211.614867][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.543829][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.558200][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.599627][ T9156] loop4: detected capacity change from 0 to 1024 [ 212.639095][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.693128][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.717429][ T9156] hfsplus: request for non-existent node 2048 in B*Tree [ 212.762397][ T9156] hfsplus: request for non-existent node 2048 in B*Tree [ 212.785957][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.810399][ T9159] hfsplus: request for non-existent node 2048 in B*Tree [ 212.848344][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 212.869289][ T9159] hfsplus: request for non-existent node 2048 in B*Tree [ 212.911630][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 213.051217][ T5240] EXT4-fs error (device loop2): ext4_empty_dir:3090: inode #12: comm syz-executor: Directory hole found for htree leaf block 0 [ 213.799816][ T9175] bond_slave_0: entered promiscuous mode [ 213.805894][ T9175] bond_slave_1: entered promiscuous mode [ 213.960838][ T9175] bond_slave_0: left promiscuous mode [ 213.966675][ T9175] bond_slave_1: left promiscuous mode [ 213.987382][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.066163][ T9182] loop5: detected capacity change from 0 to 256 [ 214.129557][ T9182] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 214.268696][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.038600][ T4617] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 215.049841][ T4617] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 215.058738][ T4617] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 215.077127][ T4617] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 215.077867][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.097013][ T4617] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 215.111508][ T4617] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.155103][ T4617] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.165782][ T4617] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.175044][ T4617] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.183377][ T4617] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.213619][ T4617] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 215.225780][ T4617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.587462][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.620146][ T46] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 215.780876][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 215.808476][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.808707][ T46] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 215.896999][ T46] usb 5-1: config 0 has no interface number 0 [ 215.931635][ T46] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 215.985329][ T46] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 215.995580][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.008149][ T46] usb 5-1: Product: syz [ 216.026058][ T46] usb 5-1: Manufacturer: syz [ 216.031199][ T46] usb 5-1: SerialNumber: syz [ 216.045562][ T46] usb 5-1: config 0 descriptor?? [ 216.281702][ T35] bridge_slave_1: left allmulticast mode [ 216.287513][ T35] bridge_slave_1: left promiscuous mode [ 216.297831][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.332656][ T35] bridge_slave_0: left allmulticast mode [ 216.361231][ T35] bridge_slave_0: left promiscuous mode [ 216.383611][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.690149][ T9241] netlink: 'syz.3.1333': attribute type 1 has an invalid length. [ 216.724960][ T46] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input17 [ 216.735216][ T9241] netlink: 'syz.3.1333': attribute type 3 has an invalid length. [ 216.781586][ T9241] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1333'. [ 216.820124][ T9241] NCSI netlink: No device for ifindex 813332851 [ 216.932649][ T9] usb 5-1: USB disconnect, device number 8 [ 217.230530][ T4617] Bluetooth: hci5: command tx timeout [ 217.295138][ T4617] Bluetooth: hci3: command tx timeout [ 217.387736][ T9243] loop0: detected capacity change from 0 to 40427 [ 217.423878][ T9243] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 217.447728][ T9243] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 217.467309][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 217.472076][ T9243] F2FS-fs (loop0): invalid crc value [ 217.498215][ T9243] F2FS-fs (loop0): Found nat_bits in checkpoint [ 217.513512][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 217.549013][ T35] bond0 (unregistering): Released all slaves [ 217.612331][ T9243] F2FS-fs (loop0): Start checkpoint disabled! [ 217.684390][ T9203] chnl_net:caif_netlink_parms(): no params data found [ 217.697516][ T9243] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 217.743450][ T9243] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 217.835776][ T29] audit: type=1800 audit(1727302384.757:42): pid=9243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1334" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 217.939762][ T9201] chnl_net:caif_netlink_parms(): no params data found [ 218.100722][ T1897] kworker/u8:5: attempt to access beyond end of device [ 218.100722][ T1897] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 218.114890][ T1897] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 218.122228][ T1897] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 218.129519][ T1897] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 218.136522][ T1897] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 218.549646][ T9253] loop3: detected capacity change from 0 to 32768 [ 218.570426][ T9203] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.577633][ T9203] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.620639][ T9203] bridge_slave_0: entered allmulticast mode [ 218.628673][ T9203] bridge_slave_0: entered promiscuous mode [ 218.650329][ T5369] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 218.658963][ T9253] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 218.802592][ T5369] usb 5-1: config 0 has no interfaces? [ 218.808175][ T5369] usb 5-1: New USB device found, idVendor=046d, idProduct=20ee, bcdDevice= 0.00 [ 218.819659][ T5369] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.842560][ T5369] usb 5-1: config 0 descriptor?? [ 218.848650][ T9203] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.866651][ T9203] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.879293][ T9203] bridge_slave_1: entered allmulticast mode [ 218.894996][ T9203] bridge_slave_1: entered promiscuous mode [ 218.913873][ T9201] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.935511][ T9201] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.961923][ T9201] bridge_slave_0: entered allmulticast mode [ 218.989477][ T9201] bridge_slave_0: entered promiscuous mode [ 219.014876][ T9201] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.030110][ T9201] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.038291][ T9201] bridge_slave_1: entered allmulticast mode [ 219.057755][ T9201] bridge_slave_1: entered promiscuous mode [ 219.087147][ T5283] usb 5-1: USB disconnect, device number 9 [ 219.128777][ T35] hsr_slave_0: left promiscuous mode [ 219.173858][ T35] hsr_slave_1: left promiscuous mode [ 219.175326][ T9286] loop5: detected capacity change from 0 to 4096 [ 219.187772][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.197903][ T9286] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 219.215983][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.222746][ T9286] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 219.230051][ T9253] XFS (loop3): Ending clean mount [ 219.237898][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 219.256900][ T9253] XFS (loop3): Quotacheck needed: Please wait. [ 219.264702][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 219.291106][ T4617] Bluetooth: hci5: command tx timeout [ 219.332893][ T35] veth0_macvtap: left promiscuous mode [ 219.338543][ T35] veth1_vlan: left promiscuous mode [ 219.351904][ T9253] XFS (loop3): Quotacheck: Done. [ 219.370543][ T4617] Bluetooth: hci3: command tx timeout [ 219.390186][ T35] veth0_vlan: left promiscuous mode [ 219.593691][ T8501] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 219.716108][ T35] pimreg (unregistering): left allmulticast mode [ 219.745477][ T9294] loop4: detected capacity change from 0 to 256 [ 219.764166][ T9294] exfat: Deprecated parameter 'utf8' [ 219.776033][ T9294] exfat: Deprecated parameter 'utf8' [ 219.799615][ T9294] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x811ad48d, utbl_chksum : 0xe619d30d) [ 220.007095][ T9296] loop4: detected capacity change from 0 to 1024 [ 220.615810][ T35] team0 (unregistering): Port device team_slave_1 removed [ 220.681585][ T35] team0 (unregistering): Port device team_slave_0 removed [ 221.289358][ T9309] loop3: detected capacity change from 0 to 32768 [ 221.370633][ T4617] Bluetooth: hci5: command tx timeout [ 221.450235][ T4617] Bluetooth: hci3: command tx timeout [ 221.494493][ T9201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.542870][ T9203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.644397][ T9201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.753930][ T9203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.884493][ T9201] team0: Port device team_slave_0 added [ 221.935372][ T9203] team0: Port device team_slave_0 added [ 221.952526][ T9203] team0: Port device team_slave_1 added [ 221.987691][ T9201] team0: Port device team_slave_1 added [ 222.371927][ T9201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.379489][ T9201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.444627][ T9201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.457469][ T9313] loop5: detected capacity change from 0 to 32768 [ 222.481589][ T9313] XFS: noikeep mount option is deprecated. [ 222.486473][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.521815][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.547715][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.616166][ T9203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.620285][ T9329] sctp: [Deprecated]: syz.0.1365 (pid 9329) Use of int in max_burst