last executing test programs: 3.624687719s ago: executing program 3 (id=1815): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000080) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[], 0x0) 3.49362223s ago: executing program 3 (id=1816): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030001000000050003000000000005000300000000000500030080ff000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0) 3.415503617s ago: executing program 3 (id=1817): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c00000003"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$key(0xf, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x21, @dev}, {0x2, 0x0, @local}, {0x2, 0x4e20, @broadcast}, 0x19b, 0x0, 0x0, 0x0, 0xfffd}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r1, {0xfff2}, {}, {0x8, 0x10}}}, 0x24}}, 0x0) 2.757148119s ago: executing program 3 (id=1824): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r1, 0x0, 0x4000) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x0, 0x3}}]}}]}, 0x48}}, 0x0) 2.720591117s ago: executing program 3 (id=1827): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030001000000050003000000000005000300000000000500030080ff000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0) 2.706277196s ago: executing program 3 (id=1828): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) 2.353935788s ago: executing program 2 (id=1835): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x4e, &(0x7f0000000240)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x18, 0x3a, 0xff, @remote, @mcast2, {[@routing={0x8, 0x0, 0x2, 0xc}], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}, 0x0) 2.294894949s ago: executing program 2 (id=1836): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44df800}, 0x94) io_uring_setup(0x6b22, &(0x7f0000000bc0)={0x0, 0x0, 0x20, 0x3, 0x1b5}) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r1 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r1, 0xffff) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x8000}) r2 = socket(0x10, 0x803, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x81, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x8}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xc, 0xfff1}}]}}]}, 0x3c}}, 0x400c084) 2.242182224s ago: executing program 0 (id=1838): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x21, @dev}, {0x2, 0x0, @local}, {0x2, 0x4e20, @broadcast}, 0x19b, 0x0, 0x0, 0x0, 0xfffd}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r1, {0xfff2}, {}, {0x8, 0x10}}}, 0x24}}, 0x0) 2.140167718s ago: executing program 2 (id=1839): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000180)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@block_validity}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@data_err_ignore}, {@grpquota}, {@mblk_io_submit}, {@nodiscard}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") prlimit64(r0, 0x9, &(0x7f0000000280)={0x3ff, 0x2}, &(0x7f0000000380)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x87) connect$inet6(r3, &(0x7f0000000500)={0xa, 0xfffd, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@gettaction={0x18, 0x32, 0x1, 0x70bd27, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000c00)={0x2, {{0x2, 0x4e1f, @multicast2}}, 0x1, 0x1, [{{0x2, 0x5e22, @multicast1}}]}, 0x110) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000440), 0x1000a) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 2.138273717s ago: executing program 0 (id=1840): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f00000000c0)) 1.98047236s ago: executing program 0 (id=1841): prlimit64(0x0, 0xd, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1100, 0x3}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000580)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000680)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.940204587s ago: executing program 0 (id=1842): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r1}}, 0x20) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000180)={0x1, 0x5e3}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x684, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_GETFLAGS(r5, 0x80086601, &(0x7f00000001c0)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000100)={'macsec0\x00', 0x100}) 1.694311076s ago: executing program 1 (id=1844): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x7ea, 0x64, 0x0, 0xb, 0x88, 0x0, @private=0xa0100fe, @dev={0xac, 0x14, 0x14, 0x1a}}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed00100000000000005629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b75a9ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9c0200000010e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cbbffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8060000000000000055ccde9d54d5d833293f5df09224482179e5bcd8e227c9eaacb5793498be490de32baba49172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19411e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87"}}, 0x7f8) 1.548088788s ago: executing program 4 (id=1847): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000080) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[], 0x0) 1.535824321s ago: executing program 1 (id=1848): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="019800000000000020001280080001006772650014000280080001", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000004f40)={'gre0\x00', &(0x7f0000000240)={'gretap0\x00', r1, 0x1, 0x20, 0x0, 0x4, {{0x33, 0x4, 0x1, 0x8, 0xcc, 0x67, 0x0, 0xdb, 0x4, 0x0, @empty, @empty, {[@timestamp_prespec={0x44, 0x44, 0x58, 0x3, 0xa, [{@local, 0x2f}, {@multicast1, 0x6}, {@local, 0x7fff}, {@empty, 0x80000000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x47ed}, {@remote, 0x2}, {@broadcast, 0xa}, {@broadcast, 0xfffffffa}]}, @end, @timestamp_prespec={0x44, 0x24, 0x4c, 0x3, 0x6, [{@empty, 0x7f}, {@empty, 0x7}, {@empty, 0x43}, {@multicast1, 0x6}]}, @timestamp_addr={0x44, 0x3c, 0xc3, 0x1, 0xf, [{@multicast2, 0x8001}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x39ba}, {@loopback, 0x10001}, {@dev={0xac, 0x14, 0x14, 0x19}, 0x80000000}, {@multicast1, 0x1800}, {@multicast2, 0xffffffff}, {@private=0xa010100, 0xc0000}]}, @noop, @noop, @timestamp={0x44, 0xc, 0x64, 0x0, 0x6, [0xff0d, 0x8]}, @timestamp={0x44, 0x4, 0xfa, 0x0, 0x4}, @noop]}}}}}) 1.49763869s ago: executing program 1 (id=1849): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_restrict_self(0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r8 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x60, r8, 0x809, 0x0, 0x0, {}, [{{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r6}}}]}}]}, 0x60}}, 0x0) 1.386372291s ago: executing program 4 (id=1850): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44df800}, 0x94) io_uring_setup(0x6b22, &(0x7f0000000bc0)={0x0, 0x0, 0x20, 0x3, 0x1b5}) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r0 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r0, 0xffff) r1 = socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x81, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x8}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xc, 0xfff1}}]}}]}, 0x3c}}, 0x400c084) 1.114283977s ago: executing program 2 (id=1851): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000009000000", @ANYRES32=r3], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x1e, &(0x7f0000000040)=0x1, 0x4) 1.065779883s ago: executing program 4 (id=1852): prlimit64(0x0, 0xd, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1100, 0x3}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000580)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000680)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.00290692s ago: executing program 4 (id=1853): setitimer(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000040)={'rose0\x00', @ifru_mtu=0xf03d}}) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x2, @mcast1, 0x9}, 0x1c) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200000200f100850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) 888.514002ms ago: executing program 0 (id=1854): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'vlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000010025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="910000002b9201002400128009000100766c616e00000000"], 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x64048040) 868.903559ms ago: executing program 0 (id=1855): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x20, 0x7800, 0x9, 0x3ff, {{0x14, 0x4, 0x1, 0x1b, 0x50, 0x64, 0x0, 0x6, 0x4, 0x0, @local, @rand_addr=0x64010101, {[@generic={0x83, 0x4, 'x{'}, @end, @lsrr={0x83, 0x13, 0xc1, [@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @broadcast, @rand_addr=0x64010101]}, @timestamp_addr={0x44, 0x24, 0x27, 0x1, 0x7, [{@loopback}, {@initdev={0xac, 0x1e, 0x3, 0x0}, 0x11}, {@local, 0x400}, {@loopback}]}]}}}}}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f00000013c0)=0xc7f) recvmmsg(r1, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x85) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r3) getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@gettclass={0x24, 0x2a, 0x129, 0x870bd2c, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {}, {0x0, 0xe}}}, 0x24}}, 0x40004) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) 630.002379ms ago: executing program 1 (id=1856): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 614.948825ms ago: executing program 1 (id=1857): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000022c0)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000001705000008004ef02d3501000000000095003200000000006916000000000000bf67000000000000350605000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d39d25991b085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e5671c888fb126a163f16f920ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e17417a249a2cd8ff62aa6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a122822bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c6310121ecb9029e7f835420f8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000000000bc12b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35349fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a511007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d3743a0be77b64961753faba6131c136fb14b1963960f2f7f118bc451a18b216bf26c3cec2575a059da60baede629711a5f11c347fcbca73440d27b1147b44fb15106c00669da23964fd9de079d1a9077848100f6e75d29b2d60016abc6ef1542bd3062f599676bb04e64decb6c843a407f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 203.525989ms ago: executing program 2 (id=1858): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000140)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) unshare(0x26020480) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1, 0xfc, r3}, 0xc) close(r1) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x2a}, @loopback, 0xff000000, 0xff, 'macvlan0\x00', 'dvmrp1\x00', {0xff}, {}, 0x62, 0x0, 0x3}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x3, 0x40, 0x2}}}, {{@uncond, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x8, 'system_u:object_r:groupadd_exec_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x7fffffffffffffff, 0xfffffffffffffffd, 0x9}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 174.841111ms ago: executing program 4 (id=1859): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="019800000000000020001280080001006772650014000280080001", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000004f40)={'gre0\x00', &(0x7f0000000240)={'gretap0\x00', r1, 0x1, 0x20, 0x0, 0x4, {{0x33, 0x4, 0x1, 0x8, 0xcc, 0x67, 0x0, 0xdb, 0x4, 0x0, @empty, @empty, {[@timestamp_prespec={0x44, 0x44, 0x58, 0x3, 0xa, [{@local, 0x2f}, {@multicast1, 0x6}, {@local, 0x7fff}, {@empty, 0x80000000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x47ed}, {@remote, 0x2}, {@broadcast, 0xa}, {@broadcast, 0xfffffffa}]}, @end, @timestamp_prespec={0x44, 0x24, 0x4c, 0x3, 0x6, [{@empty, 0x7f}, {@empty, 0x7}, {@empty, 0x43}, {@multicast1, 0x6}]}, @timestamp_addr={0x44, 0x3c, 0xc3, 0x1, 0xf, [{@multicast2, 0x8001}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x39ba}, {@loopback, 0x10001}, {@dev={0xac, 0x14, 0x14, 0x19}, 0x80000000}, {@multicast1, 0x1800}, {@multicast2, 0xffffffff}, {@private=0xa010100, 0xc0000}]}, @noop, @noop, @timestamp={0x44, 0xc, 0x64, 0x0, 0x6, [0xff0d, 0x8]}, @timestamp={0x44, 0x4, 0xfa, 0x0, 0x4}, @noop]}}}}}) 147.312513ms ago: executing program 4 (id=1860): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=0x1, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003dc0)=""/226, 0x2c}, 0x7f}], 0x1, 0x832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00m'], 0x38}, 0x1, 0x300}, 0xc000) 59.063392ms ago: executing program 2 (id=1861): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x446982, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8010) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6aeeafac6b1195e3a2a07b7e7608b3a26", 0x2f) r3 = accept4(r2, 0x0, 0x0, 0x80000) sendmsg$alg(r3, 0x0, 0x0) recvmsg$can_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022) 0s ago: executing program 1 (id=1862): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) close(0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') lseek(r4, 0x2000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./bus\x00', 0x3242cac, &(0x7f0000000380)=ANY=[], 0xff, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6) ioctl$FS_IOC_RESVSP(r5, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000}) pread64(r3, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) kernel console output (not intermixed with test programs): oduct=00d0, bcdDevice=10.13 [ 62.473577][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.473608][ T9] usb 1-1: Product: syz [ 62.473626][ T9] usb 1-1: Manufacturer: syz [ 62.473641][ T9] usb 1-1: SerialNumber: syz [ 62.483634][ T9] usb 1-1: config 0 descriptor?? [ 62.697078][ T9] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 63.027452][ T6595] usb 1-1: USB disconnect, device number 3 [ 63.275436][ T7338] loop4: detected capacity change from 0 to 512 [ 63.279564][ T7338] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 63.292726][ T7338] EXT4-fs (loop4): orphan cleanup on readonly fs [ 63.295169][ T7338] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.229: bg 0: block 248: padding at end of block bitmap is not set [ 63.296033][ T7338] __quota_error: 20 callbacks suppressed [ 63.296042][ T7338] Quota error (device loop4): write_blk: dquota write failed [ 63.296080][ T7338] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 63.296098][ T7338] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.229: Failed to acquire dquot type 1 [ 63.298195][ T7338] EXT4-fs (loop4): 1 truncate cleaned up [ 63.300295][ T7338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 64.266421][ T6532] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.707012][ T7362] netlink: 84 bytes leftover after parsing attributes in process `syz.0.235'. [ 64.888123][ T2409] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.889793][ T2409] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.548183][ T7373] loop4: detected capacity change from 0 to 512 [ 65.915010][ T7373] EXT4-fs: Ignoring removed mblk_io_submit option [ 66.025954][ T7373] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.238: corrupted in-inode xattr: invalid ea_ino [ 66.030781][ T7373] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.238: couldn't read orphan inode 15 (err -117) [ 66.035653][ T7373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.048579][ T7373] netlink: 'syz.4.238': attribute type 2 has an invalid length. [ 66.716963][ T7389] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 67.473103][ T6532] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.483101][ T7396] loop1: detected capacity change from 0 to 512 [ 67.488522][ T7396] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 67.524697][ T7396] EXT4-fs (loop1): orphan cleanup on readonly fs [ 67.531604][ T7396] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.243: bg 0: block 248: padding at end of block bitmap is not set [ 67.538956][ T7396] Quota error (device loop1): write_blk: dquota write failed [ 67.539138][ T7396] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 67.539224][ T7396] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.243: Failed to acquire dquot type 1 [ 67.551848][ T7396] EXT4-fs (loop1): 1 truncate cleaned up [ 67.560216][ T7396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.445605][ T7410] netlink: 84 bytes leftover after parsing attributes in process `syz.3.247'. [ 69.378534][ T7418] loop4: detected capacity change from 0 to 512 [ 69.495938][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.507227][ T7418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.536513][ T7418] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.248: iget: bad i_size value: 2533274857506816 [ 69.557041][ T7418] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.248: iget: bad i_size value: 2533274857506816 [ 69.560548][ T7418] overlayfs: failed to resolve './file0': -117 [ 69.731523][ T7426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.736532][ T7426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.072099][ T7433] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 70.191531][ T6532] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.266416][ C1] Unknown status report in ack skb [ 70.880614][ T7459] netlink: 84 bytes leftover after parsing attributes in process `syz.3.261'. [ 72.262334][ T7479] loop3: detected capacity change from 0 to 512 [ 72.383630][ T7479] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.419970][ T7479] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.266: iget: bad i_size value: 2533274857506816 [ 72.489038][ T7479] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.266: iget: bad i_size value: 2533274857506816 [ 72.495611][ T7479] overlayfs: failed to resolve './file0': -117 [ 72.711589][ T7484] vhci_hcd: default hub control req: 000e v0001 i0007 l0 [ 72.720449][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 72.720505][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 72.720538][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 72.788642][ T7489] binder: 7468:7489 BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0 [ 72.792463][ T7489] binder: 7468:7489 ioctl c0306201 20000540 returned -22 [ 73.202711][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.202767][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.202801][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.323281][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.328686][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.328754][ T7484] netlink: 108 bytes leftover after parsing attributes in process `syz.2.265'. [ 73.486555][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.977772][ T7552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.987503][ T7552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.001014][ T52] Bluetooth: hci0: failed to read key size for handle 201 [ 76.275839][ T7565] __nla_validate_parse: 1 callbacks suppressed [ 76.275900][ T7565] netlink: 84 bytes leftover after parsing attributes in process `syz.4.290'. [ 78.680376][ T7613] netlink: 84 bytes leftover after parsing attributes in process `syz.4.303'. [ 79.002840][ T7611] xt_CT: No such helper "snmp_trap" [ 79.242520][ T7623] bio_check_eod: 56 callbacks suppressed [ 79.242574][ T7623] syz.0.307: attempt to access beyond end of device [ 79.242574][ T7623] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 79.242652][ T7623] SQUASHFS error: Failed to read block 0x0: -5 [ 79.242687][ T7623] unable to read squashfs_super_block [ 79.966655][ T7637] loop1: detected capacity change from 0 to 512 [ 80.077093][ T52] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 80.079531][ T52] Bluetooth: hci0: Injecting HCI hardware error event [ 80.082192][ T6537] Bluetooth: hci0: hardware error 0x00 [ 80.097609][ T7637] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.143316][ T7637] EXT4-fs (loop1): orphan cleanup on readonly fs [ 80.155726][ T7637] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.311: bg 0: block 248: padding at end of block bitmap is not set [ 80.164617][ T7637] Quota error (device loop1): write_blk: dquota write failed [ 80.164680][ T7637] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 80.164709][ T7637] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.311: Failed to acquire dquot type 1 [ 80.226662][ T7637] EXT4-fs (loop1): 1 truncate cleaned up [ 80.230026][ T7637] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.233391][ T7637] netlink: 'syz.1.311': attribute type 15 has an invalid length. [ 80.233423][ T7637] netlink: 24 bytes leftover after parsing attributes in process `syz.1.311'. [ 81.212103][ T7649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.212887][ T7649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.755660][ T52] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 81.756451][ T52] Bluetooth: hci4: Injecting HCI hardware error event [ 81.757005][ T52] Bluetooth: hci4: hardware error 0x00 [ 81.833383][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.966399][ T7665] netlink: 84 bytes leftover after parsing attributes in process `syz.0.319'. [ 82.318312][ T6537] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 82.799036][ T7680] loop6: detected capacity change from 0 to 7 [ 82.800623][ T7680] Dev loop6: unable to read RDB block 7 [ 82.800683][ T7680] loop6: unable to read partition table [ 82.800761][ T7680] loop6: partition table beyond EOD, truncated [ 82.800789][ T7680] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 83.985729][ T7705] loop2: detected capacity change from 0 to 512 [ 83.988941][ T7705] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.026123][ T7705] EXT4-fs (loop2): orphan cleanup on readonly fs [ 84.031541][ T7705] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.330: bg 0: block 248: padding at end of block bitmap is not set [ 84.033285][ T7705] Quota error (device loop2): write_blk: dquota write failed [ 84.033422][ T7705] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 84.033481][ T7705] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.330: Failed to acquire dquot type 1 [ 84.038695][ T7705] EXT4-fs (loop2): 1 truncate cleaned up [ 84.043788][ T7705] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 84.060574][ T7705] netlink: 'syz.2.330': attribute type 15 has an invalid length. [ 84.060641][ T7705] netlink: 24 bytes leftover after parsing attributes in process `syz.2.330'. [ 84.445667][ T52] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 84.921293][ T7719] loop6: detected capacity change from 0 to 7 [ 84.922558][ T7719] Dev loop6: unable to read RDB block 7 [ 84.922603][ T7719] loop6: unable to read partition table [ 84.922683][ T7719] loop6: partition table beyond EOD, truncated [ 84.922714][ T7719] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 84.939574][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.345622][ T7720] netlink: 84 bytes leftover after parsing attributes in process `syz.4.332'. [ 85.545484][ T7725] Bluetooth: MGMT ver 1.23 [ 86.451565][ T7747] loop3: detected capacity change from 0 to 128 [ 86.542556][ T7747] syz.3.346: attempt to access beyond end of device [ 86.542556][ T7747] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 86.543522][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543522][ T7747] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 86.543588][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543588][ T7747] loop3: rw=2049, sector=177, nr_sectors = 24 limit=128 [ 86.543636][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543636][ T7747] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 86.543886][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543886][ T7747] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 86.543947][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543947][ T7747] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 86.543987][ T7747] syz.3.346: attempt to access beyond end of device [ 86.543987][ T7747] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 86.544038][ T7747] syz.3.346: attempt to access beyond end of device [ 86.544038][ T7747] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 86.544087][ T7747] syz.3.346: attempt to access beyond end of device [ 86.544087][ T7747] loop3: rw=2049, sector=289, nr_sectors = 9 limit=128 [ 86.576350][ T7755] loop6: detected capacity change from 0 to 7 [ 86.578518][ T7755] Dev loop6: unable to read RDB block 7 [ 86.580152][ T7755] loop6: unable to read partition table [ 86.581478][ T7755] loop6: partition table beyond EOD, truncated [ 86.581537][ T7755] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 86.846167][ T7747] syz.3.346: attempt to access beyond end of device [ 86.846167][ T7747] loop3: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 88.515642][ T7780] netlink: 84 bytes leftover after parsing attributes in process `syz.1.354'. [ 88.886677][ T7801] loop1: detected capacity change from 0 to 128 [ 89.125616][ T7813] loop2: detected capacity change from 0 to 512 [ 89.127607][ T7813] EXT4-fs: Ignoring removed mblk_io_submit option [ 89.225697][ T7813] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.365: corrupted in-inode xattr: invalid ea_ino [ 89.229906][ T7813] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.365: couldn't read orphan inode 15 (err -117) [ 89.234530][ T7813] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.247380][ T7813] netlink: 'syz.2.365': attribute type 2 has an invalid length. [ 90.153316][ T7821] (unnamed net_device) (uninitialized): (slave lo): Device is not bonding slave [ 90.153364][ T7821] (unnamed net_device) (uninitialized): option active_slave: invalid value (lo) [ 90.594374][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.668532][ T7841] netlink: 84 bytes leftover after parsing attributes in process `syz.4.372'. [ 90.987883][ T7842] loop1: detected capacity change from 0 to 512 [ 90.988296][ T7842] EXT4-fs: Ignoring removed mblk_io_submit option [ 91.039078][ T7842] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.374: corrupted in-inode xattr: invalid ea_ino [ 91.040620][ T7842] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.374: couldn't read orphan inode 15 (err -117) [ 91.047390][ T7842] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.125807][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 91.276866][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 91.436330][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 91.439078][ T10] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 91.439122][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.439145][ T10] usb 1-1: Product: syz [ 91.439163][ T10] usb 1-1: Manufacturer: syz [ 91.439179][ T10] usb 1-1: SerialNumber: syz [ 91.472888][ T10] usb 1-1: config 0 descriptor?? [ 91.618765][ T7854] loop3: detected capacity change from 0 to 128 [ 92.008166][ T10] gs_usb 1-1:0.0: Configuring for 2 interfaces [ 92.173640][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.749970][ T7884] netlink: 84 bytes leftover after parsing attributes in process `syz.4.387'. [ 93.152857][ T10] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 93.355977][ T10] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 93.360246][ T10] usb 1-1: USB disconnect, device number 4 [ 93.444812][ T7897] loop1: detected capacity change from 0 to 1024 [ 93.445229][ T7897] EXT4-fs: Ignoring removed mblk_io_submit option [ 93.445249][ T7897] EXT4-fs: Ignoring removed bh option [ 93.457229][ T7897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.337301][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.793898][ T7909] loop3: detected capacity change from 0 to 512 [ 94.927063][ T7909] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 94.967927][ T7909] EXT4-fs (loop3): orphan cleanup on readonly fs [ 94.977076][ T7909] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.394: bg 0: block 248: padding at end of block bitmap is not set [ 94.983125][ T7909] Quota error (device loop3): write_blk: dquota write failed [ 94.983317][ T7909] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 94.983391][ T7909] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.394: Failed to acquire dquot type 1 [ 94.997314][ T7909] EXT4-fs (loop3): 1 truncate cleaned up [ 95.006792][ T7909] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 95.026967][ T7909] netlink: 'syz.3.394': attribute type 15 has an invalid length. [ 95.027052][ T7909] netlink: 24 bytes leftover after parsing attributes in process `syz.3.394'. [ 95.608313][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.732199][ T7944] loop0: detected capacity change from 0 to 512 [ 95.733209][ T7944] EXT4-fs: Ignoring removed mblk_io_submit option [ 95.954682][ T7944] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.407: corrupted in-inode xattr: invalid ea_ino [ 95.962771][ T7944] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.407: couldn't read orphan inode 15 (err -117) [ 96.000038][ T7944] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.084907][ T7944] netlink: 'syz.0.407': attribute type 2 has an invalid length. [ 97.908274][ T7979] loop3: detected capacity change from 0 to 512 [ 97.916504][ T7979] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 98.009109][ T7979] EXT4-fs (loop3): orphan cleanup on readonly fs [ 98.013139][ T7979] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.416: bg 0: block 248: padding at end of block bitmap is not set [ 98.017389][ T7979] Quota error (device loop3): write_blk: dquota write failed [ 98.017525][ T7979] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 98.017574][ T7979] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.416: Failed to acquire dquot type 1 [ 98.026724][ T7979] EXT4-fs (loop3): 1 truncate cleaned up [ 98.036056][ T7979] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 98.051743][ T7979] netlink: 'syz.3.416': attribute type 15 has an invalid length. [ 98.051799][ T7979] netlink: 24 bytes leftover after parsing attributes in process `syz.3.416'. [ 98.548227][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.254445][ T7992] loop1: detected capacity change from 0 to 1024 [ 99.254856][ T7992] EXT4-fs: Ignoring removed mblk_io_submit option [ 99.254891][ T7992] EXT4-fs: Ignoring removed bh option [ 99.274113][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.347546][ T7992] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.102138][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.692059][ T8031] loop1: detected capacity change from 0 to 544 [ 100.694969][ T8031] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 100.696840][ T8031] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 100.696875][ T8031] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 100.696892][ T8031] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 100.706058][ T8031] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.433: Invalid inode table block 0 in block_group 0 [ 100.709275][ T8031] EXT4-fs (loop1): get root inode failed [ 100.709439][ T8031] EXT4-fs (loop1): mount failed [ 100.720469][ T8029] netlink: 'syz.1.433': attribute type 15 has an invalid length. [ 100.720513][ T8029] netlink: 24 bytes leftover after parsing attributes in process `syz.1.433'. [ 101.691976][ T8056] loop0: detected capacity change from 0 to 1024 [ 101.692390][ T8056] EXT4-fs: Ignoring removed mblk_io_submit option [ 101.692427][ T8056] EXT4-fs: Ignoring removed bh option [ 101.718729][ T8056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.549015][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.205859][ T8103] loop1: detected capacity change from 0 to 512 [ 103.246377][ T8103] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 103.269621][ T8103] EXT4-fs (loop1): orphan cleanup