last executing test programs: 6.044867732s ago: executing program 1 (id=1481): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x800) r3 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) 4.900721264s ago: executing program 2 (id=1485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0) close(r1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 4.759263456s ago: executing program 2 (id=1487): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={0x0, 0x0}, 0x28) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) 4.366516828s ago: executing program 0 (id=1488): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000740)={0x88, r4, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x69, 0x33, @beacon={{{}, {0xde1}, @broadcast}, 0x0, @default, 0x4001, @void, @val, @val={0x3, 0x1, 0xe}, @val={0x4, 0x6, {0x10, 0x97, 0x0, 0x2}}, @void, @val={0x5, 0x3, {0x0, 0x37, 0x2}}, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x2, 0x0, 0x3, 0x0, {0x2, 0xf34, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3}, 0x7, 0x6, 0x4}}, @val={0x72, 0x6}, @void, @void, [{0xdd, 0x6, "7d1bf50528ba"}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x880}, 0x0) 3.751730267s ago: executing program 3 (id=1490): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00') read$FUSE(r0, &(0x7f0000000280)={0x2020}, 0x2020) 3.750848467s ago: executing program 4 (id=1491): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000b1c0)="02cbda572ec32cf73bdbc52bfa4e157261eb6cbd0d1d50c9d937a19739fcb9f8697bf69c0e2e526012185f1b86989056f9c2d38906e8a47b9b5fde55a777a6357ac40c211de6325f496fd86dac09bb38b62b37d715d06e3c61b172aa4a662cefc7810ba37161c637a9b56a7c7b022426826076f1d2bf3c3b6f92ab9c27d691385c3efc354f1423d01d6a49d534fca3f2bf518cd645cf18b4ac2d2ac4c5c29ba487c9d27bb488a73146d5b9e21427af37dee4a276646eb2519e4f6c76cce2f7bf7e708d5180959f71d3797220101849c5144ef8338a5a2079ecce466000cf290d4df42e82865512fb5fb01fb655613cf1c469682edd86a4bef86aa23240ca6a2ff38b59339f7530e8a8027aee0628e0f81b2f5c661b149d780f20ec54c8d3d42c0c49f83b1c0d4bec94bc9221e6fc7c75ebd3b68081df207721584055baeaf6429616d57cb35d2977d45971d209e4c45dfe3c5c105e0e2b49fc8685b4945f31c9468f3c950fcf70a8f45e5a3be62f73c228a6a34a99b6f584b42c50506a6c14187f44887270011cc98d7e5e258df533411c8d39bfa9e27014912ed9e9696fd4074fbefcd4817a344be5ea348f4a7a34733a5bc5674b1bcd39404d5a458d1e19b6d4bdb4e23403154249b5798dea7b60bbf0c09c25027a4efd49d36cbe65b7450c0bde580d356ad4e3cc7a9a57e6ac0b542592617869e57d9bed28f0590241bdeb51fa775aa8806a55df2c795a61146bdbe38eb7a716180bb9b728696bb0e78ff11f89b17c7e7fe9b14ea976ccd9991f01f5d0c4620053d0b5ce42af76591fd0706494b91a6dfc43560f9a9538ada19825ffe3a7cc7a56b755d46ae1189b1f1ac729d9938ad48a066624c1b28003a9d193b4b34c4ab2609949df96f693389f27dd3e1f42b178eb17079c1448d7e9fac30ddb53ce8e5a157db8296cd3069d332bad0528ae56a6db41ba84699b85f225a78a33879512a5f0b795fc58957ef6766afcf546fe36c8125276eeaac9d647b2459c164aae86a2703e85d4f552a0647cb4bdfaecf6ec3a264a6b6892a9a1ba08a9055e98b49edc4e1f8010f63f601a8251921df70e15011116c471a70a0580b1789bcff471dcc95ad209a44ca2453d58d3ea4c71e0383db68adf332a497a84faada33f18bd3cd79ff9d6809409769b02a66cf524534ab7134e3066eef904d8961195d9cdc396a012bb3bc1b1ccd60317d08cb059174642aa3f60584e58e7417c1736f6863fae9e7103158711167a53d7d5deddacee6958fd4c2e0672b8dd90b41512b1f59fc49099633860dd6902c1df3d5924b1cf81ec848d51129b3eddea619129e961390d65d2243d400a1e30e524eeee1a701da5e21598acf457947bad693892a2989097ecbe9607a33ffb33425ccac5e19ebd1f88bf3acc03331adf9697bed04b33ac9fceaa3bdc9a417b12108e10f9c45b6d36181099056a448689da4ef68beee35f5930ce4a5712cbed98239a674c5883d6a5e0df9c1cbe1eda8dc19d14c4abe896e3b28bb3d4b2a0e9ae31ca07b9819825f3a6ab82c5501becf023a656cbff569dbc3035ae3c585747fb459581629051286b170b679b683a0b2eea6ef3b41a68012e5f4d64f689c2b909cfd06d37c0a802be2d882351bffeddef1373d8cbafa10fefbc28b31a70b6e912fc61257aa76a0f0dc1d3ef72d2f61517a359053c3dcb7d49d8a4da61bcf3b3dafc0528bb037cec0d986b3949fff38a21dab6b8a3a167bacf067c5f7842ebebcc1bd54776b2e54a098303c6331beb16e42d0669a518af2d173405786439d739b813c145c4f9f98a537b1065bf4636c76e38b71943815a6d1227d0a6965dffc37c00444aebd2ec19286b83443902dba1354a69377e97070a79151e64711111bf3e0a755b0fb1a1d5d009fdf61b665b41a3b7dbd0655236360141c52b93bc907b0672743973c30d6c9ece47fa1fe3625cc8acbe305156012ef1c5ea140be70b804887be593f25faa13ee4ea2d9821d23c3e047d74ad4f7de4d95d275ea3e6c87479f1badfcef002ebc7020b581a096abac1a80ef6ff476a01b01f7c0fb1239fcc182f74e5b5965412c0f4170432af15daf457143b1f41422b8a7f9b81c15a156ddef9af95955090d013cd52aa66ebfbc87c8030e7f86b52aadaa2e63c261185eed7c46b5f8d56e8301a9cc1578aff77b42419a5eb2e263207ef259f4da6ca6466ac9326a633b39e005028c07c9aedf17a70e638d7ed84638406e6028be879fd0fe491152e181d5527933950eb67a52cf155d5c845a6425e41a47b44d9905de26e5132c8d594c1bf6d4f12dbcb96d7431a56546800275623679d6c189e0cebd1fb8063140b89d42da60ed06206d329c29841e69c820428bcde53c998bee0380a816d080b36f64574718b84e0ecafbfd2b9981f4886df258dbf1cfdb148b171516500572a7086516fd519bc861878ec2fceb6872229ff1e9782720e590d8ef4691fa9c4c54bfcc843015913a2ed40bf37048151d17b44365f7f8d3b816d1b1cd40dc5dda6ab8f637b5f6bae92580f1c269c9231c9a79d58d43208be7622147db352b1294260eeab12409f5b5ee94d99548640634bc9479a6e6e06cc8838bf85d9bd95452eaf8ad3cf6c070aac36a7d38fe23cebfaba46c74a6c5c98b1b5243edfe405161b8c3ea0cdb1bcb4e1041fc62451a6094b0c56ee2ed29520b87228959bc01a9a9f54d214704bd321b152a0e88d0646e99a92a390dfa6bc2c34d418e5e900a3b641ab34a5fd8de751bfb3253b7aae3948d871892d7b76b351b073a93f3ad82b0c59bc49ed922c8d63f8d12c14ce1912bf877bc7877f619b03d09200836c775675e0614efabfd5665c3bf12e6131a7232639729b79ac1c5e807246d30934b0f63b31a06c4722278299949c7785d796b6d3d4a5f2fa652b7fe8be447cafe93fcb07167f3ef16b94261fc3a9d22a57a7aac56562a231d79dbf3bdc1f436206337ff0f8e019d76b823c5976ee23ba4e553ec62d261bdc7da90fee46d3472cc267a7a74b88112ef765091df03bb59cf303feaa0149b371a7bdd75c0187ce842dd1e4cdaf7fc0f5ef7ffb559c535f19100ba653728cd936987731d5ac99cb9ef772975b17b2aff8b872df0d189c7944d63ed66cfce8ee92e7a1082c2a501007aacbe0011e6c32489bcb888e1c464bec59902d940d81136c543098a60104bcfd0f4e7c27cb114ff42e8d31fe09a4bcc21cae5ef2f8e4890bd8139fff1b1b2a39e29eaf2e5d2fb810ea37a13e6d2105a6c2ccd03fc110c6f9063e2433e1450dc8ebd8ede0445af662cf7ee705003630ab7d9fc6ed30169ed674dda2802d519e3b49016c6f11612ae53230b062281ddf7a678784516c3d177857f8bdbec7910af8c81333e471bd8a973ce858a14756ef6ec85498714fe8e1e6600023804004b968eea42c410bf0f5c5b2471835454f20230a6d342f96f71a2e64f54b838e5cd939d7a651d402fd60a8a2a081de0c536d5b81345d92165e79fa65140b91c23cdb5829db55f1f93b88bb43a355e9304a17355851d52c0d745b611a30eb400044dce6ac742bcce9df9583b827514af8a2ed4a04553817ba6ea22e9beaba65d32189a5c2bf65a09d2c8a8798c0645fb24157a4e71be7889fe65c34869d8852b21661407feed92afb0bfe582693a21c050e5adce1fe97755b0be276c36b81b89700b99d23d315a64f7e115eacdb3ade725cb3cfe36c27a5e2addad60290b022a9fc26132b5ec3b5f1d884399fd992525a3e17e18e7ee6078a64b7efc3bbd116e5c305d8ad935baff18ed94c7a8720e729132e110f986991a3ad21cc637282f55588b12756895e2d10afce85b1a04fc271b217278f156c7ffb1ed9dd52b18fc8b153802fc329dca81b278d715f6e31fbcc77d8ce5c2786573bacac30791aff5771fece44063d1e84abcd6a4ae016858893605eecf253c79e59c2152efbe9fdfee3c441e4bc9cb14fc96a675aa17bf7d2024d665fe3982b61888bbe7129a1ec8fafc3480170c71d05f5d22ef7ff0e2ca598fd02bbd0ad82e6ab0e775388bf3aa421c20b6a2a5e256386abff1103f46a8b5c54c2d54b81c50d8bd98aea724bda55f99d95956e939b85d59abdc50ea4cf1d44afa3e8dffc9d84c6b7d28b78c40d7498670602b97c5e2a6281c7876dabc1d14d156e827873818bc590644d2a1d084d39c84e78127b087bf2cd9353fd13d4ab12350318aedadaca6a2728267e6f5f16547caadf3ac2fade3c86b516c6ab53d61ea1c148835b9a2c91fd0ded7283ef720086dfc7728968924731715f78915045a69122d8b23a6db47cc6fccf402b9913e46c9a36924327ca9bba6bb8cf7cc80952501fc2181a2ec7ae4364cc6eac0cba0edda68f3b398a249d114702147f8b1cd9c7f8a15345f42a7a50334928eb4e2de974e4ae2ffb796bc640922f7ada0933460e0c0fc06276dfd228da9bfbbe5a3eade6f98594b0226339156022aad7aa8c9650417cb1551b3b6b31ce436396f68134a6ef23d6b926988fc410f81e1ae01282f244e70051f1b93644f78af3ef6359d106b291568e1ad00ad6ee102964fb7aaaec9732e43a21ea28cda496e4ae367ea738482e777290cca2ef61c8ff10c1b9546b5d395d21c98542f37578d297c13899247a6fdcdf0b8cba6b498875926a19852f97ef60dc1a0c4069fdd4d1fb87a6cd58b8786210687d644a4bad6f8fee0bc5fb94294cffc323e97597be6a5e457a5dd27fe2ebf5c34aef3bb5c43ba0a7d931e7ab02b7c290c5d04a41c01d14d6fc1ba80bfedf71caa0f7e59b135fad73e28d4861d601f79ad32edc6f8d1978d8ecf787f3c9ac71b2404939827b16f3915c8b1445dd1ec012aaeff88789c396665a50df52b244ce5b100d9a29ce52903b8f7f3662c0d0599fd1a7071798b759be02d58e5c6e4626b477653655fb7f5d7bc0ad94dbfe131c9ba5a994c1605c03b9f5173f8205c580bff685e693b23ab4cc7b2e4b21282b14f65684747ad98c0d855a205a6e17b5bb4c2b07097ae32393690e4e07a7f3e25d6bd01c1fb973a67edfa4e1d4a7a96b68570dd9d3bdfbe8a5a69adbd17167533ddbd2a58d70ca1ccea6428770dbcfeb47ddffa99e8b5e69bd34641c1f1a033e86215447fd2927482b12a85f11ae1d8b2054d7f642a9ba526e5a7d8e3d81bd394c264666f4b4dc3ff9c1584f277ff31a29c1358d9a953e0ae2822a3d174a0ce3da386083ae06f02723aea03931a38116a8e4afbc36fb9c094eb340214881a6f838f8d66141e451b9a1bd250363e591bc4ac566123a379272c08c0511e29e1dd1bc06869f3fd151bada9b28a6a71970ae3580d5bb0ab76b38068f504659bc335be1bb2a285329f749303600211d6ef7e151ad861b946d99f36d20074d65426f68a6758270ff946dd387ed3b150199fd81fd2e76a70a2fe2d7a2f8899079068ce48c5380db7e69a1a91f244ed32400e8d9e3097ec2065570dbde88faaee4a938f0b4cc20f31f175df62bf6cd88968ef7e24912dbbf91869eb9b34498d7f6000ef9a62c9441f4177ab5da1428d647b6e3cea1ca8a91b1a1246c2e048654e350cbf3dd4daaaa2558ff9c505ce0fcbcf93601a725289c38724290cffddf87e5345b43a66eb5f9fef718b0df4bcfe82c466017c3d8f0bbfd5544ff2d834a6e653ae789561df44281c8510b4bad838d04ab4a8e84fc4fc022bbe8454b36273cec843731c1df6fce42947a029f61e030990c0002b6f2c9c552227c8785c0b53683de3e518123548e332d25f2b270f595aad389951d1edbb9c6fb14cb4e479acff1ffac191da3d80a696b8be5919710c9137ecc0ca383d8666e30a356759a5299f44c2bfcd03a8df33de0e27d6038a9551cfc5ff43de0d42a6d033bf15f3a44d52f8a71554d1a2efb78042c1c9957256d7ea06b7751b40668feefff205c74f0f947ae0920aa746f17027bbef312708bf72fb23c12d0dcf6493584c1bdd0b5780017c038bc23fb6c25c560bb6da3775cf03502c07b987e64f8a2b84a870b5dd90c6aea7fad3d0a3ee46fda953dc085d272ee5855104b8bab8ed8bfd3338e75eb9ad8118f25c7e580fec613e30cf3eb7059e06d9be015709ba6c9de9dc9b6df8228b13f0439fa8d530aa9a4dc1d44abc3191c159a8816e7368fc5c6a0e57eb881d734c7a5459ba3be1b8a17b5ee6777ee42e962aee199f35ee2c2d4a39275e1dd6a8546daadc7ceab2c90667ad48c75bc7008ec2d7daa57562260d6d4509e67850e988b640569c050d3bedbd6c2de9b4f466e2d0c6f83c3c2392a5adcce1523e89f730a84f8cad28f84d1a0991f44aa4714f93088ec2a2836766d73569c7b0c1f70a067a3f0dff1d01661937aecb39e3d0f8e0ea282cffebbfdac63196eb13c4e53f144fc66a82cc0590f1d6d249c333420c24db92177c89cf0869346c34147dab6c3b94c325ef635d0e6d75c23906e71a7940e13364aef81b97108a4b209d372558d3bb0424ecb6a9a9ee28f7d1585c8af6f1256c812eb48515feda309a08f1a2954039ff0a60a2ab75717d2eb93024586837e552942eb63e0d6735d01258eb4dac6209370c109c1a1763dd742f3551276768648919f9093fd4e0cedff9442ac404e463eaea0ffe58a5085c987c093fd30e121218123457916ced3a7250a796a40451a4729125bce2ba5b6406e6626ecfb1d3f16287ba238feb575f60eba96443c60252d5927b81b73574ff1b7d424623b6cff5ce0d1b31b3d199c85da27f8736d990063f09dfef93402d880b2c5d7a9cdf45cbb4d1baf95be490f3dc9998c2c7ccfcc6e6395e7e09e6c44865834cd3e0968ffcc1d0f54406b55a8952cd8096e8968cdca3632b71546192c76472a66c4a8584eb748c1b3c30d52e8699adbef91329aefbf94d251d0b82bf42a648f73020881a914ea7c529802772b4b60617e9c1d9712a31d0ec3e92af4b97f50ec96e794486101a9e15daf8b7f13078d22767dc3b57bc0431ef39b3ca12b2932aa585bc856e8cf5496d78eaa50f06b483f416b31f78767bd25e260042e84c10e9cf9bb53a3f4fce11d703e90004949b55044907242f8eddef627cfc9642f4a828476074c298ea2d7b07ddb7b4a2b9f8f1e5a32fac7d105c5a12186da19ef5f6475763ee19aa670e7b45f37248fdfa796d6ae761dd77955851faa33675ee22e8174e0a126ac58b9998ccb5e4d12c3e00165533ddf710bf0ab0edf6ba1fecf9548ca1618fd980a4f9a35eeb5c1aa329a288378b9b5ed54b56075810cd22abf0c06ce0f1054805410375d6e41564b71b86cab6929c5c1cedb72e0b1237fdad44edbcfd326312caa49ed0c8f7c5a33986c89245fec75d0f9a34f744bf74d6e0f901c12ea25edd60c43d22f6644fa294534cac1c581b0cbf5d9765fc18fe6c223dcff4a85c7eeaf4cb1a9a889c236778b85e69d50d482743664bdeade11b4ced78c3d0b62ba07f98a898c6e89241ed6522fdfc430b75593673d43d695082b0114b25f231c8a141be953290b1a3855adc0146adee0b784fce2cf8243838bdcdbcf4e0dbcc2a9945deea1d02858a9e9dc54f0e818b81d024bd9b2e052a73fb59d037ab526c78faadfcdecc15f2a1d843e84aabc403e84b2fefbfbec982f22b89a2be560002d45ae12a8a2d00f0a3f55e26789a593fb8bdf20efb8a51e3d0dad9ad2caec39ea7392c58eebebc7201c78276f0127e43d5c8efef6e17ca522d69586a9e096efe80844c38841640238584936d8a96c0ba41dc0dc96a11623ff1e70ef54a9c43ec3cd0359dfdf55c8f8c306110d833d7de7a35f015369bf6d92b3b6f0f7dc717c84e51ce475df451b9a6a91c8d564aeb389267082b9cea77f09c6c6490084da3820f80d3e62bbd41a6540591c6c5cf2a18e4e829b82a6780b6b1f66d96fcfb1639a335a78f8c3ecf381148b2625859e514d35eb8c4acc98f7f8220e1827d7745f1f054691eeb1625e2d238ae03c93991058c1567be4938de2e60537749ee81f327f1f1e586ee3af4ccf53b29741c1bb0e774a1d27672ec27b43719d3710e9fd8634213738d98844717c8b1f707bd42f4077c9e59eb539f9cb32c11b47bcb7cb3efd3bf4994e90166a5ae380c821d2640fa99df59978e9b7e50f0b830943de787b1bf99e14edcdfe8565556ae2a8c0552d67898fd13551c007eb779edb60e85210a418cf0a4a41764fe9ece74f5d8000d168fab61588c5549113e8d8a059f17699d976fc7dc68cfd0ec404ef0c7eca459fbad1c40317d81b95a94b037cf96ba677697cfdce4c2c4e02cea296f25e556c02381ca891ddb6adcb0535e262b26290000c542e7616d63b211c16f86048079ca5167598aece3288f86658249e939cb6b59b6cdd3fce0e9ea81a3bb3f88908c600ea031b0028f12632d7ac2f81e54f7e7eb70ba70bc937571b242c4ef228f801b6a4376d11eabadaebb1322823eb30faf6cf21a8b38a769824e8b7009ff278f80ac2af39f0943a29458d127eabae81d2915557b09e3c49f8c22564edea93e8717306fb198dcc92eb3c9212f03dac94fa3fa1fa4e1dbd2119e024639f0ddc87cd906d3317c6ebc6e698257f73912ff46fe8d9adbd3f57ecc78cea5c1eb04ac5fd1bb79a53921fddaffd2d34f444b54208096cbd2aa3e26ca01359b05c10ff36e98e1ac97d51380c99e1b685928eced0d2f1e754001e7023d2473596feb7c7601619277dd7e844bd5544e7e360f8e4223fbd9e24b3fb69a34ced39bf7590fb853e44031d075fe647190ac7811522c73a6c6033457c14c415e4a84663d2540784a1cbb4a398f1d8612f4f3d334576c99d5721bbeac95cc34d18080e3b1365b6844152b8259c8d4618597f291f2b9e8812ab7729e108a8d44487f8993faabf6c6a8f49db727f17cdfec43b34c39cfdd3916fa6953e34f316100368c7b2836c11dcd4710986980356b7ec4ba23fab5cc5a8c6cacb61cc65570231407ca647946393031986cf4736280ed2d7976d66618fc240191455ae405f1d62145297179c040a707093fb8f60f5a3738b8bf78bbdf952478da7e9d3c892af5b83cd9dd4f00fcfa13beb9e6988e3c4b4e5300e3757a93efaef9023fb9d7442cb1a49d7efdec32ac1f98e6227cad38538f6383c3b6efca2fda7c101ec548c3549e7ac5e737478343ca47cdcd65acb71e0eade28c684b69785ae1fe31aaec713834b6635938d7d66426e965498978e4b467f6132daa6026c39dcbf95656b9be5c074badc18b5a74e12967b45e23099fa765ea5c8c18f0feae94755827e494f251ae96882b5c5f6d54713de02501faef1fcb59bf0d66f9d0cd3a493b139237aefdbd402a3df9dd5beb2887a055261a08047be52fa51f61636255870366e837f20d0f83b8557fa4a003647152ee27bd34b5af52743d4c431ff4a116ae1184c810e8397ef2a056845c6e3b5c0beafbf8f78488102412e04e47fb87be9a9ddc075ab519f424ebf821da659b18ae3b61a7b243ff94e3d1ba420cb342db7b8060937749892a7954d3ba5e63017703f5224602616ff6d3fec42444b2524f97dfa467d9db91681dce08de5ccb1ac2bf6cb5e6c1d586b2fc62e78b0bc23e1924a4f023adb39803fd6c3d52c40b13df9c6f54bb2b4ef88f5d0ffdfef13ae46dbf75aa6457da3bdc1781dc814b0b69debee7456aa7f75571caef87f624ef703fea75f136cc7f90af0ae558cf3de5e8cc92f3e803bd46e05f42e4167af8136db6982ad26a52778e1fefcbabe61a57f00cbf04e3c82445c04bbd8832b8bb9a7cb854a22f98cd7b422a7abafe6a00571539802e56f036d5a26d79a86cb100b90ae168d2406c2c0b9c5274ad69298e7983f4b30e006cf4882e90ca8af4e445dc06d0639231638dd39929065d920af913cc7284619fcacab0023893352468eec73d7014407e5d4bca9e49d412ffb12e68610c26206de0b3282e925b83389cbdfbc41cf279440a13838a1431ea4f1a371b6b143b914238773d171bc7b44c07729e8723fe51b8180fc9c9be6694477132cb82b22b2512518266781e687fcd460995ed581059d3c692ecbdc8daf3c76e5a5bc8e57973fed5fb3465a3dcb5557f92dba1e212f9bda66fc4829e10ce3e8b6c117b1214cb246211c861eaabf8ccaa94aedd58349399e619c2dc587719d7901d2cd85ced669d0ea898c4f127d1a4cf274aa0405d225605edf425dc9b7375c8ac2940bb369eec586097f0cc07940ecc8bd400976b9b36027a040be6e64a2fa4f7ba5d59ce9b4f76192d260d665290b20faa3a6a941939a0b3042ef4d8f9b980c71a13496b104965e1c3dab25cb46147bca6170baa0237c8a5cd1c437e43a50302490462585410f65e03186df5fc2c5bcd89f6d6a4ac34c971f0579070ab6e9a6a84159b2910a7ba797fb09dbd3ab88c23951b1a91df8cfc2d13de85dc715e2a111458acc4d640a59c199faa2bb28ec3309864fd8a6997ac89833853101a08198aa6ab3e5167b4e8e55843efae1ecd3fc6507f3a97bf2f8c4c4da4896c788a17a5fe8d8c3f79fe41dd7f4497380f1ffc8f8d6cc2c2dead697e4947cfe680a0e2b5100743444536134cde4378b0b1fe6ddc09dfe8d618f93edffeb7d097a37a19248be0bf9c4f536a484a5fc96f18f2eb4f6462b20bee241ce16b4790c854bca10914e3ba98eb0970765571a8ad45baba39d20b8c1bbb7c65717e265f5fc5edefb130aada09aa7f2c50c45de6de7327faef192977f499b7aed9e73c2ecb97f7256f89fc8b4834670f798438fac5a5045d61a7f429eba77de37517b984b0acfbd6f494a1414b0fc040244bb62a19150e0c15e5315b2618d05429263dd1847accc5de9baca08edc921ed9a0af00175c118ab801da9980098fc4a2bf16ba73e580000b49129a5fba00a1f2c45c0d0939be83ad93569dd61330913e8b381f9aff6d6a584862d636c1a4989dd3fd14853bf033be56f21a3cf1eb95d7df7c6436ff3d5a8f472bf4a3fa8b0b0741d953d9644e0ec801d4154336357d2d1492c6d336b9101827c1401898ecdca5a66c6f727d23d3ebb95530ecfee0f7649c221d2c131e56d37a8d422b0803ed0d623a2de36e9279c3c1c806654fbce9305cbb44210e282fa53c72f813440fd0cbfff492716c4a06cf99f4809481d51a03a88911f48f25db6784e16f3a251d5fb75fca164911e4a88d1b904b5372d8660d309f347dce2810552a4789af371f3e67418433cdb0d69a4fc562514cb396141f31312fab85f68c1ecd9d03ba37b40934535cc3e53c71a3a51663a479eca63dc5c15a387e5753cfa806402b6426b8dcaace2553d219b2ae02bd45fd4fde6e3e1bd6370d3e8d558aea69854381f1dad0fe2bbf1a73043f03aafe81c3a3d386c758abcb45cc537bf40d459e138f418802ec61abcad5e333389d74ea941eb5f26b25ed7642e0135fd8e3e2fc998613023dd5b804e2cf1a80ea60b353535b1446e3ebb542c1c15d87c6f5a4716455c8a9f52380161a5d23e9678417fe7ed64760e14c1390bcf73e1d531bb3548d7b9df25b6f85512667af396fad73110d1ab69a8ecdddaf29dc3701a5d927e599f5c2af293a6b276da7a5c917298ea24c2366d5e91593605fcbc4d6462", 0x2000, 0x0) ioprio_set$uid(0x3, 0x0, 0x4004) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, 0x0, 0x1, 0xffffffff, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x9}}}}, 0x30}}, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000440)={0x1, 0x20000006}) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) close_range(r4, 0xffffffffffffffff, 0x400000000000000) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000280)='westwood\x00', 0x9) close_range(r0, 0xffffffffffffffff, 0x0) 3.72075462s ago: executing program 3 (id=1492): ioprio_set$uid(0x3, 0x0, 0x4004) 3.701623301s ago: executing program 3 (id=1493): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000180)=0x8, 0x4) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000240)={0x2c, 0x1, r1, 0x0, r2}, 0x60) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r3, 0x1, &(0x7f0000000180)=0x3) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) bpf$PROG_LOAD(0x2, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = getpid() r7 = syz_pidfd_open(r6, 0x0) setns(r7, 0x24020000) syz_clone3(&(0x7f0000000300)={0x136820100, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0}, 0x58) umount2(&(0x7f0000000040)='.\x00', 0x2) 3.22733865s ago: executing program 0 (id=1494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x2172, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff7000/0x4000)=nil, 0x2000}) 3.22629748s ago: executing program 4 (id=1495): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x11) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8905, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv6={0x86dd, @icmpv6={0xe, 0x6, "f225da", 0x8, 0x3a, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x2c2, 0x3}}}}}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x4}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x6}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20048000) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x8, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f00000001c0)='./file1/file2\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 2.083163752s ago: executing program 0 (id=1497): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 2.041621435s ago: executing program 4 (id=1498): socket$alg(0x26, 0x5, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000001200), 0x10) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x400c1) 2.029083286s ago: executing program 0 (id=1499): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r4, @ANYBLOB="080002"], 0x40}}, 0x8080) 1.885008608s ago: executing program 1 (id=1500): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)={0x28, r5, 0x1, 0x0, 0x10000, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x9, 0x5b, "1a665d6dd3"}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="21003300d0800000080211000000080211000001505050505050"], 0x40}}, 0x0) 1.884728198s ago: executing program 3 (id=1501): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x2040, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001580), 0x80000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x202, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x103800, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x5359fa85130690a9, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x149000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001480), 0x880, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x28002, 0x0) 1.503317878s ago: executing program 1 (id=1502): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x3}}]}, 0x38}, 0x1, 0x0, 0x0, 0x55}, 0x4000) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) sendmmsg$inet(r5, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, 0x0, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) 1.502257608s ago: executing program 3 (id=1503): syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x80, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x1, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 1.380980648s ago: executing program 1 (id=1504): socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12, @ANYBLOB='\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, 0x0, 0x0, 