socket option. [ 222.620285][ T9329] Use struct sctp_assoc_value instead [ 222.662467][ T9313] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 222.687046][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.741725][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.810113][ T9203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.810841][ T9313] XFS (loop5): Ending clean mount [ 222.859685][ T9201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.866854][ T9201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.892769][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.899303][ T9201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.933637][ T9313] XFS (loop5): Quotacheck needed: Please wait. [ 223.147358][ T9313] XFS (loop5): Quotacheck: Done. [ 223.171087][ T5280] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 223.336940][ T9201] hsr_slave_0: entered promiscuous mode [ 223.346134][ T9201] hsr_slave_1: entered promiscuous mode [ 223.365527][ T9201] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.373665][ T9313] XFS (loop5): User initiated shutdown received. [ 223.393815][ T9201] Cannot create hsr debugfs directory [ 223.411177][ T5280] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 223.442056][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.462787][ T5280] usb 4-1: Product: syz [ 223.466972][ T5280] usb 4-1: Manufacturer: syz [ 223.490106][ T4617] Bluetooth: hci5: command tx timeout [ 223.511003][ T5280] usb 4-1: SerialNumber: syz [ 223.544278][ T5280] usb 4-1: config 0 descriptor?? [ 223.556179][ T9345] loop4: detected capacity change from 0 to 32768 [ 223.563841][ T9313] XFS (loop5): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0xe2/0x160 (fs/xfs/xfs_fsops.c:453). Shutting down filesystem. [ 223.566083][ T9203] hsr_slave_0: entered promiscuous mode [ 223.579503][ T4617] Bluetooth: hci3: command tx timeout [ 223.603923][ T9203] hsr_slave_1: entered promiscuous mode [ 223.620129][ T9345] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 223.629751][ T9313] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 223.648151][ T9203] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.666135][ T9203] Cannot create hsr debugfs directory [ 223.674015][ T6864] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 223.853706][ T9345] XFS (loop4): Ending clean mount [ 223.994478][ T6848] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 224.048953][ T5280] usb 4-1: Firmware: major: 152, minor: 239, hardware type: HULUSB (4) [ 224.250328][ T5280] usb 4-1: failed to fetch extended address, random address set [ 224.254479][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 224.335658][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.409503][ T9367] loop4: detected capacity change from 0 to 512 [ 224.438435][ T9367] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 224.452761][ T9367] EXT4-fs (loop4): 1 truncate cleaned up [ 224.459389][ T9367] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.545699][ T9367] EXT4-fs error (device loop4): ext4_add_entry:2437: inode #2: comm syz.4.1374: Directory hole found for htree leaf block 0 [ 224.574619][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 224.609276][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.702974][ T6848] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.818372][ T9361] loop0: detected capacity change from 0 to 32768 [ 224.841869][ T5280] usb 4-1: USB disconnect, device number 6 [ 224.860246][ T9361] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1372 (9361) [ 224.915147][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 224.929003][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.929081][ T9361] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 224.957371][ T9361] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 224.998775][ T9361] BTRFS info (device loop0): using free-space-tree [ 225.269692][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.304159][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.328604][ T6856] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 225.768797][ T35] bridge_slave_1: left allmulticast mode [ 225.786770][ T35] bridge_slave_1: left promiscuous mode [ 225.799980][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.856987][ T35] bridge_slave_0: left allmulticast mode [ 225.862802][ T35] bridge_slave_0: left promiscuous mode [ 225.868730][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.394811][ T9425] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1392'. [ 226.453279][ T9425] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 226.467356][ T9426] netlink: 'syz.3.1391': attribute type 1 has an invalid length. [ 226.516565][ T9426] netlink: 9320 bytes leftover after parsing attributes in process `syz.3.1391'. [ 226.544599][ T9426] netlink: 'syz.3.1391': attribute type 1 has an invalid length. [ 226.601507][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'. [ 226.849620][ T9418] loop4: detected capacity change from 0 to 32768 [ 226.962182][ T9418] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 226.991276][ T9420] loop0: detected capacity change from 0 to 32768 [ 227.112695][ T6848] ocfs2: Unmounting device (7,4) on (node local) [ 227.347422][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.420817][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.502741][ T35] bond0 (unregistering): Released all slaves [ 227.842341][ T9201] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 227.875589][ T9201] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 227.952175][ T9201] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 228.031313][ T9201] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 228.235574][ T9450] loop5: detected capacity change from 0 to 16 [ 228.285968][ T9450] erofs: (device loop5): mounted with root inode @ nid 36. [ 228.404569][ T9445] loop4: detected capacity change from 0 to 32768 [ 228.446951][ T9445] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 228.678418][ T9439] loop3: detected capacity change from 0 to 40427 [ 228.745475][ T9201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.821258][ T9439] F2FS-fs (loop3): Found nat_bits in checkpoint [ 228.990379][ T9439] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 229.025825][ T9445] XFS (loop4): Ending clean mount [ 229.053270][ T9445] XFS (loop4): Quotacheck needed: Please wait. [ 229.096694][ T9445] XFS (loop4): Quotacheck: Done. [ 229.164617][ T35] hsr_slave_0: left promiscuous mode [ 229.187156][ T35] hsr_slave_1: left promiscuous mode [ 229.193533][ T29] audit: type=1800 audit(1727302396.107:43): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1401" name="file2" dev="loop4" ino=9287 res=0 errno=0 [ 229.239173][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.247315][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.281066][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.289461][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.329684][ T8501] syz-executor: attempt to access beyond end of device [ 229.329684][ T8501] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 229.345680][ T29] audit: type=1800 audit(1727302396.247:44): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1401" name="file2" dev="loop4" ino=9287 res=0 errno=0 [ 229.388241][ T35] veth1_macvtap: left promiscuous mode [ 229.389841][ T9463] loop5: detected capacity change from 0 to 32768 [ 229.400471][ T35] veth0_macvtap: left promiscuous mode [ 229.419229][ T35] veth1_vlan: left promiscuous mode [ 229.430465][ T8501] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 229.442201][ T6848] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 229.456815][ T35] veth0_vlan: left promiscuous mode [ 229.471666][ T9463] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 229.751572][ T6864] ocfs2: Unmounting device (7,5) on (node local) [ 230.957058][ T35] team0 (unregistering): Port device team_slave_1 removed [ 230.967632][ T9483] loop5: detected capacity change from 0 to 32768 [ 231.049112][ T35] team0 (unregistering): Port device team_slave_0 removed [ 231.849222][ T9502] loop3: detected capacity change from 0 to 4096 [ 231.881759][ T9502] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.945215][ T29] audit: type=1800 audit(1727302398.867:45): pid=9502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1418" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 231.989006][ T9203] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 232.003631][ T9201] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.039618][ T9201] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 232.050811][ T9201] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 232.076106][ T2487] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.083254][ T2487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.125544][ T2487] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.132740][ T2487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.184429][ T8501] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.242650][ T9203] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 232.290608][ T9203] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 232.392955][ T9203] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 232.514916][ T9201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.764045][ T9201] veth0_vlan: entered promiscuous mode [ 232.816563][ T9201] veth1_vlan: entered promiscuous mode [ 232.918385][ T9203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.030657][ T9203] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.073103][ T2487] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.080304][ T2487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.125882][ T35] IPVS: stop unused estimator thread 0... [ 233.152564][ T2487] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.159748][ T2487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.224629][ T9201] veth0_macvtap: entered promiscuous mode [ 233.241510][ T9532] netlink: 'syz.3.1430': attribute type 33 has an invalid length. [ 233.249638][ T9532] netlink: 'syz.3.1430': attribute type 3 has an invalid length. [ 233.293479][ T9201] veth1_macvtap: entered promiscuous mode [ 233.310846][ T9532] netlink: 152988 bytes leftover after parsing attributes in process `syz.3.1430'. [ 