last executing test programs: 4.325455689s ago: executing program 3 (id=233): syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000b40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x44, &(0x7f0000000600)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x15a, &(0x7f0000003180)="$eJzs2rFK81AUB/DzwYdKwcXRqVCpgjZJE62rjuLm7lBqbhq8MSURpH0BcRIUroMvIfgEPoFkEjddivgSkdtcNI0Wsthb4f9b+ofTJicn9E6nEYVBk8UNoo3e1cFwKQqDasvZ7rAma1Nmj4iqMiRpemPQNy+f9SQl44cv6LXynn3W1jyxf8F87tq6WwIAAAAAAAAAAAAAAAAAAAAAgJLqFRUqXRGcM5+7zVw17g+O25y7UUy0oKlDvepVtcNFTPBbOR9nbBTrMu/I5IvdSNat8d9fq7DaFfy1OF/zNOiZcX/Q8IO253ruiW07LWvTsrZsc3Qts3jF+p3qiZL03sqtkxmPh46s5/bNnsvsm6n3/3/ZF5dnxbt9vX+EKQaiCaV/9Ds3fdP+yH8pPM1l/45Z6UdDWCx5fM6+0fk3JKJ5p/Ygzz+jE/IjVZzGOPU+PgBM8hEAAP//oTc3XQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) 3.934822256s ago: executing program 3 (id=238): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2c04}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000080}, 0x84) 3.285956326s ago: executing program 3 (id=248): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="10", 0x1}], 0x1, &(0x7f0000000140)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}, 0x8841) 3.138806549s ago: executing program 1 (id=250): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x4, &(0x7f0000000180)="ee038f17b988103e37c25215465b700a584915621d0e13c473b652620587be8f78a22fb826192f8692", 0x29) 3.05133218s ago: executing program 3 (id=252): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBSENT(r0, 0x5602, &(0x7f0000000240)={0x4, "96d3e9659db3f50cb3c4e683f4fae026a3b284dd56630882be4bc0f34042227a71f06b95d73e34c8ecf3325e43f75f16f13d8905d3bdce627dc6ae0b14840f4c8bebc40872293c61ddd293631a22c6d5c8c9b16b987f4326874ddc5e2610c5505cea115e51bf6feb3e93cf89b8f44394fa2ac7f6cf757a9416c7545c5e5caa34450f0397d179f2225b57f644ce8ad31b15547b9364daef8e784f2036a75c3c5cfd124cdd424a558ea90d054d36c0d1d0db92e5e7f668dadcbfaed92c7cf3204be0c4904d308feba3447d7f41a58bc2fd4682e306a592696e4de9427d87c008d3e172cf162cc35f00915fe9fc9ea84e28838940e4bb2fdb63d547c91a17211a1ce43a2933f8227e8b6767ab70bc9223e62a2d3ad9b13f74e2000961e62eaea005088d6d74a19eb0c56ce314323143fcfe27e410e10bd21a2140783385bdb1a7d33038427e336829ccfb63c04e537ca51ddae5fdf29505fca04fc4b2a13d6dad7db2eace60e9589712719a49a2d2d44587465037851b1fe93a0ed46822294671098fd53e79fe428bf6ae3846299ab1d238ad07be6cc01b5fcaacfce829c209e67d5548a38b637f3b44905b8be24dfba30e1b6d074b43e53fcded14a4190a585949baa43fef6c70ce7b1612299d734c07feed23252886a1317358cf5ecaf0186d2dbdb3eab8a9c3c21d4828ef8a9dd89207f2884a57679fcd495a00"}) 2.916748092s ago: executing program 1 (id=254): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@bridge_newvlan={0x24, 0x76, 0x709, 0x0, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x2}}]}, 0x24}, 0x1, 0x5502000000000000}, 0x23f58e5b666a3f02) 2.822872204s ago: executing program 3 (id=256): syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)={[{}]}, 0x1, 0x232, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1t9BgaGDSDnulXOjbnrFi/ItUz9fN2bFwwHoz5PZGBkZGBgYmCYGbZzD7K/yhugkcHAzMDAoMIAUsTCkJaZk2rgwcDIwMzAws6ADGCqmRg4wKr0kvNzUtoZGMFJAKxtOQML3AzDxwys/CDlII7RYwZWuIyxRQPMyHYorQKlPaD0cij9GErLoyUbFrAJ/VCeRgMDAxtDReJ//iJDNgYGhorEkpIiQ4hYSUmREVzMSABuMxPU1rlMqJ47zsQwCkbBKBgFo2AUjIJRMApGwSgYBSMZAAIAAP//kpC1eQ==") syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da000905"], 0x0) 2.696037356s ago: executing program 1 (id=257): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x29, 0x9, 0x4, 0xc3, 0x4, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20, 0x20, 0x1, 0xbacf}}) 2.45409376s ago: executing program 1 (id=261): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000000040)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x2, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000851}, 0x0) 2.174500794s ago: executing program 1 (id=265): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1a00040, &(0x7f0000000140)={[{@shortname_lower}, {@rodir}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@shortname_win95}, {@uni_xlateno}, {@utf8}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@rodir}, {@uni_xlateno}, {@numtail}, {@utf8no}]}, 0x3, 0x350, &(0x7f0000000900)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x17c) 2.097209566s ago: executing program 0 (id=267): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xcd20}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4044081}, 0x0) 1.975499418s ago: executing program 2 (id=268): r0 = socket$inet6(0xa, 0x2, 0x11) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) 1.83408159s ago: executing program 0 (id=269): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000440)=@newsa={0xf0, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@broadcast, 0x0, 0x2b}, @in=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x801b, 0x0, 0x1000000000000000}, {0x0, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0x0, 0x0, 0xa, 0x1, 0x6}}, 0xf0}}, 0x20000000) 1.756265311s ago: executing program 2 (id=270): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0800}]}) rt_tgsigqueueinfo(0x0, 0x0, 0x29, 0x0) 1.701799252s ago: executing program 0 (id=271): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) 1.698565143s ago: executing program 1 (id=272): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x3800844, &(0x7f0000000340)=ANY=[@ANYBLOB='nfs,nonumtail=0,uni_xlate=0,iocharset=cp950,utf8=0,uni_xlate=0,shortname=lower,codepage=866,umask=00000000000000000100002,shortname=win95,shortname=lower,uni_xlate=0,\x00aS'], 0x3, 0x366, &(0x7f0000000840)="$eJzs3U9om2UYAPAn+9KkHdT2IAwF4dOboGWteNBTy+hgmItK8M9BDK5TaeqgwWB3aFov4lHwqCdvCnrwsLMIinjz4NUJMhUPutvA4SfJl79N2nVg68p+v0N48rzPs/f99n00XxPy9tXlWL84FZdu3Lge09OFKC6fW46bhZiPJHp2YlxpQg4AOBluZln8leUO1zFVOOo1AQBHq/P6//rsUObdbw6qz7z6A8CJ1/39fyZ/lkysmd6v+fKRLQsAOEJj7/8/MjJcGv2ov7jPHQIAcJI8/9LLz6xUIp5L0+mIjfea1WY1nh6Mr1yKN6Mea3E25uJWRH6j0H4odB7PX6isnk3TtBW/zke13dGsRmy0mtX8TmEl6fSXYzHmYr7b373byLIsOf9lZXUxTdO087nCTqszf2wUmtWpON2d/6fTsRZLkcb9Y/0RFyqrS2kuqhu9/lbE7uB9i/b6F2IufngtLkc9Lka7t3dbU1ndXkzTc1llpL9ZLXfqctPx2eyxnRIAAAAAAAAAAAAAAAAAAAAAAO4BC2nffH//m2ywf8/CwoTxzv44eX93f6DdfH+grJxFlv35zuPV95MY2R9o7/48zWoxTv2/hw4AAAAAAAAAAAAAAAAAAAB3jcZWKWr1+tpmY+vK+nDQ2mxsnYqIduat7z7/eibGa24TFLtzDA2l3dSV9VqW9IqzJK+ZGWlP2pP3Mp9e7a94uKbcP4qJyyjvP1Svzz78y0eDzENJ71/+Z1CTxOQDTPYsYzjYuC9f0p38R/WDpdvUXMuybL/27VfGu6IQUbzzE3dwkLWDb6+/8cATjTNPdjJfZblHH5t74dqHn/y+Xqu3Z47OGSxtNm5l67Xu88kX2/5BMnT9FCIPCsNXQvGg9t3RTC358Y8XH/zg+8PNng0yhfrbE2qS/HC+2DtUyoP2MvcM9a/w0tCVORXFgy/j/yY48/Fy7er2z78dtmvoh4SNOgAAAAAAAAAAAAAAAAAA4FgMfVe8q/tl36mDup569uhXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHZ/D3/4eC3bHMeFCOvZm/WzFeXF7bbESUJk++c9xHCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAverfAAAA//+Gb2jU") openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) 1.581173034s ago: executing program 2 (id=273): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x7999, 0x100080) ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0) 1.427182577s ago: executing program 2 (id=274): r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) 1.415836607s ago: executing program 0 (id=275): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x6, 0xfffffeff, 0x0, 0x0, 0x200040, 0x0, 0x4875c99660ff2b28}) 955.615335ms ago: executing program 2 (id=276): r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x18000}, {0xa, 0x0, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x3}, 0x4}, 0x0, {[0x6, 0x200, 0x1, 0xfffffefc, 0x102d, 0x1, 0x0, 0x200000]}}, 0x5c) 883.246566ms ago: executing program 0 (id=277): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000800)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000140)=@ethtool_ringparam={0x11, 0x7f, 0x7, 0xfffffffe, 0x0, 0x2, 0x2000000, 0x80, 0x3000006}}) 321.194245ms ago: executing program 2 (id=278): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) 219.308707ms ago: executing program 0 (id=279): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f00000005c0)={0x2, 0x4e22, @broadcast}, 0x10) 0s ago: executing program 3 (id=280): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. [ 80.753504][ T5777] cgroup: Unknown subsys name 'net' [ 80.921475][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.777057][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.533171][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.541384][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.550045][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.558708][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.567106][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.575117][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.581659][ T5796] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.590000][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.602268][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.615558][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.622924][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.632010][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.639570][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.640216][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.651336][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.656145][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.661199][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.668715][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.676316][ T5800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.684952][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.689660][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.704651][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.713056][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.721440][ T5796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.281461][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 85.353181][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 85.390015][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 85.489201][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 85.548102][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.555469][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.564591][ T5786] bridge_slave_0: entered allmulticast mode [ 85.571824][ T5786] bridge_slave_0: entered promiscuous mode [ 85.619223][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.626701][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.634046][ T5786] bridge_slave_1: entered allmulticast mode [ 85.641365][ T5786] bridge_slave_1: entered promiscuous mode [ 85.656115][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.663512][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.670709][ T5790] bridge_slave_0: entered allmulticast mode [ 85.678542][ T5790] bridge_slave_0: entered promiscuous mode [ 85.709694][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.717035][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.724565][ T5790] bridge_slave_1: entered allmulticast mode [ 85.731935][ T5790] bridge_slave_1: entered promiscuous mode [ 85.820203][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.846887][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.861815][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.886796][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.910203][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.917840][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.926085][ T5788] bridge_slave_0: entered allmulticast mode [ 85.933722][ T5788] bridge_slave_0: entered promiscuous mode [ 85.941592][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.949743][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.957241][ T5788] bridge_slave_1: entered allmulticast mode [ 85.965595][ T5788] bridge_slave_1: entered promiscuous mode [ 85.998136][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.005622][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.013835][ T5787] bridge_slave_0: entered allmulticast mode [ 86.020969][ T5787] bridge_slave_0: entered promiscuous mode [ 86.060026][ T5790] team0: Port device team_slave_0 added [ 86.069392][ T5790] team0: Port device team_slave_1 added [ 86.076331][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.085003][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.092513][ T5787] bridge_slave_1: entered allmulticast mode [ 86.099662][ T5787] bridge_slave_1: entered promiscuous mode [ 86.123823][ T5786] team0: Port device team_slave_0 added [ 86.177426][ T5786] team0: Port device team_slave_1 added [ 86.199391][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.211913][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.237691][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.250511][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.287917][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.295166][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.322152][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.348754][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.355836][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.381909][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.395666][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.402945][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.430251][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.457056][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.464323][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.490754][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.535419][ T5788] team0: Port device team_slave_0 added [ 86.562532][ T5787] team0: Port device team_slave_0 added [ 86.573117][ T5787] team0: Port device team_slave_1 added [ 86.581186][ T5788] team0: Port device team_slave_1 added [ 86.623045][ T50] Bluetooth: hci3: command tx timeout [ 86.647926][ T5790] hsr_slave_0: entered promiscuous mode [ 86.654607][ T5790] hsr_slave_1: entered promiscuous mode [ 86.717379][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.724543][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.751385][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.764678][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.771694][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.797866][ T50] Bluetooth: hci2: command tx timeout [ 86.798164][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.804087][ T50] Bluetooth: hci1: command tx timeout [ 86.804222][ T50] Bluetooth: hci0: command tx timeout [ 86.832528][ T5786] hsr_slave_0: entered promiscuous mode [ 86.839839][ T5786] hsr_slave_1: entered promiscuous mode [ 86.846882][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.855028][ T5786] Cannot create hsr debugfs directory [ 86.861380][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.869508][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.895546][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.945493][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.952943][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.980323][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.123841][ T5787] hsr_slave_0: entered promiscuous mode [ 87.130610][ T5787] hsr_slave_1: entered promiscuous mode [ 87.138300][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.145952][ T5787] Cannot create hsr debugfs directory [ 87.175890][ T5788] hsr_slave_0: entered promiscuous mode [ 87.182923][ T5788] hsr_slave_1: entered promiscuous mode [ 87.189291][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.196984][ T5788] Cannot create hsr debugfs directory [ 87.657040][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.697032][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.728228][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.770419][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.850682][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.876659][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.900128][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.925632][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.051199][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.078114][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.088940][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.105974][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.236892][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.250234][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.264912][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.296344][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.330123][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.367150][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.411575][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.445703][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.453237][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.494156][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.501361][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.520440][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.553865][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.561087][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.580716][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.620542][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.628118][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.703226][ T50] Bluetooth: hci3: command tx