0x4}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r4}, &(0x7f00000003c0), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}, {&(0x7f0000000300)=""/78, 0x4e}, {&(0x7f0000000400)=""/133}], 0x9}, 0x40020000) sendmsg$inet(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000d00)="dfbbc728e801c3cc0a54630dbe1c8a0904960f98e68961cb6b9a3c32d4d2d7c476819f9b9b815eba43e318e6fa807ad1a3f048a7239c74e33cd51492f1290fefa777dfbebb9b26869ad32f104fc4b857ed0607a28b6672c259d39ca73d5b8c419244182b4322f786812dd2d73c48b2b6a0faa0b5f477c9f6b31ca470b16273d1b54357635bd527c7c8b4577d330a1b2e4d55749e1ff2f97636231f038eb88fc3de9648d5fb8a9b98cd46aeb44740f65e408a7d23f36f2e7ddd1d22f4f77defbff9ac6690d5bb19154f2eae60dcf3fa023284a5271014edf23bc02d0315f4bc372ed26345ad432f4365", 0xe9}, {&(0x7f0000000280)="39d8cd36ba397f9731acb2f36b8f29", 0xf}, {&(0x7f0000000e00)="5a4ce644230e1c53939feb4bd877536a852a278f35c5724cfb6752df1b96d04654f267dc103459187c8a0bd6f6226020d75760558d290c4336ddeae48fee6cb6e6d3f33aac887bf581eaf6ecc026240f512a5cd8eb7e04a6d02b080b88064aaac4e562bf670731d60806c3ddb013cbb84795760e36eabd57e5c4379933ba34d67bf7900a0c9fd444a6ff0402837fa0f885a66f38a236119ac1c1c6df", 0x9c}, {&(0x7f0000000840)="05ce83d64cf8bec0aed03484cd410c5fae8dcc8a7366681fdd56", 0x1a}, {&(0x7f0000000ec0)="4e044cf84412afd3f21fe2687827fc567e4759045b717532d8f7a4608a08e2d16a20dc03aee67db2380c870f2cdf9e6058fad01540ef02463f6ed77a5d45b37b15dfd9965ee88ca8e2d6d47758ba0463357a5d562258db1c529c06b21cff8c8a19ffa1029f94fea4e0d628073c435df4b21a6394551dcac3007945c91bcf300b08dcdd430320d25e1ec7f88a4f71ec7c15f83c6e66e12ce8e84568a6ac468d6403aa8910f830e62400d37fc872da806b194723d5b4c87b72574e9092a174a0000f85e6a27dbe1616aad16b", 0xcb}, {&(0x7f0000000fc0)="a84f802e3baea81fe8d8b22f3c4828e3d4199474a8b0e72c1e4ff65dd137215b95f6f002dad25cbc", 0x28}, {&(0x7f0000002d00)="842432712a0720747e67ecf02010a39fa98a1663d8fa94a38a4cffafe50c5088e697ab5e2b43a0c730aaccd610b5cc9634cccb2752bd394f9e2af731fc3bf25057fe80866203bd64e7b25fd81f854a1c3bf972132a8c622f5d20cff59f720acbd64503f536d727582cf74c161b0541ad285720c86b2e3aebf6f29b04d218a3ccf1ea16fa77048af7c80f20cb83f02d09aebd740c8135281b42b4ab7abd5952f64f74aa7dbb011568e29497bb4d254ff70498fb45979266db56150f3b20c01ce973207b2fc4ba9b02e98d77c71ba58ca7b1660d1cac4a972270a6bdfade13a440b614a2f8fc0c373eece421829b5a95612e25bd331ecf953fb983f9db44050acdfa03a16229671efc3aad9eb7bf7bf0e5205b2d393407b8334037af81672e478e5c016fdb9b722d4fd761c8f63ff019ef5c2b3eaa632ec62067282f7346485702a7cf8d8dee32704f69a3f97a074834b11005ceb50a2f45c9c395402c6392ecb33b194f3fd5f5da667b5565e2a472642aad3ebe2af28d556fb13152be8b4ede385188e229aa3d985bc7f9a182828550b0530117f698d75d84c7dd4f0fceca309ce0281abac0fc4b08f4d9139307653c28cbc7cd65811f3790c538b6f0966a78ecfeb7b5fbd221ac657c58b4a43ac4a0f2127b5cbf8db86db6667ee39591dfa506ed7a81dc4db8537400b3a9decd3d326b38406414e478222f7a5b4b02ae8442dbcad5d203c182d340c9c97b2ac16906dd4dc3767ce39580651f1061673332d33e75b3fca1d935163e1ae3b56d987dd918f978139883ebf25b8b8509e8df18a2492ba553217f7dc23bc918105c92963fb5d3dff0e922e422722a3c00b604e537b9d54377f8bd2aa4c331af85603c0732963d527d28396a9965b27a044aeff5fb4bc1599dea6e925485197e08637357e512051cb035e6e48c3786bf2a9dbe75d5a8aed38779f9553b443726b66e9418e76b95533b4547222ba828c4ceb3051131126ecebc043da9776487124ed2f6d718a0441e7f21290d0da258185d87bdde9092dd2975d3c417af35c5864a6685bfe953c36187031275d39628ab2e67381f3482e0e3bd1f15fae004c411169928fe7c4774c61a6995275e2a55d8059beade5279fec9f33a367e9869f397d87d0dc0d985a582d0a9ec715886e4d8de93813cbd8f2d9b700fa5bb29de40ac08a542757ad06fe9d872f115bc7bbfc2f455619c633ab875421a5041e15d1fc9f4c031f5ca5714037cab00765ee5fbe031ec8f83958e97ad2e199b67ba70c67b71443a09e45777ff03011835b3bcae49f14facca5a8ce293a99e675634f6da803a31e5f226e6ae7d8992a93e1ffeda7752190181cc2385e592113b2289a7fd8da673266a3cdf502cf9ae9193182995dad0da21d40f692926482a5ec268d49bf99ae00c0d8ee494f41f0dab229c771315961831b55bca7cde1c47ff5d7dc76f3b3f35cd7448ff49ad483f3f4d8ba63d7b02ac04a0eb7aff29c1ed8b418ddb820a7c3f608bd065f55b8880f3a335fee8d62d6a5cb2c6c6ff265f1d613fe5593a8db6abd1b3a8f5cf91b05588c8eaa43a8bafb629855044a541ec9af4c45586453aedb5be687ab1fd2ff125b0d1a7016e813028f20534400b11a456e116b478c8b04eca6a689c8e06aa45b2048dc245f6d063515cdc5210fcca21837eda707cd5bea583e5eb7f2e6cd27ccc838ac95e32db363e161dacfc2a257646bc4e0250ae60d88f2133170976020ecc7cd4873b2102d8966821b6fd38ed176741e61832a79e3d443106e71486d95c2e0febf9ee93c5975855e2b63db81b6e1963e666d39dc9842a311821f11db823636a2b05a68c3eef4547fe86b7ce06b185e8b6b112b88b4df8831c412f997e4aebfa98e3e5f3e091391df11dad8e6a2f4d97a3d9fa85323db32946068928862a719335d50e0569f5eecb053588d88db1c55068ccafb65025d7b5a5ccc50ac0aa82c153eeab5e4ad6d79411e2787af06a28a4483b9a9846fe3de8cc8ad9c3dbbb90c83a9d9850a644cf0728f7c92a77baeb6d2e6c03f2fe75a6c7d6adc2f9d53c12983a562f3fc914071f492538a3afedcd0d64e8e927269c6833e075c1ffa6d176bc1b33fe31e04c6713b6c2aeb6a41ca93336444eb79346129f4d782dfd3cef2f9df5a3c77b98ede90f8c93c9a83077c38543e1d46ecef77d4b7cc864bb41ad185882e5414bf0e385abfd3ca7d6b0ca5e85f3d2033433b115af83ded7e4c7b5431801df47ec89656fcc93866a56e1a8a9ae626d7fde8ec09d47acd5b1a2ae78da6f341aec101b4a6f698510836845ce2ace11fc454a449ec26213047f3621ccf013db0f092ab8fd2978a020cbeeccad36c44e2f71b6db8a37626476d7d303715dccd9472371c6b05bf0ae938a0022f81dd0ad93d82607521583af1ec75bdacd42b358d3a68ea1b59f2b171b5303e66f31d6eec19c6a2c7fd27099fa226795d49d9eb565566a584e8e6d672180d2a3fdb38d7194fbaf80aab7cfb045c959fc572036f67c3b1e1be4a3eff25d74f71ebf6d0a0d717886211cd3d48fbaff9c24fcfb4e4ea213b0a40c0e9af778f28931886a665bd394a1238004b9c306b2aae47c46330d2ff4050cc91a36668117c5fb2ef72a313386e52ace9775b4a80c43b310b894a851014575e6167ffee98dcd10c7dbc1d607b8b594467b888b762e3b8ba93855d3b788833989e5c1e9cbd385e8a7b5a6c4eec79577b08146b9d0b94a39b8a8cea83323524715a8287f12054202500801a5d4cc55af79daa1f738bb112a938b52a5bc98411bf51d1bb838f7540ca01daa7f078af7b3796a45f8dc2514ae693085c59a20e6410313e452127513d2bd78e6da50fe9c6896365bf840e45b8e34c5ed2a09e5a2f44fb1dfc779704113e7c44fa2f96e3994c1ab7a9db45749343158a8603db0419a293c1cfac75dae89f20a5f3638ca3a4c0d40ef0fb877995aa7448699590574ee8a94ba7c71bd57c68db07d785ce6874c1e6967af937e53b42acbeccdf9af1fd313dd24087d503cbb7695fc757cc0cf3cf331924862a4ce7b29205ea71752a99919f178c4324cde06ea2f2b28d7ebbb354e39699fc1af9a3b2cc0b6860bdb51fbe77d14cc24279af3e3660a3b2712b112e55d54fd31b4b3baddbf3d1c91e4e79f1ee260b17aa001df54619d4feb06dce0dd583120386f1820fcb3f9b9893143f4ddf20b65c4cbf1c1e42d7fb43650fb717866775a29e678842f89522dfdc1c44dc386e5ee82400654ab057381032fecf50ad261fe8ed44b0e559a1c22498810ef33ecc395f0b73eb965074769fca8ddc06d99d6171d2ff2832791c0c58ca22288db7aa710908b1b960d34b61a9508851fa55a440045cbb9aee7c3a7f9b37b016cef0e5bc5248b9d132134d95d457fd13ca6e86cde081a7539b6c5e49e892d65db4a8d280a3becd656e58f7b313bb876299dd3b57f77dc315b4c1e3c5a1ddcf78550859feab686aac93256f2ea0df10520925c31bcd967daabab770e5c3d6c889829655b3e8afec57b959e9544d547782d1ba66dd6e0b62caa18aa3554d86e3f66c69e42fcf3be57bfd6a378e7811ea9f47523acdc1e0e05a969b2d5b3d888981119a1e689606ce9c88d312e26fa52713d28657e1da9946b9ae0feab2f19454be213258b9af5e2e1eb2b001a23ad403c8a5a78e5a0ba0465a7eaeacde189e3eae0d351ebe88c3101b0fc0d6b10c4290bb9bf3673e8f4eb19505bfb5fbf0038fdd4d18521be7087dea1723666a168ed0fc31869ab101d6ebfce6bca94170e8719fa78c2e3343cb7a3674416fb1d69c379721c399de182d5477e9b6c29d436b0a600be5850273ccea2be0cca969941a52816eeb73432680a3bd4941e24eb9a2cc419fdb665af0c16235140a7ed8b1d0ca87bc9bbaebee35979ee9bf345ac977ee0921f936b9f23bebc17d944d30c4094a48e9f2f3e03ac8df9847f8d2a83c2d31990728af0d003b902e81074eefcc6899b7d6f6d9e173e1426c688ca4dc00ae1f290208816f9beab74c0fc7d4d9635f625293a4545c40a0d03de9f25baa455f035197c65dea96cacc64ad4699f0331855462474bab15cf05b5313a4e3b69d28876cf40a524f629fb40c455ce7c63efec2e07a73283af93bb95343c8f59af2979dc43b0dbfe9bc85c2725d6b33391bfeb4786934eda00642f3bcbf904dc88bf8c4c54edc3492d6c9d6b55b35286bfddbbd04c5a025896f2f57c8982b3c44914431117244a7d59bd061d5d096e7b6a6a6b686a026a956eca8250d916254677b882e8f309f2c6e9aab9b05f7d172581650da87e66d412e27c551a0935169ef0e93819f4133e1af48a56562bdb72773775c7f3aceca347c938de64ad601ed12b694e21c4e2caab2916038fbc651d0f2308830f0d368d5ff6afeb558c6a31d12505745decc77c42398262cdda82180c3cc3fee4ab3d2941fcb8715530fdaa1d778cc9966d042dd50c81b8cd4363687535bc43c69f34bec2ce8a949520c300fd96a83bcf412c33cd799274a7c13456b306f0660336bc957cb8a02e03110fa394bc74a9cc1ad87f37663166df37d96515a0b1cb450c8a60ac3e1985edc750121186f8da90a1d27bc0c81dd096efc0e9542c3724062980cf5a9bc77dd489279e8589f18465e12de59fd1256de994f01142af3b32f5042da6d348bef1374ccba7ec5b320c0e66d7b6fb4eb01f1326d3ccafe095114e08ac487183fec52beb49ff5d116439e1f163525354df5b2fa5554eaaee3812caeb8091898e8390f12bb0abcaa7a1e9152fa1a22d83b56c022ed13e3e12baa903fc1c0680eec77be64d67ac9cce0fdd8e57352dfa45b6ba5a66a5eba7e301284705dba2451320a87f560eb0298017aed3e7274bb78179ff54919e1097338dce64098672f7d786965247e6effb", 0xd95}], 0x7}, 0x0) 1.36053022s ago: executing program 2 (id=1505): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x1000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3c}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0xe, 0x0, 0x0, 0x8000}, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) socket$packet(0x11, 0x2, 0x300) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc) syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000040)='./file0\x00', 0x20000, &(0x7f0000000080), 0x1, 0x523, &(0x7f0000000540)="$eJzs3V9v01YfwPGfSwtVeIQePc9UoarAoWxSkUpwUgiKuPKck/SAY0e2g9orVNEWVaQwUSatvZm4YUzaXgS3ew/bO+I1MNlOSvov7hpouur7idpzYv/s87MV+Se3sS0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAst2bbJUs847eX1NHcWhg0B8zvre/2nmbAuCJW8iOTk3I1m3T1m8+zp5JfszKTvZuRyaSZlJ3LU/99+P/xsd7yAxI6FVvbOy9WOp2116NOZEQa2jdRYJpOQysTBapaqdh3F+uRqhtPR8tRrJvKDbUTB6Gac2+rUrW6oHRxOWj7jZrj6d7EB3fKtl1Rj4ot7YRR4N99VIzcReN5xm+kMcnsJOZB8kF8bGIVa6ep1PpGZ20hL8kkqHScoHJeUNkul0ulcrlUuV+9/8C2xw9MsPeRAxGj/9BitL7wERw4ubFu/RdPjPjSliVRh75cqUkowcXegvvnd/Xq/3d39cBx++t/r8pf/Tx7WtL6fz17d/2o+n9Ersd8XUx+/3nE9hzvtSXbsiMvZEU60pE1eT1cRv+6V0O0+GIkkkCMNMVJp6juFCVVqUhFbHkqi1KXSJTUxYgnWiJZlkhi0dJMP12haHEklkBCUTInrtwWJSWpSlUWRImWoixLIG3xpSE1cdK1rMtGut8XBuS4G1Q6TlB5QBD1H8P7YsduYFifevUfAAAAAACcW1b61/fk/H9CrqW9uvG0Peq0AAAAAADAF5T+538maSaS3jWxOP8HAAAAAOC8sdJr7CwRKciNrNe7Eoo/AgAAAAAAcE6k//+/njSFpHdDrMHn/5dOO0EAAAAAADC097n32I9al6y/knkT1tvW0rfWppPEOZsXsuUu7F9jXJ+2rnRXkjaV8U+Zn/WM9Z8saPcmmB+7zXpeHlYYnjyB7jv5TW5mMTdXs3a1NycbpVA3ni66gfewJI5zZSzWS/GPLzd+EklG/9VvXrFkfaOzVnz2qrOa5vI2Wcvbze4NFA/cR3FALm/S+y2k11wcusUT6YUY3XEL2bh2//aPZYuP/YMx38lsFjNbyNrC3u2fTMYsFY/a+m4WpSG3/J3cymJuzd3Kmp3LU5O7S2ZZlPOyKPdncaJ9cUgW+/fFQl4WC0NmAQCjsp5ThSw5UHdPcJQ7ner+TuaymLnp9MA6Pn3IEd3OO6LbQ1a3Pw48A+moGpuM+/u+qvohWeBDOu77Q8aNvLKV7MILbzZ/kKmt7Z07G5srz9eer70slxcq9j3bvl+WiXQzug21BwBwiPxn7ORGWPdyzqr/t/uVgqI8k1fSkVWZT682SL9xcOhaC31fQ5jPOWst9D3hZT7nrK7Q96CXY8Q+6j1eBgCA82Q2pw4fp/7P55x3763lg8+O+2s5AAD4OnT40SrEv1hhaFpPS9VqyYkXtQoD97EKTa2hlfFjHbqLjt/QqhUGceAGXtJ5Ymo6UlG71QrCWNWDULWCyCylT35X3Ue/R7rp+LFxo5annUgrN/Bjx41VzUSuarW/90y0qMN04ailXVM3rhObwFdR0A5dXVQq0rov0NS0H5u6Sbq+aoWm6YTL6kngtZta1XTkhqYVB9kKe2MZvx6EzXS1xVHvbAAAzoit7Z0XK53O2uuv2Bn1NgIAgL2o0gAAAAAAAAAAAAAAAAAAAAAAnH2ncf0fnRF1LLHkDKRBp9e5JGcijWN1Rn1kAvC1/R0AAP//DfFXww==") open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=@shmem={0xc, 