233.415746][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.450228][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.495563][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.522107][ T9528] loop0: detected capacity change from 0 to 32768 [ 233.529787][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.539939][ T9528] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1427 (9528) [ 233.565736][ T9528] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 233.583236][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.593902][ T9528] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 233.610149][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.620201][ T9528] BTRFS info (device loop0): using free-space-tree [ 233.643178][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.661594][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.700320][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.728795][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.803523][ T9201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.864790][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.876147][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.912408][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.933393][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.950342][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.971065][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.996685][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.040001][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.049883][ T9201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.060831][ T5280] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 234.100972][ T9201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.121013][ T6856] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 234.124338][ T9201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.186302][ T9201] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.212318][ T9201] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.222881][ T9201] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.240412][ T9201] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.240575][ T5280] usb 6-1: Using ep0 maxpacket: 16 [ 234.286102][ T5280] usb 6-1: config 0 has an invalid descriptor of length 110, skipping remainder of the config [ 234.327272][ T5280] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1D, changing to 0xD [ 234.384457][ T5280] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 118, changing to 10 [ 234.388958][ T9562] loop3: detected capacity change from 0 to 2048 [ 234.417291][ T5280] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 25956, setting to 1024 [ 234.478782][ T5280] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 234.538354][ T5280] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 234.582010][ T5280] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 234.595902][ T2487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.620921][ T5280] usb 6-1: Manufacturer: syz [ 234.642459][ T2487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.651205][ T5280] usb 6-1: config 0 descriptor?? [ 234.681265][ T9553] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 234.692447][ T5280] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 234.719535][ T3035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.736889][ T3035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.750500][ T9562] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.863981][ T9203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.915472][ T46] usb 6-1: USB disconnect, device number 11 [ 234.993771][ T9573] loop2: detected capacity change from 0 to 64 [ 235.024885][ T9203] veth0_vlan: entered promiscuous mode [ 235.037997][ T9573] hfs: request for non-existent node 16777216 in B*Tree [ 235.047628][ T9573] hfs: request for non-existent node 16777216 in B*Tree [ 235.067879][ T9203] veth1_vlan: entered promiscuous mode [ 235.089856][ T9573] hfs: request for non-existent node 16777216 in B*Tree [ 235.118079][ T9573] hfs: request for non-existent node 16777216 in B*Tree [ 235.146440][ T9203] veth0_macvtap: entered promiscuous mode [ 235.172729][ T9203] veth1_macvtap: entered promiscuous mode [ 235.235332][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.255069][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.267709][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.293037][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.310759][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.352801][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.377389][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.412610][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.434431][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.458334][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.497988][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.544877][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.590119][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.642993][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.668239][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.690037][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.741759][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.767008][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.800588][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.824083][ T9593] vivid-003: ================= START STATUS ================= [ 235.832146][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.832172][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.832194][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.832214][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.832234][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.832254][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.843860][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.902531][ T9593] vivid-003: Radio HW Seek Mode: Bounded [ 235.908693][ T9593] vivid-003: Radio Programmable HW Seek: false [ 235.944047][ T9593] vivid-003: RDS Rx I/O Mode: Block I/O [ 235.962312][ T9593] vivid-003: Generate RBDS Instead of RDS: false [ 235.968709][ T9593] vivid-003: RDS Reception: true [ 235.992373][ T9593] vivid-003: RDS Program Type: 0 inactive [ 236.001028][ T9593] vivid-003: RDS PS Name: inactive [ 236.003710][ T9597] loop0: detected capacity change from 0 to 128 [ 236.018850][ T9593] vivid-003: RDS Radio Text: inactive [ 236.028311][ T9593] vivid-003: RDS Traffic Announcement: false inactive [ 236.071987][ T9593] vivid-003: RDS Traffic Program: false inactive [ 236.086114][ T9203] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.116667][ T9593] vivid-003: RDS Music: false inactive [ 236.135620][ T9203] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.148422][ T9597] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 236.180488][ T9593] vivid-003: ================== END STATUS ================== [ 236.200697][ T9203] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.235708][ T9597] ext4 filesystem being mounted at /182/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 236.267650][ C0] vkms_vblank_simulate: vblank timer overrun [ 236.290003][ T9203] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.462008][ T6856] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 236.468053][ T9582] loop2: detected capacity change from 0 to 40427 [ 236.501222][ T9607] kernel read not supported for file /cpuacct.usage_percpu_user (pid: 9607 comm: syz.4.1451) [ 236.540017][ T9582] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 236.550982][ T29] audit: type=1800 audit(1727302403.447:46): pid=9607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1451" name="cpuacct.usage_percpu_user" dev="mqueue" ino=25208 res=0 errno=0 [ 236.562937][ T9582] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 236.691986][ T2487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.713708][ T2487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.764253][ T2487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.830360][ T2487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.851081][ T9616] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 236.860283][ T9616] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 236.868997][ T9616] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 236.878424][ T9616] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 236.939293][ T9616] vxlan0: entered promiscuous mode [ 236.969588][ T9616] vxlan0: entered allmulticast mode [ 236.978330][ T9582] F2FS-fs (loop2): Found nat_bits in checkpoint [ 236.992481][ T9616] Zero length message leads to an empty skb [ 237.130098][ T5281] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 237.150282][ T9582] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 237.157346][ T9582] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 237.333845][ T5281] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 237.363900][ T5281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.419443][ T9634] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 237.444555][ T5281] usb 1-1: config 0 descriptor?? [ 237.932860][ T5281] [drm:udl_init] *ERROR* Selecting channel failed [ 237.975659][ T5281] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 238.010606][ T5281] [drm] Initialized udl on minor 2 [ 238.018017][ T5281] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 238.080453][ T5281] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 238.103086][ T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 238.141784][ T5281] usb 1-1: USB disconnect, device number 14 [ 238.148594][ T9] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 238.303479][ T9643] loop4: detected capacity change from 0 to 32768 [ 238.322212][ T9643] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1465 (9643) [ 238.354129][ T9643] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 238.364610][ T9643] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 238.373799][ T9643] BTRFS info (device loop4): using free-space-tree [ 238.470340][ T5283] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 238.742634][ T5283] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.753037][ T5283] usb 6-1: config 0 has no interfaces? [ 238.770332][ T5283] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 