on readonly fs [ 103.272422][ T8103] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.455: bg 0: block 248: padding at end of block bitmap is not set [ 103.274034][ T8103] Quota error (device loop1): write_blk: dquota write failed [ 103.274157][ T8103] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 103.274334][ T8103] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.455: Failed to acquire dquot type 1 [ 103.275669][ T8103] EXT4-fs (loop1): 1 truncate cleaned up [ 103.297264][ T8103] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 103.301019][ T8103] netlink: 'syz.1.455': attribute type 15 has an invalid length. [ 103.301051][ T8103] netlink: 24 bytes leftover after parsing attributes in process `syz.1.455'. [ 104.698622][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.869349][ T8130] loop1: detected capacity change from 0 to 512 [ 104.871310][ T8130] EXT4-fs: Ignoring removed mblk_io_submit option [ 105.029943][ T8130] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.463: corrupted in-inode xattr: invalid ea_ino [ 105.034364][ T8130] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.463: couldn't read orphan inode 15 (err -117) [ 105.055635][ T8130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.657694][ T8133] loop3: detected capacity change from 0 to 1024 [ 105.658117][ T8133] EXT4-fs: Ignoring removed mblk_io_submit option [ 105.658151][ T8133] EXT4-fs: Ignoring removed bh option [ 105.797505][ T8137] overlayfs: failed to resolve './file1': -2 [ 105.877664][ T8133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.538982][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.542630][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.388098][ T8167] loop1: detected capacity change from 0 to 512 [ 107.403291][ T8167] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 107.432756][ T8167] EXT4-fs (loop1): orphan cleanup on readonly fs [ 107.442347][ T8167] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.474: bg 0: block 248: padding at end of block bitmap is not set [ 107.452118][ T8167] Quota error (device loop1): write_blk: dquota write failed [ 107.452253][ T8167] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 107.452343][ T8167] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.474: Failed to acquire dquot type 1 [ 107.468693][ T8167] EXT4-fs (loop1): 1 truncate cleaned up [ 107.476173][ T8167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.489843][ T8167] netlink: 'syz.1.474': attribute type 15 has an invalid length. [ 107.489878][ T8167] netlink: 24 bytes leftover after parsing attributes in process `syz.1.474'. [ 108.967672][ T31] audit: type=1326 audit(108.730:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.2.478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 108.967725][ T31] audit: type=1326 audit(108.730:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.2.478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 108.970235][ T31] audit: type=1326 audit(108.730:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.2.478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=266 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 108.970281][ T31] audit: type=1326 audit(2686.734:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.2.478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 108.990966][ T31] audit: type=1326 audit(2686.734:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.2.478" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 109.230898][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.313107][ T8187] loop0: detected capacity change from 0 to 1024 [ 109.313504][ T8187] EXT4-fs: Ignoring removed mblk_io_submit option [ 109.313537][ T8187] EXT4-fs: Ignoring removed bh option [ 109.331674][ T8184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.481'. [ 109.375701][ T8187] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.467025][ T8203] netlink: 20 bytes leftover after parsing attributes in process `syz.1.480'. [ 110.583196][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.297296][ T8231] loop3: detected capacity change from 0 to 512 [ 111.301845][ T8231] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 111.760846][ T8231] EXT4-fs (loop3): orphan cleanup on readonly fs [ 111.767919][ T8231] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.492: bg 0: block 248: padding at end of block bitmap is not set [ 111.772658][ T8231] Quota error (device loop3): write_blk: dquota write failed [ 111.772821][ T8231] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 111.772847][ T8231] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.492: Failed to acquire dquot type 1 [ 111.781496][ T8231] EXT4-fs (loop3): 1 truncate cleaned up [ 111.785715][ T8231] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.798231][ T8231] netlink: 'syz.3.492': attribute type 15 has an invalid length. [ 111.798302][ T8231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.492'. [ 112.122616][ T8236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.494'. [ 112.857767][ T8249] loop1: detected capacity change from 0 to 512 [ 112.858189][ T8249] EXT4-fs: Ignoring removed mblk_io_submit option [ 112.962729][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.052572][ T8249] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.498: corrupted in-inode xattr: invalid ea_ino [ 113.059028][ T8249] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.498: couldn't read orphan inode 15 (err -117) [ 113.065437][ T8249] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.999030][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.119987][ T8289] loop3: detected capacity change from 0 to 512 [ 114.131022][ T8289] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 114.468224][ T8289] EXT4-fs (loop3): orphan cleanup on readonly fs [ 114.479648][ T8289] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.510: bg 0: block 248: padding at end of block bitmap is not set [ 114.483067][ T8289] Quota error (device loop3): write_blk: dquota write failed [ 114.483181][ T8289] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 114.483202][ T8289] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.510: Failed to acquire dquot type 1 [ 114.497993][ T8289] EXT4-fs (loop3): 1 truncate cleaned up [ 114.511867][ T8289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 114.523884][ T8289] netlink: 'syz.3.510': attribute type 15 has an invalid length. [ 114.523969][ T8289] netlink: 24 bytes leftover after parsing attributes in process `syz.3.510'. [ 115.606587][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.514372][ T8328] loop0: detected capacity change from 0 to 512 [ 116.515016][ T8328] EXT4-fs: Ignoring removed mblk_io_submit option [ 116.590199][ T8328] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.521: corrupted in-inode xattr: invalid ea_ino [ 116.595840][ T8328] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.521: couldn't read orphan inode 15 (err -117) [ 116.601262][ T8328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.566045][ T8350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.530'. [ 117.566105][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.530'. [ 117.636035][ T8353] netlink: 'syz.4.529': attribute type 15 has an invalid length. [ 117.636085][ T8353] netlink: 24 bytes leftover after parsing attributes in process `syz.4.529'. [ 117.758873][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.326468][ T8373] overlay: Unknown parameter '/' [ 118.343910][ T8373] process 'syz.1.537' launched '/dev/fd/7' with NULL argv: empty string added [ 119.117430][ T8391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.544'. [ 119.117486][ T8391] netlink: 8 bytes leftover after parsing attributes in process `syz.3.544'. [ 119.234786][ T8399] loop1: detected capacity change from 0 to 512 [ 119.236288][ T8399] EXT4-fs: Ignoring removed mblk_io_submit option [ 119.256423][ T8399] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.546: corrupted in-inode xattr: invalid ea_ino [ 119.259253][ T8399] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.546: couldn't read orphan inode 15 (err -117) [ 119.263528][ T8399] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.320598][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.495117][ T8450] loop2: detected capacity change from 0 to 512 [ 121.499054][ T8450] EXT4-fs: Ignoring removed mblk_io_submit option [ 121.839946][ T8450] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.560: corrupted in-inode xattr: invalid ea_ino [ 121.849448][ T8450] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.560: couldn't read orphan inode 15 (err -117) [ 121.948078][ T8450] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.517523][ T8466] loop6: detected capacity change from 0 to 7 [ 122.519766][ T6521] Dev loop6: unable to read RDB block 7 [ 122.519819][ T6521] loop6: unable to read partition table [ 122.519886][ T6521] loop6: partition table beyond EOD, truncated [ 122.540275][ T8468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.540458][ T8468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.710420][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.719588][ T8466] Dev loop6: unable to read RDB block 7 [ 122.719638][ T8466] loop6: unable to read partition table [ 122.719703][ T8466] loop6: partition table beyond EOD, truncated [ 122.719733][ T8466] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 123.041177][ T8479] bridge_slave_0: left allmulticast mode [ 123.041238][ T8479] bridge_slave_0: left promiscuous mode [ 123.041320][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.046104][ T8479] bridge_slave_1: left allmulticast mode [ 123.046151][ T8479] bridge_slave_1: left promiscuous mode [ 123.046228][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.053505][ T8479] bond0: (slave bond_slave_0): Releasing backup interface [ 123.086762][ T8479] bond0: (slave bond_slave_1): Releasing backup interface [ 123.130781][ T8479] team0: Port device team_slave_0 removed [ 123.137938][ T8479] team0: Port device team_slave_1 removed [ 123.139357][ T8479] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.140675][ T8479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.145138][ T8479] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.145183][ T8479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.258733][ T8488] loop1: detected capacity change from 0 to 512 [ 123.741168][ T8488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.748462][ T8488] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.575: iget: bad i_size value: 2533274857506816 [ 123.768195][ T8488] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.575: iget: bad i_size value: 2533274857506816 [ 123.771488][ T8488] overlayfs: failed to resolve './file0': -117 [ 125.093202][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.409723][ T8526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.584'. [ 126.058798][ T8539] siw: device registration error -23 [ 126.164632][ T2409] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.164694][ T2409] ieee802154 phy1 wpan1: encryption failed: -22 [ 127.646402][ T8567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.603'. [ 127.918954][ T8569] netlink: 4 bytes leftover after parsing attributes in process `syz.4.604'. [ 129.015853][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.617'. [ 129.061315][ T8602] capability: warning: `syz.2.616' uses deprecated v2 capabilities in a way that may be insecure [ 129.552591][ T8617] netlink: 20 bytes leftover after parsing attributes in process `syz.1.623'. [ 132.257494][ T8671] netlink: 'syz.2.640': attribute type 21 has an invalid length. [ 132.257990][ T8671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.640'. [ 132.621626][ T8685] loop1: detected capacity change from 0 to 1024 [ 132.622116][ T8685] EXT4-fs: Ignoring removed mblk_io_submit option [ 132.622156][ T8685] EXT4-fs: Ignoring removed bh option [ 132.684625][ T8685] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.531188][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.309679][ T8731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.661'. [ 134.309732][ T8731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.661'. [ 135.237778][ T8751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.668'. [ 135.952457][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 136.108154][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 136.110242][ T10] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 136.114061][ T10] usb 1-1: string descriptor 0 read error: -22 [ 136.114137][ T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 136.114153][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.254172][ T10] usb 1-1: reset high-speed USB device number 5 using dummy_hcd [ 136.818605][ T8789] loop6: detected capacity change from 0 to 7 [ 136.821045][ T8789] Dev loop6: unable to read RDB block 7 [ 136.821087][ T8789] loop6: unable to read partition table [ 136.821172][ T8789] loop6: partition table beyond EOD, truncated [ 136.821199][ T8789] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 137.302637][ T10] usb 1-1: device descriptor read/64, error -71 [ 137.437733][ T8805] netlink: 'syz.2.687': attribute type 2 has an invalid length. [ 137.552504][ T10] usb 1-1: reset high-speed USB device number 5 using dummy_hcd [ 138.208615][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 138.212110][ T10] usb 1-1: device firmware changed [ 138.219816][ T10] usb 1-1: USB disconnect, device number 5 [ 139.116693][ T8834] loop0: detected capacity change from 0 to 1024 [ 139.117078][ T8834] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.117114][ T8834] EXT4-fs: Ignoring removed bh option [ 139.163944][ T8834] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.069197][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.185926][ T8865] netlink: 'syz.1.703': attribute type 2 has an invalid length. [ 141.241715][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 141.391720][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 141.394799][ T10] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 141.396698][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.400866][ T10] usb 1-1: config 0 descriptor?? [ 141.447087][ T8885] netlink: 28 bytes leftover after parsing attributes in process `syz.1.711'. [ 141.448791][ T8885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.711'. [ 141.703647][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 141.718004][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 141.720092][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 141.721748][ T10] usb 1-1: media controller created [ 141.731253][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 142.141014][ T10] az6027: usb out operation failed. (-71) [ 142.142469][ T10] az6027: usb out operation failed. (-71) [ 142.142502][ T10] stb0899_attach: Driver disabled by Kconfig [ 142.142525][ T10] az6027: no front-end attached [ 142.142525][ T10] [ 142.146207][ T10] az6027: usb out operation failed. (-71) [ 142.146238][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 142.147032][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input2 [ 142.153400][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 142.154695][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 142.157184][ T10] usb 1-1: USB disconnect, device number 6 [ 142.249005][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 143.491966][ T8931] netlink: 'syz.3.722': attribute type 2 has an invalid length. [ 144.978524][ T8957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.732'. [ 145.483544][ T8968] netlink: 'syz.0.736': attribute type 3 has an invalid length. [ 146.049353][ T8996] netlink: 'syz.2.739': attribute type 2 has an invalid length. [ 146.834875][ T9001] wlan1 speed is unknown, defaulting to 1000 [ 147.641860][ T9021] loop2: detected capacity change from 0 to 512 [ 147.647155][ T9021] EXT4-fs: Ignoring