0x1, {0x20, 0x9}}, 0x0) ioctl(0xffffffffffffffff, 0x8b2a, &(0x7f0000000040)) r2 = openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/firmware/fdt', 0x20800, 0x2) finit_module(r2, 0x0, 0x3) 1.348174261s ago: executing program 4 (id=1506): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) 1.286925867s ago: executing program 1 (id=1507): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x1000410, &(0x7f0000000100), 0x6, 0x504, &(0x7f0000019940)="$eJzs3c9vG1kdAPDvOHGTZt1NF/YACNiyLBRU6vzobrRaDnQvILRaCbFCQuLQDYk3imLXUZwsTcghPXJHohIn+BO4cUDqiQM3bnDjUg5IBSJQg8Rh0IyniZvEdWiTeGt/PtJ45r1x/H3PznvP8xznBTC0rkTETkRciIgPI2KyyE+KLW62t+x+j3a3F/Z2txeSSNMP/pHk57O86PiZzEvFY45HxPe/E/Hj5Gjc1ubWyny9Xlsr0lPrjdWp1ubW9eVSkTM7NzM3/faNt2ZPra6vNX7z8NvL7/3gd7/9woM/7nz9p1mxKj+7lJ/rrMdpale9HJWOvNGIeO8sgvXJaPH7w4sna22fiojX8/Y/GSP5qwkADLI0nYx0sjMNAAy67Pq/EkmpWswFVKJUqlbbc3ivxkSp3mytX5tsbtxejHwO63KUSx8t12vTxVzh5SgnWXomPz5Izx5K34iIVyLi52MX83R1oVlf7OcbHwAYYi8dGv//PdYe/wGAATfe7wIAAOfO+A8Aw8f4DwDD5/8Y/307EAAGhOt/ABg+xn8AGD49x/+751MOAOBcfO/997Mt3Sv+//Xix5sb36x8fH2x1lqpNjYWqgvNtdXqUrO5VK9VF9K01+PVm83VmTf3k63NrVuN5sbt9VvLjfml2q1a+YzrAwD09spr9/+cRMTOOxfzLTrWcjBWw2ArPZE6ZqEeYGCN9LsAQN/4Pg8MrxNc45sGgAHX68q/658I3bP4K7yorn7W/D8Mq1K/CwD0zbPN/3/r1MsBnD/z/zC80jSx5j8ADBlz/MCzfP7/wyg+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVcm3pFTN1wLfyW5L1WrEpYi4HOXko+V6bToiXo6IP42Vx7L0TL8LDQA8p9LfkmL9r6uTb1QOn72Q/Gcs30fET375wS/uzK+vr81k+f/cz1+/V+TPXuhHBQCATjePZrXH6WLfcSH/aHd74fF2nkV8+G57cdEs7l6xtc+Mxmi+H49yREz8KynSbdn7lZFTiL9zNyI+c1D/Ox0RKvkcSHvl08Pxs9iXziD+wfOfRJqm6UH80hPxS3nZsn05fy4+fQplgWFz/912P5m1u4u721kTK9pfKa7k++Pb/3jeQz2/x/3f3pH+r7Tf/40ciZ/kbf7KfvrpJXn45u+/eyQznWyfuxvxudHj4if78ZMu/e8bJ6zjXz7/xde7nUt/FXE1jo/f1si72an1xupUa3Pr+nJjfqm2VLs9Ozs3Mzf99o23ZqfyOer27R+Oi/H3d6693C1+Vv+JLvHHe9T/Kyes/6//++GPvvSU+F/78vGv/6tPiZ+NiV89Yfz5iZvHLd+9H3+xS/17vf7XThj/wV+3Fk94VwDgHLQ2t1bm6/XaWo+D7L1mr/s4eDEPYifinIN+YzziE1F3B90O+t0zAWftoNH3uyQAAAAAAAAAAAAAAEA3rc2tlbE4268T9buOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK7/BQAA//+TAtDE") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, 0x0, &(0x7f0000000340)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r1, 0x0) r2 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r2, 0x10d, 0xf7, 0x0, &(0x7f0000000080)) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000180000/0x4000)=nil) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000075000/0x3000)=nil) ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, 0x0) 1.286061046s ago: executing program 2 (id=1517): socket$alg(0x26, 0x5, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000001200), 0x10) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x400c1) 464.037783ms ago: executing program 4 (id=1508): syz_open_dev$vim2m(0x0, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000340)=0x1, 0x4) sendmsg$kcm(r3, 0x0, 0x20000001) 460.990533ms ago: executing program 1 (id=1519): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r4, @ANYBLOB="080002"], 0x40}}, 0x8080) 460.438563ms ago: executing program 0 (id=1509): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 460.147863ms ago: executing program 2 (id=1510): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 459.723543ms ago: executing program 3 (id=1511): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, 0x0, 0x0) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00') read$FUSE(r4, &(0x7f0000000280)={0x2020}, 0x2020) 2.75399ms ago: executing program 4 (id=1512): write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') read(r3, &(0x7f0000000b00)=""/193, 0xc1) 2.17485ms ago: executing program 0 (id=1524): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) 0s ago: executing program 2 (id=1525): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) kernel console output (not intermixed with test programs): ransaction log (loop3) [ 92.477292][ T5232] REISERFS (device loop3): Using r5 hash to sort names [ 92.481474][ T5249] EXT4-fs (loop2): Ignoring removed bh option [ 92.481935][ T5232] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 92.897067][ T5249] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 92.923079][ T5249] EXT4-fs (loop2): 1 truncate cleaned up [ 92.924096][ T5249] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 93.702338][ T5270] loop1: detected capacity change from 0 to 128 [ 93.873670][ T5270] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 93.876407][ T5276] loop2: detected capacity change from 0 to 512 [ 93.877615][ T5270] EXT4-fs (loop1): resizing filesystem from 64 to 2 blocks [ 93.882152][ T5270] EXT4-fs warning (device loop1): ext4_resize_fs:2004: can't shrink FS - resize aborted [ 94.234510][ T5276] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 94.240520][ T5276] EXT4-fs error (device loop2): ext4_do_update_inode:5204: inode #4: comm syz.2.278: corrupted inode contents [ 94.251372][ T5276] EXT4-fs error (device loop2): ext4_dirty_inode:6040: inode #4: comm syz.2.278: mark_inode_dirty error [ 94.254830][ T5276] EXT4-fs error (device loop2): ext4_do_update_inode:5204: inode #4: comm syz.2.278: corrupted inode contents [ 94.261259][ T5276] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #4: comm syz.2.278: mark_inode_dirty error [ 94.263400][ T5276] __quota_error: 1 callbacks suppressed [ 94.263406][ T5276] Quota error (device loop2): write_blk: dquota write failed [ 94.267073][ T5276] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 94.270913][ T5276] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 94.272685][ T5276] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.278: Failed to acquire dquot type 1 [ 95.681755][ T5302] xt_nat: multiple ranges no longer supported [ 95.779607][ T5304] loop4: detected capacity change from 0 to 512 [ 95.788977][ T5299] batman_adv: batadv0: Adding interface: dummy0 [ 95.795483][ T5299] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.815705][ T5299] batman_adv: batadv0: Interface activated: dummy0 [ 95.845346][ T5299] net_ratelimit: 10 callbacks suppressed [ 95.845356][ T5299] batadv0: mtu less than device minimum [ 95.854814][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.858749][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.862646][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.866530][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.870325][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.874126][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.877877][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.881638][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.885540][ T5299] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 95.904374][ T5304] Quota error (device loop4): v2_read_file_info: Free block number too big (1090519040 >= 6). [ 95.906257][ T5304] EXT4-fs warning (device loop4): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 95.913925][ T5304] EXT4-fs (loop4): mount failed [ 96.050133][ T5317] loop1: detected capacity change from 0 to 1024 [ 96.148924][ T5317] EXT4-fs (loop1): Ignoring removed orlov option [ 96.150123][ T5317] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 96.501066][ T5317] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 96.524630][ T5329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.293'. [ 96.726648][ T5333] syz.1.294 uses obsolete (PF_INET,SOCK_PACKET) [ 97.008812][ T5340] loop4: detected capacity change from 0 to 64 [ 97.352040][ T5340] BFS-fs: bfs_fill_super(): Last block not available on loop4: 229438 [ 97.537255][ T5340] autofs4:pid:5340:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(31.1), cmd(0xc018937e) [ 97.547669][ T5340] autofs4:pid:5340:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 98.973823][ T5340] loop4: detected capacity change from 0 to 32768 [ 99.334972][ T5375] loop3: detected capacity change from 0 to 1024 [ 99.399468][ T5375] EXT4-fs (loop3): Ignoring removed orlov option [ 99.400710][ T5375] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 99.418565][ T5340] XFS (loop4): Mounting V5 Filesystem [ 99.424724][ T5375] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 99.901372][ T5340] XFS (loop4): Starting recovery (logdev: internal) [ 99.992604][ T5340] XFS (loop4): Ending recovery (logdev: internal) [ 99.999840][ T4042] XFS (loop4): Unmounting Filesystem [ 100.577069][ T5400] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'. [ 100.961164][ T5408] binder: 5407:5408 tried to acquire reference to desc 0, got 1 instead [ 100.969766][ T5408] binder: 5407:5408 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30) [ 100.971768][ T5408] binder: 5408 RLIMIT_NICE not set [ 101.017283][ T5408] binder: 5408 RLIMIT_NICE not set [ 101.025080][ T1968] binder: release 5407:5408 transaction 10 in, still active [ 101.868440][ T1968] binder: send failed reply for transaction 10 to 5407:5412 [ 102.171742][ T1968] binder: undelivered TRANSACTION_COMPLETE [ 102.172787][ T1968] binder: undelivered TRANSACTION_ERROR: 29189 [ 102.575771][ T5431] netlink: 'syz.2.321': attribute type 10 has an invalid length. [ 102.588053][ T5431] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 102.709515][ T5442] loop2: detected capacity change from 0 to 1024 [ 102.715888][ T5442] EXT4-fs (loop2): Ignoring removed orlov option [ 102.719573][ T5442] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 103.592440][ T5442] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 104.509914][ T5460] block device autoloading is deprecated and will be removed. [ 105.592439][ T5482] batman_adv: batadv0: Adding interface: dummy0 [ 105.595587][ T5482] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.623458][ T5482] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 105.647111][ T5484] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 105.748315][ T5495] net_ratelimit: 10 callbacks suppressed [ 105.748324][ T5495] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1) [ 106.622126][ T5512] loop3: detected capacity change from 0 to 164 [ 106.632255][ T5513] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'. [ 106.686102][ T5512] Invalid ELF header magic: != ELF [ 107.223675][ T5506] batman_adv: batadv0: Interface deactivated: dummy0 [ 108.786810][ T5506] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.800709][ T5506] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.423937][ T5506] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.425489][ T5506] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.426853][ T5506] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.428270][ T5506] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.652681][ T5506] device bond0 left promiscuous mode [ 109.653629][ T5506] device bond_slave_0 left promiscuous mode [ 109.654693][ T5506] device bond_slave_1 left promiscuous mode [ 110.015240][ T5513] netlink: 'syz.0.342': attribute type 1 has an invalid length. [ 110.016556][ T5513] netlink: 