timeout [ 88.731297][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.754254][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.766271][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.773504][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.819991][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.827318][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.872210][ T50] Bluetooth: hci0: command tx timeout [ 88.877892][ T5795] Bluetooth: hci1: command tx timeout [ 88.877907][ T5796] Bluetooth: hci2: command tx timeout [ 88.946315][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.014308][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.021546][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.078365][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.085614][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.335505][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.368532][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.491919][ T5786] veth0_vlan: entered promiscuous mode [ 89.538387][ T5786] veth1_vlan: entered promiscuous mode [ 89.583722][ T5790] veth0_vlan: entered promiscuous mode [ 89.620589][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.635975][ T5790] veth1_vlan: entered promiscuous mode [ 89.677935][ T5786] veth0_macvtap: entered promiscuous mode [ 89.730119][ T5786] veth1_macvtap: entered promiscuous mode [ 89.745872][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.766963][ T5790] veth0_macvtap: entered promiscuous mode [ 89.779914][ T5790] veth1_macvtap: entered promiscuous mode [ 89.837478][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.853598][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.866325][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.879409][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.908989][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.921766][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.934401][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.947023][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.965777][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.974891][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.987522][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.996583][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.024910][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.035183][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.044489][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.055224][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.088786][ T5787] veth0_vlan: entered promiscuous mode [ 90.096814][ T5788] veth0_vlan: entered promiscuous mode [ 90.168766][ T5787] veth1_vlan: entered promiscuous mode [ 90.217452][ T5788] veth1_vlan: entered promiscuous mode [ 90.385757][ T2936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.388365][ T5788] veth0_macvtap: entered promiscuous mode [ 90.409903][ T2936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.417789][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.421862][ T5788] veth1_macvtap: entered promiscuous mode [ 90.437230][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.448530][ T5787] veth0_macvtap: entered promiscuous mode [ 90.518864][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.531452][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.553068][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.564125][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.575732][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.588517][ T5787] veth1_macvtap: entered promiscuous mode [ 90.625092][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.636510][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.647771][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.658389][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.670989][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.684237][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.693365][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.703665][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.713762][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.727815][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.738800][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.738801][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.749861][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.766319][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.768070][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.784464][ T5796] Bluetooth: hci3: command tx timeout [ 90.791088][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.801735][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.814317][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.855711][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.867417][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.881343][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.893550][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.903577][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.914895][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.927226][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.942357][ T5796] Bluetooth: hci1: command tx timeout [ 90.942420][ T5795] Bluetooth: hci0: command tx timeout [ 90.947825][ T5796] Bluetooth: hci2: command tx timeout [ 90.977423][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.990301][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.999340][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.008494][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.031232][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.067651][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.221619][ T2936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.238272][ T2936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.515372][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.573037][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.588975][ T4467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.635125][ T4467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.843222][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.879274][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.994647][ T5899] syz.2.9[5899]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.040996][ T5899] loop2: detected capacity change from 0 to 256 [ 92.079807][ T5899] exfat: Deprecated parameter 'namecase' [ 92.112226][ T5899] exfat: Deprecated parameter 'namecase' [ 92.181163][ T5899] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 92.314444][ T5907] xt_cgroup: path and classid specified [ 92.486522][ T966] cfg80211: failed to load regulatory.db [ 92.554869][ T5913] loop0: detected capacity change from 0 to 16 [ 92.559317][ T5911] IPv6: NLM_F_CREATE should be specified when creating new route [ 92.601011][ T5913] erofs: (device loop0): mounted with root inode @ nid 36. [ 92.657564][ T5915] loop2: detected capacity change from 0 to 512 [ 92.720722][ T5913] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 92.752361][ T5917] capability: warning: `syz.1.17' uses deprecated v2 capabilities in a way that may be insecure [ 92.764300][ T5913] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 92.817172][ T5913] erofs: (device loop0): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 92.858783][ T5913] erofs: (device loop0): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 92.863142][ T5796] Bluetooth: hci3: command tx timeout [ 92.896960][ T5913] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 93.024304][ T5796] Bluetooth: hci0: command tx timeout [ 93.029810][ T5796] Bluetooth: hci1: command tx timeout [ 93.035819][ T50] Bluetooth: hci2: command tx timeout [ 93.098662][ T5923] loop1: detected capacity change from 0 to 1024 [ 93.235001][ T5923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.366143][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.654701][ T5942] netlink: 'syz.2.29': attribute type 2 has an invalid length. [ 93.682189][ T5942] netlink: 'syz.2.29': attribute type 8 has an invalid length. [ 93.709077][ T5942] netlink: 32 bytes leftover after parsing attributes in process `syz.2.29'. [ 94.045510][ T5952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.33'. [ 94.080644][ T5952] veth1_macvtap: left promiscuous mode [ 94.096050][ T5954] loop2: detected capacity change from 0 to 128 [ 94.179992][ T5954] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 94.258260][ T5954] FAT-fs (loop2): Directory bread(block 148) failed [ 94.303815][ T5954] FAT-fs (loop2): Directory bread(block 149) failed [ 94.310597][ T5954] FAT-fs (loop2): Directory bread(block 150) failed [ 94.360917][ T5927] loop0: detected capacity change from 0 to 32768 [ 94.367743][ T5954] FAT-fs (loop2): Directory bread(block 151) failed [ 94.377871][ T5954] FAT-fs (loop2): Directory bread(block 152) failed [ 94.405418][ T5954] FAT-fs (loop2): Directory bread(block 153) failed [ 94.415290][ T5927] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.22 (5927) [ 94.437988][ T5954] FAT-fs (loop2): Directory bread(block 154) failed [ 94.455186][ T5954] FAT-fs (loop2): Directory bread(block 155) failed [ 94.488023][ T5927] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 94.526950][ T5927] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 94.548733][ T5927] BTRFS info (device loop0): using free space tree [ 94.580897][ T5954] FAT-fs (loop2): Directory bread(block 148) failed [ 94.627301][ T5954] FAT-fs (loop2): Directory bread(block 149) failed [ 94.772212][ T5927] BTRFS info (device loop0): enabling ssd optimizations [ 94.779304][ T5927] BTRFS info (device loop0): auto enabling async discard [ 94.844060][ T1140] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 95.060322][ T5788] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 95.366573][ T5997] netlink: 28 bytes leftover after parsing attributes in process `syz.2.47'. [ 95.414820][ T5997] netlink: 28 bytes leftover after parsing attributes in process `syz.2.47'. [ 95.534917][ T6000] loop1: detected capacity change from 0 to 256 [ 96.663713][ T6031] loop1: detected capacity change from 0 to 64 [ 96.720920][ T6031] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop1 [ 96.902484][ T6038] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 96.944044][ T6038] xt_HMARK: spi-set and port-set can't be combined [ 97.379262][ T6050] loop0: detected capacity change from 0 to 1024 [ 97.499974][ T6050] syz.0.72: attempt to access beyond end of device [ 97.499974][ T6050] loop0: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 97.524877][ T6050] Buffer I/O error on dev loop0, logical block 100663296, async page read [ 97.544769][ T6050] syz.0.72: attempt to access beyond end of device [ 97.544769][ T6050] loop0: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 97.590711][ T6050] Buffer I/O error on dev loop0, logical block 100663296, async page read [ 97.646889][ T5876] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.802647][ T6039] loop3: detected capacity change from 0 to 32768 [ 97.837499][ T6039] (syz.3.68,6039,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 97.872238][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 97.886799][ T6039] (syz.3.68,6039,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 97.911544][ T5876] usb 2-1: config 0 has an invalid descriptor of length 49, skipping remainder of the config [ 97.934685][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 97.964858][ T5876] usb 2-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1 [ 97.979018][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.033327][ T5876] usb 2-1: config 0 descriptor?? [ 98.055127][ T6039] JBD2: Ignoring recovery information on journal [ 98.102791][ T5876] usb 2-1: bad CDC descriptors [ 98.124514][ T5876] usb 2-1: bad CDC descriptors [ 98.128775][ T6063] loop2: detected capacity change from 0 to 1024 [ 98.142931][ T50] Bluetooth: hci1: command tx timeout [ 98.170524][ T6039] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 98.420050][ T5844] usb 2-1: USB disconnect, device number 2 [ 98.611834][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 98.986604][ T6086] netlink: 16 bytes leftover after parsing attributes in process `syz.3.85'. [ 98.995776][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.85'. [ 99.013626][ T6086] ip6gretap1: entered allmulticast mode [ 99.247989][ T28] audit: type=1326 audit(1751799654.332:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d118e929 code=0x7ffc0000 [ 99.312437][ T28] audit: type=1326 audit(1751799654.332:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d118e929 code=0x7ffc0000 [ 99.385380][ T28] audit: type=1326 audit(1751799654.382:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f50d118e929 code=0x7ffc0000 [ 99.468183][ T28] audit: type=1326 audit(1751799654.382:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d118e929 code=0x7ffc0000 [ 99.511304][ T28] audit: type=1326 audit(1751799654.382:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6093 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50d118e929 code=0x7ffc0000 [ 99.712234][ T966] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 99.754160][ T6110] loop3: detected capacity change from 0 to 16 [ 99.777963][ T6110] erofs: (device loop3): mounted with root inode @ nid 36. [ 99.935156][ T966] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.963206][ T966] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 100.003738][ T966] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.009318][ T6112] vivid-002: ================= START STATUS ================= [ 100.030829][ T966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 100.030895][ T6112] vivid-002: RDS Tx I/O Mode: Controls [ 100.047391][ T6112] vivid-002: RDS Program ID: 32904 [ 100.053261][ T6112] vivid-002: RDS Program Type: 3 [ 100.058291][ T6112] vivid-002: RDS PS Name: VIVID-TX [ 100.062140][ T966] usb 2-1: SerialNumber: syz [ 100.064612][ T6112] vivid-002: RDS Radio Text: This is a VIVID default Radio Text template text, change at will [ 100.079367][ T6112] vivid-002: RDS Stereo: true [ 100.085707][ T6112] vivid-002: RDS Artificial Head: false [ 100.091717][ T6112] vivid-002: RDS Compressed: false [ 100.107321][ T966] usb 2-1: bad CDC descriptors [ 100.117559][ T6112] vivid-002: RDS Dynamic PTY: false [ 100.139061][ T6112] vivid-002: RDS Traffic Announcement: false [ 100.172606][ T6112] vivid-002: RDS Traffic Program: true [ 100.179353][ T6112] vivid-002: RDS Music: true [ 100.185340][ T6112] vivid-002: ================== END STATUS ================== [ 100.359971][ T5844] usb 2-1: USB disconnect, device number 3 [ 100.507731][ T6109] loop0: detected capacity change from 0 to 32768 [ 100.599647][ T6109] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 100.622188][ T6109] overlayfs: missing 'lowerdir' [ 100.734256][ T6106] loop2: detected capacity change from 0 to 32768 [ 100.763394][ T6106] XFS: ikeep mount option is deprecated. [ 100.780053][ T6106] XFS: ikeep mount option is deprecated. [ 100.937771][ T6106] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 101.362230][ T6106] XFS (loop2): Ending clean mount [ 101.408556][ T6106] XFS (loop2): Quotacheck needed: Please wait. [ 101.508388][ T6106] XFS (loop2): Quotacheck: Done. [ 101.777068][ T6149] netlink: 'syz.3.116': attribute type 3 has an invalid length. [ 101.789605][ T5790] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 102.909748][ T6181] loop1: detected capacity change from 0 to 2048 [ 103.020348][ T6187] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.276177][ T6187] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 103.300145][ T6187] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 103.331000][ T6187] Remounting filesystem read-only [ 103.341455][ T4467] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 103.365308][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.376538][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.389649][ T4467] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 103.436880][ T4467] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 103.452438][ T4467] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 103.462440][ T4467] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 103.482426][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.521648][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.559754][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.584682][ T4467] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 103.591465][ T4467] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 103.612136][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.636720][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.647607][ T4467] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.684920][ T5787] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 103.710799][ T5787] NILFS (loop1): discard dirty page: offset=0, ino=2 [ 103.724617][ T5787] NILFS (loop1): discard dirty block: blocknr=18, size=1024 [ 103.739911][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.750392][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.784512][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.824995][ T5787] NILFS (loop1): discard dirty page: offset=0, ino=4 [ 103.834262][ T5787] NILFS (loop1): discard dirty block: blocknr=40, size=1024 [ 103.841674][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.869738][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.886017][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 103.898252][ T5787] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 103.920018][ T5787] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 103.948421][ T5787] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 103.960969][ T5787] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 104.002934][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 104.011900][ T5787] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 104.025704][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 104.035390][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 104.044771][ T5787] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 104.081836][ T5787] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 104.424772][ T6223] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.491375][ T28] audit: type=1326 audit(1751799659.572:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6224 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feceb38e929 code=0x7ffc0000 [ 104.513481][ C1] vkms_vblank_simulate: vblank timer overrun [ 104.540045][ T28] audit: type=1326 audit(1751799659.572:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6224 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feceb38e929 code=0x7ffc0000 [ 104.562160][ C1] vkms_vblank_simulate: vblank timer overrun [ 104.591713][ T28] audit: type=1326 audit(1751799659.572:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6224 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7feceb38e929 code=0x7ffc0000 [ 104.613834][ C1] vkms_vblank_simulate: vblank timer overrun [ 104.677560][ T28] audit: type=1326 audit(1751799659.572:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6224 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feceb38e929 code=0x7ffc0000 [ 104.704391][ T6229] netlink: 'syz.2.156': attribute type 1 has an invalid length. [ 104.780260][ T28] audit: type=1326 audit(1751799659.572:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6224 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feceb38e929 code=0x7ffc0000 [ 105.349970][ T6255] loop0: detected capacity change from 0 to 512 [ 105.372604][ T6255] EXT4-fs: Ignoring removed nobh option [ 105.419300][ T6255] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 105.435157][ T6255] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61 [ 105.444176][ T6255] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #13: comm syz.0.167: casefold flag without casefold feature [ 105.459626][ T6255] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.167: couldn't read orphan inode 13 (err -117) [ 105.513056][ T6255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.523820][ T6261] loop1: detected capacity change from 0 to 256 [ 105.583012][ T6255] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 105.723951][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.031122][ T6274] netlink: 20 bytes leftover after parsing attributes in process `syz.1.176'. [ 106.581869][ T6292] loop1: detected capacity change from 0 to 1024 [ 106.661744][ T6292] hfsplus: catalog name length corrupted [ 106.714457][ T6298] loop2: detected capacity change from 0 to 512 [ 106.778424][ T6295] loop3: detected capacity change from 0 to 4096 [ 106.780875][ T6298] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 106.802155][ T6298] EXT4-fs (loop2): orphan cleanup on readonly fs [ 106.810780][ T6295] ======================================================= [ 106.810780][ T6295] WARNING: The mand mount option has been deprecated and [ 106.810780][ T6295] and is ignored by this kernel. Remove the mand [ 106.810780][ T6295] option from the mount to silence this warning. [ 106.810780][ T6295] ======================================================= [ 106.846691][ T6298] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 106.858554][ T6298] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 106.878408][ T6298] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 106.905774][ T6298] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.187: bg 0: block 40: padding at end of block bitmap is not set [ 106.926893][ T6295] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 107.013452][ T6298] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 107.070047][ T6298] EXT4-fs (loop2): 1 truncate cleaned up [ 107.099078][ T6298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.169070][ T6295] ntfs3: loop3: failed to convert "076c" to cp949 [ 107.249424][ T6298] EXT4-fs error (device loop2): ext4_get_link:104: inode #16: comm syz.2.187: bad symlink. [ 107.377548][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.513018][ T6310] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 107.624410][ T6308] loop1: detected capacity change from 0 to 4096 [ 107.868822][ T6318] netlink: 252 bytes leftover after parsing attributes in process `syz.3.195'. [ 108.391949][ T6336] loop1: detected capacity change from 0 to 8 [ 108.904136][ T28] audit: type=1400 audit(1751799663.992:12): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=6353 comm="syz.0.214" [ 109.603793][ T28] audit: type=1326 audit(1751799664.692:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4edad8e929 code=0x7ffc0000 [ 109.659890][ T28] audit: type=1326 audit(1751799664.692:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4edad8e929 code=0x7ffc0000 [ 109.710178][ T28] audit: type=1326 audit(1751799664.722:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f4edad8e929 code=0x7ffc0000 [ 109.739117][ T28] audit: type=1326 audit(1751799664.722:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4edad8e929 code=0x7ffc0000 [ 109.797482][ T28] audit: type=1326 audit(1751799664.722:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6377 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4edad8e929 code=0x7ffc0000 [ 109.998125][ T6392] loop3: detected capacity change from 0 to 24 [ 110.029350][ T6392] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 110.092245][ T6392] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 110.143905][ T6392] VFS: Lookup of 'file0' in romfs loop3 would have caused loop [ 111.381356][ T6433] loop0: detected capacity change from 0 to 64 [ 111.431586][ T6436] netlink: 'syz.1.254': attribute type 1 has an invalid length. [ 111.534323][ T6439] loop3: detected capacity change from 0 to 8 [ 111.620977][ T6441] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 111.659469][ T6439] SQUASHFS error: xz decompression failed, data probably corrupt [ 111.700288][ T6439] SQUASHFS error: Failed to read block 0x108: -5 [ 111.717161][ T6439] SQUASHFS error: Unable to read metadata cache entry [106] [ 111.742568][ T6439] SQUASHFS error: Unable to read inode 0x11f [ 112.119110][ T6457] loop1: detected capacity change from 0 to 256 [ 112.215158][ T6457] FAT-fs (loop1): Directory bread(block 64) failed [ 112.228094][ T6457] FAT-fs (loop1): Directory bread(block 65) failed [ 112.237011][ T6457] FAT-fs (loop1): Directory bread(block 66) failed [ 112.244196][ T6457] FAT-fs (loop1): Directory bread(block 67) failed [ 112.250896][ T6457] FAT-fs (loop1): Directory bread(block 68) failed [ 112.258175][ T6457] FAT-fs (loop1): Directory bread(block 69) failed [ 112.264994][ T6457] FAT-fs (loop1): Directory bread(block 70) failed [ 112.277024][ T6457] FAT-fs (loop1): Directory bread(block 71) failed [ 112.284725][ T6457] FAT-fs (loop1): Directory bread(block 72) failed [ 112.291441][ T6457] FAT-fs (loop1): Directory bread(block 73) failed [ 112.302882][ T966] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 112.528702][ T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 112.570208][ T966] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 112.602375][ T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33119, setting to 1024 [ 112.649926][ T966] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 112.669022][ T966] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 112.682462][ T966] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 112.690915][ T966] usb 4-1: Manufacturer: syz [ 112.691661][ T6471] loop1: detected capacity change from 0 to 256 [ 112.704702][ T966] usb 4-1: config 0 descriptor?? [ 112.736283][ T6439] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 112.757647][ T966] smsusb:smsusb_probe: board id=9, interface number 0 [ 112.787985][ T966] smsusb:siano_media_device_register: media controller created [ 