238.791683][ T5283] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.827063][ T5283] usb 6-1: Product: syz [ 238.840065][ T5283] usb 6-1: Manufacturer: syz [ 238.850380][ T5283] usb 6-1: SerialNumber: syz [ 238.867112][ T5283] usb 6-1: config 0 descriptor?? [ 238.925042][ T6848] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 239.132414][ T9656] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 239.139200][ T9656] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 239.190085][ T9656] vhci_hcd vhci_hcd.0: Device attached [ 239.237516][ T9701] vhci_hcd: connection closed [ 239.240710][ T930] usb 6-1: USB disconnect, device number 12 [ 239.251701][ T2487] vhci_hcd: stop threads [ 239.252173][ T2487] vhci_hcd: release socket [ 239.287502][ T2487] vhci_hcd: disconnect device [ 239.536348][ T9705] ./file0: Can't open blockdev [ 239.594793][ T9712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1482'. [ 239.724499][ T9712] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1482'. [ 239.748874][ T9717] loop1: detected capacity change from 0 to 1024 [ 239.807123][ T9717] hfsplus: request for non-existent node 3 in B*Tree [ 239.865248][ T9717] hfsplus: request for non-existent node 3 in B*Tree [ 240.081353][ T9700] loop2: detected capacity change from 0 to 32768 [ 240.135019][ T9730] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 240.276162][ T9700] non-latin1 character 0x176 found in JFS file name [ 240.294174][ T9700] mount with iocharset=utf8 to access [ 240.312121][ T9700] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 240.312121][ T9700] [ 240.335449][ T9700] ERROR: (device loop2): remounting filesystem as read-only [ 240.365865][ T9700] read_mapping_page failed! [ 240.424111][ T9700] bread failed! [ 241.284773][ T9778] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0) [ 241.380317][ T5281] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 241.500413][ T5280] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 241.511704][ T9788] loop5: detected capacity change from 0 to 1024 [ 241.541820][ T5281] usb 2-1: New USB device found, idVendor=0b05, idProduct=173f, bcdDevice=9d.6b [ 241.551465][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.559499][ T5281] usb 2-1: Product: syz [ 241.564287][ T9788] EXT4-fs: Ignoring removed orlov option [ 241.590102][ T9788] EXT4-fs: Ignoring removed nomblk_io_submit option [ 241.596831][ T5281] usb 2-1: Manufacturer: syz [ 241.601649][ T5281] usb 2-1: SerialNumber: syz [ 241.612914][ T5281] usb 2-1: config 0 descriptor?? [ 241.634901][ T9788] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.645903][ T9794] loop3: detected capacity change from 0 to 512 [ 241.692813][ T5280] usb 1-1: Using ep0 maxpacket: 32 [ 241.701416][ T5280] usb 1-1: config index 0 descriptor too short (expected 164, got 36) [ 241.709797][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.710810][ T9794] EXT4-fs: Ignoring removed i_version option [ 241.727182][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.747742][ T5280] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 241.768972][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.804296][ T6864] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.811367][ T5280] usb 1-1: config 0 descriptor?? [ 241.901166][ T9794] EXT4-fs (loop3): 1 truncate cleaned up [ 241.908031][ T9794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.941966][ T9802] program syz.4.1529 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 242.161197][ T5281] dvb-usb: found a 'ASUS My Cinema U3100 Mini DVBT Tuner' in warm state. [ 242.178337][ T5281] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 242.191535][ T5281] dvbdev: DVB: registering new adapter (ASUS My Cinema U3100 Mini DVBT Tuner) [ 242.203988][ T5281] usb 2-1: media controller created [ 242.222446][ T5281] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 242.232507][ T5280] logitech 0003:046D:C29C.0017: unknown main item tag 0x0 [ 242.251440][ T5280] logitech 0003:046D:C29C.0017: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0 [ 242.384082][ T5281] DVB: Unable to find symbol dib7000p_attach() [ 242.413633][ T5281] dvb-usb: no frontend was attached by 'ASUS My Cinema U3100 Mini DVBT Tuner' [ 242.551105][ T5281] rc_core: IR keymap rc-dib0700-rc5 not found [ 242.560064][ T5281] Registered IR keymap rc-empty [ 242.565406][ T5281] dvb-usb: could not initialize remote control. [ 242.600245][ T5281] dvb-usb: ASUS My Cinema U3100 Mini DVBT Tuner successfully initialized and connected. [ 242.633677][ T5280] logitech 0003:046D:C29C.0017: no inputs found [ 242.654872][ T5280] usb 1-1: USB disconnect, device number 15 [ 242.677114][ T8501] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.875837][ T5280] usb 2-1: USB disconnect, device number 11 [ 242.971722][ T5280] dvb-usb: ASUS My Cinema U3100 Mini DVBT Tuner successfully deinitialized and disconnected. [ 243.040730][ T9831] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1540'. [ 243.128713][ T9831] netlink: 160 bytes leftover after parsing attributes in process `syz.4.1540'. [ 243.249652][ T9824] loop2: detected capacity change from 0 to 32768 [ 243.258653][ T9824] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1536 (9824) [ 243.341336][ T9824] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 243.354650][ T9824] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 243.370272][ T9824] BTRFS info (device loop2): using free-space-tree [ 243.381115][ T9839] netlink: 'syz.5.1542': attribute type 3 has an invalid length. [ 243.868653][ T9874] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1551'. [ 244.187213][ T9872] loop3: detected capacity change from 0 to 4096 [ 244.232321][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 244.252739][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 244.303738][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 244.352246][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 244.408083][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc1c00 [ 244.444198][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc2c00 [ 244.483523][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc4c00 [ 244.493687][ T9883] netlink: 'syz.4.1555': attribute type 1 has an invalid length. [ 244.522406][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffc8c00 [ 244.605170][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffd0c00 [ 244.660994][ T9872] ntfs3: loop3: try to read out of volume at offset 0x3fffffe0c00 [ 245.035892][ T9824] BTRFS info (device loop2 state M): setting nodatasum [ 245.060750][ T9824] BTRFS info (device loop2 state M): allowing degraded mounts [ 245.088547][ T9824] BTRFS info (device loop2 state M): setting nodatasum [ 245.132895][ T9824] BTRFS info (device loop2 state M): turning on flush-on-commit [ 245.162514][ T9824] BTRFS info (device loop2 state M): turning on sync discard [ 245.194376][ T9824] BTRFS info (device loop2 state M): force clearing of disk cache [ 245.229875][ T9824] BTRFS info (device loop2 state M): not using ssd optimizations [ 245.256305][ T9824] BTRFS info (device loop2 state M): use no compression [ 245.289223][ T9824] BTRFS info (device loop2 state M): max_inline set to 0 [ 245.473759][ T9201] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 245.498393][ T9899] loop4: detected capacity change from 0 to 40427 [ 245.761653][ T9899] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1fffff [ 245.780134][ T9899] F2FS-fs (loop4): heap/no_heap options were deprecated [ 245.810109][ T9899] F2FS-fs (loop4): Image doesn't support compression [ 245.820812][ T5280] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 245.890500][ T9899] F2FS-fs (loop4): invalid crc value [ 246.012863][ T5280] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 246.038678][ T5280] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.081678][ T5280] usb 2-1: config 0 descriptor?? [ 246.508349][ T5280] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 246.557332][ T5280] [drm] Initialized udl on minor 2 [ 246.572455][ T9899] F2FS-fs (loop4): Found nat_bits in checkpoint [ 246.699772][ T29] audit: type=1326 audit(1727302413.617:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 246.733647][ T5280] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 246.774198][ T5280] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 246.802453][ T29] audit: type=1326 audit(1727302413.647:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 246.927877][ T930] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 246.956915][ T29] audit: type=1326 audit(1727302413.667:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 246.995704][ T5280] usb 2-1: USB disconnect, device number 12 [ 247.004364][ T930] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 247.013415][ T930] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 247.022878][ T9899] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 247.046329][ T29] audit: type=1326 audit(1727302413.667:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.078677][ T9899] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x1d4/0xb90 [ 247.102941][ T5239] Bluetooth: hci0: command 0x0406 tx timeout [ 247.108986][ T5239] Bluetooth: hci1: command 0x0406 tx timeout [ 247.115603][ T5239] Bluetooth: hci2: command 0x0406 tx timeout [ 247.122010][ T5239] Bluetooth: hci4: command 0x0406 tx timeout [ 247.161254][ T29] audit: type=1326 audit(1727302413.667:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.184250][ T29] audit: type=1326 audit(1727302413.667:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.209439][ T29] audit: type=1326 audit(1727302413.667:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.232534][ T29] audit: type=1326 audit(1727302413.667:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.257787][ T29] audit: type=1326 audit(1727302413.677:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.319790][ T29] audit: type=1326 audit(1727302413.677:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9912 comm="syz.2.