'syz.0.342': attribute type 2 has an invalid length. [ 110.074253][ T5556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 110.080945][ T5556] device syz_tun entered promiscuous mode [ 110.845271][ T5570] loop2: detected capacity change from 0 to 256 [ 112.582170][ T5602] netlink: 'syz.1.372': attribute type 4 has an invalid length. [ 114.435392][ T5624] loop4: detected capacity change from 0 to 7 [ 114.451902][ T5624] Dev loop4: unable to read RDB block 7 [ 114.452955][ T5624] loop4: AHDI p1 p2 [ 114.453579][ T5624] loop4: partition table partially beyond EOD, truncated [ 114.455041][ T5624] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 114.563522][ T3661] Dev loop4: unable to read RDB block 7 [ 114.564656][ T3661] loop4: AHDI p1 p2 [ 114.565294][ T3661] loop4: partition table partially beyond EOD, truncated [ 114.566459][ T3661] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 115.227563][ T4104] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 115.332770][ T3661] Dev loop4: unable to read RDB block 7 [ 115.333737][ T3661] loop4: AHDI p1 p2 [ 115.334392][ T3661] loop4: partition table partially beyond EOD, truncated [ 115.335655][ T3661] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 115.389358][ T5645] binder: 5644:5645 tried to acquire reference to desc 0, got 1 instead [ 115.964332][ T5649] binder: 5644:5649 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 115.966752][ T5649] binder: 5649 RLIMIT_NICE not set [ 115.968653][ T5649] binder: 5649 RLIMIT_NICE not set [ 115.969965][ T5649] binder: 5649 RLIMIT_NICE not set [ 115.970807][ T4034] udevd[4034]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 115.989630][ T5651] netlink: 'syz.1.387': attribute type 4 has an invalid length. [ 115.990966][ T4492] binder: undelivered TRANSACTION_COMPLETE [ 116.062900][ T5656] netlink: 'syz.2.385': attribute type 2 has an invalid length. [ 116.214832][ T5653] loop3: detected capacity change from 0 to 2048 [ 116.661825][ T5653] NILFS (loop3): invalid segment: Inconsistency found [ 116.666428][ T5653] NILFS (loop3): trying rollback from an earlier position [ 116.691325][ T5653] NILFS (loop3): recovery complete [ 116.711568][ T5666] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 116.847934][ T4104] usb 1-1: config 0 has no interfaces? [ 117.476663][ T5680] binder: 5672:5680 tried to acquire reference to desc 0, got 1 instead [ 117.531437][ T5682] netlink: 48 bytes leftover after parsing attributes in process `syz.0.397'. [ 117.548163][ T4104] usb 1-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 117.549642][ T4104] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.553631][ T4104] usb 1-1: config 0 descriptor?? [ 117.567600][ T4104] usb 1-1: can't set config #0, error -71 [ 117.645172][ T4104] usb 1-1: USB disconnect, device number 4 [ 117.726105][ T5684] loop3: detected capacity change from 0 to 256 [ 118.636682][ T5684] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d) [ 118.644776][ T7] binder: release 5672:5680 transaction 21 out, still active [ 118.737595][ T7] binder: undelivered TRANSACTION_COMPLETE [ 118.738588][ T7] binder: send failed reply for transaction 28 to 5672:5683 [ 118.739725][ T7] binder: undelivered TRANSACTION_COMPLETE [ 118.740596][ T7] binder: undelivered TRANSACTION_ERROR: 29189 [ 118.741680][ T7] binder: send failed reply for transaction 21, target dead [ 119.163481][ T5712] tipc: Started in network mode [ 119.244818][ T5712] tipc: Node identity 080211000001, cluster identity 4711 [ 119.246208][ T5712] tipc: Enabled bearer , priority 0 [ 119.260855][ T5713] device syzkaller0 entered promiscuous mode [ 120.038782][ T5712] tipc: Resetting bearer [ 121.028711][ T7] tipc: Node number set to 134418688 [ 121.515054][ T5742] loop3: detected capacity change from 0 to 256 [ 122.161890][ T5739] netlink: 'syz.0.411': attribute type 10 has an invalid length. [ 122.164286][ T5739] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 122.176573][ T5749] tipc: Started in network mode [ 122.177358][ T5749] tipc: Node identity 5aac21ba4354, cluster identity 4711 [ 122.179208][ T5742] FAT-fs (loop3): Directory bread(block 64) failed [ 122.180285][ T5742] FAT-fs (loop3): Directory bread(block 65) failed [ 122.181453][ T5742] FAT-fs (loop3): Directory bread(block 66) failed [ 122.182470][ T5742] FAT-fs (loop3): Directory bread(block 67) failed [ 122.183438][ T5742] FAT-fs (loop3): Directory bread(block 68) failed [ 122.184359][ T5742] FAT-fs (loop3): Directory bread(block 69) failed [ 122.185355][ T5742] FAT-fs (loop3): Directory bread(block 70) failed [ 122.186278][ T5742] FAT-fs (loop3): Directory bread(block 71) failed [ 122.187267][ T5742] FAT-fs (loop3): Directory bread(block 72) failed [ 122.189665][ T5749] tipc: Enabled bearer , priority 0 [ 122.393867][ T5742] FAT-fs (loop3): Directory bread(block 73) failed [ 122.427805][ T5749] device syzkaller0 entered promiscuous mode [ 122.449681][ T5749] tipc: Resetting bearer [ 122.537147][ T5748] tipc: Resetting bearer [ 122.650324][ T5764] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006c61) [ 122.836216][ T5763] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370955 [ 122.864067][ T5748] tipc: Disabling bearer [ 124.134901][ T5782] loop3: detected capacity change from 0 to 512 [ 125.125239][ T5802] loop2: detected capacity change from 0 to 512 [ 126.300378][ T5802] EXT4-fs warning (device loop2): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 126.305649][ T5802] EXT4-fs (loop2): mount failed [ 126.327101][ T5827] loop1: detected capacity change from 0 to 256 [ 126.369963][ T5827] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.373478][ T5827] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 126.443417][ T5827] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 127.110548][ T5839] tipc: Enabled bearer , priority 0 [ 127.112089][ T5839] device syzkaller0 entered promiscuous mode [ 127.125069][ T5839] tipc: Resetting bearer [ 127.131419][ T5838] tipc: Resetting bearer [ 127.135113][ T5838] tipc: Disabling bearer [ 127.230929][ T5842] binder: 5836:5842 Acquire 1 refcount change on invalid ref 3 ret -22 [ 127.248110][ T5842] loop0: detected capacity change from 0 to 256 [ 127.497992][ T5844] tipc: Enabled bearer , priority 10 [ 127.499972][ T5842] exfat: Deprecated parameter 'utf8' [ 127.502693][ T5844] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 127.504372][ T5844] tipc: Enabled bearer , priority 10 [ 127.514625][ T5842] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 127.540989][ T5846] tipc: Enabled bearer , priority 0 [ 127.542587][ T5846] device syzkaller0 entered promiscuous mode [ 127.601336][ T5846] tipc: Resetting bearer [ 127.603326][ T5845] tipc: Resetting bearer [ 127.606863][ T5845] tipc: Disabling bearer [ 127.705933][ T5857] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 127.818888][ T5865] loop2: detected capacity change from 0 to 512 [ 127.912673][ T5867] loop4: detected capacity change from 0 to 2048 [ 128.217602][ T5865] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 128.219132][ T5865] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 128.220932][ T5865] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.452: Invalid inode table block 1 in block_group 0 [ 128.223578][ T5865] EXT4-fs (loop2): get root inode failed [ 128.224536][ T5865] EXT4-fs (loop2): mount failed [ 128.272925][ T5867] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.310126][ T5871] loop0: detected capacity change from 0 to 128 [ 128.412951][ T5871] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 128.833729][ T5883] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 128.835726][ T5883] device syzkaller0 entered promiscuous mode [ 128.857155][ T5885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.457'. [ 128.890854][ T5887] tipc: Enabled bearer , priority 0 [ 128.892420][ T5887] device syzkaller0 entered promiscuous mode [ 128.901755][ T5887] tipc: Resetting bearer [ 128.903739][ T5886] tipc: Resetting bearer [ 128.906972][ T5886] tipc: Disabling bearer [ 128.944825][ T5889] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 128.946794][ T5889] device syzkaller0 entered promiscuous mode [ 129.053957][ T5894] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 129.056051][ T5894] device syzkaller0 entered promiscuous mode [ 129.443054][ T5904] loop1: detected capacity change from 0 to 512 [ 130.533640][ T5904] EXT4-fs warning (device loop1): ext4_fill_super:3980: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 130.535615][ T5904] EXT4-fs (loop1): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 130.991144][ T4034] udevd[4034]: incorrect ext4 checksum on /dev/loop1 [ 131.078126][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.079248][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.412882][ T5925] tipc: Enabled bearer , priority 0 [ 131.419501][ T5925] device syzkaller0 entered promiscuous mode [ 131.430822][ T5925] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 131.441828][ T5922] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 131.443879][ T5922] device syzkaller0 entered promiscuous mode [ 131.446723][ T5922] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 131.462651][ T5925] tipc: Resetting bearer [ 131.477214][ T5924] tipc: Resetting bearer [ 131.481082][ T5924] tipc: Disabling bearer [ 131.701656][ T5928] tipc: Enabled bearer , priority 0 [ 131.703203][ T5928] device syzkaller0 entered promiscuous mode [ 131.713908][ T5928] tipc: Resetting bearer [ 131.720256][ T5927] tipc: Resetting bearer [ 131.787863][ T5927] tipc: Disabling bearer [ 131.867560][ T5938] tipc: Enabled bearer , priority 0 [ 131.868953][ T5938] device syzkaller0 entered promiscuous mode [ 131.909024][ T5938] tipc: Resetting bearer [ 131.928413][ T5935] tipc: Resetting bearer [ 131.932667][ T5935] tipc: Disabling bearer [ 132.389509][ T5945] loop1: detected capacity change from 0 to 256 [ 132.438639][ T5945] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0xff48ad06, utbl_chksum : 0xe619d30d) [ 132.820574][ T5960] loop4: detected capacity change from 0 to 128 [ 133.336339][ T5960] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 133.562896][ T5972] tipc: Enabling of bearer rejected, already enabled [ 134.055143][ T5974] syz.1.482 (5974): drop_caches: 2 [ 134.056162][ T5974] syz.1.482 (5974): drop_caches: 2 [ 134.575761][ T5959] loop0: detected capacity change from 0 to 32768 [ 134.585368][ T5959] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.480 (5959) [ 134.689749][ T5959] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 134.691163][ T5959] BTRFS info (device loop0): enabling auto defrag [ 134.692158][ T5959] BTRFS info (device loop0): doing ref verification [ 134.693144][ T5959] BTRFS info (device loop0): max_inline at 0 [ 134.694038][ T5959] BTRFS info (device loop0): force clearing of disk cache [ 134.695240][ T5959] BTRFS info (device loop0): turning on sync discard [ 134.718435][ T5959] BTRFS info (device