last executing test programs: 7.307115007s ago: executing program 4 (id=870): r0 = syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9b, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4}, [@extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, 'LX'}, @mixer_unit={0x6, 0x24, 0x4, 0x0, 0x0, 'R'}, @selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, "53f1"}, @selector_unit={0xb, 0x24, 0x5, 0x0, 0x0, "133b9bda531c"}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x5, "96efc359"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x2, 0x0, 0x1, '\v~', "8e"}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81}}}}}}}]}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x8, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f0000002080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x827}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.50267693s ago: executing program 4 (id=879): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x1}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) read(r0, 0x0, 0x0) 3.982765608s ago: executing program 1 (id=886): r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r1, &(0x7f000001a240)=""/102400, 0x19000, 0x100018) semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semop(0x0, &(0x7f00000000c0)=[{}, {}], 0x2) semctl$GETZCNT(0x0, 0x5, 0xf, 0x0) 3.951216626s ago: executing program 3 (id=887): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x40}}, 0x0) 3.890710871s ago: executing program 1 (id=888): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r3, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) listen(r5, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 3.889841162s ago: executing program 3 (id=889): sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14010000", @ANYRES16=0x0, @ANYBLOB="000326bd7000"], 0x14}, 0x1, 0x0, 0x0, 0x24044000}, 0x8810) syz_usb_connect(0x0, 0x5d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000551b8920b822276080c20102030109024b0001000000000904000000020a0000052406000005241d00000d240f01000200000000000200072414003824d0062413"], 0x0) 3.323185916s ago: executing program 0 (id=890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[], 0x30}}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x4000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000840)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043d"], 0x11) 3.258624118s ago: executing program 3 (id=891): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d34, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7a1a, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0x0, "5780eafb"}, @global=@item_012={0x1, 0x1, 0x0, "f3"}]}}, 0x0}, 0x0) 3.227075769s ago: executing program 2 (id=892): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) syz_usb_control_io(r0, 0x0, 0x0) getxattr(0x0, 0x0, 0x0, 0x0) write$UHID_INPUT(r2, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b07333b6c1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 2.974720739s ago: executing program 1 (id=893): r0 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000600)={0xaa, 0x8}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 2.958738341s ago: executing program 1 (id=894): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000140)=ANY=[@ANYBLOB="0002"], 0x18) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r5 = epoll_create1(0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000000)) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) 2.747257053s ago: executing program 0 (id=895): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000940)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@seclabel}]}}) 2.739852694s ago: executing program 0 (id=896): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.706839805s ago: executing program 0 (id=897): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) readv(r1, &(0x7f00000027c0)=[{&(0x7f0000000480)=""/86, 0x56}], 0x1) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000280)={0x4000001, 0x4}) 2.637785611s ago: executing program 3 (id=898): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x4) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x0) 2.583303782s ago: executing program 3 (id=899): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) chdir(0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r4, &(0x7f0000000080), 0x12) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x19, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x44, r7, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6}}]}, 0x44}}, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x5c, r7, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8000) write(r5, 0x0, 0x0) 2.562009025s ago: executing program 4 (id=900): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="1c1935e5", 0x4, r1) keyctl$unlink(0x9, r2, r1) 2.499256486s ago: executing program 0 (id=901): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="01000a00"}) 2.498139324s ago: executing program 2 (id=902): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000031c0000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0) r8 = dup3(r7, r6, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00006d2000/0x1000)=nil, 0x1000, 0x1, 0x11, r9, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0xfeffffffffffff, 0x0}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) 2.449386306s ago: executing program 4 (id=903): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x73, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xfffffffb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x876b}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000200)="3ce2de0ad56f287b9c85dd001163d87efa1d524d8d957a8de4e490e10b2009ea6c4ee904bb7db6fc03b988d4edef164bd3377aa381b5f50b7ca414010000000000008082e9bde22b2b7c1c7606d56547070000000000000012feceb3c5c3684631f1c7", 0x63, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100009000000000000000000", @ANYRES32=0x0, @ANYBLOB="14920600008000001c0012801100"], 0x3c}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240100003b0007010000000000000000047c0000040000000c00018006000600800a000000010280f900"], 0x124}, 0x1, 0x0, 0x0, 0x4010}, 0xc000) 2.29922146s ago: executing program 4 (id=904): socket$tipc(0x1e, 0x5, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010200000000e6ffffff250000000c000500000000000000000005002e00000000000a0001007770616e3100000005002b00030000000c002d"], 0x48}}, 0x0) 2.213347724s ago: executing program 0 (id=905): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[], 0x30}}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x4000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000840)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043d"], 0x11) 921.450265ms ago: executing program 3 (id=906): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYBLOB="00000000522b1eaf0000000000000000000000000000000000000000e8a9afe6eb346381377be0782cbcb956408cb2d570f9f4b3e7c66d7f351b2a039e24c3d90ea4b673bc877f563dcccba4f2c9931e3ebcbb8f904df040fecb93b165f7a4a15237adbf721ae9257c484f01c69c0fac6afcaa670c7af187a7b732eefb02aa30ad8f8f2c4557af3545a0a789f441751268a551453b92fc3c3304995a349dea234491098691a1b62fa3c7ae71781bd6a56b022a3652081b4cf6882c97b45f666a1c0546fc438331e5f8fab504e66f157726abe8e1928f8ba58eb0b1ec31383b06e61233add5a344114b29b4f504e9ec95dc56454c6e101eb7e5f0c25f05e16c978fd9cf5cdcb933952b4af96f07a8f4921af7546e69f9c6c2c5622572c9e661d7c1a64f4d9fd865c7d2026abff655e82cde5324c7ebca6e94dd5af6a803ca182a4ae81d1b9b0c3d78902bdadfe1ffd13eb35f"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x40) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, 0x0, 0x24000040) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect(r5, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80) 795.305516ms ago: executing program 4 (id=907): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc008002c00070002000600", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 794.519153ms ago: executing program 2 (id=908): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x1, 0x8000}}, './file0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000002c0), 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) ioctl$TCFLSH(r0, 0x540b, 0x2) 640.499768ms ago: executing program 1 (id=909): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x4) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x0) 640.296817ms ago: executing program 2 (id=910): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x1}, 0x2) read(r0, 0x0, 0x0) 602.957699ms ago: executing program 2 (id=911): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000a40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000780)={0x2c, r0, 0x1, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x3}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x49}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 26.526706ms ago: executing program 2 (id=912): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x81}, 0x10) 0s ago: executing program 1 (id=913): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="1c1935e5", 0x4, r1) keyctl$unlink(0x9, r2, r1) kernel console output (not intermixed with test programs): man_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.130887][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.133140][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.136091][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.139511][ T6425] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.141395][ T6425] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.143214][ T6425] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.144967][ T6425] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.150065][ T6418] veth1_macvtap: entered promiscuous mode [ 37.172071][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.174399][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.176731][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.179111][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.180941][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.183388][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.186496][ T6418] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.189270][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.191471][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.193390][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.195567][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.197815][ T6418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.199949][ T6418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.202919][ T6418] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.228637][ T6418] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.230434][ T6418] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.232099][ T6418] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.234068][ T6418] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.246048][ T6419] veth0_vlan: entered promiscuous mode [ 37.251103][ T6419] veth1_vlan: entered promiscuous mode [ 37.275574][ T6419] veth0_macvtap: entered promiscuous mode [ 37.279313][ T6419] veth1_macvtap: entered promiscuous mode [ 37.308522][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.310659][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.312588][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.314732][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.317705][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.319732][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.321771][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.323933][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.327930][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.353431][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.354082][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.355058][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.362659][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.364734][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.366959][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.369031][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.371184][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.373222][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.375586][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.379325][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.390867][ T700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.392940][ T700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.403998][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.404870][ T6419] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.405672][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.409247][ T6419] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.411234][ T6419] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.413041][ T6419] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.427806][ T261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.429605][ T261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.461818][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.463524][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.476501][ T700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.478141][ T700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.520458][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.522151][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.524897][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.534166][ T700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.535897][ T700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.538901][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.545680][ T6425] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 37.548754][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.548771][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.810258][ T6511] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2'. [ 37.820246][ T6514] Bluetooth: MGMT ver 1.23 [ 37.906954][ T6522] capability: warning: `syz.2.3' uses deprecated v2 capabilities in a way that may be insecure [ 38.586950][ T6435] Bluetooth: hci3: command tx timeout [ 38.588423][ T6435] Bluetooth: hci1: command tx timeout [ 38.590479][ T6435] Bluetooth: hci0: command tx timeout [ 38.592156][ T6435] Bluetooth: hci4: command tx timeout [ 38.593783][ T6435] Bluetooth: hci2: command tx timeout [ 39.857597][ T6427] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 41.568330][ T6427] Bluetooth: hci2: command tx timeout [ 41.582002][ T6427] Bluetooth: hci4: command tx timeout [ 41.582058][ T6537] netlink: 'syz.3.9': attribute type 21 has an invalid length. [ 41.583214][ T6427] Bluetooth: hci0: command 0x040f tx timeout [ 41.584683][ T6537] netlink: 168 bytes leftover after parsing attributes in process `syz.3.9'. [ 41.586019][ T6427] Bluetooth: hci1: command tx timeout [ 41.599124][ T6427] Bluetooth: hci3: command tx timeout [ 44.094316][ T53] Bluetooth: hci3: command tx timeout [ 44.095640][ T53] Bluetooth: hci1: command tx timeout [ 44.097008][ T53] Bluetooth: hci0: command 0x040f tx timeout [ 44.098410][ T53] Bluetooth: hci4: command tx timeout [ 44.099652][ T53] Bluetooth: hci2: command tx timeout [ 44.583338][ T6558] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.585368][ T6558] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.592261][ T6558] bridge0: entered allmulticast mode [ 44.677720][ T53] Bluetooth: hci5: sending frame failed (-49) [ 44.679373][ T6427] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 44.693261][ T6558] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.694954][ T6558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.696953][ T6558] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.698527][ T6558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.752462][ T6558] bridge0: entered promiscuous mode [ 44.881521][ T6561] loop0: detected capacity change from 0 to 16384 [ 45.456040][ T6564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.602485][ T6564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.659460][ T6568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19'. [ 45.687688][ T6568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19'. [ 46.245895][ T6427] Bluetooth: hci0: command 0x040f tx timeout [ 46.255344][ T6575] netlink: 'syz.1.20': attribute type 10 has an invalid length. [ 46.263422][ T6575] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 46.267226][ T6573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19'. [ 46.458977][ T6585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.24'. [ 46.825153][ T6577] loop1: detected capacity change from 0 to 40427 [ 46.853414][ T6577] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 46.855557][ T6577] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 46.871769][ T6577] F2FS-fs (loop1): Found nat_bits in checkpoint [ 46.965432][ T6577] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 46.977758][ T6577] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 48.713261][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.715372][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.734572][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.736222][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.767857][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.777682][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.784186][ T6418] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 48.883005][ T6620] ubi0: attaching mtd0 [ 48.885302][ T6620] ubi0: scanning is finished [ 48.886282][ T6620] ubi0: empty MTD device detected [ 49.102100][ T6627] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.104030][ T6627] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.105921][ T6627] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.107868][ T6627] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.110055][ T6627] vxlan0: entered promiscuous mode [ 49.111167][ T6627] vxlan0: entered allmulticast mode [ 49.568763][ T6627] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 49.570677][ T6627] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 49.572358][ T6627] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 49.574254][ T6627] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 49.596474][ T6620] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 49.598083][ T6620] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 49.599523][ T6620] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 49.601012][ T6620] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 49.602413][ T6620] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 49.603722][ T6620] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 49.605341][ T6620] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1759593506 [ 49.614440][ T6620] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 49.617474][ T6621] ubi0: detaching mtd0 [ 49.623026][ T6621] ubi0: mtd0 is detached [ 49.842329][ T6647] netlink: 132 bytes leftover after parsing attributes in process `syz.2.46'. [ 49.857697][ T6627] Zero length message leads to an empty skb [ 52.952561][ T6693] 9pnet_virtio: no channels available for device syz [ 53.412528][ T6702] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.835788][ T6703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.68'. [ 54.360675][ T6729] input: syz0 as /devices/virtual/input/input3 [ 55.583160][ T6427] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 55.951118][ T6774] 8021q: VLANs not supported on ipvlan1 [ 56.130891][ T6777] Cannot find add_set index 3 as target [ 56.277307][ T6780] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 1 [ 61.174228][ T6895] warning: `syz.4.137' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 61.241679][ T6899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 61.459869][ T6908] syzkaller0: entered promiscuous mode [ 61.461113][ T6908] syzkaller0: entered allmulticast mode [ 61.479360][ T6908] syzkaller0: create flow: hash 3531767558 index 1 [ 61.517421][ T6907] syzkaller0: delete flow: hash 3531767558 index 1 [ 63.160686][ T6994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.171'. [ 63.173897][ T6997] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 64.516826][ T2341] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.523543][ T2341] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.697561][ T6427] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 65.699290][ T6427] Bluetooth: hci2: Injecting HCI hardware error event [ 65.702573][ T6427] Bluetooth: hci2: hardware error 0x00 [ 67.936516][ T6427] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 69.628812][ T8] cfg80211: failed to load regulatory.db [ 71.731612][ T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.735251][ T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.741683][ T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.743862][ T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.745781][ T53] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 71.747688][ T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.754595][ T6427] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.758634][ T6427] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.762154][ T6427] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.764262][ T6427] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.766157][ T6427] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.770913][ T6427] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.014776][ T6997] netlink: 'syz.0.170': attribute type 12 has an invalid length. [ 73.016663][ T6997] netlink: 'syz.0.170': attribute type 2 has an invalid length. [ 73.018448][ T6997] netlink: 'syz.0.170': attribute type 10 has an invalid length. [ 73.266028][ T7028] chnl_net:caif_netlink_parms(): no params data found [ 73.477104][ T7028] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.478764][ T7028] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.480616][ T7028] bridge_slave_0: entered allmulticast mode [ 73.485953][ T7028] bridge_slave_0: entered promiscuous mode [ 73.556077][ T7032] chnl_net:caif_netlink_parms(): no params data found [ 73.571058][ T7028] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.572616][ T7028] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.574341][ T7028] bridge_slave_1: entered allmulticast mode [ 73.576097][ T7028] bridge_slave_1: entered promiscuous mode [ 73.776486][ T53] Bluetooth: hci5: command tx timeout [ 73.892675][ T261] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.931740][ T7028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.935368][ T7028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.008605][ T261] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.015512][ T7028] team0: Port device team_slave_0 added [ 74.032744][ T7028] team0: Port device team_slave_1 added [ 74.129377][ T261] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.141796][ T7032] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.143811][ T7032] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.145562][ T7032] bridge_slave_0: entered allmulticast mode [ 74.150893][ T7032] bridge_slave_0: entered promiscuous mode [ 74.162056][ T7032] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.170889][ T7032] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.174313][ T7032] bridge_slave_1: entered allmulticast mode [ 74.195080][ T7032] bridge_slave_1: entered promiscuous mode [ 74.202192][ T7028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.203650][ T7028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.213521][ T7028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.278903][ T261] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.315742][ T7028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.329005][ T7028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.345330][ T7028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.401130][ T7032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.438924][ T7028] hsr_slave_0: entered promiscuous mode [ 74.476647][ T7028] hsr_slave_1: entered promiscuous mode [ 74.516518][ T7028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.518045][ T7028] Cannot create hsr debugfs directory [ 74.533547][ T7032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.581485][ T7032] team0: Port device team_slave_0 added [ 74.636735][ T7032] team0: Port device team_slave_1 added [ 74.694529][ T261] bridge_slave_1: left allmulticast mode [ 74.695931][ T261] bridge_slave_1: left promiscuous mode [ 74.702045][ T261] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.748307][ T261] bridge_slave_0: left allmulticast mode [ 74.749488][ T261] bridge_slave_0: left promiscuous mode [ 74.750859][ T261] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.752100][ T7122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.788716][ T7122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.817432][ T53] Bluetooth: hci6: command tx timeout [ 74.824423][ T7118] could not allocate digest TFM handle hmac(sha1-avx2) [ 75.856531][ T53] Bluetooth: hci5: command tx timeout [ 76.655924][ T8] libceph: connect (1)[c::]:6789 error -101 [ 76.659242][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 76.670875][ T8] libceph: connect (1)[c::]:6789 error -101 [ 76.676881][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 76.685959][ T7197] ceph: No mds server is up or the cluster is laggy [ 76.744273][ T261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.880934][ T261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.933505][ T53] Bluetooth: hci6: command tx timeout [ 76.998028][ T261] bond0 (unregistering): Released all slaves [ 77.061992][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.068187][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.074601][ T7032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.111556][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.112986][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.125722][ T7032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.236262][ T7028] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.388245][ T7280] trusted_key: syz.0.225 sent an empty control message without MSG_MORE. [ 77.451216][ T7032] hsr_slave_0: entered promiscuous mode [ 77.507506][ T7032] hsr_slave_1: entered promiscuous mode [ 77.546560][ T7032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.549036][ T7032] Cannot create hsr debugfs directory [ 77.612202][ T7028] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.708567][ T7028] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.903379][ T7028] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.936594][ T53] Bluetooth: hci5: command tx timeout [ 77.976856][ T261] hsr_slave_0: left promiscuous mode [ 78.007889][ T261] hsr_slave_1: left promiscuous mode [ 78.087719][ T261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.089272][ T261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.091597][ T261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.093279][ T261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.111115][ T261] veth1_macvtap: left promiscuous mode [ 78.112554][ T261] veth0_macvtap: left promiscuous mode [ 78.113811][ T261] veth1_vlan: left promiscuous mode [ 78.115189][ T261] veth0_vlan: left promiscuous mode [ 78.263013][ T7302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.232'. [ 79.027763][ T53] Bluetooth: hci6: command tx timeout [ 80.016538][ T53] Bluetooth: hci5: command tx timeout [ 80.460518][ T261] team0 (unregistering): Port device team_slave_1 removed [ 80.659795][ T261] team0 (unregistering): Port device team_slave_0 removed [ 81.056957][ T53] Bluetooth: hci6: command tx timeout [ 82.919578][ T7336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.932327][ T7336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.947182][ T7336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.962346][ T7337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.986657][ T7337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.019896][ T7028] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.023965][ T7028] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.031717][ T7028] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.035215][ T7028] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.155341][ T7028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.172659][ T7359] netlink: 24 bytes leftover after parsing attributes in process `syz.4.248'. [ 83.197528][ T7028] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.226282][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.227881][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.232342][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.233859][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.404040][ T7028] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.406600][ T7028] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.724224][ T261] bridge_slave_1: left allmulticast mode [ 83.725448][ T261] bridge_slave_1: left promiscuous mode [ 83.732139][ T261] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.737366][ T261] bridge_slave_0: left allmulticast mode [ 83.738785][ T261] bridge_slave_0: left promiscuous mode [ 83.740142][ T261] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.639671][ T7383] dccp_invalid_packet: P.Data Offset(4) too small [ 85.633034][ T7403] ieee802154 phy0 wpan0: encryption failed: -22 [ 87.127122][ T261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.169379][ T261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.199835][ T261] bond0 (unregistering): Released all slaves [ 87.231329][ T7396] netlink: 72 bytes leftover after parsing attributes in process `syz.1.257'. [ 87.235359][ T7422] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.237828][ T7422] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.239644][ T7422] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.241347][ T7422] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.244116][ T7422] vxlan0: entered promiscuous mode [ 87.245177][ T7422] vxlan0: entered allmulticast mode [ 87.259693][ T7422] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.261914][ T7422] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.263821][ T7422] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.265703][ T7422] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.408619][ T7434] libceph: resolve ' [ 87.408619][ T7434] -&fYǝa2i [ 87.408619][ T7434] .?