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e04b7def9 code=0x7ffc0000 [ 247.429041][ T6848] syz-executor: attempt to access beyond end of device [ 247.429041][ T6848] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 247.560932][ T6848] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 247.568270][ T6848] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 247.950921][ T9909] loop0: detected capacity change from 0 to 32768 [ 248.167295][ T9909] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 248.479438][ T6856] ocfs2: Unmounting device (7,0) on (node local) [ 248.514611][ T930] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 248.704242][ T930] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.750940][ T930] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 248.806174][ T930] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 248.849288][ T930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 248.876388][ T930] usb 2-1: SerialNumber: syz [ 249.119594][ T930] usb 2-1: 0:2 : does not exist [ 249.191287][ T930] usb 2-1: USB disconnect, device number 13 [ 249.482338][ T9934] loop2: detected capacity change from 0 to 128 [ 250.394643][ T9930] loop0: detected capacity change from 0 to 40427 [ 250.450138][ T9930] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 250.460086][ T9930] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 250.490960][ T9930] F2FS-fs (loop0): Found nat_bits in checkpoint [ 250.712603][ T9930] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 250.719696][ T9930] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 251.017230][ T9963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1590'. [ 251.209609][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.236814][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.245686][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.285088][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.337453][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.366016][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 251.404929][ T6856] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 252.265760][ T9980] loop4: detected capacity change from 0 to 1024 [ 252.645162][ T9982] loop2: detected capacity change from 0 to 8192 [ 255.140387][ T1258] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.453723][T10015] loop0: detected capacity change from 0 to 64 [ 255.543578][T10015] syz.0.1614: attempt to access beyond end of device [ 255.543578][T10015] loop0: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 255.651872][T10009] loop3: detected capacity change from 0 to 2048 [ 255.699338][T10015] Buffer I/O error on dev loop0, logical block 512, async page read [ 255.810885][T10015] syz.0.1614: attempt to access beyond end of device [ 255.810885][T10015] loop0: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 256.000237][T10015] Buffer I/O error on dev loop0, logical block 56576, async page read [ 256.081762][T10009] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.243345][ T5241] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 256.255498][ T5241] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 256.270173][ T5241] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 256.278195][ T5241] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 256.285915][ T5241] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 256.296014][ T5241] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 256.436051][T10009] EXT4-fs error (device loop3): __ext4_new_inode:1070: comm syz.3.1611: reserved inode found cleared - inode=1 [ 256.519215][T10030] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1618'. [ 257.041379][T10036] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 257.107188][ T8501] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.460538][T10025] chnl_net:caif_netlink_parms(): no params data found [ 257.868318][T10053] loop1: detected capacity change from 0 to 256 [ 257.980092][T10053] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 258.022952][T10058] binder: BC_ACQUIRE_RESULT not supported [ 258.028726][T10058] binder: 10056:10058 ioctl c0306201 20000480 returned -22 [ 258.118727][T10025] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.174759][T10025] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.231472][T10025] bridge_slave_0: entered allmulticast mode [ 258.300749][T10025] bridge_slave_0: entered promiscuous mode [ 258.352368][T10025] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.411023][ T5241] Bluetooth: hci7: command tx timeout [ 258.450592][T10025] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.481328][T10025] bridge_slave_1: entered allmulticast mode [ 258.541370][T10025] bridge_slave_1: entered promiscuous mode [ 258.886709][T10025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.984308][T10025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.262408][T10025] team0: Port device team_slave_0 added [ 259.322201][T10025] team0: Port device team_slave_1 added [ 259.581967][T10025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.630837][T10078] netlink: 'syz.3.1634': attribute type 1 has an invalid length. [ 259.638743][T10025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.749762][T10078] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.1634'. [ 259.805649][T10025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.871917][T10078] netlink: 'syz.3.1634': attribute type 1 has an invalid length. [ 259.884003][T10076] netlink: 'syz.4.1636': attribute type 21 has an invalid length. [ 259.892132][T10076] netlink: 'syz.4.1636': attribute type 6 has an invalid length. [ 259.929010][T10076] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1636'. [ 260.121112][T10080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1637'. [ 260.190899][T10025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 260.290755][T10025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.490146][ T5241] Bluetooth: hci7: command tx timeout [ 260.512275][T10025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.908523][T10086] ALSA: mixer_oss: invalid OSS volume '' [ 261.108898][T10025] hsr_slave_0: entered promiscuous mode [ 261.202045][T10025] hsr_slave_1: entered promiscuous mode [ 261.311018][T10025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 261.367727][T10025] Cannot create hsr debugfs directory [ 261.405158][T10092] netlink: 'syz.0.1643': attribute type 1 has an invalid length. [ 261.469560][T10092] netlink: 9116 bytes leftover after parsing attributes in process `syz.0.1643'. [ 261.580903][T10092] netlink: 'syz.0.1643': attribute type 1 has an invalid length. [ 261.622480][T10092] netlink: 209 bytes leftover after parsing attributes in process `syz.0.1643'. [ 262.574366][ T5241] Bluetooth: hci7: command tx timeout [ 263.429961][ C0] sched: DL replenish lagged too much [ 264.638499][T10025] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.666283][ T5241] Bluetooth: hci7: command tx timeout [ 276.150712][T10025] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.228443][ T4617] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 278.276037][ T4617] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 278.310822][ T4617] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 278.361498][ T4617] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 278.373089][ T4617] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 278.393356][ T4617] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 278.623981][ T5241] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 278.743624][ T5241] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 279.093200][ T5241] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 279.232432][ T5232] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 279.578093][ T5232] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 279.638608][ T5232] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 279.673718][ T5242] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 279.682951][ T5242] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 279.732175][ T5232] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 279.740820][ T5232] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 279.767431][ T5232] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 279.776218][ T5232] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 279.784694][ T5242] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 279.806821][ T5242] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 279.815518][ T5232] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 279.826182][ T5239] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 279.833688][ T5232] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 279.849283][ T5232] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 279.979077][ T5241] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 279.990656][ T5241] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 280.010667][ T5241] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 280.050570][ T5241] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 280.058259][ T5241] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 280.066998][ T5241] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 280.575961][ T5241] Bluetooth: hci8: command tx timeout [ 283.607249][ T5241] Bluetooth: hci10: command tx timeout [ 283.614750][ T5241] Bluetooth: hci11: command tx timeout [ 283.621150][ T5241] Bluetooth: hci9: command tx timeout [ 283.627285][ T5241] Bluetooth: hci3: command tx timeout [ 283.633484][ T5241] Bluetooth: hci8: command tx timeout [ 287.052797][ T5239] Bluetooth: hci8: command tx timeout [ 287.058366][ T5239] Bluetooth: hci3: command tx timeout [ 287.063899][ T5239] Bluetooth: hci9: command tx timeout [ 287.069347][ T5239] Bluetooth: hci11: command tx timeout [ 287.075238][ T5239] Bluetooth: hci10: command tx timeout [ 303.791931][ T5241] Bluetooth: hci10: command tx timeout [ 303.797491][ T5241] Bluetooth: hci11: command tx timeout [ 303.804279][ T5241] Bluetooth: hci9: command tx timeout [ 303.809693][ T5241] Bluetooth: hci3: command tx timeout [ 303.815292][ T5241] Bluetooth: hci8: command tx timeout [ 305.837660][T10025] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.137208][ T5241] Bluetooth: hci9: command tx timeout [ 307.144125][ T5241] Bluetooth: hci11: command tx timeout [ 307.149627][ T5241] Bluetooth: hci10: command tx timeout [ 307.155292][ T5239] Bluetooth: hci3: command tx timeout [ 319.210556][ T1258] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.185021][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 328.208785][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 