112.819368][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.827059][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.834451][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.841827][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.849217][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.858308][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.865677][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.873011][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.880332][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.887660][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.895644][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.903009][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.910334][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.917664][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.924963][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.934069][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.941453][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.948800][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.956149][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.963489][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.972266][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.979636][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.987212][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 112.994549][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.001888][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.010012][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.017373][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.024702][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.032595][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.039966][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.045426][ T6471] FAT-fs (loop1): Directory bread(block 64) failed [ 113.048112][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.061270][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.068650][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.075971][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.083252][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.099122][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.106190][ T6471] FAT-fs (loop1): Directory bread(block 65) failed [ 113.106476][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.120401][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.127753][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.135091][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.142665][ T6471] FAT-fs (loop1): Directory bread(block 66) failed [ 113.143585][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.156792][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.164150][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.171468][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.178757][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.186362][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.192305][ T6471] FAT-fs (loop1): Directory bread(block 67) failed [ 113.193739][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.207649][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.214998][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.222326][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.230134][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.237524][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.244871][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.252191][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.259483][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.266984][ T6471] FAT-fs (loop1): Directory bread(block 68) failed [ 113.268538][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.281045][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.288415][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.295757][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.303770][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.311136][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.312467][ T6471] FAT-fs (loop1): Directory bread(block 69) failed [ 113.318455][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.333138][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.341080][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.348453][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.355805][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.363158][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.370490][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.378350][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.385739][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.393097][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.400404][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.407692][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.415377][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.422770][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.430155][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.437536][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.445022][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.452467][ T6471] FAT-fs (loop1): Directory bread(block 70) failed [ 113.452738][ T966] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22 [ 113.468272][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.468391][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.468490][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.468586][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.468692][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.505827][ T6471] FAT-fs (loop1): Directory bread(block 71) failed [ 113.505853][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.519871][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.527243][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.534597][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.541915][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.550239][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.557685][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.565029][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.572358][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.572496][ T6471] FAT-fs (loop1): Directory bread(block 72) failed [ 113.579656][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.594626][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.601998][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.609328][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.616657][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.623937][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.631567][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.638934][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.646290][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.653669][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.661021][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.669514][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.670424][ T6471] FAT-fs (loop1): Directory bread(block 73) failed [ 113.676863][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.676929][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.676988][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.677043][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.712930][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.720309][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.727661][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.735527][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.743642][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.751024][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.758390][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.765723][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.773027][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.780325][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.787623][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.795187][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.802545][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.810196][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.817550][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.824907][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.832263][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.839613][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.846959][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.854297][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.862446][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.869833][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.877178][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.884507][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.891846][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.899197][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.906551][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.913918][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.921265][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.929665][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.937061][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.944396][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.951731][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.959062][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.967410][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.974777][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.982130][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.989478][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 