removed mblk_io_submit option [ 147.835774][ T9021] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz.2.750: corrupted in-inode xattr: invalid ea_ino [ 147.840708][ T9021] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.750: couldn't read orphan inode 15 (err -117) [ 147.855028][ T9021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.580473][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.691974][ T9039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'. [ 148.987053][ T9043] wlan1 speed is unknown, defaulting to 1000 [ 149.103675][ T9058] loop1: detected capacity change from 0 to 1024 [ 149.104614][ T9058] EXT4-fs: Ignoring removed mblk_io_submit option [ 149.104634][ T9058] EXT4-fs: Ignoring removed bh option [ 149.126276][ T9058] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.835833][ T9073] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 150.835072][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.088810][ T9096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.100213][ T9096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.107147][ T9094] wlan1 speed is unknown, defaulting to 1000 [ 151.628967][ T9108] netlink: 'syz.0.775': attribute type 2 has an invalid length. [ 154.070332][ T9125] overlayfs: failed to resolve './file1': -2 [ 155.335584][ T9154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.790'. [ 155.335632][ T9154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.790'. [ 155.335655][ T9154] netlink: 'syz.0.790': attribute type 18 has an invalid length. [ 155.354986][ T9156] loop3: detected capacity change from 0 to 1024 [ 155.355459][ T9156] EXT4-fs: Ignoring removed mblk_io_submit option [ 155.355495][ T9156] EXT4-fs: Ignoring removed bh option [ 155.363046][ T9156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.286645][ T9175] netlink: 'syz.4.795': attribute type 2 has an invalid length. [ 157.225152][ T9181] loop1: detected capacity change from 0 to 512 [ 157.306684][ T9181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.331044][ T9181] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.797: iget: bad i_size value: 2533274857506816 [ 157.363925][ T9181] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.797: iget: bad i_size value: 2533274857506816 [ 157.371202][ T9181] overlayfs: failed to resolve './file0': -117 [ 158.409086][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.418552][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.052574][ T6097] Bluetooth: hci2: command 0x0406 tx timeout [ 159.169180][ T6540] Bluetooth: hci3: command 0x0405 tx timeout [ 159.180210][ T6533] Bluetooth: hci1: command 0x0406 tx timeout [ 162.534702][ T9259] Illegal XDP return value 4294967274 on prog (id 23) dev N/A, expect packet loss! [ 162.696495][ T9270] netlink: 'syz.2.821': attribute type 2 has an invalid length. [ 162.749327][ T6608] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 163.649185][ T6608] usb 1-1: Using ep0 maxpacket: 32 [ 163.973545][ T9277] loop1: detected capacity change from 0 to 512 [ 163.975744][ T9277] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 163.980663][ T6608] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 163.982583][ T6608] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 163.984403][ T6608] usb 1-1: config 0 interface 0 has no altsetting 0 [ 164.324581][ T9277] EXT4-fs (loop1): orphan cleanup on readonly fs [ 164.337944][ T9277] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.823: bg 0: block 248: padding at end of block bitmap is not set [ 164.341834][ T6608] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 164.341896][ T6608] usb 1-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 164.341924][ T6608] usb 1-1: Product: syz [ 164.341945][ T6608] usb 1-1: Manufacturer: syz [ 164.341964][ T6608] usb 1-1: SerialNumber: syz [ 164.353752][ T6608] usb 1-1: config 0 descriptor?? [ 164.357938][ T9277] Quota error (device loop1): write_blk: dquota write failed [ 164.358055][ T9277] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 164.358080][ T9277] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.823: Failed to acquire dquot type 1 [ 164.525310][ T9277] EXT4-fs (loop1): 1 truncate cleaned up [ 164.556410][ T9277] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 164.765072][ T6608] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 165.246509][ T9302] netlink: 'syz.3.828': attribute type 11 has an invalid length. [ 165.858425][ T9307] netlink: 4 bytes leftover after parsing attributes in process `syz.2.833'. [ 165.876464][ T6608] gs_usb 1-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 165.886834][ T6608] usb 1-1: USB disconnect, device number 7 [ 166.527523][ T9330] veth1_macvtap: left promiscuous mode [ 166.527597][ T9330] macsec0: entered promiscuous mode [ 166.695822][ T9331] veth1_macvtap: entered promiscuous mode [ 166.695952][ T9331] macsec0: left promiscuous mode [ 167.093625][ T9337] netlink: 28 bytes leftover after parsing attributes in process `syz.4.842'. [ 167.093691][ T9337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.842'. [ 167.233713][ T9341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.844'. [ 167.748465][ T9354] Bluetooth: MGMT ver 1.23 [ 168.323819][ T9358] netlink: 16 bytes leftover after parsing attributes in process `syz.4.849'. [ 168.847710][ T9373] binder: 9372:9373 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 168.855060][ T9373] binder: 9372:9373 got transaction to invalid handle, 1 [ 168.856407][ T9373] binder: 9373:9372 cannot find target node [ 168.856461][ T9373] binder: 9372:9373 transaction call to 0:0 failed 4/29201/-22, code 0 size 0-0 line 3152 [ 168.860827][ T9373] binder: 9372:9373 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 168.864365][ T9373] binder: 9372:9373 ioctl c0306201 20000240 returned -11 [ 168.867127][ T9373] binder: 9372:9373 got reply transaction with no transaction stack [ 168.869297][ T9373] binder: 9372:9373 transaction reply to 0:0 failed 5/29201/-71, code 0 size 0-0 line 3053 [ 168.873679][ T6643] binder: undelivered TRANSACTION_ERROR: 29201 [ 168.873952][ T6643] binder: undelivered TRANSACTION_ERROR: 29201 [ 168.927754][ T9380] netlink: 'syz.3.857': attribute type 8 has an invalid length. [ 169.491877][ T9390] netlink: 16 bytes leftover after parsing attributes in process `syz.4.860'. [ 169.542921][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.930913][ T9412] netlink: 'syz.3.868': attribute type 8 has an invalid length. [ 169.991239][ T9414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.019286][ T9414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.354135][ T9422] netlink: 16 bytes leftover after parsing attributes in process `syz.3.873'. [ 170.503936][ T9428] loop3: detected capacity change from 0 to 512 [ 170.517852][ T9428] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 170.524179][ T9428] EXT4-fs (loop3): orphan cleanup on readonly fs [ 170.531006][ T9428] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.874: bg 0: block 248: padding at end of block bitmap is not set [ 170.533827][ T9428] Quota error (device loop3): write_blk: dquota write failed [ 170.533885][ T9428] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 170.533907][ T9428] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.874: Failed to acquire dquot type 1 [ 170.544090][ T9428] EXT4-fs (loop3): 1 truncate cleaned up [ 170.545443][ T9428] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 170.823744][ T24] libceph: connect (1)[c::]:6789 error -101 [ 170.825957][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 171.064419][ T9440] loop6: detected capacity change from 0 to 7 [ 171.064822][ T9440] Dev loop6: unable to read RDB block 7 [ 171.064845][ T9440] loop6: unable to read partition table [ 171.064906][ T9440] loop6: partition table beyond EOD, truncated [ 171.064923][ T9440] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 171.139253][ T24] libceph: connect (1)[c::]:6789 error -101 [ 171.140538][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 171.482834][ T9435] ceph: No mds server is up or the cluster is laggy [ 174.252255][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.594874][ T9510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.595077][ T9510] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.630349][ T9510] wlan1 speed is unknown, defaulting to 1000 [ 175.670926][ T9516] loop6: detected capacity change from 0 to 7 [ 175.672236][ T9516] Dev loop6: unable to read RDB block 7 [ 175.672304][ T9516] loop6: unable to read partition table [ 175.672382][ T9516] loop6: partition table beyond EOD, truncated [ 175.672402][ T9516] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 176.099381][ T9534] loop3: detected capacity change from 0 to 512 [ 176.101988][ T9534] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 176.103763][ T9534] EXT4-fs (loop3): orphan cleanup on readonly fs [ 176.109878][ T9534] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.907: bg 0: block 248: padding at end of block bitmap is not set [ 176.110427][ T9534] Quota error (device loop3): write_blk: dquota write failed [ 176.110471][ T9534] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 176.112545][ T9534] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.907: Failed to acquire dquot type 1 [ 176.113587][ T9534] EXT4-fs (loop3): 1 truncate cleaned up [ 176.114476][ T9534] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 177.086765][ T9559] loop6: detected capacity change from 0 to 7 [ 177.089703][ T9559] Dev loop6: unable to read RDB block 7 [ 177.090847][ T9559] loop6: unable to read partition table [ 177.091944][ T9559] loop6: partition table beyond EOD, truncated [ 177.092915][ T9559] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 178.737084][ T9578] veth1_macvtap: left promiscuous mode [ 178.737231][ T9578] macsec0: entered promiscuous mode [ 179.456617][ T31] audit: type=1326 audit(2757.082:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.456762][ T31] audit: type=1326 audit(2757.082:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.457278][ T31] audit: type=1326 audit(2757.082:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.457370][ T31] audit: type=1326 audit(2757.082:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=233 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.457461][ T31] audit: type=1326 audit(2757.172:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.457561][ T31] audit: type=1326 audit(2757.172:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9579 comm="syz.2.924" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 179.829017][ T9597] loop6: detected capacity change from 0 to 7 [ 179.830386][ T9597] Dev loop6: unable to read RDB block 7 [ 179.830431][ T9597] loop6: unable to read partition table [ 179.830500][ T9597] loop6: partition table beyond EOD, truncated [ 179.830525][ T9597] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 180.089575][ T9604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 180.771301][ T9618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.938'. [ 181.452877][ T9640] netlink: 4 bytes leftover after parsing attributes in process `syz.1.946'. [ 181.486111][ T9644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.526902][ T9644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.821103][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.911659][ T9658] loop6: detected capacity change from 0 to 7 [ 182.161236][ T9658] Dev loop6: unable to read RDB block 7 [ 182.176324][ T9658] loop6: unable to read partition table [ 182.657916][ T9658] loop6: partition table beyond EOD, truncated [ 182.662148][ T9658] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 183.299958][ T9691] loop1: detected capacity change from 0 to 512 [ 183.640821][ T9694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.963'. [ 183.665243][ T9691] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 183.683546][ T9691] EXT4-fs (loop1): orphan cleanup on readonly fs [ 183.685532][ T9691] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.962: bg 0: block 248: padding at end of block bitmap is not set [ 183.689244][ T9691] Quota error (device loop1): write_blk: dquota write failed [ 183.689299][ T9691] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 183.689325][ T9691] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.962: Failed to acquire dquot type 1 [ 183.699918][ T9691] EXT4-fs (loop1): 1 truncate cleaned up [ 183.702450][ T9691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 183.730017][ T9700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.731912][ T9700] bond0: (slave rose0): Enslaving as an active interface with an up link [ 184.621559][ T6537] Bluetooth: hci1: unexpected event for opcode 0x1004 [ 187.167825][ T9807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.988'. [ 187.269050][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.596529][ T2409] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.596609][ T2409] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.578186][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.999'. [ 188.629554][ T6537] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 188.631324][ T6537] Bluetooth: hci1: Injecting HCI hardware error event [ 188.633853][ T6537] Bluetooth: hci1: hardware error 0x00 [ 188.967979][ T9847] loop1: detected capacity change from 0 to 512 [ 189.177057][ T9847] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 189.369626][ T9847] EXT4-fs (loop1): orphan cleanup on readonly fs [ 189.571447][ T9847] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1000: bg 0: block 248: padding at end of block bitmap is not set [ 189.610985][ T9847] Quota error (device loop1): write_blk: dquota write failed [ 189.611054][ T9847] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 189.611077][ T9847] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1000: Failed to acquire dquot type 1 [ 189.620515][ T9847] EXT4-fs (loop1): 1 truncate cleaned up [ 190.578323][ T9847] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 190.907525][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.925176][ T9861] loop3: detected capacity change from 0 to 1024 [ 190.925589][ T9861] EXT4-fs: Ignoring removed mblk_io_submit option [ 190.925625][ T9861] EXT4-fs: Ignoring removed bh option [ 190.959649][ T9861] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.023140][ T9872] loop2: detected capacity change from 0 to 512 [ 191.035607][ T9872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.039842][ T9872] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz.2.1009: iget: bad i_size value: 2533274857506816 [ 191.045042][ T9872] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz.2.1009: iget: bad i_size value: 2533274857506816 [ 191.050539][ T9872] overlayfs: failed to resolve './file0': -117 [ 191.068849][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.096226][ T9876] loop6: detected capacity change from 0 to 7 [ 191.098148][ T9876] Dev loop6: unable to read RDB block 7 [ 191.098213][ T9876] loop6: unable to read partition table [ 191.098316][ T9876] loop6: partition table beyond EOD, truncated [ 191.098336][ T9876] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 191.828045][ T9909] loop1: detected capacity change from 0 to 512 [ 191.972448][ T9909] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 192.050731][ T9909] EXT4-fs (loop1): orphan cleanup on readonly fs [ 192.055566][ T9909] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1018: bg 0: block 248: padding at end of block bitmap is not set [ 192.060337][ T9909] Quota error (device loop1): write_blk: dquota write failed [ 192.060531][ T9909] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 192.060616][ T9909] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1018: Failed to acquire dquot type 1 [ 192.070800][ T9909] EXT4-fs (loop1): 1 truncate cleaned up [ 192.465600][ T6537] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 