&*&' (ret=-3): failed [ 87.570407][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.1.266'. [ 87.629422][ T7028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.647836][ T7032] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.651229][ T7032] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.662698][ T7032] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.697955][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 87.845890][ T7032] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.905902][ T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 87.908101][ T10] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 87.910310][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 87.912078][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 87.914458][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 87.944076][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 87.945951][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 87.952954][ T10] usb 1-1: Product: syz [ 87.953818][ T10] usb 1-1: Manufacturer: syz [ 87.987094][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 87.988273][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 87.995319][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 88.001817][ T10] cdc_wdm 1-1:1.0: Unknown control protocol [ 88.018496][ T261] hsr_slave_0: left promiscuous mode [ 88.047782][ T261] hsr_slave_1: left promiscuous mode [ 88.117238][ T261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.118843][ T261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.122874][ T261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.124384][ T261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.156277][ T7492] netlink: 36 bytes leftover after parsing attributes in process `syz.1.274'. [ 88.164418][ T261] veth1_macvtap: left promiscuous mode [ 88.165588][ T261] veth0_macvtap: left promiscuous mode [ 88.197204][ T25] usb 1-1: USB disconnect, device number 2 [ 88.211191][ T261] veth1_vlan: left promiscuous mode [ 88.216091][ T261] veth0_vlan: left promiscuous mode [ 88.956528][ T6409] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 89.138243][ T6409] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 89.140139][ T6409] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 89.145224][ T6409] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 89.152405][ T6409] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 89.154609][ T6409] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 89.161316][ T6409] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 89.163399][ T6409] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 89.165163][ T6409] usb 1-1: Product: syz [ 89.166020][ T6409] usb 1-1: Manufacturer: syz [ 89.175734][ T6409] cdc_wdm 1-1:1.0: skipping garbage [ 89.178993][ T6409] cdc_wdm 1-1:1.0: skipping garbage [ 89.182519][ T6409] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 89.184168][ T6409] cdc_wdm 1-1:1.0: Unknown control protocol [ 89.728414][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.729666][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.731417][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.732848][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.733867][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.735222][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.736673][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.737925][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.739289][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.740704][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.742234][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.743613][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.745046][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.746548][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.747925][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.749357][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.750704][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.751974][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.753271][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.754662][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.755977][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.757273][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.759070][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.760410][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.763330][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.764514][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.765851][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.767145][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.768967][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.770271][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.771385][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.772689][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.774081][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.775271][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.776623][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.777994][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.779400][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.780809][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.782032][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.783479][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.784625][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.785972][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.787256][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.788735][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.790090][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.791193][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.792478][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.793733][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.794971][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.796184][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.797559][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.798819][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.800067][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.801424][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.802757][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.804087][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.805339][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.806761][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.808057][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.809192][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.810466][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.811666][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.813186][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.814347][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.815746][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.817017][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.818340][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.819722][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.820907][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.822532][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.823940][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.825190][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.826567][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.827924][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.829356][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.830670][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.832165][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.833500][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.834704][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.836100][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.837405][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.838776][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.840017][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.841221][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.842323][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.843730][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.844887][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.846246][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.847493][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.848831][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.850069][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.851189][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.852476][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.853506][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.854795][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.855851][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.857106][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.858436][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.859724][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.861023][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.862222][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.863568][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.864775][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.866139][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.867244][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.868590][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.869934][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.871330][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.872575][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.873746][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.875083][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.876242][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.877553][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.878929][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.880166][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.881461][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.882764][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.884077][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.885322][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.886608][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.887874][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.889157][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.890439][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.891799][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.892971][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.894200][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.895551][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.896725][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.897938][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.899009][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.900274][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.901647][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.902974][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.904240][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.905464][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.906804][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.908114][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.909357][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.910615][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.911795][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.913064][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.914115][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.915435][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.916614][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.917996][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.919180][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.920563][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.921847][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.923147][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.924730][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.925926][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.927252][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.928513][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.929888][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.931093][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.932361][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.933570][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.934850][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.936048][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.937339][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.938651][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.939755][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.941031][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.942576][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.943801][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.945073][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.946421][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.947716][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.949161][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.950453][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.951782][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.953061][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.954364][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.955507][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.956943][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.958228][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.959333][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.961531][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.962640][ T261] team0 (unregistering): Port device team_slave_1 removed [ 