113.996847][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.004865][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.012223][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.019576][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.026933][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.036056][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.043411][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.050722][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.058031][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.065344][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.072648][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.079927][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.087200][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.095273][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.102663][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.110015][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.117358][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.124714][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.132056][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.139414][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.146760][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.154751][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.162398][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.169755][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.177085][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.184419][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.191754][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.199108][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.206493][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.213880][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.233431][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.240872][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.243879][ T6484] ubi31: attaching mtd0 [ 114.248184][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.259987][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.267346][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.274708][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.282042][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.290004][ T966] smsmdtv:smscore_set_device_mode: mode detect failed -22 [ 114.297273][ T966] smsmdtv:smscore_start_device: set device mode failed , rc -22 [ 114.305010][ T966] smsusb:smsusb_init_device: smscore_start_device(...) failed [ 114.313407][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.321801][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.329494][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.337233][ C0] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes [ 114.344534][ C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes [ 114.354463][ T966] ------------[ cut here ]------------ [ 114.360676][ T966] ODEBUG: free active (active state 0) object: ffff88801a2c89e8 object type: work_struct hint: do_submit_urb+0x0/0x360 [ 114.372414][ T6484] ubi31: scanning is finished [ 114.373363][ T5829] ================================================================== [ 114.385966][ T5829] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 114.393656][ T5829] Read of size 8 at addr ffff88807eba8098 by task kworker/0:4/5829 [ 114.401590][ T5829] [ 114.403965][ T5829] CPU: 0 PID: 5829 Comm: kworker/0:4 Not tainted 6.6.96-syzkaller #0 [ 114.412075][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.420800][ T6484] ubi31: empty MTD device detected [ 114.422148][ T5829] Workqueue: events do_submit_urb [ 114.422190][ T5829] Call Trace: [ 114.422198][ T5829] [ 114.422217][ T5829] dump_stack_lvl+0x16c/0x230 [ 114.422250][ T5829] ? __lock_acquire+0x7c80/0x7c80 [ 114.422275][ T5829] ? show_regs_print_info+0x20/0x20 [ 114.422302][ T5829] ? load_image+0x3b0/0x3b0 [ 114.422328][ T5829] ? __virt_addr_valid+0x469/0x540 [ 114.422355][ T5829] print_report+0xac/0x230 [ 114.467807][ T5829] ? __lock_acquire+0xff/0x7c80 [ 114.472689][ T5829] kasan_report+0x117/0x150 [ 114.477224][ T5829] ? __lock_acquire+0xff/0x7c80 [ 114.482101][ T5829] __lock_acquire+0xff/0x7c80 [ 114.486807][ T5829] ? mark_lock+0x94/0x320 [ 114.491163][ T5829] ? __lock_acquire+0x1334/0x7c80 [ 114.496218][ T5829] ? mark_lock+0x94/0x320 [ 114.500573][ T5829] ? look_up_lock_class+0x75/0x140 [ 114.505713][ T5829] ? verify_lock_unused+0x140/0x140 [ 114.510934][ T5829] ? register_lock_class+0xb5/0x890 [ 114.516157][ T5829] ? is_dynamic_key+0x260/0x260 [ 114.521034][ T5829] ? mark_lock+0x94/0x320 [ 114.525395][ T5829] ? __lock_acquire+0x1334/0x7c80 [ 114.530442][ T5829] lock_acquire+0x197/0x410 [ 114.534972][ T5829] ? smscore_getbuffer+0xa9/0x440 [ 114.540030][ T5829] ? read_lock_is_recursive+0x20/0x20 [ 114.545431][ T5829] _raw_spin_lock_irqsave+0xa8/0xf0 [ 114.550656][ T5829] ? smscore_getbuffer+0xa9/0x440 [ 114.555796][ T5829] ? _raw_spin_lock+0x40/0x40 [ 114.560502][ T5829] smscore_getbuffer+0xa9/0x440 [ 114.565394][ T5829] ? smscore_onresponse+0xf10/0xf10 [ 114.570722][ T5829] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 114.576767][ T5829] ? read_lock_is_recursive+0x20/0x20 [ 114.582169][ T5829] do_submit_urb+0x98/0x360 [ 114.586710][ T5829] ? process_scheduled_works+0x957/0x15b0 [ 114.592456][ T5829] ? process_scheduled_works+0x957/0x15b0 [ 114.598200][ T5829] process_scheduled_works+0xa45/0x15b0 [ 114.603786][ T5829] ? assign_work+0x400/0x400 [ 114.608405][ T5829] ? assign_work+0x39e/0x400 [ 114.613021][ T5829] worker_thread+0xa55/0xfc0 [ 114.617634][ T5829] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 114.623557][ T5829] ? _raw_spin_unlock+0x40/0x40 [ 114.628428][ T5829] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 114.634355][ T5829] kthread+0x2fa/0x390 [ 114.638445][ T5829] ? pr_cont_work+0x560/0x560 [ 114.643143][ T5829] ? kthread_blkcg+0xd0/0xd0 [ 114.647751][ T5829] ret_from_fork+0x48/0x80 [ 114.652189][ T5829] ? kthread_blkcg+0xd0/0xd0 [ 114.656800][ T5829] ret_from_fork_asm+0x11/0x20 [ 114.661594][ T5829] [ 114.664631][ T5829] [ 114.666976][ T5829] Allocated by task 966: [ 114.671241][ T5829] kasan_set_track+0x4e/0x70 [ 114.675857][ T5829] __kasan_kmalloc+0x8f/0xa0 [ 114.680475][ T5829] smscore_register_device+0x63/0x10f0 [ 114.685963][ T5829] smsusb_probe+0x1362/0x1da0 [ 114.690669][ T5829] usb_probe_interface+0x5a4/0xb00 [ 114.695804][ T5829] really_probe+0x25b/0xb40 [ 114.700332][ T5829] __driver_probe_device+0x18c/0x330 [ 114.705704][ T5829] driver_probe_device+0x4f/0x420 [ 114.710768][ T5829] __device_attach_driver+0x2ca/0x520 [ 114.716169][ T5829] bus_for_each_drv+0x24b/0x2d0 [ 114.721040][ T5829] __device_attach+0x2b5/0x400 [ 114.725825][ T5829] bus_probe_device+0x180/0x260 [ 114.730700][ T5829] device_add+0x85b/0xc20 [ 114.735047][ T5829] usb_set_configuration+0x1a79/0x20c0 [ 114.740535][ T5829] usb_generic_driver_probe+0x8d/0x150 [ 114.746026][ T5829] usb_probe_device+0x13d/0x280 [ 114.750892][ T5829] really_probe+0x25b/0xb40 [ 114.755415][ T5829] __driver_probe_device+0x18c/0x330 [ 114.760723][ T5829] driver_probe_device+0x4f/0x420 [ 114.765806][ T5829] __device_attach_driver+0x2ca/0x520 [ 114.771209][ T5829] bus_for_each_drv+0x24b/0x2d0 [ 114.776084][ T5829] __device_attach+0x2b5/0x400 [ 114.780875][ T5829] bus_probe_device+0x180/0x260 [ 114.785750][ T5829] device_add+0x85b/0xc20 [ 114.790103][ T5829] usb_new_device+0xa31/0x1630 [ 114.794892][ T5829] hub_event+0x2957/0x49c0 [ 