192.701881][ T9909] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 192.837033][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.954819][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.288169][ T9924] loop6: detected capacity change from 0 to 7 [ 193.297109][ T9924] Dev loop6: unable to read RDB block 7 [ 193.297188][ T9924] loop6: unable to read partition table [ 193.297266][ T9924] loop6: partition table beyond EOD, truncated [ 193.297296][ T9924] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 193.383300][ T9929] loop1: detected capacity change from 0 to 512 [ 193.459382][ T9929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.463800][ T9929] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1022: iget: bad i_size value: 2533274857506816 [ 193.505023][ T9929] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1022: iget: bad i_size value: 2533274857506816 [ 193.513243][ T9929] overlayfs: failed to resolve './file0': -117 [ 196.162336][ T9957] loop2: detected capacity change from 0 to 512 [ 196.853393][ T9957] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 197.082064][ T9957] EXT4-fs (loop2): orphan cleanup on readonly fs [ 197.086551][ T9957] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1032: bg 0: block 248: padding at end of block bitmap is not set [ 197.089134][ T9957] Quota error (device loop2): write_blk: dquota write failed [ 197.089170][ T9957] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 197.089189][ T9957] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1032: Failed to acquire dquot type 1 [ 197.094248][ T9957] EXT4-fs (loop2): 1 truncate cleaned up [ 197.142649][ T9957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 197.305274][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.659502][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.719378][T10039] binder: BINDER_SET_CONTEXT_MGR already set [ 199.720327][T10039] binder: 10038:10039 ioctl 4018620d 200000c0 returned -16 [ 199.721488][T10039] binder: BINDER_SET_CONTEXT_MGR already set [ 199.721503][T10039] binder: 10038:10039 ioctl 4018620d 200002c0 returned -16 [ 199.721655][T10039] binder: 10038:10039 got transaction to invalid handle, 1 [ 199.721671][T10039] binder: 10039:10038 cannot find target node [ 199.721683][T10039] binder: 10038:10039 transaction call to 0:0 failed 7/29201/-22, code 0 size 0-0 line 3152 [ 199.721781][T10039] binder: 10038:10039 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 199.721807][T10039] binder: 10038:10039 ioctl c0306201 20000240 returned -11 [ 199.722135][ T6543] binder: undelivered TRANSACTION_ERROR: 29201 [ 201.583454][T10071] netlink: 'syz.3.1063': attribute type 2 has an invalid length. [ 201.729484][T10075] binder: 10074:10075 tried to acquire reference to desc 0, got 1 instead [ 201.729895][T10075] binder: 10074:10075 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 201.730229][ T6543] binder: release 10074:10075 transaction 12 out, still active [ 201.730304][ T6543] binder: undelivered TRANSACTION_COMPLETE [ 201.735655][ T6543] binder: release 10074:10075 transaction 12 in, still active [ 201.735694][ T6543] binder: send failed reply for transaction 12, target dead [ 201.769255][T10081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1068'. [ 203.382615][T10117] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1081'. [ 203.433607][T10119] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1082'. [ 203.594670][T10134] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1087'. [ 203.715909][T10139] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 203.720671][T10143] tipc: Started in network mode [ 203.720730][T10143] tipc: Node identity 080211000001, cluster identity 4711 [ 203.721120][T10143] tipc: Enabled bearer , priority 0 [ 203.721708][T10143] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 203.721734][T10143] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 203.866413][T10151] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1093'. [ 203.871913][T10139] netlink: 'syz.0.1090': attribute type 10 has an invalid length. [ 203.871975][T10139] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 203.917526][T10139] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.920791][T10139] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 203.926124][T10147] tipc: Resetting bearer [ 203.972800][T10158] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1096'. [ 204.068755][T10164] loop3: detected capacity change from 0 to 512 [ 204.115238][T10164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.119163][T10164] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.1095: iget: bad i_size value: 2533274857506816 [ 204.153033][T10164] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.1095: iget: bad i_size value: 2533274857506816 [ 204.157124][T10164] overlayfs: failed to resolve './file0': -117 [ 204.227695][T10177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1102'. [ 204.521306][T10183] x_tables: duplicate underflow at hook 3 [ 204.548178][T10181] bridge0: entered allmulticast mode [ 204.784087][ T6627] tipc: Node number set to 134418688 [ 205.376021][T10212] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1115'. [ 206.474324][T10247] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1128'. [ 206.476093][T10247] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1128'. [ 206.534536][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.788476][T10284] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1143'. [ 206.788525][T10284] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1143'. [ 207.001330][T10298] loop0: detected capacity change from 0 to 512 [ 207.196155][T10298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.203596][T10285] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.203815][T10285] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.208819][T10298] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.1144: iget: bad i_size value: 2533274857506816 [ 207.229731][T10298] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.1144: iget: bad i_size value: 2533274857506816 [ 207.233234][T10298] overlayfs: failed to resolve './file0': -117 [ 207.472800][T10285] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 207.478300][T10285] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.018151][T10285] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.018212][T10285] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.018233][T10285] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.018253][T10285] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.047169][T10328] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1155'. [ 208.047218][T10328] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1155'. [ 208.856769][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.003829][T10364] netlink: 'syz.0.1168': attribute type 2 has an invalid length. [ 209.409767][T10369] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1171'. [ 209.409824][T10369] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1171'. [ 209.957032][T10400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1183'. [ 209.957086][T10400] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1183'. [ 210.026763][T10403] tipc: Enabled bearer , priority 0 [ 210.027869][T10403] syzkaller0: entered promiscuous mode [ 210.027964][T10403] syzkaller0: entered allmulticast mode [ 210.118163][T10403] tipc: Resetting bearer [ 210.118499][T10403] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.125087][T10402] tipc: Resetting bearer [ 210.214482][T10402] tipc: Disabling bearer [ 210.744476][T10425] netlink: 'syz.4.1191': attribute type 2 has an invalid length. [ 210.891384][T10428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1194'. [ 211.587978][T10451] binder: BINDER_SET_CONTEXT_MGR already set [ 211.588022][T10451] binder: 10450:10451 ioctl 4018620d 200000c0 returned -16 [ 211.589613][T10451] binder: BINDER_SET_CONTEXT_MGR already set [ 211.589868][T10451] binder: 10450:10451 ioctl 4018620d 200002c0 returned -16 [ 211.590312][T10451] binder: 10450:10451 got transaction to invalid handle, 1 [ 211.590523][T10451] binder: 10451:10450 cannot find target node [ 211.590565][T10451] binder: 10450:10451 transaction call to 0:0 failed 14/29201/-22, code 0 size 0-0 line 3152 [ 211.591073][T10451] binder: 10450:10451 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 211.591532][T10451] binder: 10450:10451 ioctl c0306201 20000240 returned -11 [ 211.591928][T10451] binder: 10450:10451 got reply transaction with no transaction stack [ 211.592186][T10451] binder: 10450:10451 transaction reply to 0:0 failed 15/29201/-71, code 0 size 0-0 line 3053 [ 211.592737][ T9] binder: undelivered TRANSACTION_ERROR: 29201 [ 211.678983][ T1817] binder: undelivered TRANSACTION_ERROR: 29201 [ 212.059384][T10470] netlink: 'syz.2.1209': attribute type 2 has an invalid length. [ 212.206681][T10474] geneve2: entered allmulticast mode [ 212.868175][T10490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'. [ 212.883802][T10493] binder: tried to use weak ref as strong ref [ 212.883844][T10493] binder: 10489:10493 Acquire 1 refcount change on invalid ref 0 ret -22 [ 212.884041][T10493] binder: 10489:10493 got transaction to invalid handle, 1 [ 212.884066][T10493] binder: 10493:10489 cannot find target node [ 212.884089][T10493] binder: 10489:10493 transaction call to 0:0 failed 18/29201/-22, code 0 size 0-0 line 3152 [ 212.884274][T10493] binder: 10489:10493 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 212.884417][T10493] binder: 10489:10493 got reply transaction with no transaction stack [ 212.884434][T10493] binder: 10489:10493 transaction reply to 0:0 failed 19/29201/-71, code 0 size 0-0 line 3053 [ 212.884666][ T1817] binder: undelivered TRANSACTION_ERROR: 29201 [ 212.888755][ T1817] binder: undelivered TRANSACTION_ERROR: 29201 [ 213.698626][T10506] tipc: Enabled bearer , priority 0 [ 213.701371][T10506] syzkaller0: entered promiscuous mode [ 213.702504][T10506] syzkaller0: entered allmulticast mode [ 213.764765][T10511] ieee802154 phy0 wpan0: encryption failed: -22 [ 213.804319][T10510] tipc: Resetting bearer [ 213.807223][T10504] tipc: Resetting bearer [ 213.893639][T10504] tipc: Disabling bearer [ 214.113551][T10539] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.770696][T10539] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.775920][T10539] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.965903][T10539] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.965955][T10539] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.965986][T10539] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.966015][T10539] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.186068][T10540] veth1_macvtap: left promiscuous mode [ 215.186124][T10540] macsec0: entered promiscuous mode [ 215.228753][T10549] tipc: Started in network mode [ 215.228806][T10549] tipc: Node identity 96d951345c37, cluster identity 3 [ 215.228868][T10549] tipc: Enabled bearer , priority 0 [ 215.235082][T10550] syzkaller0: entered promiscuous mode [ 215.235130][T10550] syzkaller0: entered allmulticast mode [ 215.247441][T10547] tipc: Resetting bearer [ 215.255210][T10558] wlan1 speed is unknown, defaulting to 1000 [ 215.262722][T10546] tipc: Resetting bearer [ 215.293278][T10546] tipc: Disabling bearer [ 215.303373][T10570] tipc: Enabling of bearer rejected, already enabled [ 216.591185][T10604] binder: tried to use weak ref as strong ref [ 216.592440][T10604] binder: 10603:10604 Acquire 1 refcount change on invalid ref 0 ret -22 [ 216.595679][T10604] binder: 10603:10604 got transaction to invalid handle, 1 [ 216.597072][T10604] binder: 10604:10603 cannot find target node [ 216.598248][T10604] binder: 10603:10604 transaction call to 0:0 failed 22/29201/-22, code 0 size 0-0 line 3152 [ 216.600324][ T1817] binder: undelivered TRANSACTION_ERROR: 29201 [ 216.639570][T10610] bridge0: entered allmulticast mode [ 216.656104][T10610] pim6reg: entered allmulticast mode [ 216.661369][T10610] x_tables: duplicate underflow at hook 3 [ 216.920208][T10640] loop0: detected capacity change from 0 to 512 [ 217.033046][T10640] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 217.054102][T10640] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.1259: iget: bad i_size value: 2533274857506816 [ 217.076116][T10640] EXT4-fs error (device loop0): ext4_lookup:1787: inode #12: comm syz.0.1259: iget: bad i_size value: 2533274857506816 [ 217.083835][T10640] overlayfs: failed to resolve './file0': -117 [ 217.282692][ T6529] Bluetooth: hci3: command 0x0405 tx timeout [ 217.769587][T10652] tipc: Started in network mode [ 217.770595][T10652] tipc: Node identity c, cluster identity 4711 [ 217.772019][T10652] tipc: Node number set to 12 [ 217.909068][T10656] netlink: 'syz.2.1266': attribute type 13 has an invalid length. [ 217.909122][T10656] netlink: 'syz.2.1266': attribute type 17 has an invalid length. [ 217.928009][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.986368][T10656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.987056][T10656] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.042605][T10656] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.065992][T10665] netlink: 'syz.4.1271': attribute type 3 has an invalid length. [ 218.068377][T10665] syz_tun: entered allmulticast mode [ 218.132572][T10665] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.138045][T10663] syz_tun: left allmulticast mode [ 218.375990][T10674] tipc: Enabled bearer , priority 0 [ 218.379209][T10674] syzkaller0: entered promiscuous mode [ 218.381841][T10674] syzkaller0: entered allmulticast mode [ 218.507885][T10674] tipc: Resetting bearer [ 218.509254][T10674] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.518332][T10672] tipc: Resetting bearer [ 218.622994][T10672] tipc: Disabling bearer [ 218.631912][T10681] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 218.758395][T10686] syzkaller0: entered promiscuous mode [ 218.758441][T10686] syzkaller0: entered allmulticast mode [ 219.063496][T10697] tipc: Enabled bearer , priority 0 [ 219.113037][T10697] syzkaller0: entered promiscuous mode [ 219.113061][T10697] syzkaller0: entered allmulticast mode [ 219.117801][T10699] loop3: detected capacity change from 0 to 512 [ 219.175195][T10697] tipc: Resetting bearer [ 219.208941][T10696] tipc: Resetting bearer [ 219.219478][T10699] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.221346][T10699] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.1279: iget: bad i_size value: 2533274857506816 [ 219.225507][T10699] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.1279: iget: bad i_size value: 2533274857506816 [ 219.225709][T10699] overlayfs: failed to resolve './file0': -117 [ 219.783699][T10696] tipc: Disabling bearer [ 219.856823][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1283'. [ 219.906515][T10714] tipc: Enabled bearer , priority 0 [ 219.909612][T10714] syzkaller0: entered promiscuous mode [ 219.911178][T10714] syzkaller0: entered allmulticast mode [ 220.493996][T10722] veth1_macvtap: left promiscuous mode [ 220.494049][T10722] macsec0: entered promiscuous mode [ 220.503976][T10714] tipc: Resetting bearer [ 220.511150][T10713] tipc: Resetting bearer [ 220.524418][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.592612][T10713] tipc: Disabling bearer [ 220.632840][T10724] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 220.658413][T10732] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1290'. [ 220.675570][T10730] vlan2: entered promiscuous mode [ 220.676568][T10730] syz_tun: entered promiscuous mode [ 220.825035][T10744] tipc: Enabling of bearer rejected, failed to enable media [ 221.156586][T10759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1299'. [ 221.293480][T10760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1296'. [ 222.354125][T10778] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1305'. [ 