loop0): using free space tree [ 134.719609][ T5959] BTRFS info (device loop0): has skinny extents [ 134.802229][ T5959] BTRFS info (device loop0): enabling ssd optimizations [ 134.805053][ T5959] BTRFS info (device loop0): clearing free space tree [ 134.806414][ T5959] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.809730][ T5959] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.824211][ T5959] BTRFS info (device loop0): creating free space tree [ 134.980582][ T6011] IPVS: Unknown mcast interface: vcan0 [ 135.025841][ T5959] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 135.028706][ T5959] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.445861][ T6019] sctp: [Deprecated]: syz.2.490 (pid 6019) Use of struct sctp_assoc_value in delayed_ack socket option. [ 135.445861][ T6019] Use struct sctp_sack_info instead [ 135.677140][ T6021] tipc: Started in network mode [ 135.678122][ T6021] tipc: Node identity 080211, cluster identity 4711 [ 135.679207][ T6021] tipc: Enabled bearer , priority 0 [ 135.680704][ T6021] device syzkaller0 entered promiscuous mode [ 135.701238][ T6024] loop3: detected capacity change from 0 to 4096 [ 135.721540][ T6021] tipc: Resetting bearer [ 136.847819][ T4130] tipc: Node number set to 134353152 [ 136.974086][ T6024] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 137.228817][ T6052] ntfs3: loop3: ino=23, "net_prio.prioidx" mmap(write) compressed not supported [ 137.443219][ T4044] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 138.654850][ T6074] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 138.762131][ T6074] device syzkaller0 entered promiscuous mode [ 139.953437][ T6104] loop3: detected capacity change from 0 to 512 [ 140.175339][ T6104] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 140.478055][ T6104] EXT4-fs (loop3): orphan cleanup on readonly fs [ 140.479127][ T6104] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #3: comm syz.3.513: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 140.488451][ T6104] EXT4-fs error (device loop3): ext4_quota_enable:6418: comm syz.3.513: Bad quota inode: 3, type: 0 [ 140.491112][ T6104] EXT4-fs warning (device loop3): ext4_enable_quotas:6459: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 140.507719][ T6104] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 140.511952][ T6104] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 140.707440][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.4.515'. [ 140.934318][ T6123] netlink: 48 bytes leftover after parsing attributes in process `syz.1.516'. [ 141.404227][ T6135] loop4: detected capacity change from 0 to 128 [ 141.455969][ T6135] qnx6: superblock #1 checksum error [ 142.149661][ T6149] loop4: detected capacity change from 0 to 32768 [ 142.155916][ T6149] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.525 (6149) [ 142.160316][ T6149] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 142.162194][ T6149] BTRFS info (device loop4): setting nodatacow, compression disabled [ 142.163659][ T6149] BTRFS info (device loop4): max_inline at 0 [ 142.164803][ T6149] BTRFS info (device loop4): enabling disk space caching [ 142.166172][ T6149] BTRFS info (device loop4): turning off barriers [ 142.167425][ T6149] BTRFS info (device loop4): turning on flush-on-commit [ 142.173180][ T6149] BTRFS info (device loop4): doing ref verification [ 142.174469][ T6149] BTRFS info (device loop4): force clearing of disk cache [ 142.175887][ T6149] BTRFS info (device loop4): enabling ssd optimizations [ 142.177209][ T6149] BTRFS info (device loop4): max_inline at 4096 [ 142.178708][ T6149] BTRFS info (device loop4): disk space caching is enabled [ 142.180161][ T6149] BTRFS info (device loop4): has skinny extents [ 142.203855][ T6149] BTRFS info (device loop4): clearing free space tree [ 142.205175][ T6149] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 142.206854][ T6149] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.040466][ T6188] fuse: Unknown parameter '0xffffffffffffffff' [ 144.080558][ T6192] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 144.087188][ T6192] device syzkaller0 entered promiscuous mode [ 144.793572][ T6203] netlink: 'syz.0.535': attribute type 10 has an invalid length. [ 144.794964][ T6203] netlink: 40 bytes leftover after parsing attributes in process `syz.0.535'. [ 144.796637][ T6203] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 145.464929][ T6216] tipc: Enabling of bearer rejected, already enabled [ 146.182155][ T6228] tipc: Enabling of bearer rejected, failed to enable media [ 146.195355][ T6232] tipc: Enabling of bearer rejected, already enabled [ 148.195139][ T6270] loop4: detected capacity change from 0 to 128 [ 148.280457][ T6270] VFS: unable to find oldfs superblock on device loop4 [ 148.619557][ T6275] tipc: Enabling of bearer rejected, already enabled [ 148.668952][ T6256] loop3: detected capacity change from 0 to 40427 [ 148.692313][ T6256] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 148.697316][ T6256] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 148.715658][ T6284] netlink: 2 bytes leftover after parsing attributes in process `syz.0.558'. [ 149.319701][ T6256] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1ffff [ 149.429061][ T6256] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 149.446677][ T6256] F2FS-fs (loop3): invalid crc value [ 149.457134][ T6256] F2FS-fs (loop3): Found nat_bits in checkpoint [ 149.480306][ T6256] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 149.481975][ T6256] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 150.338108][ T6314] bpf_jit: unknown atomic op code f1 [ 150.654328][ T4044] attempt to access beyond end of device [ 150.654328][ T4044] loop3: rw=2049, want=45112, limit=40427 [ 150.661492][ T6286] loop2: detected capacity change from 0 to 40427 [ 150.739700][ T6316] tipc: Enabling of bearer rejected, failed to enable media [ 150.744504][ T6286] F2FS-fs (loop2): Unrecognized mount option "" or missing value [ 152.383704][ T6365] loop2: detected capacity change from 0 to 512 [ 152.886955][ T6365] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.574: iget: bad i_size value: 38620345925642 [ 152.889397][ T6365] EXT4-fs (loop2): Remounting filesystem read-only [ 152.890500][ T6365] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.574: couldn't read orphan inode 15 (err -117) [ 152.893325][ T6365] EXT4-fs (loop2): Remounting filesystem read-only [ 152.894425][ T6365] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,debug_want_extra_isize=0x0000000000000008,data_err=ignore,. Quota mode: writeback. [ 152.903529][ T6376] loop3: detected capacity change from 0 to 512 [ 152.916497][ T6376] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.576: iget: bad i_size value: 38620345925642 [ 152.928393][ T6376] EXT4-fs (loop3): Remounting filesystem read-only [ 152.931293][ T6376] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.576: couldn't read orphan inode 15 (err -117) [ 152.937402][ T6376] EXT4-fs (loop3): Remounting filesystem read-only [ 152.941950][ T6376] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,debug_want_extra_isize=0x0000000000000008,data_err=ignore,. Quota mode: writeback. [ 153.332039][ T6386] loop2: detected capacity change from 0 to 512 [ 153.711522][ T4091] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 153.714855][ T4091] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 153.721722][ T6382] loop4: detected capacity change from 0 to 40427 [ 154.181624][ T6382] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 154.183170][ T6382] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 154.195896][ T6382] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1ffff [ 154.207651][ T6382] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8 [ 154.218056][ T6382] F2FS-fs (loop4): invalid crc value [ 154.229629][ T6399] fido_id[6399]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 154.234262][ T6382] F2FS-fs (loop4): Found nat_bits in checkpoint [ 154.343438][ T6382] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 154.344758][ T6382] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 154.875353][ T6409] hub 9-0:1.0: USB hub found [ 154.876385][ T6409] hub 9-0:1.0: 8 ports detected [ 155.417104][ T6426] delete_channel: no stack [ 155.776659][ T4042] attempt to access beyond end of device [ 155.776659][ T4042] loop4: rw=2049, want=45112, limit=40427 [ 156.800239][ T6445] tipc: Enabling of bearer rejected, already enabled [ 157.264049][ T6458] kAFS: unable to lookup cell '\/' [ 157.782720][ T6472] netlink: 28 bytes leftover after parsing attributes in process `syz.4.600'. [ 157.784429][ T6472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.600'. [ 158.265505][ T6478] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709551 [ 158.333336][ T6488] loop4: detected capacity change from 0 to 64 [ 158.717975][ T6496] loop2: detected capacity change from 0 to 256 [ 158.789022][ T4090] Bluetooth: hci0: command 0x0406 tx timeout [ 158.790370][ T4090] Bluetooth: hci1: command 0x0406 tx timeout [ 158.791395][ T4090] Bluetooth: hci3: command 0x0406 tx timeout [ 158.792433][ T4090] Bluetooth: hci2: command 0x0406 tx timeout [ 159.033849][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 159.037568][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 159.040584][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 159.043651][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 159.045867][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.609'. [ 159.451656][ T6511] netlink: 'syz.1.615': attribute type 8 has an invalid length. [ 160.540898][ T6523] netlink: 'syz.3.618': attribute type 10 has an invalid length. [ 160.545098][ T6523] bridge0: port 3(team0) entered blocking state [ 160.546232][ T6523] bridge0: port 3(team0) entered disabled state [ 160.550540][ T6523] device team0 entered promiscuous mode [ 160.552874][ T6523] device team_slave_0 entered promiscuous mode [ 160.554130][ T6523] device team_slave_1 entered promiscuous mode [ 160.555490][ T6523] bridge0: port 3(team0) entered blocking state [ 160.556774][ T6523] bridge0: port 3(team0) entered forwarding state [ 160.643949][ T6529] lo speed is unknown, defaulting to 1000 [ 160.646096][ T6529] lo speed is unknown, defaulting to 1000 [ 160.648243][ T6529] lo speed is unknown, defaulting to 1000 [ 160.671576][ T6529] infiniband syz0: set down [ 160.672400][ T6529] infiniband syz0: added lo [ 160.676063][ T4121] lo speed is unknown, defaulting to 1000 [ 160.691242][ T6533] loop0: detected capacity change from 0 to 4096 [ 161.098986][ T6543] netlink: 'syz.3.622': attribute type 10 has an invalid length. [ 161.100251][ T6543] netlink: 40 bytes leftover after parsing attributes in process `syz.3.622'. [ 161.106706][ T6543] batman_adv: batadv0: Adding interface: vlan1 [ 161.107724][ T6543] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.111389][ T6543] batman_adv: batadv0: Interface activated: vlan1 [ 