114.799343][ T5829] process_scheduled_works+0xa45/0x15b0 [ 114.804910][ T5829] worker_thread+0xa55/0xfc0 [ 114.809527][ T5829] kthread+0x2fa/0x390 [ 114.813614][ T5829] ret_from_fork+0x48/0x80 [ 114.818057][ T5829] ret_from_fork_asm+0x11/0x20 [ 114.822840][ T5829] [ 114.825191][ T5829] Freed by task 966: [ 114.829091][ T5829] kasan_set_track+0x4e/0x70 [ 114.833735][ T5829] kasan_save_free_info+0x2e/0x50 [ 114.838785][ T5829] ____kasan_slab_free+0x126/0x1e0 [ 114.843919][ T5829] slab_free_freelist_hook+0x130/0x1b0 [ 114.849400][ T5829] __kmem_cache_free+0xba/0x1f0 [ 114.854272][ T5829] smscore_unregister_device+0x603/0x6e0 [ 114.859928][ T5829] smsusb_term_device+0x18f/0x220 [ 114.864988][ T5829] smsusb_probe+0x1708/0x1da0 [ 114.869705][ T5829] usb_probe_interface+0x5a4/0xb00 [ 114.874846][ T5829] really_probe+0x25b/0xb40 [ 114.879379][ T5829] __driver_probe_device+0x18c/0x330 [ 114.884689][ T5829] driver_probe_device+0x4f/0x420 [ 114.889736][ T5829] __device_attach_driver+0x2ca/0x520 [ 114.895129][ T5829] bus_for_each_drv+0x24b/0x2d0 [ 114.900016][ T5829] __device_attach+0x2b5/0x400 [ 114.904819][ T5829] bus_probe_device+0x180/0x260 [ 114.909735][ T5829] device_add+0x85b/0xc20 [ 114.914082][ T5829] usb_set_configuration+0x1a79/0x20c0 [ 114.919573][ T5829] usb_generic_driver_probe+0x8d/0x150 [ 114.925062][ T5829] usb_probe_device+0x13d/0x280 [ 114.929928][ T5829] really_probe+0x25b/0xb40 [ 114.934454][ T5829] __driver_probe_device+0x18c/0x330 [ 114.939763][ T5829] driver_probe_device+0x4f/0x420 [ 114.944820][ T5829] __device_attach_driver+0x2ca/0x520 [ 114.950250][ T5829] bus_for_each_drv+0x24b/0x2d0 [ 114.955125][ T5829] __device_attach+0x2b5/0x400 [ 114.959914][ T5829] bus_probe_device+0x180/0x260 [ 114.964817][ T5829] device_add+0x85b/0xc20 [ 114.969170][ T5829] usb_new_device+0xa31/0x1630 [ 114.973956][ T5829] hub_event+0x2957/0x49c0 [ 114.978394][ T5829] process_scheduled_works+0xa45/0x15b0 [ 114.983963][ T5829] worker_thread+0xa55/0xfc0 [ 114.988570][ T5829] kthread+0x2fa/0x390 [ 114.992661][ T5829] ret_from_fork+0x48/0x80 [ 114.997104][ T5829] ret_from_fork_asm+0x11/0x20 [ 115.001894][ T5829] [ 115.004233][ T5829] The buggy address belongs to the object at ffff88807eba8000 [ 115.004233][ T5829] which belongs to the cache kmalloc-2k of size 2048 [ 115.018305][ T5829] The buggy address is located 152 bytes inside of [ 115.018305][ T5829] freed 2048-byte region [ffff88807eba8000, ffff88807eba8800) [ 115.032208][ T5829] [ 115.034544][ T5829] The buggy address belongs to the physical page: [ 115.040978][ T5829] page:ffffea0001faea00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807eba9000 pfn:0x7eba8 [ 115.052451][ T5829] head:ffffea0001faea00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 115.061406][ T5829] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 115.069968][ T5829] page_type: 0xffffffff() [ 115.074322][ T5829] raw: 00fff00000000840 ffff888017842000 0000000000000000 dead000000000001 [ 115.082936][ T5829] raw: ffff88807eba9000 0000000080080007 00000001ffffffff 0000000000000000 [ 115.091545][ T5829] page dumped because: kasan: bad access detected [ 115.098008][ T5829] page_owner tracks the page as allocated [ 115.103745][ T5829] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5790, tgid 5790 (syz-executor), ts 85115084823, free_ts 85053737059 [ 115.125129][ T5829] post_alloc_hook+0x1cd/0x210 [ 115.129920][ T5829] get_page_from_freelist+0x195c/0x19f0 [ 115.135488][ T5829] __alloc_pages+0x1e3/0x460 [ 115.140094][ T5829] alloc_slab_page+0x5d/0x170 [ 115.144787][ T5829] new_slab+0x87/0x2e0 [ 115.148872][ T5829] ___slab_alloc+0xc6d/0x12f0 [ 115.153564][ T5829] __kmem_cache_alloc_node+0x1a2/0x260 [ 115.159039][ T5829] kmalloc_trace+0x2a/0xe0 [ 115.163472][ T5829] rtnl_newlink+0xeb/0x2020 [ 115.168003][ T5829] rtnetlink_rcv_msg+0x7c7/0xf10 [ 115.172954][ T5829] netlink_rcv_skb+0x216/0x480 [ 115.177750][ T5829] netlink_unicast+0x750/0x8c0 [ 115.182544][ T5829] netlink_sendmsg+0x8c1/0xbe0 [ 115.187353][ T5829] __sys_sendto+0x46a/0x620 [ 115.191894][ T5829] __x64_sys_sendto+0xde/0xf0 [ 115.196600][ T5829] do_syscall_64+0x55/0xb0 [ 115.201042][ T5829] page last free stack trace: [ 115.205729][ T5829] free_unref_page_prepare+0x7ce/0x8e0 [ 115.211206][ T5829] free_unref_page+0x32/0x2e0 [ 115.215899][ T5829] __unfreeze_partials+0x1cf/0x210 [ 115.221031][ T5829] put_cpu_partial+0x17c/0x250 [ 115.225807][ T5829] __slab_free+0x31d/0x410 [ 115.230239][ T5829] qlist_free_all+0x75/0xe0 [ 115.234763][ T5829] kasan_quarantine_reduce+0x143/0x160 [ 115.240242][ T5829] __kasan_slab_alloc+0x22/0x80 [ 115.245118][ T5829] slab_post_alloc_hook+0x6e/0x4d0 [ 115.250285][ T5829] __kmem_cache_alloc_node+0x13e/0x260 [ 115.255776][ T5829] kmalloc_trace+0x2a/0xe0 [ 115.260209][ T5829] rtnl_newlink+0xeb/0x2020 [ 115.264753][ T5829] rtnetlink_rcv_msg+0x7c7/0xf10 [ 115.269718][ T5829] netlink_rcv_skb+0x216/0x480 [ 115.274509][ T5829] netlink_unicast+0x750/0x8c0 [ 115.279302][ T5829] netlink_sendmsg+0x8c1/0xbe0 [ 115.284092][ T5829] [ 115.286429][ T5829] Memory state around the buggy address: [ 115.292076][ T5829] ffff88807eba7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 115.300162][ T5829] ffff88807eba8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.308244][ T5829] >ffff88807eba8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.316323][ T5829] ^ [ 115.321190][ T5829] ffff88807eba8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.329268][ T5829] ffff88807eba8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.337345][ T5829] ================================================================== [ 115.345428][ T5829] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 115.352639][ T5829] CPU: 0 PID: 5829 Comm: kworker/0:4 Not tainted 6.6.96-syzkaller #0 [ 115.360721][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.370796][ T5829] Workqueue: events do_submit_urb [ 115.375857][ T5829] Call Trace: [ 115.379151][ T5829] [ 115.382104][ T5829] dump_stack_lvl+0x16c/0x230 [ 115.386826][ T5829] ? show_regs_print_info+0x20/0x20 [ 115.392056][ T5829] ? load_image+0x3b0/0x3b0 [ 115.396592][ T5829] panic+0x2c0/0x710 [ 115.400507][ T5829] ? bpf_jit_dump+0xd0/0xd0 [ 115.405029][ T5829] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 115.410981][ T5829] ? _raw_spin_unlock+0x40/0x40 [ 115.415854][ T5829] ? print_memory_metadata+0x314/0x400 [ 115.421429][ T5829] ? __lock_acquire+0xff/0x7c80 [ 115.426309][ T5829] check_panic_on_warn+0x84/0xa0 [ 115.431274][ T5829] ? __lock_acquire+0xff/0x7c80 [ 115.436141][ T5829] end_report+0x6f/0x140 [ 115.440408][ T5829] kasan_report+0x128/0x150 [ 115.444947][ T5829] ? __lock_acquire+0xff/0x7c80 [ 115.449815][ T5829] __lock_acquire+0xff/0x7c80 [ 115.454511][ T5829] ? mark_lock+0x94/0x320 [ 115.458861][ T5829] ? __lock_acquire+0x1334/0x7c80 [ 115.463907][ T5829] ? mark_lock+0x94/0x320 [ 115.468255][ T5829] ? look_up_lock_class+0x75/0x140 [ 115.473405][ T5829] ? verify_lock_unused+0x140/0x140 [ 115.478665][ T5829] ? register_lock_class+0xb5/0x890 [ 115.483907][ T5829] ? is_dynamic_key+0x260/0x260 [ 115.488789][ T5829] ? mark_lock+0x94/0x320 [ 115.493143][ T5829] ? __lock_acquire+0x1334/0x7c80 [ 115.498283][ T5829] lock_acquire+0x197/0x410 [ 115.502814][ T5829] ? smscore_getbuffer+0xa9/0x440 [ 115.507879][ T5829] ? read_lock_is_recursive+0x20/0x20 [ 115.513372][ T5829] _raw_spin_lock_irqsave+0xa8/0xf0 [ 115.518623][ T5829] ? smscore_getbuffer+0xa9/0x440 [ 115.523671][ T5829] ? _raw_spin_lock+0x40/0x40 [ 115.528379][ T5829] smscore_getbuffer+0xa9/0x440 [ 115.533258][ T5829] ? smscore_onresponse+0xf10/0xf10 [ 115.538487][ T5829] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 115.544494][ T5829] ? read_lock_is_recursive+0x20/0x20 [ 115.549891][ T5829] do_submit_urb+0x98/0x360 [ 115.554427][ T5829] ? process_scheduled_works+0x957/0x15b0 [ 115.560171][ T5829] ? process_scheduled_works+0x957/0x15b0 [ 115.565912][ T5829] process_scheduled_works+0xa45/0x15b0 [ 115.571497][ T5829] ? assign_work+0x400/0x400 [ 115.576120][ T5829] ? assign_work+0x39e/0x400 [ 115.580757][ T5829] worker_thread+0xa55/0xfc0 [ 115.585375][ T5829] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 115.591308][ T5829] ? _raw_spin_unlock+0x40/0x40 [ 115.596185][ T5829] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 115.602122][ T5829] kthread+0x2fa/0x390 [ 115.606219][ T5829] ? pr_cont_work+0x560/0x560 [ 115.610918][ T5829] ? kthread_blkcg+0xd0/0xd0 [ 115.615527][ T5829] ret_from_fork+0x48/0x80 [ 115.619984][ T5829] ? kthread_blkcg+0xd0/0xd0 [ 115.624609][ T5829] ret_from_fork_asm+0x11/0x20 [ 115.629405][ T5829] [ 115.632762][ T5829] Kernel Offset: disabled [ 115.637099][ T5829] Rebooting in 86400 seconds..