222.374705][T10783] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1305'. [ 222.451165][T10789] netlink: 'syz.2.1308': attribute type 2 has an invalid length. [ 222.569562][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1312'. [ 222.702062][T10802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1314'. [ 222.748525][T10804] binder: BINDER_SET_CONTEXT_MGR already set [ 222.748564][T10804] binder: 10803:10804 ioctl 4018620d 200000c0 returned -16 [ 222.750745][T10804] binder: BINDER_SET_CONTEXT_MGR already set [ 222.750761][T10804] binder: 10803:10804 ioctl 4018620d 200002c0 returned -16 [ 222.751727][T10804] binder: 10803:10804 got transaction to invalid handle, 1 [ 222.751748][T10804] binder: 10804:10803 cannot find target node [ 222.751764][T10804] binder: 10803:10804 transaction call to 0:0 failed 24/29201/-22, code 0 size 0-0 line 3152 [ 222.754962][T10804] binder: 10803:10804 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 222.756522][T10804] binder: 10803:10804 ioctl c0306201 20000240 returned -11 [ 222.756850][T10804] binder: 10803:10804 got reply transaction with no transaction stack [ 222.756868][T10804] binder: 10803:10804 transaction reply to 0:0 failed 25/29201/-71, code 0 size 0-0 line 3053 [ 222.759682][ T6595] binder: undelivered TRANSACTION_ERROR: 29201 [ 222.773353][ T6595] binder: undelivered TRANSACTION_ERROR: 29201 [ 222.810290][T10806] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1316'. [ 222.890595][T10808] tipc: Enabling of bearer rejected, failed to enable media [ 222.890970][T10808] syzkaller0: entered promiscuous mode [ 222.890990][T10808] syzkaller0: entered allmulticast mode [ 223.219693][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1325'. [ 223.632510][T10841] Cannot find add_set index 2 as target [ 223.740284][T10848] loop1: detected capacity change from 0 to 1024 [ 223.740734][T10848] EXT4-fs: Ignoring removed mblk_io_submit option [ 223.740770][T10848] EXT4-fs: Ignoring removed bh option [ 223.857362][T10848] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.141571][T10862] vlan2: entered promiscuous mode [ 224.142752][T10862] vlan2: entered allmulticast mode [ 224.143811][T10862] hsr_slave_1: entered allmulticast mode [ 224.835327][T10889] macsec1: entered promiscuous mode [ 224.836507][T10889] team0: entered promiscuous mode [ 224.976154][T10907] __nla_validate_parse: 3 callbacks suppressed [ 224.976448][T10907] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1352'. [ 225.029451][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.237580][T10931] tipc: Enabling of bearer rejected, failed to enable media [ 225.322732][T10939] netlink: 'syz.2.1359': attribute type 2 has an invalid length. [ 225.333174][T10938] loop3: detected capacity change from 0 to 1024 [ 225.333712][T10938] EXT4-fs: Ignoring removed mblk_io_submit option [ 225.333732][T10938] EXT4-fs: Ignoring removed bh option [ 225.364175][T10938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.316962][T10958] bridge_slave_0: left allmulticast mode [ 226.317016][T10958] bridge_slave_0: left promiscuous mode [ 226.317107][T10958] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.321369][T10958] bridge_slave_1: left allmulticast mode [ 226.321413][T10958] bridge_slave_1: left promiscuous mode [ 226.321879][T10958] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.328621][T10958] bond0: (slave bond_slave_0): Releasing backup interface [ 226.373316][T10958] bond0: (slave bond_slave_1): Releasing backup interface [ 226.373711][T10960] netlink: 'syz.1.1370': attribute type 10 has an invalid length. [ 226.424935][T10958] team0: Port device team_slave_0 removed [ 226.426571][T10958] team0: Port device team_slave_1 removed [ 226.426718][T10958] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.427903][T10958] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.429203][T10960] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 226.430304][T10960] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 226.552452][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.716556][T10973] tipc: Enabling of bearer rejected, failed to enable media [ 228.810645][T11056] binder: BINDER_SET_CONTEXT_MGR already set [ 228.811953][T11056] binder: 11055:11056 ioctl 4018620d 200002c0 returned -16 [ 228.814624][T11056] binder: 11055:11056 got transaction to invalid handle, 1 [ 228.815994][T11056] binder: 11056:11055 cannot find target node [ 228.817148][T11056] binder: 11055:11056 transaction call to 0:0 failed 27/29201/-22, code 0 size 0-0 line 3152 [ 228.820151][T11056] binder: 11055:11056 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 228.822668][T11056] binder: 11055:11056 ioctl c0306201 20000240 returned -11 [ 228.825013][ T6608] binder: undelivered TRANSACTION_ERROR: 29201 [ 230.208816][T11096] binder: 11094:11096 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 230.215326][T11096] binder: 11094:11096 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 230.215793][T11096] binder: 11094:11096 ioctl c0306201 20000240 returned -11 [ 230.859960][T11110] bridge0: entered allmulticast mode [ 230.869969][T11110] pim6reg: entered allmulticast mode [ 230.938344][T11116] loop0: detected capacity change from 0 to 512 [ 230.949091][T11116] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 230.977762][T11116] EXT4-fs (loop0): orphan cleanup on readonly fs [ 230.984765][T11116] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1419: bg 0: block 248: padding at end of block bitmap is not set [ 230.985052][T11116] Quota error (device loop0): write_blk: dquota write failed [ 230.985103][T11116] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 230.985127][T11116] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1419: Failed to acquire dquot type 1 [ 230.988785][T11116] EXT4-fs (loop0): 1 truncate cleaned up [ 231.016551][T11123] binder: 11122:11123 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 231.018354][T11123] binder: 11122:11123 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 231.019968][T11123] binder: 11122:11123 ioctl c0306201 20000240 returned -11 [ 231.269133][T11116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 231.289469][T11137] loop3: detected capacity change from 0 to 1024 [ 231.289947][T11137] EXT4-fs: Ignoring removed mblk_io_submit option [ 231.289981][T11137] EXT4-fs: Ignoring removed bh option [ 231.381586][T11137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.140406][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.219076][T11159] x_tables: duplicate underflow at hook 3 [ 232.753225][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.972163][T11172] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 232.977594][T11172] netlink: 'syz.1.1439': attribute type 10 has an invalid length. [ 232.979531][T11172] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 233.463980][T11181] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1442'. [ 233.519357][T11185] tipc: Enabled bearer , priority 0 [ 233.519726][T11185] syzkaller0: entered promiscuous mode [ 233.519748][T11185] syzkaller0: entered allmulticast mode [ 233.523585][T11185] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 233.572411][T11185] tipc: Resetting bearer [ 233.573680][T11184] tipc: Resetting bearer [ 233.821174][T11184] tipc: Disabling bearer [ 234.048055][T11205] bridge0: entered allmulticast mode [ 234.054569][T11205] pim6reg: entered allmulticast mode [ 234.055924][T11205] x_tables: duplicate underflow at hook 3 [ 234.123761][T11211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1453'. [ 234.206255][T11215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1455'. [ 234.275419][T11220] syzkaller1: entered promiscuous mode [ 234.276625][T11220] syzkaller1: entered allmulticast mode [ 234.279611][ T6543] IPVS: starting estimator thread 0... [ 234.363478][T11224] IPVS: using max 69 ests per chain, 165600 per kthread [ 234.625255][T11228] wlan1 speed is unknown, defaulting to 1000 [ 234.836209][T11243] bridge0: entered allmulticast mode [ 234.839684][T11243] pim6reg: entered allmulticast mode [ 234.843521][T11243] x_tables: duplicate underflow at hook 3 [ 234.957889][T11248] loop0: detected capacity change from 0 to 512 [ 234.959233][T11248] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 234.959917][T11248] EXT4-fs (loop0): orphan cleanup on readonly fs [ 234.961093][T11248] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1466: bg 0: block 248: padding at end of block bitmap is not set [ 234.965666][T11248] Quota error (device loop0): write_blk: dquota write failed [ 234.965722][T11248] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 234.965755][T11248] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1466: Failed to acquire dquot type 1 [ 234.972746][T11248] EXT4-fs (loop0): 1 truncate cleaned up [ 234.974899][T11248] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 235.007548][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.937563][T11281] loop3: detected capacity change from 0 to 512 [ 235.940027][T11281] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 235.947625][T11281] EXT4-fs (loop3): orphan cleanup on readonly fs [ 235.952254][T11281] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1477: bg 0: block 248: padding at end of block bitmap is not set [ 235.955012][T11281] Quota error (device loop3): write_blk: dquota write failed [ 235.955080][T11281] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 235.955110][T11281] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1477: Failed to acquire dquot type 1 [ 235.962871][T11281] EXT4-fs (loop3): 1 truncate cleaned up [ 235.964673][T11281] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 236.029178][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.162861][T11291] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1481'. [ 236.483630][T11299] x_tables: duplicate underflow at hook 3 [ 236.512818][T11302] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 236.517346][T11302] bridge_slave_0: left allmulticast mode [ 236.518455][T11302] bridge_slave_0: left promiscuous mode [ 236.519637][T11302] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.523217][T11302] bridge_slave_1: left allmulticast mode [ 236.524444][T11302] bridge_slave_1: left promiscuous mode [ 236.525407][T11302] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.529556][T11302] bond0: (slave bond_slave_0): Releasing backup interface [ 236.567787][T11309] netlink: 'syz.2.1485': attribute type 10 has an invalid length. [ 236.578475][T11302] bond0: (slave bond_slave_1): Releasing backup interface [ 236.604951][T11302] team0: Port device team_slave_0 removed [ 236.611171][T11302] team0: Port device team_slave_1 removed [ 236.611360][T11302] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 236.614022][T11302] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.615814][T11309] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 236.628830][T11309] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 236.651091][T11320] loop2: detected capacity change from 0 to 512 [ 236.655718][T11321] netlink: 'syz.4.1487': attribute type 13 has an invalid length. [ 236.655771][T11321] netlink: 'syz.4.1487': attribute type 17 has an invalid length. [ 236.658628][T11320] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 236.661384][T11320] EXT4-fs (loop2): orphan cleanup on readonly fs [ 236.663377][T11320] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1489: bg 0: block 248: padding at end of block bitmap is not set [ 236.669086][T11320] Quota error (device loop2): write_blk: dquota write failed [ 236.669152][T11320] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 236.669181][T11320] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1489: Failed to acquire dquot type 1 [ 236.673965][T11320] EXT4-fs (loop2): 1 truncate cleaned up [ 236.683670][T11320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 236.740451][T11321] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 236.753820][T11306] wlan1 speed is unknown, defaulting to 1000 [ 236.773433][T11305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.773689][T11305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.788048][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.251451][T11357] loop2: detected capacity change from 0 to 512 [ 237.264271][T11357] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 237.266616][T11357] EXT4-fs (loop2): orphan cleanup on readonly fs [ 237.268232][T11357] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1500: bg 0: block 248: padding at end of block bitmap is not set [ 237.271246][T11357] Quota error (device loop2): write_blk: dquota write failed [ 237.271301][T11357] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 237.271323][T11357] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1500: Failed to acquire dquot type 1 [ 237.277053][T11357] EXT4-fs (loop2): 1 truncate cleaned up [ 237.282294][T11357] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 237.333044][T11360] wlan1 speed is unknown, defaulting to 1000 [ 237.349466][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.353709][T11366] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1503'. [ 237.404787][T11370] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1505'. [ 237.521589][T11376] bridge_slave_0: left allmulticast mode [ 237.523870][T11376] bridge_slave_0: left promiscuous mode [ 237.525476][T11376] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.534246][T11376] bridge_slave_1: left allmulticast mode [ 237.536642][T11376] bridge_slave_1: left promiscuous mode [ 237.538129][T11376] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.546815][T11376] bond0: (slave bond_slave_0): Releasing backup interface [ 237.563622][T11380] netlink: 'syz.3.1508': attribute type 10 has an invalid length. [ 237.593013][T11376] bond0: (slave bond_slave_1): Releasing backup interface [ 237.629319][T11376] team0: Port device team_slave_0 removed [ 237.636773][T11376] team0: Port device team_slave_1 removed [ 237.639596][T11376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.641459][T11376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.644860][T11376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.646798][T11376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.896788][T11404] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1516'. [ 238.108516][T11410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1518'. [ 238.185211][T11414] tipc: Enabled bearer , priority 0 [ 238.185655][T11414] syzkaller0: entered promiscuous mode [ 238.185675][T11414] syzkaller0: entered allmulticast mode [ 238.224264][T11414] tipc: Resetting bearer [ 238.282111][T11413] tipc: Resetting bearer [ 238.310820][T11413] tipc: Disabling bearer [ 238.332681][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1523'. [ 238.334574][T11421] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1523'. [ 238.393052][T11423] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 238.410797][T11423] bond0: (slave wlan1): Releasing backup interface [ 238.433225][T11423] netlink: 'syz.2.1524': attribute type 10 has an invalid length. [ 238.433280][T11423] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 238.434713][T11423] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 238.497584][T11432] tipc: Enabled bearer , priority 0 [ 238.497993][T11432] syzkaller0: entered promiscuous mode [ 238.498021][T11432] syzkaller0: entered allmulticast mode [ 238.515780][T11436] binder: BINDER_SET_CONTEXT_MGR already set [ 238.517095][T11436] binder: 11435:11436 ioctl 4018620d 200002c0 returned -16 [ 238.519172][T11436] binder: 11435:11436 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 238.560426][T11436] binder: 11435:11436 ioctl c0306201 20000240 returned -11 [ 238.604673][T11432] tipc: Resetting bearer [ 238.613734][T11431] tipc: Resetting bearer [ 238.651428][T11431] tipc: Disabling bearer [ 238.869271][T11453] tipc: Enabled bearer , priority 0 [ 