161.394814][ T6529] RDS/IB: syz0: added [ 161.395808][ T6529] smc: adding ib device syz0 with port count 1 [ 161.396811][ T6529] smc: ib device syz0 port 1 has pnetid [ 161.399494][ T6529] lo speed is unknown, defaulting to 1000 [ 161.422668][ T6529] lo speed is unknown, defaulting to 1000 [ 161.445351][ T6529] lo speed is unknown, defaulting to 1000 [ 161.467993][ T6529] lo speed is unknown, defaulting to 1000 [ 161.470510][ T6547] tipc: Enabling of bearer rejected, already enabled [ 161.472313][ T6539] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.491691][ T6529] lo speed is unknown, defaulting to 1000 [ 161.922646][ T4121] lo speed is unknown, defaulting to 1000 [ 161.953479][ T6554] tipc: Enabled bearer , priority 0 [ 161.956688][ T6554] device syzkaller0 entered promiscuous mode [ 162.036028][ T6554] tipc: Resetting bearer [ 162.037140][ T6554] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.039846][ T6553] tipc: Resetting bearer [ 162.045212][ T6553] tipc: Disabling bearer [ 162.390220][ T6571] loop3: detected capacity change from 0 to 512 [ 164.122813][ T6571] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 164.128052][ T6571] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 164.150165][ T6571] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.631: Invalid inode table block 1 in block_group 0 [ 164.155646][ T6571] EXT4-fs (loop3): get root inode failed [ 164.162232][ T6571] EXT4-fs (loop3): mount failed [ 164.431805][ T6607] tipc: Enabling of bearer rejected, already enabled [ 166.646225][ T6633] delete_channel: no stack [ 166.655583][ T6638] tipc: Enabling of bearer rejected, already enabled [ 166.789303][ T6640] loop4: detected capacity change from 0 to 40427 [ 167.174121][ T4105] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 167.180031][ T6640] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 167.181471][ T6640] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x4 [ 167.184321][ T6640] F2FS-fs (loop4): invalid crc value [ 167.191198][ T6640] F2FS-fs (loop4): Found nat_bits in checkpoint [ 167.202548][ T6640] F2FS-fs (loop4): Start checkpoint disabled! [ 167.210024][ T6640] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 167.601700][ T6660] ptrace attach of "./syz-executor exec"[4042] was attempted by "./syz-executor exec"[6660] [ 167.709862][ T6663] tipc: Enabling of bearer rejected, failed to enable media [ 167.836582][ T4105] usb 1-1: device descriptor read/64, error -71 [ 168.102531][ T6673] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 168.104421][ T6673] device syzkaller0 entered promiscuous mode [ 168.117586][ T4105] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 168.252137][ T6682] loop4: detected capacity change from 0 to 64 [ 168.646454][ T4105] usb 1-1: device descriptor read/64, error -71 [ 168.769364][ T6693] netlink: 20 bytes leftover after parsing attributes in process `syz.4.658'. [ 168.771038][ T6693] netlink: 4 bytes leftover after parsing attributes in process `syz.4.658'. [ 169.635163][ T6700] lo speed is unknown, defaulting to 1000 [ 169.986202][ T4105] usb usb1-port1: attempt power cycle [ 170.169696][ T6702] loop3: detected capacity change from 0 to 40427 [ 170.654171][ T6702] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 170.655485][ T6702] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 170.700059][ T6702] F2FS-fs (loop3): invalid crc value [ 171.274817][ T4105] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 171.331324][ T6702] F2FS-fs (loop3): Found nat_bits in checkpoint [ 171.817613][ T4105] usb 1-1: device not accepting address 7, error -71 [ 171.904719][ T6702] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 171.905935][ T6702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 173.556936][ T6763] binder: 6749:6763 tried to acquire reference to desc 0, got 1 instead [ 173.874834][ T6770] loop3: detected capacity change from 0 to 64 [ 175.152512][ T6792] loop4: detected capacity change from 0 to 4096 [ 175.153142][ T6788] loop0: detected capacity change from 0 to 512 [ 175.588275][ T6792] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 175.623361][ T6788] EXT4-fs (loop0): Ignoring removed nobh option [ 175.624638][ T6788] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 175.675102][ T6788] EXT4-fs (loop0): 1 truncate cleaned up [ 175.676255][ T6788] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 176.078987][ T6811] netlink: 128 bytes leftover after parsing attributes in process `syz.0.686'. [ 176.081720][ T6811] netlink: 44 bytes leftover after parsing attributes in process `syz.0.686'. [ 176.749946][ T4042] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 176.984529][ T6821] capability: warning: `syz.1.695' uses deprecated v2 capabilities in a way that may be insecure [ 177.425658][ T6827] loop3: detected capacity change from 0 to 764 [ 177.751077][ T6827] rock: directory entry would overflow storage [ 177.752243][ T6827] rock: sig=0x5245, size=8, remaining=5 [ 178.384713][ T6846] loop4: detected capacity change from 0 to 65536 [ 178.922996][ T6846] XFS (loop4): Mounting V5 Filesystem [ 178.943030][ T6868] bridge0: port 3(team0) entered disabled state [ 178.944242][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.945555][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.947760][ T6868] device bridge0 entered promiscuous mode [ 179.232452][ T6846] XFS (loop4): Ending clean mount [ 179.341840][ T6873] loop2: detected capacity change from 0 to 8 [ 179.705313][ T6873] SQUASHFS error: zlib decompression failed, data probably corrupt [ 179.707113][ T6873] SQUASHFS error: Failed to read block 0x9b: -5 [ 179.708333][ T6873] SQUASHFS error: Unable to read metadata cache entry [99] [ 179.711124][ T6873] SQUASHFS error: Unable to read inode 0x127 [ 179.975211][ T4091] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x14c/0x224, xfs_agf block 0x1 [ 179.977205][ T4091] XFS (loop4): Unmount and run xfs_repair [ 179.982456][ T4091] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 179.983715][ T4091] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 179.985101][ T4091] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 179.988960][ T4091] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 179.994563][ T4091] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 179.996987][ T4091] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 180.280896][ T4091] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 180.282451][ T4091] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 180.283935][ T4091] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 180.285555][ T4373] XFS (loop4): metadata I/O error in "xfs_read_agf+0x200/0x504" at daddr 0x1 len 1 error 74 [ 180.288098][ T4373] XFS (loop4): page discard on page 000000001ea0a107, inode 0x26, offset 134220800. [ 180.301546][ T4105] loop4: writeback error on inode 38, offset 0, sector 22 [ 180.303111][ T4042] XFS (loop4): Unmounting Filesystem [ 180.437160][ T6863] loop0: detected capacity change from 0 to 32768 [ 181.122375][ T6863] [ 181.122375][ T6863] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.122375][ T6863] [ 181.169109][ T6893] loop3: detected capacity change from 0 to 512 [ 181.327774][ T6898] [ 181.327774][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.327774][ T6898] [ 181.329658][ T6898] [ 181.329658][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.329658][ T6898] [ 181.331229][ T6898] [ 181.331229][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.331229][ T6898] [ 181.332932][ T6898] [ 181.332932][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.332932][ T6898] [ 181.334528][ T6898] [ 181.334528][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.334528][ T6898] [ 181.336090][ T6898] [ 181.336090][ T6898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.336090][ T6898] [ 181.402645][ T6901] loop2: detected capacity change from 0 to 16 [ 181.779987][ T6901] erofs: (device loop2): mounted with root inode @ nid 36. [ 181.799392][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 360447 of nid 36 [ 181.800999][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 181.802305][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 181.805168][ T6901] erofs: (device loop2): z_erofs_extent_lookback: unknown type 3 @ lcn 84 of nid 36 [ 181.806595][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 85 @ nid 36 [ 181.808022][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 348159 of nid 36 [ 181.809593][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 181.811038][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 344063 of nid 36 [ 181.812666][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 83 @ nid 36 [ 181.814088][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.815514][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 82 @ nid 36 [ 181.816958][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 81 @ nid 36 [ 181.818621][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 79 @ nid 36 [ 181.820090][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 78 @ nid 36 [ 181.821524][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 181.822903][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 315391 of nid 36 [ 181.824363][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 76 @ nid 36 [ 181.825714][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.827100][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 75 @ nid 36 [ 181.828501][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 307199 of nid 36 [ 181.829955][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 181.831324][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 73 @ nid 36 [ 181.832699][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 181.834149][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 71 @ nid 36 [ 181.835521][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 290815 of nid 36 [ 181.836939][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 181.838607][ T6901] erofs: (device loop2): z_erofs_extent_lookback: unknown type 3 @ lcn 64 of nid 36 [ 181.840054][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 65 @ nid 36 [ 181.841398][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 266239 of nid 36 [ 181.842867][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 181.844251][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 262143 of nid 36 [ 181.845716][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 181.847183][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 61 @ nid 36 [ 181.848678][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 60 @ nid 36 [ 181.850109][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 59 @ nid 36 [ 181.851520][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.852964][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 181.854422][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 181.855877][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 56 @ nid 36 [ 