328.217671][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 328.225714][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 328.234581][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 328.242690][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 330.340053][ T5239] Bluetooth: hci1: command tx timeout [ 332.410337][ T5239] Bluetooth: hci1: command tx timeout [ 334.501617][ T5239] Bluetooth: hci1: command tx timeout [ 336.570306][ T5239] Bluetooth: hci1: command tx timeout [ 337.780571][ T4617] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 337.791458][ T4617] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 337.827304][ T4617] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 337.848907][ T4617] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 337.857470][ T4617] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 337.865633][ T4617] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 338.555577][ T5239] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 338.570578][ T5239] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 338.581312][ T5239] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 338.589760][ T5239] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 338.610286][ T5239] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 338.617840][ T5239] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 339.224030][ T5239] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 339.267970][ T5239] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 339.297516][ T5239] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 339.306691][ T5239] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 339.314996][ T5239] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 339.323350][ T5239] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 339.402999][ T5239] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 339.415256][ T5239] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 339.430102][ T5239] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 339.438817][ T5239] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 339.447296][ T5239] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 339.454749][ T5239] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 339.939993][ T5241] Bluetooth: hci5: command tx timeout [ 339.997740][ T5239] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 340.008507][ T5239] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 340.019224][ T5239] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 340.030731][ T5239] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 340.038419][ T5239] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 340.050354][ T5239] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 340.740001][ T5239] Bluetooth: hci6: command tx timeout [ 341.381426][ T5239] Bluetooth: hci12: command tx timeout [ 341.532352][ T5239] Bluetooth: hci13: command tx timeout [ 342.021624][ T5239] Bluetooth: hci5: command tx timeout [ 342.091746][ T5239] Bluetooth: hci14: command tx timeout [ 342.811108][ T5239] Bluetooth: hci6: command tx timeout [ 343.459966][ T5239] Bluetooth: hci12: command tx timeout [ 343.620962][ T5239] Bluetooth: hci13: command tx timeout [ 344.093029][ T5239] Bluetooth: hci5: command tx timeout [ 344.172432][ T5239] Bluetooth: hci14: command tx timeout [ 344.890383][ T5239] Bluetooth: hci6: command tx timeout [ 345.530959][ T5239] Bluetooth: hci12: command tx timeout [ 345.690146][ T5239] Bluetooth: hci13: command tx timeout [ 346.180181][ T5239] Bluetooth: hci5: command tx timeout [ 346.250999][ T5239] Bluetooth: hci14: command tx timeout [ 346.970970][ T5239] Bluetooth: hci6: command tx timeout [ 347.610340][ T5239] Bluetooth: hci12: command tx timeout [ 347.770329][ T5239] Bluetooth: hci13: command tx timeout [ 348.330337][ T5239] Bluetooth: hci14: command tx timeout [ 378.021715][ T1258] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.096958][ T5239] Bluetooth: hci7: command 0x0406 tx timeout [ 381.607527][ T5239] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 381.619337][ T5239] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 381.627532][ T5239] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 381.636411][ T5239] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 381.644118][ T5239] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 381.655250][ T5239] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 383.690357][ T5239] Bluetooth: hci15: command tx timeout [ 385.779279][ T5239] Bluetooth: hci15: command tx timeout [ 387.860155][ T5239] Bluetooth: hci15: command tx timeout [ 389.930391][ T5239] Bluetooth: hci15: command tx timeout [ 399.482119][ T5241] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 399.492658][ T5241] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 399.510851][ T5241] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 399.518804][ T5241] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 399.528289][ T5241] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 399.535701][ T5241] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 399.721410][ T5241] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 399.760698][ T5241] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 399.783267][ T5241] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 399.800449][ T5241] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 399.812729][ T5241] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 399.821816][ T5241] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 399.981426][ T5241] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 400.003550][ T5241] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 400.025005][ T5241] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 400.040061][ T5241] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 400.047857][ T5241] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 400.058814][ T5241] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 400.108904][ T5239] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 400.122150][ T5239] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 400.130586][ T5239] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 400.138575][ T5239] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 400.146397][ T5239] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 400.174077][ T5239] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 400.812092][ T5241] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 400.822737][ T5241] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 400.841808][ T5241] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 400.852986][ T5241] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 400.863164][ T5241] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3 [ 400.871918][ T5241] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 401.610817][ T5241] Bluetooth: hci2: command tx timeout [ 401.850893][ T5241] Bluetooth: hci16: command tx timeout [ 402.090840][ T5241] Bluetooth: hci17: command tx timeout [ 402.250808][ T5241] Bluetooth: hci18: command tx timeout [ 402.972104][ T5241] Bluetooth: hci19: command tx timeout [ 403.741682][ T5232] Bluetooth: hci2: command tx timeout [ 403.930099][T10179] Bluetooth: hci16: command tx timeout [ 404.171508][T10179] Bluetooth: hci17: command tx timeout [ 404.330063][T10179] Bluetooth: hci18: command tx timeout [ 405.050778][T10179] Bluetooth: hci19: command tx timeout [ 405.709387][T10179] Bluetooth: hci11: command 0x0406 tx timeout [ 405.739940][T10179] Bluetooth: hci3: command 0x0406 tx timeout [ 405.776040][T10179] Bluetooth: hci2: command tx timeout [ 405.781541][T10179] Bluetooth: hci10: command 0x0406 tx timeout [ 405.787650][T10179] Bluetooth: hci9: command 0x0406 tx timeout [ 405.794469][T10179] Bluetooth: hci8: command 0x0406 tx timeout [ 406.023875][ T4617] Bluetooth: hci16: command tx timeout [ 406.250278][ T5239] Bluetooth: hci17: command tx timeout [ 406.410243][ T5239] Bluetooth: hci18: command tx timeout [ 407.130110][ T5239] Bluetooth: hci19: command tx timeout [ 407.861224][ T5239] Bluetooth: hci2: command tx timeout [ 408.090950][ T5239] Bluetooth: hci16: command tx timeout [ 408.331761][ T5241] Bluetooth: hci17: command tx timeout [ 408.490136][ T5241] Bluetooth: hci18: command tx timeout [ 409.214451][ T5241] Bluetooth: hci19: command tx timeout [ 439.453442][ T1258] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.338604][ T5239] Bluetooth: hci20: unexpected cc 0x0c03 length: 249 > 1 [ 444.348894][ T5239] Bluetooth: hci20: unexpected cc 0x1003 length: 249 > 9 [ 444.357550][ T5239] Bluetooth: hci20: unexpected cc 0x1001 length: 249 > 9 [ 444.366283][ T5239] Bluetooth: hci20: unexpected cc 0x0c23 length: 249 > 4 [ 444.375137][ T5239] Bluetooth: hci20: unexpected cc 0x0c25 length: 249 > 3 [ 444.385029][ T5239] Bluetooth: hci20: unexpected cc 0x0c38 length: 249 > 2 [ 446.490938][ T5239] Bluetooth: hci20: command tx timeout [ 448.570718][ T5239] Bluetooth: hci20: command tx timeout [ 450.662835][ T5239] Bluetooth: hci20: command tx timeout [ 451.787151][ T5239] Bluetooth: hci1: command 0x0406 tx timeout [ 452.730685][ T5241] Bluetooth: hci20: command tx timeout [ 455.451108][ T30] INFO: task kworker/1:7:5369 blocked for more than 143 seconds. [ 455.458912][ T30] Not tainted 6.11.0-syzkaller-10622-gaa486552a110 #0 [ 455.484113][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 455.531354][ T30] task:kworker/1:7 state:D stack:20016 pid:5369 tgid:5369 ppid:2 flags:0x00004000 [ 455.590132][ T30] Workqueue: events_power_efficient reg_check_chans_work [ 455.597229][ T30] Call Trace: [ 455.690787][ T30] [ 455.693796][ T30] __schedule+0x1895/0x4b30 [ 455.698337][ T30] ? try_to_wake_up+0x971/0x1480 [ 455.845718][ T30] ? schedule+0x90/0x320 [ 455.861271][ T30] ? __pfx___schedule+0x10/0x10 [ 455.866170][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 455.950679][ T30] ? __pfx_lock_release+0x10/0x10 [ 455.955801][ T30] ? kick_pool+0x45c/0x620 [ 456.019975][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.025264][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 456.100002][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 456.105288][ T30] ? schedule+0x90/0x320 [ 456.109561][ T30] schedule+0x14b/0x320 [ 456.191148][ T30] schedule_preempt_disabled+0x13/0x30 [ 456.240204][ T30] __mutex_lock+0x6a7/0xd70 [ 456.244792][ T30] ? __mutex_lock+0x52a/0xd70 [ 456.249510][ T30] ? reg_check_chans_work+0x99/0xfd0 [ 456.320717][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 456.325855][ T30] ? process_scheduled_works+0x976/0x1850 [ 456.378587][ T30] reg_check_chans_work+0x99/0xfd0 [ 456.390076][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 456.395768][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 456.460460][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 456.466153][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 456.530698][ T30] ? __pfx_reg_check_chans_work+0x10/0x10 [ 456.536472][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.590635][ T30] ? process_scheduled_works+0x976/0x1850 [ 456.596425][ T30] process_scheduled_works+0xa65/0x1850 [ 456.650670][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 456.656746][ T30] ? assign_work+0x364/0x3d0 [ 456.709757][ T30] worker_thread+0x870/0xd30 [ 456.730012][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 456.741881][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 456.747558][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 456.788000][ T30] ? __kthread_parkme+0x169/0x1d0 [ 456.811338][ T30] ? __pfx_worker_thread+0x10/0x10 [ 456.816498][ T30] kthread+0x2f2/0x390 [ 456.859686][ T30] ? __pfx_worker_thread+0x10/0x10 [ 456.870077][ T30] ? __pfx_kthread+0x10/0x10 [ 456.874792][ T30] ret_from_fork+0x4d/0x80 [ 456.879251][ T30] ? __pfx_kthread+0x10/0x10 [ 456.938680][ T30] ret_from_fork_asm+0x1a/0x30 [ 456.962045][ T30] [ 456.979163][ T30] [ 456.979163][ T30] Showing all locks held in the system: [ 457.002709][ T30] 3 locks held by kworker/u8:1/12: [ 457.007843][ T30] #0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 457.080692][ T30] #1: ffffc90000117d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 457.145838][ T30] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 457.189671][ T30] 3 locks held by kworker/1:0/25: [ 457.200797][ T30] #0: ffff88801ac78948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 457.249947][ T30] #1: ffffc900001f7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 457.299930][ T30] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 457.344800][ T30] 1 lock held by khungtaskd/30: [ 457.349675][ T30] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 457.420658][ T30] 3 locks held by kworker/u8:2/35: [ 457.438777][ T30] #0: ffff88814bfcf148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 457.491276][ T30] #1: ffffc90000ab7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 457.550779][ T30] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 457.590058][ T30] 2 locks held by kworker/u8:7/2487: [ 457.595374][ T30] 4 locks held by kworker/u8:9/2582: [ 457.640685][ T30] #0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 457.688594][ T30] #1: ffffc900097d7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 457.729411][ T30] #2: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 457.778627][ T30] #3: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 [ 457.829981][ T30] 2 locks held by getty/4975: [ 457.836134][ T30] #0: ffff88802e1540a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 457.889944][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 457.938680][ T30] 4 locks held by kworker/0:4/5281: [ 457.959961][ T30] 3 locks held by kworker/1:7/5369: [ 457.965200][ T30] #0: ffff88801ac79948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 458.041099][ T30] #1: ffffc90003ac7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 458.091891][ T30] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 458.129938][ T30] 1 lock held by syz.3.953/8244: [ 458.134907][ T30] 2 locks held by syz-executor/8501: [ 458.170576][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 458.210637][ T30] #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 458.259515][ T30] 1 lock held by syz.5.1545/9860: [ 458.279968][ T30] 7 locks held by syz-executor/10025: [ 458.285363][ T30] #0: ffff888023d5e420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 [ 458.339474][ T30] #1: ffff88807f47c088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 [ 458.390748][ T30] #2: ffff8880279421e8 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 [ 458.439934][ T30] #3: ffffffff8f570968 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 458.481289][ T30] #4: ffff88805b4520e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 458.520457][ T30] #5: ffff88805b450250 (&devlink->lock_key#11){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 458.567949][ T30] #6: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 458.610729][ T30] 1 lock held by syz.2.1622/10042: [ 458.615914][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 458.683408][ T30] 1 lock held by syz.0.1649/10109: [ 458.688587][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 458.751337][ T30] 1 lock held by syz-executor/10126: [ 458.758195][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48c/0x2400 [ 458.829935][ T30] 1 lock held by syz-executor/10128: [ 458.835286][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 458.889942][ T30] 2 locks held by syz-executor/10130: [ 458.895641][ T30] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 458.950044][ T30] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 458.959659][ T30] 2 locks held by syz-executor/10131: [ 459.018148][ T30] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 459.059893][ T30] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 459.099912][ T30] 2 locks held by syz-executor/10133: [ 459.105311][ T30] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 459.167393][ T30] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 459.210296][ T30] 2 locks held by syz-executor/10138: [ 459.215695][ T30] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 459.280038][ T30] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 459.289661][ T30] 1 lock held by syz-executor/10142: [ 459.339281][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.380756][ T30] 1 lock held by syz-executor/10146: [ 459.386097][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.450160][ T30] 1 lock held by syz-executor/10149: [ 459.455500][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.510664][ T30] 1 lock held by syz-executor/10150: [ 459.516000][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.577087][ T30] 1 lock held by syz-executor/10153: [ 459.594214][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.639953][ T30] 1 lock held by syz-executor/10162: [ 459.645286][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.703931][ T30] 1 lock held by syz-executor/10169: [ 459.709269][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.781616][ T30] 1 lock held by syz-executor/10171: [ 459.786942][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.837795][ T30] 1 lock held by syz-executor/10173: [ 459.859910][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 459.869409][ T30] 1 lock held by syz-executor/10175: [ 459.981286][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 460.015767][ T30] 1 lock held by syz-executor/10177: [ 460.040711][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 460.080659][ T30] 3 locks held by kworker/u9:3/10180: [ 460.086059][ T30] #0: ffff8880461fb948 ((wq_completion)hci12){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 460.169444][ T30] #1: ffffc9000477fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 460.220000][ T30] #2: ffff888038fecd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 460.290063][ T30] 1 lock held by syz-executor/10182: [ 460.299893][ T30] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 460.348131][ T30] [ 460.360076][ T30] ============================================= [ 460.360076][ T30] [ 460.368519][ T30] NMI backtrace for cpu 1 [ 460.372860][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10622-gaa486552a110 #0 [ 460.383038][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 460.393111][ T30] Call Trace: [ 460.396403][ T30] [ 460.399350][ T30] dump_stack_lvl+0x241/0x360 [ 460.404070][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.409298][ T30] ? __pfx__printk+0x10/0x10 [ 460.413930][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 460.418919][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 460.424419][ T30] ? _printk+0xd5/0x120 [ 460.428600][ T30] ? __pfx__printk+0x10/0x10 [ 460.433217][ T30] ? __wake_up_klogd+0xcc/0x110 [ 460.438101][ T30] ? __pfx__printk+0x10/0x10 [ 460.442718][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.448383][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 460.453444][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 460.459456][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 460.465480][ T30] watchdog+0xff4/0x1040 [ 460.469762][ T30] ? watchdog+0x1ea/0x1040 [ 460.474219][ T30] ? __pfx_watchdog+0x10/0x10 [ 460.478930][ T30] kthread+0x2f2/0x390 [ 460.483028][ T30] ? __pfx_watchdog+0x10/0x10 [ 460.487734][ T30] ? __pfx_kthread+0x10/0x10 [ 460.492345][ T30] ret_from_fork+0x4d/0x80 [ 460.496799][ T30] ? __pfx_kthread+0x10/0x10 [ 460.501413][ T30] ret_from_fork_asm+0x1a/0x30 [ 460.506225][ T30] [ 460.511165][ T30] Sending NMI from CPU 1 to CPUs 0: [ 460.516399][ C0] NMI backtrace for cpu 0 [ 460.516414][ C0] CPU: 0 UID: 0 PID: 5281 Comm: kworker/0:4 Not tainted 6.11.0-syzkaller-10622-gaa486552a110 #0 [ 460.516439][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 460.516454][ C0] Workqueue: events_power_efficient neigh_periodic_work [ 460.516494][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0xd/0x40 [ 460.516525][ C0] Code: f5 90 0f 0b 90 90 90 eb c6 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 83 3d 2f 9a 58 04 00 <74> 1e 83 3d 86 cb 58 04 00 74 15 65 48 8b 0c 25 c0 d7 03 00 31 c0 [ 460.516545][ C0] RSP: 0018:ffffc900000066b8 EFLAGS: 00000202 [ 460.516564][ C0] RAX: 0000000000000000 RBX: ffff88807c35c2dd RCX: dffffc0000000000 [ 460.516580][ C0] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc90000006b50 [ 460.516596][ C0] RBP: ffffc90000006bb0 R08: ffffc90000006b4f R09: ffffc90000006b40 [ 460.516613][ C0] R10: dffffc0000000000 R11: fffff52000000d6a R12: ffff88807c3582c0 [ 460.516630][ C0] R13: ffff8880849c4668 R14: ffffc90000006b40 R15: 0000000000000000 [ 