89.962797][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.965892][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.967305][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.968622][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.969902][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.971359][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.972738][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.974243][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.975525][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.976824][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.978145][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.979478][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.980682][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.982104][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.983243][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.984620][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.985856][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.987119][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.988434][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.989604][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.990878][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.992160][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.993560][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.994685][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.995957][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.997280][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.998612][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 90.002664][ T25] usb 1-1: USB disconnect, device number 3 [ 90.186849][ T261] team0 (unregistering): Port device team_slave_0 removed [ 90.564771][ T7584] tmpfs: Bad value for 'mpol' [ 90.740354][ T53] Bluetooth: hci0: link tx timeout [ 90.741888][ T53] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 92.358592][ T7028] veth0_vlan: entered promiscuous mode [ 92.384641][ T7028] veth1_vlan: entered promiscuous mode [ 92.394237][ T7032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.464959][ T7032] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.477651][ T7028] veth0_macvtap: entered promiscuous mode [ 92.480666][ T7028] veth1_macvtap: entered promiscuous mode [ 92.488642][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.490791][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.492644][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.494828][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.496972][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.498976][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.501753][ T7028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.504308][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.506483][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.508367][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.510770][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.512817][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.515064][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.518177][ T7028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.535897][ T7028] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.540483][ T7028] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.542603][ T7028] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.544485][ T7028] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.562356][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.564047][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.569607][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.571059][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.613250][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.616336][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.662752][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.666837][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.826496][ T6427] Bluetooth: hci0: command 0x040f tx timeout [ 92.875133][ T7032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.929423][ T7032] veth0_vlan: entered promiscuous mode [ 92.933514][ T7032] veth1_vlan: entered promiscuous mode [ 92.944067][ T7032] veth0_macvtap: entered promiscuous mode [ 92.947050][ T7032] veth1_macvtap: entered promiscuous mode [ 92.955354][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.957490][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.959550][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.961749][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.963874][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.966001][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.968093][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.970255][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.973027][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.975609][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.977786][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.979877][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.982036][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.984205][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.986331][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.988574][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.990899][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.993803][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.998935][ T7032] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.000777][ T7032] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.002598][ T7032] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.004512][ T7032] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.093083][ T7631] binder: 7630:7631 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 93.095766][ T7631] binder: 7631 RLIMIT_NICE not set [ 93.125365][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.127001][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.127018][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.130267][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.150372][ T7631] binder: 7630:7631 ioctl c0306201 20000280 returned -14 [ 93.276479][ T7641] binder: 7633:7641 tried to acquire reference to desc 0, got 1 instead [ 93.278561][ T7641] binder_alloc: 7633: binder_install_single_page failed to insert page at offset 0 with -14 [ 93.285686][ T7641] binder: cannot allocate buffer: memory allocation failed [ 93.285731][ T7641] binder: 7633:7641 transaction call to 7633:0 failed 7/29201/-12, size 0-0 line 3333 [ 93.525331][ T7643] loop4: detected capacity change from 0 to 40427 [ 93.531618][ T7643] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 93.533216][ T7643] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 93.546056][ T7643] F2FS-fs (loop4): Found nat_bits in checkpoint [ 93.571088][ T7643] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 93.579318][ T7643] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 94.043095][ T10] binder: undelivered TRANSACTION_ERROR: 29201 [ 94.354758][ T7667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.425960][ T7667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.998929][ T7667] loop4: detected capacity change from 0 to 512 [ 95.026815][ T7667] ======================================================= [ 95.026815][ T7667] WARNING: The mand mount option has been deprecated and [ 95.026815][ T7667] and is ignored by this kernel. Remove the mand [ 95.026815][ T7667] option from the mount to silence this warning. [ 95.026815][ T7667] ======================================================= [ 95.042780][ T7667] EXT4-fs (loop4): blocks per group (64) and clusters per group (20800) inconsistent [ 95.190344][ T7677] loop0: detected capacity change from 0 to 256 [ 95.225974][ T7677] FAT-fs (loop0): Directory bread(block 64) failed [ 95.230834][ T7677] FAT-fs (loop0): Directory bread(block 65) failed [ 95.232176][ T7677] FAT-fs (loop0): Directory bread(block 66) failed [ 95.245529][ T7677] FAT-fs (loop0): Directory bread(block 67) failed [ 95.251462][ T7677] FAT-fs (loop0): Directory bread(block 68) failed [ 95.252887][ T7677] FAT-fs (loop0): Directory bread(block 69) failed [ 95.259641][ T7677] FAT-fs (loop0): Directory bread(block 70) failed [ 95.260942][ T7677] FAT-fs (loop0): Directory bread(block 71) failed [ 95.262433][ T7677] FAT-fs (loop0): Directory bread(block 72) failed [ 95.263760][ T7677] FAT-fs (loop0): Directory bread(block 73) failed [ 95.999926][ T7681] loop4: detected capacity change from 0 to 512 [ 96.185330][ T7681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.447370][ T6419] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.795201][ T7706] netlink: 288 bytes leftover after parsing attributes in process `syz.3.313'. [ 98.666452][ T10] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 98.878121][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 98.880400][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 98.882944][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.895529][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 98.913311][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 98.915248][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.961813][ T10] usb 1-1: config 0 descriptor?? [ 98.983390][ T7724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.000945][ T7724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.011153][ T7726] mmap: syz.1.323 (7726) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 99.073784][ T7730] loop1: detected capacity change from 0 to 512 [ 99.110575][ T7730] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.131897][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.161765][ T6418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.176676][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.386289][ T10] hid-rmi 0003:17EF:6085.0001: unknown main item tag 0x0 [ 99.388121][ T10] hid-rmi 0003:17EF:6085.0001: unknown main item tag 0x0 [ 99.389739][ T10] hid-rmi 0003:17EF:6085.0001: item fetching failed at offset 2/5 [ 99.391727][ T10] hid-rmi 0003:17EF:6085.0001: parse failed [ 99.392981][ T10] hid-rmi 0003:17EF:6085.0001: probe with driver hid-rmi failed with error -22 [ 99.484421][ T7737] loop1: detected capacity change from 0 to 40427 [ 99.489045][ T7737] F2FS-fs (loop1): Unrecognized mount option "lazytime" or missing value [ 99.543161][ T7737] overlayfs: failed to resolve './file2': -2 [ 99.604243][ T7739] loop2: detected capacity change from 0 to 1024 [ 99.606047][ T7739] EXT4-fs: Ignoring removed orlov option [ 99.614294][ T10] usb 1-1: USB disconnect, device number 4 [ 99.620358][ T7739] EXT4-fs: Ignoring removed nomblk_io_submit option [ 99.646015][ T7739] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.722841][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.131461][ T7745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.172821][ T7745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.348056][ T7760] ptrace attach of "./syz-executor exec"[6420] was attempted by "./syz-executor exec"[7760] [ 101.897659][ T7764] loop4: detected capacity change from 0 to 40427 [ 101.903439][ T7764] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 101.905895][ T7764] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 101.909485][ T7764] F2FS-fs (loop4): invalid crc value [ 101.914024][ T7764] F2FS-fs (loop4): Found nat_bits in checkpoint [ 101.951981][ T7764] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 101.959949][ T7764] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 101.964325][ T7777] vhci_hcd: default hub control req: 0200 v0000 i0000 l0 [ 102.188922][ T7788] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 103.105980][ T7793] loop3: detected capacity change from 0 to 1024 [ 103.393954][ T7793] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.491522][ T7032] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.597146][ T7811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.617353][ T7811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.934920][ T7809] loop1: detected capacity change from 0 to 40427 [ 103.985936][ T7809] binder: Unknown parameter 'defcontext' [ 104.397204][ T7826] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 104.399455][ T7826] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 105.956865][ T30] audit: type=1326 audit(105.930:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7833 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 105.975223][ T30] audit: type=1326 audit(105.930:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7833 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 106.001622][ T30] audit: type=1326 audit(105.950:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7833 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=92 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 106.029118][ T30] audit: type=1326 audit(105.950:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7833 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 106.323972][ T7846] binder: 7841:7846 ioctl c0306201 0 returned -14 [ 107.018729][ T7852] ptrace attach of "./syz-executor exec"[7028] was attempted by "./syz-executor exec"[7852] [ 107.113811][ T7855] input: syz0 as /devices/virtual/input/input4 [ 107.169322][ T7228] Bluetooth: hci3: Frame reassembly failed (-84) [ 107.768229][ T7845] loop4: detected capacity change from 0 to 40427 [ 107.770729][ T7845] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 107.774450][ T7845] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 107.779775][ T7845] F2FS-fs (loop4): invalid crc value [ 107.798479][ T7845] F2FS-fs (loop4): Found nat_bits in checkpoint [ 107.835093][ T7845] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 107.836850][ T7845] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 109.309075][ T53] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 109.540746][ T7880] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 109.542795][ T7880] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 110.697932][ T7893] binder: 7890:7893 ioctl c0306201 0 returned -14 [ 111.241116][ T7900] loop4: detected capacity change from 0 to 16 [ 111.320982][ T7900] erofs: (device loop4): mounted with root inode @ nid 36. [ 112.884276][ T7919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.906659][ T7919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.906863][ T7906] loop3: detected capacity change from 0 to 40427 [ 112.920804][ T7906] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 112.922670][ T7906] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 112.938992][ T7906] F2FS-fs (loop3): invalid crc value [ 112.951099][ T7906] F2FS-fs (loop3): Found nat_bits in checkpoint [ 112.963448][ T7906] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 112.965417][ T7906] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 113.481492][ T7928] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 113.483583][ T7928] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 114.152166][ T7934] loop4: detected capacity change from 0 to 16 [ 114.163748][ T7934] erofs: (device loop4): erofs_superblock_csum_verify: invalid checksum 0x918989c2, 0x11e5897d expected [ 116.398730][ T7955] loop2: detected capacity change from 0 to 1024 [ 116.566823][ T7955] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 116.713054][ T7955] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 116.716235][ T7955] EXT4-fs (loop2): orphan cleanup on readonly