238.874924][T11453] syzkaller0: entered promiscuous mode [ 238.874973][T11453] syzkaller0: entered allmulticast mode [ 238.923156][T11453] tipc: Resetting bearer [ 238.925894][T11449] tipc: Resetting bearer [ 238.991472][T11449] tipc: Disabling bearer [ 239.019774][T11457] bond0: (slave wlan1): Releasing backup interface [ 239.074938][T11457] netlink: 'syz.0.1539': attribute type 10 has an invalid length. [ 239.076471][T11457] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 239.081016][T11457] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 239.176175][T11465] binder: 11461:11465 ioctl 4018620d 0 returned -22 [ 239.178111][T11465] binder: 11461:11465 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 239.183289][T11465] binder: 11461:11465 got transaction to invalid handle, 1 [ 239.184561][T11465] binder: 11465:11461 cannot find target node [ 239.185887][T11465] binder: 11461:11465 transaction call to 0:0 failed 33/29201/-22, code 0 size 0-0 line 3152 [ 239.188121][T11465] binder: 11461:11465 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 239.192516][T11465] binder: 11465 RLIMIT_NICE not set [ 239.192571][T11465] binder: 11461:11465 ioctl c0306201 20000240 returned -11 [ 239.197928][ T6587] binder: undelivered TRANSACTION_ERROR: 29201 [ 239.697140][T11477] tipc: Enabled bearer , priority 0 [ 239.698958][T11477] syzkaller0: entered promiscuous mode [ 239.707300][T11477] syzkaller0: entered allmulticast mode [ 239.710779][T11477] tipc: Resetting bearer [ 239.712010][T11476] tipc: Resetting bearer [ 239.731160][T11476] tipc: Disabling bearer [ 239.850731][T11487] netlink: 'syz.2.1549': attribute type 2 has an invalid length. [ 240.659239][T11490] tipc: Enabled bearer , priority 0 [ 240.659601][T11490] syzkaller0: entered promiscuous mode [ 240.659639][T11490] syzkaller0: entered allmulticast mode [ 240.735990][T11490] tipc: Resetting bearer [ 240.740997][T11492] tipc: Enabled bearer , priority 0 [ 240.742713][T11492] syzkaller0: entered promiscuous mode [ 240.744226][T11492] syzkaller0: entered allmulticast mode [ 240.766975][T11489] tipc: Resetting bearer [ 240.788967][T11497] __nla_validate_parse: 1 callbacks suppressed [ 240.789036][T11497] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1554'. [ 240.789071][T11497] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1554'. [ 240.810767][T11489] tipc: Disabling bearer [ 240.951335][T11507] binder: BINDER_SET_CONTEXT_MGR already set [ 240.951378][T11507] binder: 11506:11507 ioctl 4018620d 200000c0 returned -16 [ 240.952514][T11507] binder: BINDER_SET_CONTEXT_MGR already set [ 240.952529][T11507] binder: 11506:11507 ioctl 4018620d 200002c0 returned -16 [ 240.952681][T11507] binder: 11506:11507 got transaction to invalid handle, 1 [ 240.952697][T11507] binder: 11507:11506 cannot find target node [ 240.952709][T11507] binder: 11506:11507 transaction call to 0:0 failed 35/29201/-22, code 0 size 0-0 line 3152 [ 240.952813][T11507] binder: 11506:11507 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 240.952828][T11507] binder: 11507 RLIMIT_NICE not set [ 240.952839][T11507] binder: 11506:11507 ioctl c0306201 20000240 returned -11 [ 240.952932][T11507] binder: 11506:11507 got reply transaction with no transaction stack [ 240.952944][T11507] binder: 11506:11507 transaction reply to 0:0 failed 36/29201/-71, code 0 size 0-0 line 3053 [ 240.953148][ T6543] binder: undelivered TRANSACTION_ERROR: 29201 [ 240.957054][ T6543] binder: undelivered TRANSACTION_ERROR: 29201 [ 240.974280][T11505] netlink: 'syz.4.1557': attribute type 10 has an invalid length. [ 240.976238][T11498] tipc: Resetting bearer [ 241.060482][T11517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1561'. [ 241.081655][T11505] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 241.083437][T11491] tipc: Resetting bearer [ 241.130743][T11491] tipc: Disabling bearer [ 241.936749][T11532] binder: BINDER_SET_CONTEXT_MGR already set [ 241.936784][T11532] binder: 11531:11532 ioctl 4018620d 200002c0 returned -16 [ 241.938345][T11532] binder: 11531:11532 got transaction to invalid handle, 1 [ 241.938363][T11532] binder: 11532:11531 cannot find target node [ 241.938376][T11532] binder: 11531:11532 transaction call to 0:0 failed 38/29201/-22, code 0 size 0-0 line 3152 [ 241.938509][T11532] binder: 11531:11532 ioctl c0306201 20000240 returned -11 [ 241.964525][ T6543] wlan1 speed is unknown, defaulting to 1000 [ 241.964578][ T6543] syz2: Port: 1 Link DOWN [ 241.966795][ T6643] wlan1 speed is unknown, defaulting to 1000 [ 242.019277][T11536] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 242.031308][T11539] tipc: Enabled bearer , priority 0 [ 242.031735][T11539] syzkaller0: entered promiscuous mode [ 242.031755][T11539] syzkaller0: entered allmulticast mode [ 242.039028][T11539] tipc: Resetting bearer [ 242.043482][T11537] tipc: Resetting bearer [ 242.090228][T11537] tipc: Disabling bearer [ 242.094057][T11548] tipc: Enabling of bearer rejected, failed to enable media [ 242.096697][T11542] tipc: Enabled bearer , priority 0 [ 242.097501][T11542] syzkaller0: entered promiscuous mode [ 242.097522][T11542] syzkaller0: entered allmulticast mode [ 242.170586][T11556] tipc: Resetting bearer [ 242.182535][T11541] tipc: Resetting bearer [ 242.260049][T11541] tipc: Disabling bearer [ 242.545652][T11580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1582'. [ 242.548783][T11585] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1583'. [ 242.720240][T11591] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 243.177743][T11604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1589'. [ 243.182052][T11604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1589'. [ 243.518370][T11607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1590'. [ 243.601810][T11615] tipc: Enabling of bearer rejected, already enabled [ 243.669146][T11619] tipc: Enabling of bearer rejected, already enabled [ 243.720591][T11624] tipc: Enabling of bearer rejected, already enabled [ 244.058497][T11636] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1601'. [ 244.058552][T11636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1601'. [ 244.123667][T11640] tipc: Enabling of bearer rejected, already enabled [ 244.210984][T11648] loop3: detected capacity change from 0 to 1024 [ 244.211405][T11648] EXT4-fs: Ignoring removed mblk_io_submit option [ 244.211443][T11648] EXT4-fs: Ignoring removed bh option [ 244.228325][T11648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.229388][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.263323][T11653] tipc: Enabled bearer , priority 0 [ 244.265173][T11653] syzkaller0: entered promiscuous mode [ 244.266354][T11653] syzkaller0: entered allmulticast mode [ 244.276761][T11653] tipc: Resetting bearer [ 244.284356][T11652] tipc: Resetting bearer [ 244.344586][T11652] tipc: Disabling bearer [ 245.115035][T11681] tipc: Enabling of bearer rejected, failed to enable media [ 245.227364][T11691] netlink: 'syz.1.1617': attribute type 2 has an invalid length. [ 245.259242][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 245.828090][ T6535] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.118717][T11711] netlink: 'syz.1.1625': attribute type 10 has an invalid length. [ 246.118775][T11711] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 246.299098][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.659602][T11712] __nla_validate_parse: 7 callbacks suppressed [ 246.659655][T11712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1627'. [ 246.718857][T11723] syzkaller0: entered promiscuous mode [ 246.723539][T11723] syzkaller0: entered allmulticast mode [ 247.338996][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.369621][T11744] netlink: 'syz.3.1636': attribute type 2 has an invalid length. [ 247.496757][T11750] loop1: detected capacity change from 0 to 512 [ 247.883292][T11750] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.885356][T11750] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1638: iget: bad i_size value: 2533274857506816 [ 247.893680][T11750] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1638: iget: bad i_size value: 2533274857506816 [ 247.896960][T11750] overlayfs: failed to resolve './file0': -117 [ 248.286069][T11758] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1640'. [ 248.290966][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.355770][T11763] tipc: Enabled bearer , priority 0 [ 248.356166][T11763] syzkaller0: entered promiscuous mode [ 248.356186][T11763] syzkaller0: entered allmulticast mode [ 248.372583][T11763] tipc: Resetting bearer [ 248.379916][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.391398][T11761] tipc: Resetting bearer [ 248.905509][T11761] tipc: Disabling bearer [ 249.053662][ T2409] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.346709][T11783] loop1: detected capacity change from 0 to 512 [ 249.351390][T11783] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 249.363213][T11783] EXT4-fs (loop1): orphan cleanup on readonly fs [ 249.363983][T11783] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1649: bg 0: block 248: padding at end of block bitmap is not set [ 249.368364][T11783] Quota error (device loop1): write_blk: dquota write failed [ 249.370674][T11783] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 249.370708][T11783] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1649: Failed to acquire dquot type 1 [ 249.377853][T11783] EXT4-fs (loop1): 1 truncate cleaned up [ 249.380977][T11783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 249.385774][T11783] netlink: 'syz.1.1649': attribute type 15 has an invalid length. [ 249.385827][T11783] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1649'. [ 249.418729][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.557381][T11793] overlayfs: failed to resolve './file1': -2 [ 250.086132][T11795] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1653'. [ 250.214870][T11801] binder: 11797:11801 ioctl 4018620d 0 returned -22 [ 250.216492][T11801] binder_user_error: 1 callbacks suppressed [ 250.216550][T11801] binder: 11797:11801 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 250.225690][T11801] binder: 11797:11801 got transaction to invalid handle, 1 [ 250.225737][T11801] binder_debug: 1 callbacks suppressed [ 250.225769][T11801] binder: 11801:11797 cannot find target node [ 250.225795][T11801] binder: 11797:11801 transaction call to 0:0 failed 41/29201/-22, code 0 size 0-0 line 3152 [ 250.227513][T11801] binder: 11797:11801 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 250.227865][T11800] x_tables: duplicate underflow at hook 3 [ 250.228025][T11801] binder: 11797:11801 ioctl c0306201 20000240 returned -11 [ 250.230695][T11801] binder: 11797:11801 got reply transaction with no transaction stack [ 250.230723][T11801] binder: 11797:11801 transaction reply to 0:0 failed 42/29201/-71, code 0 size 0-0 line 3053 [ 250.231180][ T6595] binder: undelivered TRANSACTION_ERROR: 29201 [ 250.235954][T11799] tipc: Enabled bearer , priority 0 [ 250.237343][T11799] syzkaller0: entered promiscuous mode [ 250.237387][T11799] syzkaller0: entered allmulticast mode [ 250.248489][ T6595] binder: undelivered TRANSACTION_ERROR: 29201 [ 250.350517][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.458628][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.943359][T11807] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.943430][T11807] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.943463][T11807] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.943479][T11807] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.120275][T11810] tipc: Resetting bearer [ 251.123165][T11798] tipc: Resetting bearer [ 251.239198][T11798] tipc: Disabling bearer [ 251.246783][T11821] tipc: Enabled bearer , priority 0 [ 251.248829][T11821] syzkaller0: entered promiscuous mode [ 251.249956][T11821] syzkaller0: entered allmulticast mode [ 251.253479][T11821] tipc: Resetting bearer [ 251.254590][T11820] tipc: Resetting bearer [ 251.263626][T11834] netlink: 'syz.4.1667': attribute type 15 has an invalid length. [ 251.263670][T11834] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1667'. [ 251.292415][T11820] tipc: Disabling bearer [ 251.445526][ T31] audit: type=1326 audit(2829.211:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.453721][ T31] audit: type=1326 audit(2829.221:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=226 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.457590][ T31] audit: type=1326 audit(2829.221:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.460875][ T31] audit: type=1326 audit(2829.221:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.461702][ T31] audit: type=1326 audit(2829.241:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=101 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.462945][ T31] audit: type=1326 audit(2829.241:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11838 comm="syz.0.1668" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9f55af28 code=0x7ffc0000 [ 251.498513][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.595296][T11846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.599319][T11846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.642710][T11848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1670'. [ 251.948463][ T6642] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 252.022510][T11852] netlink: 'syz.2.1673': attribute type 10 has an invalid length. [ 252.140471][ T6642] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.140521][ T6642] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 252.141857][ T6642] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 252.141875][ T6642] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.141889][ T6642] usb 1-1: Product: syz [ 252.141901][ T6642] usb 1-1: Manufacturer: syz [ 252.141913][ T6642] usb 1-1: SerialNumber: syz [ 252.145293][ T6642] usb 1-1: config 0 descriptor?? [ 252.281736][T11870] tipc: Enabled bearer , priority 0 [ 252.282145][T11870] syzkaller0: entered promiscuous mode [ 252.282183][T11870] syzkaller0: entered allmulticast mode [ 252.285657][T11870] tipc: Resetting bearer [ 252.295853][T11869] tipc: Resetting bearer [ 252.339604][T11869] tipc: Disabling bearer [ 252.548361][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.645924][T11875] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1682'. [ 253.164508][T11887] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1685'. [ 253.347858][T11891] netlink: 'syz.2.1687': attribute type 10 has an invalid length. [ 253.578264][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.720549][T11906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1693'. [ 253.871772][T11922] netlink: 'syz.4.1699': attribute type 10 has an invalid length. [ 254.079395][T11937] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1704'. [ 254.079453][T11937] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1704'. [ 254.278265][T11949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1709'. [ 254.381186][T11958] netlink: 'syz.3.1710': attribute type 10 has an invalid length. [ 254.618131][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.784119][ T6642] usb 1-1: USB disconnect, device number 8 [ 255.363419][T11979] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1717'. [ 255.387730][T11982] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1719'. [ 255.411538][T11985] netlink: 'syz.4.1721': attribute type 10 has an invalid length. [ 255.426000][ T31] audit: type=1326 audit(2833.191:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.426072][ T31] audit: type=1326 audit(2833.191:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.429928][ T31] audit: type=1326 audit(2833.191:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.429979][ T31] audit: type=1326 audit(2833.191:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.430000][ T31] audit: type=1326 audit(2833.191:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.430027][ T31] audit: type=1326 audit(2833.191:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.433709][ T31] audit: type=1326 audit(2833.211:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.433736][ T31] audit: type=1326 audit(2833.211:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.448617][ T31] audit: type=1326 audit(2833.221:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=95 compat=0 ip=0xffff8fb5af28 code=0x7ffc0000 [ 255.450358][ T31] audit: type=1326 audit(2833.221:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11988 comm="syz.2.1720" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffff8fb86648 code=0x7ffc0000 [ 255.498465][T11995] netlink: 'syz.2.1720': attribute type 10 has an invalid length. [ 255.502884][T11995] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 255.513739][T11995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1720'. [ 255.552237][T11995] bond0: (slave bridge0): Releasing backup interface [ 255.578965][T11995] bridge0 (unregistering): left allmulticast mode [ 255.658016][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.781736][T12007] loop2: detected capacity change from 0 to 1024 [ 255.783563][T12007] EXT4-fs: Ignoring removed mblk_io_submit option [ 255.785051][T12007] EXT4-fs: Ignoring removed bh option [ 255.796828][T12007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.267646][T12022] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1729'. [ 256.291380][T12024] syzkaller0: entered promiscuous mode [ 256.292498][T12024] syzkaller0: entered allmulticast mode [ 256.648974][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.665324][T12030] netlink: 'syz.4.1733': attribute type 10 has an invalid length. [ 256.697918][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.913618][T12053] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 256.999085][T12065] tipc: Enabling of bearer rejected, failed to enable media [ 257.284311][T12078] netlink: 'syz.4.1746': attribute type 10 has an invalid length. [ 257.737769][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.189658][T12103] __nla_validate_parse: 3 callbacks suppressed [ 258.191031][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1752'. [ 258.280642][T12110] tipc: Enabled bearer , priority 0 [ 258.281926][T12110] syzkaller0: entered promiscuous mode [ 258.281950][T12110] syzkaller0: entered allmulticast mode [ 258.283873][T12110] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 258.338873][T12109] tipc: Resetting bearer [ 258.438528][T12109] tipc: Disabling bearer [ 258.458660][T12120] netlink: 'syz.4.1757': attribute type 10 has an invalid length. [ 258.646902][T12128] binder: 12127:12128 got transaction to invalid handle, 1 [ 258.650037][T12128] binder: 12128:12127 cannot find target node [ 258.709225][T12128] binder: 12127:12128 transaction call to 0:0 failed 46/29201/-22, code 0 size 0-0 line 3152 [ 258.714891][T12130] binder: 12127:12130 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 258.719828][T12128] binder: 12127:12128 got reply transaction with no transaction stack [ 258.719862][T12128] binder: 12127:12128 transaction reply to 0:0 failed 47/29201/-71, code 0 size 0-0 line 3053 [ 258.724035][ T6877] binder: undelivered TRANSACTION_ERROR: 29201 [ 258.744920][ T6877] binder: undelivered TRANSACTION_ERROR: 29201 [ 258.777659][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 259.325198][T12149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1765'. [ 259.696737][T12156] loop2: detected capacity change from 0 to 512 [ 259.699431][T12156] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 259.711920][T12156] EXT4-fs (loop2): orphan cleanup on readonly fs [ 259.715590][T12156] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1766: bg 0: block 248: padding at end of block bitmap is not set [ 259.719530][T12156] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1766: Failed to acquire dquot type 1 [ 259.725152][T12156] EXT4-fs (loop2): 1 truncate cleaned up [ 259.730608][T12156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 259.735165][T12156] netlink: 'syz.2.1766': attribute type 15 has an invalid length. [ 259.735218][T12156] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1766'. [ 259.817515][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.022138][T12163] overlayfs: failed to resolve './file1': -2 [ 260.064755][T12165] tipc: Enabling of bearer rejected, already enabled [ 260.411647][ T6529] Bluetooth: hci3: command 0x0405 tx timeout [ 260.520322][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.284078][T12186] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1775'. [ 261.347363][T12190] syzkaller1: entered promiscuous mode [ 261.347409][T12190] syzkaller1: entered allmulticast mode [ 261.469211][T12194] syzkaller0: entered promiscuous mode [ 261.469260][T12194] syzkaller0: entered allmulticast mode [ 261.741174][T12209] tipc: Enabling of bearer rejected, already enabled [ 261.841030][T12213] netlink: 'syz.4.1782': attribute type 15 has an invalid length. [ 261.841132][T12213] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1782'. [ 263.160498][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1785'. [ 263.217572][T12234] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1787'. [ 263.289106][T12240] syzkaller1: entered promiscuous mode [ 263.289156][T12240] syzkaller1: entered allmulticast mode [ 263.313691][T12239] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 263.360717][T12245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1792'. [ 263.360775][T12245] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1792'. [ 263.381831][T12247] netlink: 'syz.0.1793': attribute type 10 has an invalid length. [ 263.381885][T12247] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 263.507997][T12253] loop0: detected capacity change from 0 to 512 [ 263.526280][T12253] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 263.605099][T12253] EXT4-fs (loop0): orphan cleanup on readonly fs [ 263.610799][T12253] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1794: bg 0: block 248: padding at end of block bitmap is not set [ 263.611344][T12253] __quota_error: 6 callbacks suppressed [ 263.611352][T12253] Quota error (device loop0): write_blk: dquota write failed [ 263.611390][T12253] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 263.611409][T12253] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1794: Failed to acquire dquot type 1 [ 263.611846][T12253] EXT4-fs (loop0): 1 truncate cleaned up [ 263.612710][T12253] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 263.616188][T12253] netlink: 'syz.0.1794': attribute type 15 has an invalid length. [ 263.616223][T12253] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1794'. [ 264.409255][T12257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1796'. [ 264.426210][T12258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1797'. [ 264.541415][T12264] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1800'. [ 264.610733][ T6527] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.627345][T12269] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1802'. [ 264.654346][T12279] netlink: 'syz.0.1805': attribute type 10 has an invalid length. [ 264.888567][T12288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'. [ 264.888617][T12288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1807'. [ 265.677980][T12314] netlink: 'syz.0.1818': attribute type 10 has an invalid length. [ 266.453592][T12347] binder: 12346:12347 got transaction to invalid handle, 1 [ 266.455013][T12347] binder: 12347:12346 cannot find target node [ 266.456494][T12347] binder: 12346:12347 transaction call to 0:0 failed 50/29201/-22, code 0 size 0-0 line 3152 [ 266.460517][ T6594] binder: undelivered TRANSACTION_ERROR: 29201 [ 266.537801][T12351] syzkaller1: entered promiscuous mode [ 266.537855][T12351] syzkaller1: entered allmulticast mode [ 266.609489][T12354] wlan1 speed is unknown, defaulting to 1000 [ 266.918891][T12373] loop2: detected capacity change from 0 to 1024 [ 266.922721][T12373] EXT4-fs: Ignoring removed mblk_io_submit option [ 266.924067][T12373] EXT4-fs: Ignoring removed bh option [ 266.979001][T12373] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.071384][T12380] binder: 12379:12380 ioctl 4018620d 0 returned -22 [ 267.071621][T12380] binder: tried to use weak ref as strong ref [ 267.071637][T12380] binder: 12379:12380 Acquire 1 refcount change on invalid ref 0 ret -22 [ 267.072435][T12380] binder: 12379:12380 got transaction to invalid handle, 1 [ 267.072458][T12380] binder: 12380:12379 cannot find target node [ 267.072479][T12380] binder: 12379:12380 transaction call to 0:0 failed 53/29201/-22, code 0 size 0-0 line 3152 [ 267.072606][T12380] binder: 12379:12380 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 267.072631][T12380] binder: 12379:12380 ioctl c0306201 20000240 returned -11 [ 267.072726][T12380] binder: 12379:12380 got reply transaction with no transaction stack [ 267.072739][T12380] binder: 12379:12380 transaction reply to 0:0 failed 54/29201/-71, code 0 size 0-0 line 3053 [ 267.072978][ T6543] binder: undelivered TRANSACTION_ERROR: 29201 [ 267.086322][ T6543] binder: undelivered TRANSACTION_ERROR: 29201 [ 267.345062][T12389] syzkaller1: entered promiscuous mode [ 267.345114][T12389] syzkaller1: entered allmulticast mode [ 267.431284][T12393] wlan1 speed is unknown, defaulting to 1000 [ 267.921721][ T6528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.873925][T12432] __nla_validate_parse: 12 callbacks suppressed [ 268.874213][T12432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1859'. [ 268.904214][T12430] x_tables: duplicate underflow at hook 3 [ 269.150954][T12445] loop1: detected capacity change from 0 to 512 [ 269.239792][T12445] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.241714][T12445] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1862: iget: bad i_size value: 2533274857506816 [ 269.243914][T12445] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1862: iget: bad i_size value: 2533274857506816 [ 269.244249][T12445] overlayfs: failed to resolve './file0': -117 [ 269.496597][ C1] ================================================================== [ 269.496625][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x404/0x45c [ 269.496651][ C1] Read of size 2 at addr ffff0000f80fa82a by task syz.1.1862/12444 [ 269.496661][ C1] [ 269.496668][ C1] CPU: 1 UID: 0 PID: 12444 Comm: syz.1.1862 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT [ 269.496676][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025 [ 269.496680][ C1] Call trace: [ 269.496682][ C1] show_stack+0x2c/0x3c (C) [ 269.496692][ C1] __dump_stack+0x30/0x40 [ 269.496702][ C1] dump_stack_lvl+0xd8/0x12c [ 269.496709][ C1] print_address_description+0xa8/0x220 [ 269.496718][ C1] print_report+0x68/0x84 [ 269.496724][ C1] kasan_report+0xb0/0x110 [ 269.496730][ C1] __asan_report_load2_noabort+0x20/0x2c [ 269.496737][ C1] rose_timer_expiry+0x404/0x45c [ 269.496743][ C1] call_timer_fn+0x1b4/0x818 [ 269.496752][ C1] __run_timer_base+0x51c/0x76c [ 269.496758][ C1] run_timer_softirq+0xcc/0x194 [ 269.496764][ C1] handle_softirqs+0x328/0xc88 [ 269.496771][ C1] __do_softirq+0x14/0x20 [ 269.496778][ C1] ____do_softirq+0x14/0x20 [ 269.496783][ C1] call_on_irq_stack+0x30/0x48 [ 269.496788][ C1] do_softirq_own_stack+0x20/0x2c [ 269.496793][ C1] __irq_exit_rcu+0x1b0/0x478 [ 269.496800][ C1] irq_exit_rcu+0x14/0x84 [ 269.496806][ C1] el1_interrupt+0x38/0x54 [ 269.496813][ C1] el1h_64_irq_handler+0x18/0x24 [ 269.496818][ C1] el1h_64_irq+0x6c/0x70 [ 269.496823][ C1] lock_release+0xa4/0x39c (P) [ 269.496828][ C1] __might_fault+0xf0/0x124 [ 269.496834][ C1] ____sys_recvmsg+0x3d0/0x744 [ 269.496843][ C1] ___sys_recvmsg+0x188/0x45c [ 269.496849][ C1] do_recvmmsg+0x294/0x7cc [ 269.496856][ C1] __arm64_sys_recvmmsg+0x17c/0x238 [ 269.496863][ C1] invoke_syscall+0x98/0x2b8 [ 269.496868][ C1] el0_svc_common+0x130/0x23c [ 269.496873][ C1] do_el0_svc+0x48/0x58 [ 269.496877][ C1] el0_svc+0x58/0x180 [ 269.496882][ C1] el0t_64_sync_handler+0x84/0x12c [ 269.496887][ C1] el0t_64_sync+0x198/0x19c [ 269.496893][ C1] [ 269.496961][ C1] Allocated by task 12393: [ 269.496967][ C1] kasan_save_track+0x40/0x78 [ 269.496977][ C1] kasan_save_alloc_info+0x44/0x54 [ 269.496984][ C1] __kasan_kmalloc+0x9c/0xb4 [ 269.496991][ C1] __kmalloc_cache_noprof+0x2a4/0x3fc [ 269.496999][ C1] rxrpc_alloc_peer+0x8c/0x328 [ 269.497009][ C1] rxrpc_service_prealloc_one+0x188/0xb94 [ 269.497018][ C1] rxrpc_kernel_charge_accept+0xc4/0x100 [ 269.497026][ C1] afs_charge_preallocation+0x2dc/0x40c [ 269.497037][ C1] afs_open_socket+0x2d4/0x36c [ 269.497045][ C1] afs_net_init+0x590/0x74c [ 269.497054][ C1] ops_init+0x310/0x544 [ 269.497063][ C1] setup_net+0x224/0x518 [ 269.497071][ C1] copy_net_ns+0x2a4/0x4a4 [ 269.497079][ C1] create_new_namespaces+0x318/0x5a8 [ 269.497088][ C1] unshare_nsproxy_namespaces+0x108/0x158 [ 269.497097][ C1] ksys_unshare+0x420/0x738 [ 269.497106][ C1] __arm64_sys_unshare+0x3c/0x50 [ 269.497115][ C1] invoke_syscall+0x98/0x2b8 [ 269.497122][ C1] el0_svc_common+0x130/0x23c [ 269.497128][ C1] do_el0_svc+0x48/0x58 [ 269.497134][ C1] el0_svc+0x58/0x180 [ 269.497141][ C1] el0t_64_sync_handler+0x84/0x12c [ 269.497148][ C1] el0t_64_sync+0x198/0x19c [ 269.497155][ C1] [ 269.497159][ C1] Freed by task 9850: [ 269.497164][ C1] kasan_save_track+0x40/0x78 [ 269.497173][ C1] kasan_save_free_info+0x58/0x70 [ 269.497180][ C1] __kasan_slab_free+0x68/0x88 [ 269.497186][ C1] kfree+0x17c/0x474 [ 269.497192][ C1] rxrpc_discard_prealloc+0x158/0x72c [ 269.497199][ C1] rxrpc_listen+0x21c/0x314 [ 269.497206][ C1] kernel_listen+0x6c/0x80 [ 269.497215][ C1] afs_close_socket+0xa0/0x33c [ 269.497223][ C1] afs_net_exit+0x6c/0xe8 [ 269.497230][ C1] ops_undo_list+0x3c0/0x7ec [ 269.497238][ C1] cleanup_net+0x3e4/0x6c0 [ 269.497247][ C1] process_one_work+0x7e8/0x155c [ 269.497256][ C1] worker_thread+0x958/0xed8 [ 269.497265][ C1] kthread+0x5fc/0x75c [ 269.497273][ C1] ret_from_fork+0x10/0x20 [ 269.497280][ C1] [ 269.497284][ C1] The buggy address belongs to the object at ffff0000f80fa800 [ 269.497284][ C1] which belongs to the cache kmalloc-512 of size 512 [ 269.497291][ C1] The buggy address is located 42 bytes inside of [ 269.497291][ C1] freed 512-byte region [ffff0000f80fa800, ffff0000f80faa00) [ 269.497300][ C1] [ 269.497305][ C1] The buggy address belongs to the physical page: [ 269.497310][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1380f8 [ 269.497319][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 269.497326][ C1] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 269.497336][ C1] page_type: f5(slab) [ 269.497344][ C1] raw: 05ffc00000000040 ffff0000c0001c80 fffffdffc3e2ee00 dead000000000002 [ 269.497352][ C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 269.497359][ C1] head: 05ffc00000000040 ffff0000c0001c80 fffffdffc3e2ee00 dead000000000002 [ 269.497366][ C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 269.497373][ C1] head: 05ffc00000000002 fffffdffc3e03e01 00000000ffffffff 00000000ffffffff [ 269.497380][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 269.497385][ C1] page dumped because: kasan: bad access detected [ 269.497390][ C1] [ 269.497394][ C1] Memory state around the buggy address: [ 269.497400][ C1] ffff0000f80fa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 269.497407][ C1] ffff0000f80fa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 269.497413][ C1] >ffff0000f80fa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 269.497418][ C1] ^ [ 269.497424][ C1] ffff0000f80fa880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 269.497429][ C1] ffff0000f80fa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 269.497435][ C1] ================================================================== [ 269.497471][ C1] Disabling lock debugging due to kernel taint [ 269.895288][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.