460.516650][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 460.516670][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 460.516686][ C0] CR2: 0000000020015038 CR3: 000000000e734000 CR4: 0000000000350ef0 [ 460.516704][ C0] Call Trace: [ 460.516712][ C0] [ 460.516721][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 460.516756][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 460.516792][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 460.516826][ C0] ? nmi_handle+0x2a/0x5a0 [ 460.516858][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 460.516889][ C0] ? nmi_handle+0x151/0x5a0 [ 460.516911][ C0] ? nmi_handle+0x2a/0x5a0 [ 460.516934][ C0] ? debug_lockdep_rcu_enabled+0xd/0x40 [ 460.516961][ C0] ? default_do_nmi+0x63/0x160 [ 460.516997][ C0] ? exc_nmi+0x123/0x1f0 [ 460.517030][ C0] ? end_repeat_nmi+0xf/0x53 [ 460.517067][ C0] ? debug_lockdep_rcu_enabled+0xd/0x40 [ 460.517096][ C0] ? debug_lockdep_rcu_enabled+0xd/0x40 [ 460.517125][ C0] ? debug_lockdep_rcu_enabled+0xd/0x40 [ 460.517152][ C0] [ 460.517160][ C0] [ 460.517168][ C0] cake_enqueue+0x198/0x93e0 [ 460.517215][ C0] ? __pfx_validate_chain+0x10/0x10 [ 460.517240][ C0] ? __pfx_validate_chain+0x10/0x10 [ 460.517269][ C0] ? __pfx___skb_flow_dissect+0x10/0x10 [ 460.517302][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517336][ C0] ? __pfx_cake_enqueue+0x10/0x10 [ 460.517367][ C0] ? __pfx_validate_chain+0x10/0x10 [ 460.517392][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517422][ C0] ? mark_lock+0x9a/0x360 [ 460.517442][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 460.517477][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517507][ C0] ? mark_lock+0x9a/0x360 [ 460.517530][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517560][ C0] ? __lock_acquire+0x1384/0x2050 [ 460.517604][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517635][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517667][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517701][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 460.517736][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517766][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 460.517794][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.517828][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 460.517859][ C0] dev_qdisc_enqueue+0x4d/0x290 [ 460.517896][ C0] __dev_queue_xmit+0xf4b/0x3e80 [ 460.517937][ C0] ? __dev_queue_xmit+0x2da/0x3e80 [ 460.517972][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 460.518010][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518044][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518077][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518107][ C0] ? mark_lock+0x9a/0x360 [ 460.518130][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518160][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 460.518196][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518232][ C0] ? ip_finish_output2+0xa14/0x1390 [ 460.518262][ C0] ? ip_finish_output2+0x45f/0x1390 [ 460.518289][ C0] ip_finish_output2+0xd41/0x1390 [ 460.518317][ C0] ? ip_finish_output2+0x45f/0x1390 [ 460.518349][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 460.518379][ C0] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 460.518405][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518435][ C0] ? __ip_finish_output+0x349/0x400 [ 460.518465][ C0] synproxy_send_client_synack+0x8b8/0xf30 [ 460.518499][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 460.518522][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518555][ C0] ? synproxy_pernet+0x45/0x270 [ 460.518581][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518614][ C0] nft_synproxy_eval_v4+0x3ca/0x610 [ 460.518644][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 460.518673][ C0] ? nf_ip_checksum+0x13a/0x500 [ 460.518704][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 460.518734][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 460.518762][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518795][ C0] ? __pfx_validate_chain+0x10/0x10 [ 460.518820][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518855][ C0] nft_do_chain+0x4af/0x1da0 [ 460.518892][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 460.518917][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 460.518952][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.518996][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 460.519030][ C0] nft_do_chain_inet+0x418/0x6b0 [ 460.519058][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 460.519083][ C0] ? ipt_do_table+0x312/0x1860 [ 460.519121][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 460.519145][ C0] nf_hook_slow+0xc5/0x220 [ 460.519169][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 460.519206][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 460.519239][ C0] NF_HOOK+0x29e/0x450 [ 460.519269][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.519302][ C0] ? NF_HOOK+0x9a/0x450 [ 460.519333][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 460.519366][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 460.519403][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.519433][ C0] ? ip_rcv_finish+0x406/0x560 [ 460.519467][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 460.519499][ C0] NF_HOOK+0x3a6/0x450 [ 460.519529][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.519559][ C0] ? __lock_acquire+0x1384/0x2050 [ 460.519593][ C0] ? NF_HOOK+0x9a/0x450 [ 460.519624][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 460.519654][ C0] ? ip_rcv_core+0x801/0xd10 [ 460.519687][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 460.519725][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 460.519757][ C0] __netif_receive_skb+0x2bf/0x650 [ 460.519794][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 460.519827][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 460.519867][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 460.519903][ C0] ? __pfx_lock_release+0x10/0x10 [ 460.519939][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 460.519974][ C0] process_backlog+0x662/0x15b0 [ 460.520001][ C0] ? process_backlog+0x33b/0x15b0 [ 460.520033][ C0] ? __pfx_process_backlog+0x10/0x10 [ 460.520057][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 460.520096][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 460.520135][ C0] __napi_poll+0xcd/0x490 [ 460.520176][ C0] net_rx_action+0x89b/0x1240 [ 460.520220][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 460.520246][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 460.520306][ C0] handle_softirqs+0x2c7/0x980 [ 460.520342][ C0] ? do_softirq+0x11b/0x1e0 [ 460.520375][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 460.520411][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.520447][ C0] do_softirq+0x11b/0x1e0 [ 460.520477][ C0] [ 460.520485][ C0] [ 460.520495][ C0] ? __pfx_do_softirq+0x10/0x10 [ 460.520526][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 460.520565][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.520596][ C0] ? rcu_is_watching+0x15/0xb0 [ 460.520622][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 460.520653][ C0] ? neigh_periodic_work+0xb35/0xd50 [ 460.520687][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 460.520717][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.520748][ C0] ? neigh_destroy+0x423/0x580 [ 460.520780][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.520815][ C0] neigh_periodic_work+0xb35/0xd50 [ 460.520855][ C0] ? process_scheduled_works+0x976/0x1850 [ 460.520887][ C0] process_scheduled_works+0xa65/0x1850 [ 460.520936][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 460.520973][ C0] ? assign_work+0x364/0x3d0 [ 460.521006][ C0] worker_thread+0x870/0xd30 [ 460.521040][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.521072][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 460.521101][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 460.521130][ C0] ? __kthread_parkme+0x169/0x1d0 [ 460.521165][ C0] ? __pfx_worker_thread+0x10/0x10 [ 460.521196][ C0] kthread+0x2f2/0x390 [ 460.521222][ C0] ? __pfx_worker_thread+0x10/0x10 [ 460.521253][ C0] ? __pfx_kthread+0x10/0x10 [ 460.521274][ C0] ret_from_fork+0x4d/0x80 [ 460.521306][ C0] ? __pfx_kthread+0x10/0x10 [ 460.521327][ C0] ret_from_fork_asm+0x1a/0x30 [ 460.521370][ C0] [ 461.408338][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.799963][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 461.806874][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10622-gaa486552a110 #0 [ 461.817048][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 461.827120][ T30] Call Trace: [ 461.830412][ T30] [ 461.833361][ T30] dump_stack_lvl+0x241/0x360 [ 461.838079][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 461.843305][ T30] ? __pfx__printk+0x10/0x10 [ 461.847918][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 461.853950][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 461.859619][ T30] ? vscnprintf+0x5d/0x90 [ 461.863992][ T30] panic+0x349/0x880 [ 461.867914][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 461.873587][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 461.879779][ T30] ? __pfx_panic+0x10/0x10 [ 461.884220][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 461.889616][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 461.895277][ T30] ? __irq_work_queue_local+0x137/0x410 [ 461.900857][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 461.906520][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 461.911919][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 461.918122][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 461.924316][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 461.929980][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 461.936177][ T30] watchdog+0x1033/0x1040 [ 461.940540][ T30] ? watchdog+0x1ea/0x1040 [ 461.944999][ T30] ? __pfx_watchdog+0x10/0x10 [ 461.949705][ T30] kthread+0x2f2/0x390 [ 461.953795][ T30] ? __pfx_watchdog+0x10/0x10 [ 461.958501][ T30] ? __pfx_kthread+0x10/0x10 [ 461.963115][ T30] ret_from_fork+0x4d/0x80 [ 461.967565][ T30] ? __pfx_kthread+0x10/0x10 [ 461.972178][ T30] ret_from_fork_asm+0x1a/0x30 [ 461.976997][ T30] [ 461.980235][ T30] Kernel Offset: disabled [ 461.984555][ T30] Rebooting in 86400 seconds..