fs [ 116.736483][ T7955] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.390: bg 0: block 10: padding at end of block bitmap is not set [ 116.742764][ T7955] Quota error (device loop2): write_blk: dquota write failed [ 116.744555][ T7955] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 116.746689][ T7955] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 116.748974][ T7955] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.390: Failed to acquire dquot type 0 [ 116.753834][ T7955] EXT4-fs error (device loop2): ext4_free_blocks:6589: comm syz.2.390: Freeing blocks not in datazone - block = 0, count = 4096 [ 116.758788][ T7955] EXT4-fs (loop2): 1 truncate cleaned up [ 116.786452][ T7955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 116.866970][ T7960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.896949][ T7960] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.975243][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.942675][ T7976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.017147][ T7978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.027116][ T7976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.227165][ T7983] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 118.229338][ T7983] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 118.718148][ T7978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.889318][ T7999] loop4: detected capacity change from 0 to 1024 [ 120.346899][ T8004] random: crng reseeded on system resumption [ 120.916948][ T7999] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.698187][ T8008] PKCS8: Unsupported PKCS#8 version [ 124.072173][ T6419] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.562370][ T8023] loop4: detected capacity change from 0 to 512 [ 124.776926][ T8023] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 124.788747][ T8023] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.409: invalid indirect mapped block 2683928664 (level 1) [ 124.836576][ T8023] EXT4-fs (loop4): Remounting filesystem read-only [ 124.838717][ T8023] EXT4-fs (loop4): 1 truncate cleaned up [ 124.840432][ T8023] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.648600][ T8020] loop3: detected capacity change from 0 to 40427 [ 125.666432][ T8020] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 125.668015][ T8020] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 125.690600][ T8033] loop0: detected capacity change from 0 to 512 [ 125.708467][ T8020] F2FS-fs (loop3): invalid crc value [ 125.714909][ T8020] F2FS-fs (loop3): Found nat_bits in checkpoint [ 125.754258][ T30] audit: type=1326 audit(125.730:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8038 comm="syz.2.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 125.759475][ T8033] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.413: bg 0: block 393: padding at end of block bitmap is not set [ 125.766435][ T30] audit: type=1326 audit(125.740:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8038 comm="syz.2.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 125.774450][ T30] audit: type=1326 audit(125.740:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8038 comm="syz.2.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=4 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 125.780914][ T30] audit: type=1326 audit(125.740:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8038 comm="syz.2.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 125.785266][ T30] audit: type=1326 audit(125.740:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8038 comm="syz.2.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 125.786983][ T8020] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 125.792707][ T8041] loop1: detected capacity change from 0 to 512 [ 125.794194][ T8020] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 125.804080][ T8033] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 125.812333][ T8041] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.836864][ T8033] EXT4-fs (loop0): 2 truncates cleaned up [ 125.838525][ T8033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.951966][ T2341] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.953327][ T2341] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.529443][ T8052] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 126.533523][ T8052] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 126.536189][ T8052] EXT4-fs (loop1): This should not happen!! Data will be lost [ 126.536189][ T8052] [ 126.538438][ T8052] EXT4-fs (loop1): Total free blocks count 0 [ 126.539684][ T8052] EXT4-fs (loop1): Free/Dirty block details [ 126.540992][ T8052] EXT4-fs (loop1): free_blocks=65280 [ 126.542187][ T8052] EXT4-fs (loop1): dirty_blocks=23 [ 126.543224][ T8052] EXT4-fs (loop1): Block reservation details [ 126.544490][ T8052] EXT4-fs (loop1): i_reserved_data_blocks=23 [ 127.063294][ T6420] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.104580][ T6418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.215635][ T6419] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.679910][ T8061] loop0: detected capacity change from 0 to 256 [ 127.682461][ T8061] vfat: Bad value for 'fmask' [ 127.806822][ T30] audit: type=1326 audit(127.760:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8060 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 127.810978][ T30] audit: type=1326 audit(127.760:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8060 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 127.822612][ T30] audit: type=1326 audit(127.800:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8060 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=261 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 127.831736][ T30] audit: type=1326 audit(127.800:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8060 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 127.836079][ T30] audit: type=1326 audit(127.800:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8060 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 127.889773][ T42] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.979438][ T42] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.012523][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 128.016976][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 128.019509][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 128.023235][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 128.037071][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 128.039836][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 128.079327][ T8075] loop1: detected capacity change from 0 to 512 [ 128.081228][ T8075] EXT4-fs: Ignoring removed bh option [ 128.111515][ T42] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.124717][ T8075] EXT4-fs error (device loop1): __ext4_iget:4952: inode #15: block 1803188595: comm syz.1.424: invalid block [ 128.133477][ T8075] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.424: couldn't read orphan inode 15 (err -117) [ 128.205448][ T8075] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.429936][ T6418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.457889][ T42] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.522330][ T8082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.568803][ T8082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.619896][ T8084] loop0: detected capacity change from 0 to 256 [ 128.637643][ T8070] chnl_net:caif_netlink_parms(): no params data found [ 128.641356][ T8084] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 128.815449][ T42] bridge_slave_1: left allmulticast mode [ 128.816776][ T42] bridge_slave_1: left promiscuous mode [ 128.818179][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.821681][ T42] bridge_slave_0: left allmulticast mode [ 128.822855][ T42] bridge_slave_0: left promiscuous mode [ 128.824159][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.206489][ T8114] loop3: detected capacity change from 0 to 512 [ 129.215860][ T8114] EXT4-fs (loop3): blocks per group (71) and clusters per group (20800) inconsistent [ 130.336936][ T53] Bluetooth: hci1: command tx timeout [ 130.496010][ T8129] loop2: detected capacity change from 0 to 512 [ 130.499137][ T8128] loop1: detected capacity change from 0 to 128 [ 130.502258][ T8129] EXT4-fs: Invalid want_extra_isize 2 [ 130.517813][ T8128] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 131.304351][ T6418] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 132.446573][ T53] Bluetooth: hci1: command tx timeout [ 133.138010][ T8156] ptrace attach of "./syz-executor exec"[6420] was attempted by "./syz-executor exec"[8156] [ 133.330361][ T8152] loop1: detected capacity change from 0 to 40427 [ 133.675776][ T8152] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 133.712424][ T8152] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 133.869416][ T8152] F2FS-fs (loop1): invalid crc value [ 133.886511][ T8152] F2FS-fs (loop1): Found nat_bits in checkpoint [ 133.897605][ T8162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.925097][ T8152] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 133.926668][ T8162] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.934073][ T8152] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 133.940299][ T8152] syz.1.439: attempt to access beyond end of device [ 133.940299][ T8152] loop1: rw=2051, sector=36912, nr_sectors = 8144 limit=40427 [ 133.943588][ T8152] syz.1.439: attempt to access beyond end of device [ 133.943588][ T8152] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 133.964487][ T8152] F2FS-fs (loop1): Issue discard(4614, 4614, 1018) failed, ret: -5 [ 133.966129][ T8152] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 134.048649][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.103128][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.128670][ T42] bond0 (unregistering): Released all slaves [ 134.132632][ T8070] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.134088][ T8070] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.136006][ T8070] bridge_slave_0: entered allmulticast mode [ 134.139354][ T8070] bridge_slave_0: entered promiscuous mode [ 134.151006][ T8070] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.157777][ T8070] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.161989][ T8070] bridge_slave_1: entered allmulticast mode [ 134.165907][ T8070] bridge_slave_1: entered promiscuous mode [ 134.292926][ T8070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.308941][ T8070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.496560][ T53] Bluetooth: hci1: command tx timeout [ 134.574685][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 134.574699][ T30] audit: type=1326 audit(134.550:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.686453][ T30] audit: type=1326 audit(134.600:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.753279][ T30] audit: type=1326 audit(134.730:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.793400][ T30] audit: type=1326 audit(134.730:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.843254][ T30] audit: type=1326 audit(134.730:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.929167][ T30] audit: type=1326 audit(134.750:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.984119][ T30] audit: type=1326 audit(134.770:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 134.992037][ T30] audit: type=1326 audit(134.770:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 135.000917][ T30] audit: type=1326 audit(134.790:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=109 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 135.005284][ T30] audit: type=1326 audit(134.800:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8172 comm="syz.3.446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 136.547195][ T8191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.588926][ T53] Bluetooth: hci1: command tx timeout [ 136.593599][ T8191] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.654803][ T8070] team0: Port device team_slave_0 added [ 136.658966][ T8070] team0: Port device team_slave_1 added [ 136.749533][ T8208] loop1: detected capacity change from 0 to 2048 [ 136.770944][ T8070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.780532][ T8208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.781828][ T8070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.788912][ T8070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.793298][ T8070] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.794737][ T8070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.800919][ T8070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.998021][ T8070] hsr_slave_0: entered promiscuous mode [ 137.236907][ T53] Bluetooth: hci0: command 0x040f tx timeout [ 137.251721][ T8070] hsr_slave_1: entered promiscuous mode [ 137.456130][ T8070] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 137.499986][ T8070] Cannot create hsr debugfs directory [ 137.598501][ T6418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.586878][ T42] hsr_slave_0: left promiscuous mode [ 138.622297][ T8232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.656591][ T42] hsr_slave_1: left promiscuous mode [ 138.673313][ T8232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.853302][ T8234] loop0: detected capacity change from 0 to 512 [ 138.866548][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.868141][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.870081][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.872066][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.880507][ T42] veth1_macvtap: left promiscuous mode [ 138.881714][ T42] veth0_macvtap: left promiscuous mode [ 138.883987][ T42] veth1_vlan: left promiscuous mode [ 138.885074][ T42] veth0_vlan: left promiscuous mode [ 138.897169][ T8234] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.099449][ T6420] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.157156][ T8241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.213027][ T8241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.388040][ T8244] PKCS8: Unsupported PKCS#8 version [ 139.842345][ T8246] loop2: detected capacity change from 0 to 256 [ 139.860067][ T8246] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 142.180304][ T8263] loop3: detected capacity change from 0 to 1024 [ 142.191551][ T8263] EXT4-fs: Ignoring removed orlov option [ 142.206244][ T8263] EXT4-fs (loop3): Test dummy encryption mode enabled [ 142.208953][ T8263] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 142.215964][ T8263] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.881626][ T42] team0 (unregistering): Port device team_slave_1 removed [ 144.088501][ T42] team0 (unregistering): Port device team_slave_0 removed [ 144.907638][ T8280] loop0: detected capacity change from 0 to 256 [ 144.909330][ T8280] vfat: Bad value for 'fmask' [ 144.913918][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 144.913929][ T30] audit: type=1326 audit(144.890:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 144.922655][ T8280] loop0: detected capacity change from 0 to 256 [ 144.924235][ T30] audit: type=1326 audit(144.900:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 144.933799][ T30] audit: type=1326 audit(144.900:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffad14a9a8 code=0x7ffc0000 [ 144.940261][ T30] audit: type=1326 audit(144.900:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffad14a9dc code=0x7ffc0000 [ 144.944764][ T30] audit: type=1326 audit(144.900:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffad1490e0 code=0x7ffc0000 [ 144.950053][ T30] audit: type=1326 audit(144.900:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffffad14aa4c code=0x7ffc0000 [ 144.954438][ T30] audit: type=1326 audit(144.900:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffad148f44 code=0x7ffc0000 [ 144.963155][ T8280] FAT-fs (loop0): Directory bread(block 64) failed [ 144.964653][ T8280] FAT-fs (loop0): Directory bread(block 65) failed [ 144.964952][ T30] audit: type=1326 audit(144.900:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffad14a4d0 code=0x7ffc0000 [ 144.966059][ T8280] FAT-fs (loop0): Directory bread(block 66) failed [ 144.970867][ T30] audit: type=1326 audit(144.910:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffad14931c code=0x7ffc0000 [ 144.976109][ T30] audit: type=1326 audit(144.910:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8279 comm="syz.0.471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffad14931c code=0x7ffc0000 [ 144.977287][ T8280] FAT-fs (loop0): Directory bread(block 67) failed [ 144.982246][ T8280] FAT-fs (loop0): Directory bread(block 68) failed [ 144.983595][ T8280] FAT-fs (loop0): Directory bread(block 69) failed [ 144.985605][ T8280] FAT-fs (loop0): Directory bread(block 70) failed [ 144.991195][ T8280] FAT-fs (loop0): Directory bread(block 71) failed [ 144.992546][ T8280] FAT-fs (loop0): Directory bread(block 72) failed [ 144.993938][ T8280] FAT-fs (loop0): Directory bread(block 73) failed [ 146.780990][ T7032] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.404422][ T8306] PKCS8: Unsupported PKCS#8 version [ 150.654894][ T8311] netlink: 288 bytes leftover after parsing attributes in process `syz.1.476'. [ 151.867515][ T8334] binder: 8329:8334 ioctl c0306201 0 returned -14 [ 152.609945][ T8070] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 152.613874][ T8070] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 152.646294][ T8070] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 152.651735][ T8070] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 153.450760][ T8070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.481772][ T8070] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.491282][ T7247] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.492907][ T7247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.613843][ T8070] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 153.616025][ T8070] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 153.640960][ T8356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.696646][ T8356] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.702536][ T8356] loop3: detected capacity change from 0 to 512 [ 153.706190][ T8356] EXT4-fs (loop3): blocks per group (64) and clusters per group (20800) inconsistent [ 153.827534][ T7247] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.829013][ T7247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.952334][ T8070] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.144236][ T8070] veth0_vlan: entered promiscuous mode [ 154.161401][ T8070] veth1_vlan: entered promiscuous mode [ 154.183764][ T8070] veth0_macvtap: entered promiscuous mode [ 154.196229][ T8070] veth1_macvtap: entered promiscuous mode [ 154.212701][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.214828][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.221853][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.223897][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.225874][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.244732][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.246974][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.249112][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.259586][ T8070] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.267650][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.269802][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.277104][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.279218][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.281145][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.293619][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.295573][ T8070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.299232][ T8070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.302040][ T8070] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.318296][ T8070] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.320202][ T8070] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.330759][ T8070] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.335003][ T8070] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.467388][ T8357] loop1: detected capacity change from 0 to 40427 [ 154.471371][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.475174][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.513786][ T8357] F2FS-fs (loop1): Unrecognized mount option "lazytime" or missing value [ 154.732286][ T8389] EXT4-fs (nvme0n1p2): resizing filesystem from 262144 to 262144 blocks [ 154.795050][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.799471][ T8393] PKCS8: Unsupported PKCS#8 version [ 154.808373][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.320277][ T8369] loop2: detected capacity change from 0 to 40427 [ 155.466029][ T8369] F2FS-fs (loop2): invalid crc value [ 155.535909][ T8369] F2FS-fs (loop2): Found nat_bits in checkpoint [ 155.621192][ T8413] binder: 8399:8413 ioctl c0306201 0 returned -14 [ 156.153111][ T8369] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 156.274812][ T8421] ip6tnl1: entered promiscuous mode [ 156.276054][ T8421] ip6tnl1: entered allmulticast mode [ 156.328532][ T8425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.010708][ T8425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.016972][ T8425] loop1: detected capacity change from 0 to 512 [ 157.049605][ T8425] EXT4-fs (loop1): blocks per group (64) and clusters per group (20800) inconsistent [ 158.254649][ T8460] input: syz0 as /devices/virtual/input/input6 [ 159.334376][ T8492] binder: 8486:8492 ioctl c0306201 0 returned -14 [ 159.981360][ T8496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.026660][ T8496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.419654][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 160.419669][ T30] audit: type=1326 audit(160.400:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.3.510" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 160.435525][ T30] audit: type=1326 audit(160.410:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.3.510" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 160.466482][ T30] audit: type=1326 audit(160.410:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.3.510" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=133 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 160.471361][ T30] audit: type=1326 audit(160.410:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.3.510" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb6d4a9a8 code=0x7ffc0000 [ 160.517113][ T8506] loop3: detected capacity change from 0 to 512 [ 160.560926][ T8506] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.672596][ T7032] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.771092][ T8535] binder: 8527:8535 ioctl c0306201 0 returned -14 [ 163.932688][ T8545] loop1: detected capacity change from 0 to 1024 [ 163.952578][ T8545] EXT4-fs: Ignoring removed oldalloc option [ 163.966960][ T8545] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 163.996273][ T8545] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.044136][ T6418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.270467][ T8551] Cannot find add_set index 3 as target [ 164.500693][ T8555] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 1 [ 165.744255][ T8582] loop2: detected capacity change from 0 to 2048 [ 166.132428][ T8582] Alternate GPT is invalid, using primary GPT. [ 166.133959][ T8582] loop2: p1 p2 p3 [ 166.202264][ T8587] input: syz0 as /devices/virtual/input/input7 [ 166.489265][ T8595] binder: 8574:8595 ioctl c0306201 0 returned -14 [ 166.512846][ T3797] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 166.691155][ T3797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.693573][ T3797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.695818][ T3797] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 166.710907][ T3797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.814495][ T3797] usb 1-1: config 0 descriptor?? [ 166.875218][ T7323] udevd[7323]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 166.882422][ T7333] udevd[7333]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 166.892681][ T8592] udevd[8592]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 166.941090][ T8601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.956704][ T8601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.963497][ T8603] loop1: detected capacity change from 0 to 512 [ 166.983317][ T8603] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 166.986743][ T8603] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.539: invalid indirect mapped block 2683928664 (level 1) [ 166.998341][ T8603] EXT4-fs (loop1): Remounting filesystem read-only [ 167.015435][ T8603] EXT4-fs (loop1): 1 truncate cleaned up [ 167.025868][ T8603] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.913674][ T7036] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.115760][ T3797] hid-led 0003:27B8:01ED.0002: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 168.121222][ T3797] hid-led 0003:27B8:01ED.0002: ThingM blink(1) initialized [ 168.483846][ T3797] usb 1-1: USB disconnect, device number 5 [ 169.580635][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 169.585342][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 169.588522][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 169.590560][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 169.592778][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 169.594372][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 169.738462][ T8632] loop2: detected capacity change from 0 to 256 [ 169.754054][ T8632] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010253, chksum : 0xa98551aa, utbl_chksum : 0xe619d30d) [ 169.857918][ T8633] binder: 8628:8633 ioctl c0306201 0 returned -14 [ 170.352977][ T7241] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.484731][ T8627] loop0: detected capacity change from 0 to 40427 [ 170.493380][ T8627] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 170.495012][ T8627] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 170.601954][ T8627] F2FS-fs (loop0): invalid crc value [ 170.654975][ T8627] F2FS-fs (loop0): Found nat_bits in checkpoint [ 170.699489][ T8627] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 170.701121][ T8627] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 170.762735][ T7241] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.912906][ T30] audit: type=1107 audit(170.890:94): pid=8645 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 171.428391][ T8654] loop4: detected capacity change from 0 to 1024 [ 171.444277][ T8654] EXT4-fs: Ignoring removed orlov option [ 171.445464][ T8654] EXT4-fs: Ignoring removed nomblk_io_submit option [ 171.617008][ T6427] Bluetooth: hci0: command tx timeout [ 171.995481][ T6420] F2FS-fs (loop0): access invalid blkaddr:2048 [ 171.997094][ T7241] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.004657][ T6420] CPU: 0 UID: 0 PID: 6420 Comm: syz-executor Not tainted 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 [ 172.004816][ T8654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.006814][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 172.006833][ T6420] Call trace: [ 172.006838][ T6420] dump_backtrace+0x1b8/0x1e4 [ 172.006855][ T6420] show_stack+0x2c/0x3c [ 172.006865][ T6420] dump_stack_lvl+0xe4/0x150 [ 172.015004][ T6420] dump_stack+0x1c/0x28 [ 172.015847][ T6420] __f2fs_is_valid_blkaddr+0xad8/0x1078 [ 172.017076][ T6420] f2fs_is_valid_blkaddr+0x12c/0x260 [ 172.018196][ T6420] f2fs_map_blocks+0x994/0x3cd0 [ 172.019252][ T6420] f2fs_mpage_readpages+0xde0/0x200c [ 172.020364][ T6420] f2fs_readahead+0x184/0x3d0 [ 172.021355][ T6420] read_pages+0x160/0x694 [ 172.022300][ T6420] page_cache_ra_unbounded+0x554/0x65c [ 172.023459][ T6420] page_cache_ra_order+0x3ec/0xa58 [ 172.024511][ T6420] page_cache_sync_ra+0x568/0x70c [ 172.025656][ T6420] f2fs_readdir+0x484/0xdd4 [ 172.026580][ T6420] iterate_dir+0x408/0x648 [ 172.027424][ T6420] __arm64_sys_getdents64+0x1c4/0x48c [ 172.028477][ T6420] invoke_syscall+0x98/0x2b8 [ 172.029440][ T6420] el0_svc_common+0x130/0x23c [ 172.030561][ T6420] do_el0_svc+0x48/0x58 [ 172.031401][ T6420] el0_svc+0x54/0x168 [ 172.032265][ T6420] el0t_64_sync_handler+0x84/0x108 [ 172.033317][ T6420] el0t_64_sync+0x190/0x194 [ 172.036225][ T8624] chnl_net:caif_netlink_parms(): no params data found [ 172.056162][ T6420] syz-executor: attempt to access beyond end of device [ 172.056162][ T6420] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 172.065511][ T6420] syz-executor: attempt to access beyond end of device [ 172.065511][ T6420] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 172.083273][ T8070] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.147948][ T6420] syz-executor: attempt to access beyond end of device [ 172.147948][ T6420] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 172.165363][ T6420] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 172.318393][ T7241] bond0: (slave netdevsim0): Releasing backup interface [ 173.389998][ T7241] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.659273][ T8624] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.660820][ T8624] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.662480][ T8624] bridge_slave_0: entered allmulticast mode [ 173.664379][ T8624] bridge_slave_0: entered promiscuous mode [ 173.668446][ T8624] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.670960][ T8624] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.672670][ T8624] bridge_slave_1: entered allmulticast mode [ 173.674505][ T8624] bridge_slave_1: entered promiscuous mode [ 173.696773][ T6427] Bluetooth: hci0: command tx timeout [ 173.705660][ T8624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.712483][ T8624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.740102][ T8624] team0: Port device team_slave_0 added [ 173.755351][ T8682] input: syz0 as /devices/virtual/input/input8 [ 173.781352][ T8624] team0: Port device team_slave_1 added [ 173.851702][ T7241] bridge_slave_1: left allmulticast mode [ 173.853136][ T7241] bridge_slave_1: left promiscuous mode [ 173.854411][ T7241] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.859920][ T7241] bridge_slave_0: left allmulticast mode [ 173.861180][ T7241] bridge_slave_0: left promiscuous mode [ 173.862540][ T7241] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.001643][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 174.006334][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 174.010207][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 174.012694][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 174.014500][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 174.017334][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 176.147123][ T53] Bluetooth: hci0: command tx timeout [ 176.148475][ T53] Bluetooth: hci2: command tx timeout [ 176.151928][ T7241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.198891][ T7241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.229857][ T7241] bond0 (unregistering): Released all slaves [ 176.263959][ T8624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.265509][ T8624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.271401][ T8624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.280852][ T8699] loop2: detected capacity change from 0 to 2048 [ 176.303197][ T8702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.326911][ T8702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.350442][ T8699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.368344][ T8624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.370004][ T8624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.375788][ T8699] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, [ 176.375859][ T8624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.380441][ T8699] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 176.391641][ T8699] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 176.394127][ T8699] EXT4-fs (loop2): This should not happen!! Data will be lost [ 176.394127][ T8699] [ 176.396009][ T8699] EXT4-fs (loop2): Total free blocks count 0 [ 176.408579][ T8699] EXT4-fs (loop2): Free/Dirty block details [ 176.409869][ T8699] EXT4-fs (loop2): free_blocks=2415919104 [ 176.411033][ T8699] EXT4-fs (loop2): dirty_blocks=16 [ 176.412129][ T8699] EXT4-fs (loop2): Block reservation details [ 176.413286][ T8699] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 176.524773][ T8699] EXT4-fs error (device loop2): __ext4_remount:6522: comm syz.2.569: Abort forced by user [ 176.543289][ T8699] EXT4-fs (loop2): Remounting filesystem read-only [ 176.569274][ T8702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.597193][ T8702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.739073][ T8624] hsr_slave_0: entered promiscuous mode [ 176.786760][ T8624] hsr_slave_1: entered promiscuous mode [ 176.826530][ T8624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.828194][ T8624] Cannot create hsr debugfs directory [ 177.095891][ T7241] hsr_slave_0: left promiscuous mode [ 177.144671][ T7241] hsr_slave_1: left promiscuous mode [ 177.179806][ T8742] input: syz0 as /devices/virtual/input/input10 [ 177.208158][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.209670][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.221273][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.222945][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.252619][ T7241] veth1_macvtap: left promiscuous mode [ 177.253798][ T7241] veth0_macvtap: left promiscuous mode [ 177.255106][ T7241] veth1_vlan: left promiscuous mode [ 177.278619][ T7241] veth0_vlan: left promiscuous mode [ 177.776507][ T6409] atkbd serio0: keyboard reset failed on [ 178.176471][ T6427] Bluetooth: hci2: command tx timeout [ 178.179212][ T6427] Bluetooth: hci0: command tx timeout [ 178.849034][ T8762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.886641][ T8762] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.898903][ T8762] netlink: 56 bytes leftover after parsing attributes in process `syz.2.581'. [ 179.684070][ T7241] team0 (unregistering): Port device team_slave_1 removed [ 179.859389][ T7241] team0 (unregistering): Port device team_slave_0 removed [ 180.257179][ T53] Bluetooth: hci2: command tx timeout [ 182.023193][ T8762] netlink: 32 bytes leftover after parsing attributes in process `syz.2.581'. [ 182.107223][ T8686] chnl_net:caif_netlink_parms(): no params data found [ 182.212926][ T8783] Cannot find add_set index 3 as target [ 182.288336][ T8787] process 'syz.4.589' launched '/dev/fd/3' with NULL argv: empty string added [ 182.339027][ T53] Bluetooth: hci2: command tx timeout [ 182.362696][ T8686] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.364213][ T8686] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.365739][ T8686] bridge_slave_0: entered allmulticast mode [ 182.368104][ T8686] bridge_slave_0: entered promiscuous mode [ 183.067979][ T8800] input: syz0 as /devices/virtual/input/input12 [ 183.118123][ T8686] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.127192][ T8686] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.128789][ T8686] bridge_slave_1: entered allmulticast mode [ 183.157016][ T8686] bridge_slave_1: entered promiscuous mode [ 183.399209][ T8686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.402709][ T8686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.043488][ T8816] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 184.045609][ T8816] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 184.063879][ T8686] team0: Port device team_slave_0 added [ 184.070488][ T8686] team0: Port device team_slave_1 added [ 184.098853][ T8686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.100195][ T8686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.181885][ T8686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.188716][ T8686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.190165][ T8686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.206816][ T8686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.307941][ T8686] hsr_slave_0: entered promiscuous mode [ 184.346765][ T8686] hsr_slave_1: entered promiscuous mode [ 184.396425][ T8686] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.398119][ T8686] Cannot create hsr debugfs directory [ 185.325169][ T8831] Cannot find add_set index 3 as target [ 185.380272][ T7241] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.435339][ T8624] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 185.458098][ T8624] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 185.670016][ T7241] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.677840][ T8624] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 185.681446][ T8624] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 185.702252][ T8841] tipc: Started in network mode [ 185.703282][ T8841] tipc: Node identity 7e8a99bcda71, cluster identity 4711 [ 185.877727][ T8841] tipc: Enabled bearer , priority 10 [ 186.264362][ T7241] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.429582][ T7241] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.469129][ T8624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.493517][ T8624] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.513253][ T8624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 186.515431][ T8624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.522119][ T7251] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.523760][ T7251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.526228][ T7251] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.527891][ T7251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.733350][ T7241] bridge_slave_1: left allmulticast mode [ 186.734726][ T7241] bridge_slave_1: left promiscuous mode [ 186.736226][ T7241] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.761035][ T7241] bridge_slave_0: left allmulticast mode [ 186.762240][ T7241] bridge_slave_0: left promiscuous mode [ 186.763506][ T7241] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.884698][ T27] tipc: Node number set to 2767952316 [ 187.377390][ T2341] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.378788][ T2341] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.510675][ T7241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.548808][ T7241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.593665][ T7241] bond0 (unregistering): Released all slaves [ 188.604118][ T8624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.633375][ T8624] veth0_vlan: entered promiscuous mode [ 188.700146][ T8624] veth1_vlan: entered promiscuous mode [ 188.843374][ T8624] veth0_macvtap: entered promiscuous mode [ 188.847244][ T8624] veth1_macvtap: entered promiscuous mode [ 188.853338][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.855494][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.858132][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.860404][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.862312][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.864583][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.867131][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.869343][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.872399][ T8624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.877587][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.881795][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.884155][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.907341][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.909459][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.106167][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.146773][ T8624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.219374][ T8624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.422199][ T8624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.544637][ T8624] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.548475][ T8624] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.550357][ T8624] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.552180][ T8624] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.669020][ T8936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.891069][ T8936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.270512][ T8944] input: syz0 as /devices/virtual/input/input13 [ 190.343067][ T7251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.345491][ T7251] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.393204][ T7251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.399675][ T7251] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.608031][ T8686] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.638487][ T8686] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.666727][ T7241] hsr_slave_0: left promiscuous mode [ 190.730907][ T7241] hsr_slave_1: left promiscuous mode [ 190.856775][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.858470][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.880923][ T30] audit: type=1326 audit(190.860:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8967 comm="syz.2.617" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 190.881855][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.886942][ T30] audit: type=1326 audit(190.860:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8967 comm="syz.2.617" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 190.887062][ T30] audit: type=1326 audit(190.870:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8967 comm="syz.2.617" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=10 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 190.903837][ T30] audit: type=1326 audit(190.880:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8967 comm="syz.2.617" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 190.908188][ T30] audit: type=1326 audit(190.880:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8967 comm="syz.2.617" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb354a9a8 code=0x7ffc0000 [ 190.939493][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.006401][ T8970] binder: 8963:8970 ioctl c0306201 0 returned -14 [ 191.498381][ T7241] veth1_macvtap: left promiscuous mode [ 191.499629][ T7241] veth0_macvtap: left promiscuous mode [ 191.500792][ T7241] veth1_vlan: left promiscuous mode [ 191.502064][ T7241] veth0_vlan: left promiscuous mode [ 194.268882][ T7241] team0 (unregistering): Port device team_slave_1 removed [ 194.588802][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 194.682131][ T7241] team0 (unregistering): Port device team_slave_0 removed [ 196.801138][ T8686] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 196.806779][ T8989] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 196.808696][ T8989] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 196.870850][ T8686] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 196.881692][ T8992] capability: warning: `syz.4.625' uses 32-bit capabilities (legacy support in use) [ 196.975720][ T8686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.983510][ T8686] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.001608][ T8686] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 197.003694][ T8686] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 197.016057][ T7251] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.017559][ T7251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.020086][ T7251] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.021574][ T7251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.286284][ T9010] binder: 8997:9010 ioctl c0306201 0 returned -14 [ 197.933436][ T8686] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.025313][ T8686] veth0_vlan: entered promiscuous mode [ 198.037465][ T9026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.059725][ T8686] veth1_vlan: entered promiscuous mode [ 198.076759][ T9026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.085586][ T8686] veth0_macvtap: entered promiscuous mode [ 198.107357][ T8686] veth1_macvtap: entered promiscuous mode [ 198.139170][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.141404][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.143721][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.157092][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.159253][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.161847][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.164009][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.166203][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.170258][ T8686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.185311][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.196721][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.198742][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.200881][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.203007][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.208687][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.210680][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.212866][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.216343][ T8686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.219491][ T8686] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.221292][ T8686] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.223101][ T8686] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.224848][ T8686] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.385294][ T4168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.387776][ T4168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.992262][ T5314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.996224][ T5314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.293837][ T9054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.337564][ T9054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.415317][ T9059] binder: 9046:9059 ioctl c0306201 0 returned -14 [ 199.785660][ T6427] Bluetooth: hci6: command 0x0406 tx timeout [ 200.134192][ T9076] netlink: 'syz.3.650': attribute type 3 has an invalid length. [ 200.718426][ T9093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.989254][ T9093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.345860][ T9115] binder: 9102:9115 ioctl c0306201 0 returned -14 [ 201.881235][ T9120] loop8: detected capacity change from 0 to 7 [ 201.888481][ T9120] Dev loop8: unable to read RDB block 7 [ 201.890387][ T9120] loop8: unable to read partition table [ 201.897704][ T9120] loop8: partition table beyond EOD, truncated [ 201.898988][ T9120] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 201.898988][ T9120] ) failed (rc=-5) [ 201.966515][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 202.130821][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 202.137619][ T8] usb 1-1: config 0 has no interfaces? [ 202.140292][ T8] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 202.142300][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.144002][ T8] usb 1-1: Product: syz [ 202.144873][ T8] usb 1-1: Manufacturer: syz [ 202.146328][ T8] usb 1-1: SerialNumber: syz [ 202.149580][ T8] usb 1-1: config 0 descriptor?? [ 202.897831][ T6470] atkbd serio1: keyboard reset failed on [ 203.334696][ T6471] usb 1-1: USB disconnect, device number 6 [ 203.440306][ T9158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.496663][ T9158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.606836][ T9163] binder: 9155:9163 ioctl c0306201 0 returned -14 [ 204.279639][ T9167] netlink: 'syz.2.678': attribute type 10 has an invalid length. [ 204.287732][ T9167] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.289972][ T9167] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.308981][ T9167] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.310607][ T9167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.312282][ T9167] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.314394][ T9167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.329957][ T9167] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 204.685148][ T6470] atkbd serio2: keyboard reset failed on [ 206.006475][ T6470] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 206.067543][ T9210] binder: 9198:9210 ioctl c0306201 0 returned -14 [ 206.446435][ T6470] usb 1-1: Using ep0 maxpacket: 8 [ 206.449103][ T6470] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 206.451080][ T6470] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 206.453161][ T6470] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 206.456096][ T6470] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 206.458363][ T6470] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 206.461292][ T6470] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 206.463414][ T6470] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.680509][ T6470] usb 1-1: GET_CAPABILITIES returned 0 [ 206.682012][ T6470] usbtmc 1-1:16.0: can't read capabilities [ 208.043586][ T9248] binder: 9243:9248 ioctl c0306201 0 returned -14 [ 208.720213][ T9261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.751426][ T9261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.383800][ T9270] overlayfs: missing 'lowerdir' [ 209.581939][ T6470] usb 1-1: USB disconnect, device number 7 [ 209.637498][ T9277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.717'. [ 209.981777][ T9293] binder: 9283:9293 ioctl c0306201 0 returned -14 [ 210.723776][ T9307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.730'. [ 211.666940][ T9338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.718667][ T9338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.879119][ T9343] binder: 9333:9343 ioctl c0306201 0 returned -14 [ 212.521828][ T9352] netlink: 16 bytes leftover after parsing attributes in process `syz.0.746'. [ 213.598726][ T9389] binder: 9375:9389 ioctl c0306201 0 returned -14 [ 214.112221][ T9387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.166892][ T9387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.375350][ T9416] netlink: 12 bytes leftover after parsing attributes in process `syz.0.773'. [ 215.498843][ T9446] binder: 9434:9446 ioctl c0306201 0 returned -14 [ 216.351928][ T9470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.361231][ T9472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.376826][ T9472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.550658][ T9470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.465014][ T9483] binder: 9480:9483 ioctl c0306201 0 returned -14 [ 218.146799][ T9494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.258600][ T9494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.315207][ T9523] binder: 9518:9523 ioctl c0306201 0 returned -14 [ 220.030115][ T9536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'. [ 221.081139][ T9567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.106607][ T9567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.185762][ T9569] binder: 9561:9569 ioctl c0306201 0 returned -14 [ 221.811829][ T9576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.926733][ T9576] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.020167][ T9622] binder: 9606:9622 ioctl c0306201 0 returned -14 [ 224.637982][ T9626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.666680][ T9626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.565279][ T9657] xt_SECMARK: invalid mode: 0 [ 225.784333][ T9671] netlink: 32 bytes leftover after parsing attributes in process `syz.4.867'. [ 225.850755][ T9668] binder: 9660:9668 ioctl c0306201 0 returned -14 [ 225.866997][ T6471] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 225.882104][ T9677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.983391][ T9677] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.245293][ T6471] usb 1-1: config 0 interface 0 has no altsetting 0 [ 227.246986][ T6471] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 227.249063][ T6471] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.263282][ T6471] usb 1-1: config 0 descriptor?? [ 227.315064][ T9690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.458741][ T9690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.190009][ T6471] video4linux radio2: keene_cmd_set failed (-71) [ 229.191608][ T6471] radio-keene 1-1:0.0: V4L2 device registered as radio2 [ 229.195231][ T6471] usb 1-1: USB disconnect, device number 8 [ 229.239228][ T9719] binder: 9713:9719 ioctl c0306201 0 returned -14 [ 229.291761][ T9729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.317440][ T9729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.382040][ T6470] atkbd serio3: keyboard reset failed on [ 229.913688][ T9735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.979761][ T9735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.027379][ T9738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.057749][ T9738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.400978][ T9745] 9pnet_fd: Insufficient options for proto=fd [ 231.675767][ T9775] binder: 9761:9775 ioctl c0306201 0 returned -14 [ 233.165051][ T9788] [ 233.165613][ T9788] ====================================================== [ 233.167042][ T9788] WARNING: possible circular locking dependency detected [ 233.168445][ T9788] 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 Not tainted [ 233.169778][ T9788] ------------------------------------------------------ [ 233.171257][ T9788] syz.3.906/9788 is trying to acquire lock: [ 233.172599][ T9788] ffff0000da41b258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x60/0x2c8 [ 233.175089][ T9788] [ 233.175089][ T9788] but task is already holding lock: [ 233.176628][ T9788] ffff0000cbf8f528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x1f8/0x608 [ 233.178498][ T9788] [ 233.178498][ T9788] which lock already depends on the new lock. [ 233.178498][ T9788] [ 233.180607][ T9788] [ 233.180607][ T9788] the existing dependency chain (in reverse order) is: [ 233.182684][ T9788] [ 233.182684][ T9788] -> #3 (&d->lock){+.+.}-{3:3}: [ 233.184318][ T9788] __mutex_lock_common+0x190/0x21a0 [ 233.185544][ T9788] mutex_lock_nested+0x2c/0x38 [ 233.186663][ T9788] rfcomm_dev_ioctl+0x1560/0x231c [ 233.187839][ T9788] rfcomm_sock_ioctl+0x98/0xf0 [ 233.188958][ T9788] sock_do_ioctl+0x134/0x2d0 [ 233.190073][ T9788] sock_ioctl+0x4ec/0x838 [ 233.191059][ T9788] __arm64_sys_ioctl+0x14c/0x1c8 [ 233.192299][ T9788] invoke_syscall+0x98/0x2b8 [ 233.193343][ T9788] el0_svc_common+0x130/0x23c [ 233.194413][ T9788] do_el0_svc+0x48/0x58 [ 233.195447][ T9788] el0_svc+0x54/0x168 [ 233.196435][ T9788] el0t_64_sync_handler+0x84/0x108 [ 233.197646][ T9788] el0t_64_sync+0x190/0x194 [ 233.198762][ T9788] [ 233.198762][ T9788] -> #2 (rfcomm_dev_lock){+.+.}-{3:3}: [ 233.200384][ T9788] __mutex_lock_common+0x190/0x21a0 [ 233.201590][ T9788] mutex_lock_nested+0x2c/0x38 [ 233.202827][ T9788] rfcomm_dev_get+0x90/0x324 [ 233.204021][ T9788] rfcomm_dev_ioctl+0xbb8/0x231c [ 233.205158][ T9788] rfcomm_sock_ioctl+0x98/0xf0 [ 233.206288][ T9788] sock_do_ioctl+0x134/0x2d0 [ 233.207574][ T9788] sock_ioctl+0x4ec/0x838 [ 233.208624][ T9788] __arm64_sys_ioctl+0x14c/0x1c8 [ 233.209804][ T9788] invoke_syscall+0x98/0x2b8 [ 233.210928][ T9788] el0_svc_common+0x130/0x23c [ 233.211975][ T9788] do_el0_svc+0x48/0x58 [ 233.213001][ T9788] el0_svc+0x54/0x168 [ 233.214090][ T9788] el0t_64_sync_handler+0x84/0x108 [ 233.215305][ T9788] el0t_64_sync+0x190/0x194 [ 233.216322][ T9788] [ 233.216322][ T9788] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 233.218105][ T9788] __mutex_lock_common+0x190/0x21a0 [ 233.219356][ T9788] mutex_lock_nested+0x2c/0x38 [ 233.220506][ T9788] rfcomm_dev_ioctl+0x18c/0x231c [ 233.221729][ T9788] rfcomm_sock_ioctl+0x98/0xf0 [ 233.222873][ T9788] sock_do_ioctl+0x134/0x2d0 [ 233.223825][ T9788] sock_ioctl+0x4ec/0x838 [ 233.224811][ T9788] __arm64_sys_ioctl+0x14c/0x1c8 [ 233.226064][ T9788] invoke_syscall+0x98/0x2b8 [ 233.227234][ T9788] el0_svc_common+0x130/0x23c [ 233.228309][ T9788] do_el0_svc+0x48/0x58 [ 233.229292][ T9788] el0_svc+0x54/0x168 [ 233.230426][ T9788] el0t_64_sync_handler+0x84/0x108 [ 233.231697][ T9788] el0t_64_sync+0x190/0x194 [ 233.232739][ T9788] [ 233.232739][ T9788] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 233.234717][ T9788] __lock_acquire+0x33f8/0x77c8 [ 233.235860][ T9788] lock_acquire+0x240/0x728 [ 233.237091][ T9788] lock_sock_nested+0x5c/0x11c [ 233.238251][ T9788] rfcomm_sk_state_change+0x60/0x2c8 [ 233.239479][ T9788] __rfcomm_dlc_close+0x234/0x608 [ 233.240735][ T9788] rfcomm_dlc_close+0x100/0x194 [ 233.242060][ T9788] __rfcomm_sock_close+0x138/0x258 [ 233.243246][ T9788] rfcomm_sock_shutdown+0xa8/0x214 [ 233.244522][ T9788] rfcomm_sock_release+0x58/0x114 [ 233.245754][ T9788] sock_close+0xa4/0x1e8 [ 233.246829][ T9788] __fput+0x1bc/0x75c [ 233.247744][ T9788] ____fput+0x20/0x30 [ 233.248658][ T9788] task_work_run+0x230/0x2e0 [ 233.249799][ T9788] get_signal+0x1350/0x152c [ 233.250834][ T9788] do_signal+0x26c/0x4c44 [ 233.251882][ T9788] do_notify_resume+0x74/0x1f4 [ 233.253088][ T9788] el0_svc+0xac/0x168 [ 233.254015][ T9788] el0t_64_sync_handler+0x84/0x108 [ 233.255325][ T9788] el0t_64_sync+0x190/0x194 [ 233.256309][ T9788] [ 233.256309][ T9788] other info that might help us debug this: [ 233.256309][ T9788] [ 233.258570][ T9788] Chain exists of: [ 233.258570][ T9788] sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_dev_lock --> &d->lock [ 233.258570][ T9788] [ 233.261625][ T9788] Possible unsafe locking scenario: [ 233.261625][ T9788] [ 233.263134][ T9788] CPU0 CPU1 [ 233.264195][ T9788] ---- ---- [ 233.265299][ T9788] lock(&d->lock); [ 233.266163][ T9788] lock(rfcomm_dev_lock); [ 233.267763][ T9788] lock(&d->lock); [ 233.269144][ T9788] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 233.270363][ T9788] [ 233.270363][ T9788] *** DEADLOCK *** [ 233.270363][ T9788] [ 233.272074][ T9788] 3 locks held by syz.3.906/9788: [ 233.273106][ T9788] #0: ffff0000db7fe808 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x80/0x1e8 [ 233.275315][ T9788] #1: ffff8000928827e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x44/0x194 [ 233.277238][ T9788] #2: ffff0000cbf8f528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x1f8/0x608 [ 233.279434][ T9788] [ 233.279434][ T9788] stack backtrace: [ 233.280769][ T9788] CPU: 1 UID: 0 PID: 9788 Comm: syz.3.906 Not tainted 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 [ 233.283046][ T9788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 233.285080][ T9788] Call trace: [ 233.285773][ T9788] dump_backtrace+0x1b8/0x1e4 [ 233.286862][ T9788] show_stack+0x2c/0x3c [ 233.287753][ T9788] dump_stack_lvl+0xe4/0x150 [ 233.288736][ T9788] dump_stack+0x1c/0x28 [ 233.289534][ T9788] print_circular_bug+0x154/0x1c0 [ 233.290651][ T9788] check_noncircular+0x310/0x404 [ 233.291766][ T9788] __lock_acquire+0x33f8/0x77c8 [ 233.292728][ T9788] lock_acquire+0x240/0x728 [ 233.293674][ T9788] lock_sock_nested+0x5c/0x11c [ 233.294660][ T9788] rfcomm_sk_state_change+0x60/0x2c8 [ 233.295829][ T9788] __rfcomm_dlc_close+0x234/0x608 [ 233.297031][ T9788] rfcomm_dlc_close+0x100/0x194 [ 233.298107][ T9788] __rfcomm_sock_close+0x138/0x258 [ 233.299217][ T9788] rfcomm_sock_shutdown+0xa8/0x214 [ 233.300376][ T9788] rfcomm_sock_release+0x58/0x114 [ 233.301484][ T9788] sock_close+0xa4/0x1e8 [ 233.302437][ T9788] __fput+0x1bc/0x75c [ 233.303264][ T9788] ____fput+0x20/0x30 [ 233.304147][ T9788] task_work_run+0x230/0x2e0 [ 233.305154][ T9788] get_signal+0x1350/0x152c [ 233.306101][ T9788] do_signal+0x26c/0x4c44 [ 233.307035][ T9788] do_notify_resume+0x74/0x1f4 [ 233.308165][ T9788] el0_svc+0xac/0x168 [ 233.308977][ T9788] el0t_64_sync_handler+0x84/0x108 [ 233.310025][ T9788] el0t_64_sync+0x190/0x194 [ 233.311057][ C1] vkms_vblank_simulate: vblank timer overrun