181.857351][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 55 @ nid 36 [ 181.858991][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 181.860429][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 221183 of nid 36 [ 181.861990][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 181.863437][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 217087 of nid 36 [ 181.865004][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 181.866441][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 212991 of nid 36 [ 181.868027][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 181.869525][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 208895 of nid 36 [ 181.871159][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 181.872550][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 204799 of nid 36 [ 181.874065][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 49 @ nid 36 [ 181.875457][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 200703 of nid 36 [ 181.876932][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 48 @ nid 36 [ 181.878332][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 196607 of nid 36 [ 181.879831][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 181.881285][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.882724][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 181.884148][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 45 @ nid 36 [ 181.885557][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 44 @ nid 36 [ 181.886989][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 43 @ nid 36 [ 181.888653][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.890119][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 42 @ nid 36 [ 181.891539][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 41 @ nid 36 [ 181.892907][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.894305][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 181.895715][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 181.897148][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 181.899070][ T6901] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 181.900520][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 181.902203][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 181.903688][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 181.905141][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 106495 of nid 36 [ 181.906690][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 181.908184][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 181.910515][ T6901] erofs: (device loop2): z_erofs_extent_lookback: unknown type 3 @ lcn 15 of nid 36 [ 181.911889][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 181.913304][ T6901] erofs: (device loop2): z_erofs_map_blocks_iter: unknown type 3 @ offset 65535 of nid 36 [ 181.914869][ T6901] erofs: (device loop2): z_erofs_readahead: readahead error at page 15 @ nid 36 [ 181.916608][ T6901] attempt to access beyond end of device [ 181.916608][ T6901] loop2: rw=524288, want=848, limit=16 [ 181.918858][ T6901] attempt to access beyond end of device [ 181.918858][ T6901] loop2: rw=524288, want=13478624104, limit=16 [ 181.920925][ T6901] attempt to access beyond end of device [ 181.920925][ T6901] loop2: rw=524288, want=13478624080, limit=16 [ 181.922938][ T6901] attempt to access beyond end of device [ 181.922938][ T6901] loop2: rw=524288, want=40, limit=16 [ 181.924780][ T6901] attempt to access beyond end of device [ 181.924780][ T6901] loop2: rw=524288, want=96, limit=16 [ 181.926807][ T6901] attempt to access beyond end of device [ 181.926807][ T6901] loop2: rw=524288, want=32, limit=16 [ 181.997698][ T248] [ 181.997698][ T248] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.997698][ T248] [ 182.009660][ T4043] [ 182.009660][ T4043] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.009660][ T4043] [ 182.013368][ T4043] [ 182.013368][ T4043] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.013368][ T4043] [ 182.023637][ T6893] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 182.230020][ T6912] loop2: detected capacity change from 0 to 256 [ 182.231692][ T6912] FAT-fs (loop2): Unrecognized mount option "x1koߵiז?vp [ 182.231692][ T6912] .NE RA  :5кEH(}=ξߌKlLjmrP?8%ynxu|dzH" or missing value [ 182.999767][ T6926] loop4: detected capacity change from 0 to 40427 [ 183.229533][ T6926] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 183.230881][ T6926] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 183.233057][ T6926] F2FS-fs (loop4): invalid crc value [ 183.256780][ T6926] F2FS-fs (loop4): Found nat_bits in checkpoint [ 183.282379][ T6926] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 183.283580][ T6926] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 183.294784][ T6932] loop0: detected capacity change from 0 to 2048 [ 183.756673][ T6947] loop2: detected capacity change from 0 to 128 [ 184.768153][ T6947] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 184.774760][ T6947] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 184.864411][ T6932] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 185.003355][ T6956] loop2: detected capacity change from 0 to 8192 [ 185.009072][ T6956] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 185.013211][ T6956] REISERFS (device loop2): using ordered data mode [ 185.015425][ T6956] reiserfs: using flush barriers [ 185.194977][ T6958] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 185.398119][ T6956] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 185.400820][ T6956] REISERFS (device loop2): checking transaction log (loop2) [ 185.412320][ T6956] REISERFS (device loop2): Using r5 hash to sort names [ 185.417072][ T6956] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 185.503712][ T6964] loop4: detected capacity change from 0 to 512 [ 185.527214][ T6960] loop3: detected capacity change from 0 to 1024 [ 185.891631][ T6966] loop0: detected capacity change from 0 to 256 [ 185.979107][ T6960] hfsplus: unable to parse mount options [ 186.018674][ T6966] exfat: Deprecated parameter 'utf8' [ 186.022991][ T6966] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 186.092475][ T6964] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 186.100712][ T6964] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #17: comm syz.4.725: iget: bad i_size value: -6917529027641081756 [ 186.103052][ T6964] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.725: couldn't read orphan inode 17 (err -117) [ 186.105136][ T6964] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 186.543522][ T6979] loop2: detected capacity change from 0 to 1024 [ 186.575341][ T6979] EXT4-fs (loop2): Ignoring removed nobh option [ 186.576679][ T6979] EXT4-fs (loop2): Ignoring removed bh option [ 186.670544][ T6979] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback. [ 188.269739][ T7006] loop3: detected capacity change from 0 to 8 [ 189.079248][ T4034] udevd[4034]: incorrect cramfs checksum on /dev/loop3 [ 189.086068][ T7006] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 189.120101][ T7015] loop0: detected capacity change from 0 to 1024 [ 190.286146][ T7031] cramfs: Error -3 while decompressing! [ 190.287404][ T7031] cramfs: 00000000b7efad0e(26)->000000000ae3b713(4096) [ 190.289088][ T7031] cramfs: Error -3 while decompressing! [ 190.290070][ T7031] cramfs: 00000000f9ed548c(26)->000000004c5c2584(4096) [ 190.291540][ T7031] cramfs: Error -3 while decompressing! [ 190.292556][ T7031] cramfs: 00000000579edc40(16)->000000007e72b0b9(4096) [ 190.294250][ T7031] cramfs: Error -3 while decompressing! [ 190.295248][ T7031] cramfs: 00000000b7efad0e(26)->000000000ae3b713(4096) [ 190.379799][ T4034] udevd[4034]: incorrect cramfs checksum on /dev/loop3 [ 190.400427][ T7015] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 191.118215][ T7050] loop3: detected capacity change from 0 to 40427 [ 191.211797][ T7050] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 191.213172][ T7050] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 191.219819][ T7050] F2FS-fs (loop3): invalid crc value [ 191.236542][ T7050] F2FS-fs (loop3): Found nat_bits in checkpoint [ 191.558277][ T7050] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 191.559542][ T7050] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 191.715068][ T7063] netlink: 'syz.1.749': attribute type 10 has an invalid length. [ 191.723422][ T7068] attempt to access beyond end of device [ 191.723422][ T7068] loop3: rw=2049, want=78344, limit=40427 [ 192.099243][ T7063] device wlan1 entered promiscuous mode [ 192.100546][ T7063] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 192.477311][ T7080] loop4: detected capacity change from 0 to 128 [ 192.488468][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.489533][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.497188][ T7083] loop0: detected capacity change from 0 to 1024 [ 192.525905][ T7080] EXT4-fs warning (device loop4): ext4_fill_super:3980: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 192.540462][ T7080] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 193.183677][ T7093] loop3: detected capacity change from 0 to 8192 [ 193.617601][ T26] audit: type=1326 audit(193.220:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.620977][ T26] audit: type=1326 audit(193.230:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=179 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.624138][ T26] audit: type=1326 audit(193.230:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.627179][ T26] audit: type=1326 audit(193.230:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.633733][ T7094] loop4: detected capacity change from 0 to 32768 [ 193.668722][ T26] audit: type=1326 audit(193.230:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.671949][ T26] audit: type=1326 audit(193.230:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.688193][ T7093] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 193.689653][ T7093] REISERFS (device loop3): using ordered data mode [ 193.690770][ T7093] reiserfs: using flush barriers [ 193.692850][ T26] audit: type=1326 audit(193.230:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.696144][ T26] audit: type=1326 audit(193.230:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.707856][ T7093] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 193.710738][ T7093] REISERFS (device loop3): checking transaction log (loop3) [ 193.712101][ T26] audit: type=1326 audit(193.230:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.716217][ T7093] REISERFS (device loop3): Using r5 hash to sort names [ 193.727560][ T26] audit: type=1326 audit(193.230:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7079 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9df3df28 code=0x7ffc0000 [ 193.731469][ T7093] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 195.952092][ T7136] loop4: detected capacity change from 0 to 4096 [ 195.963616][ T7138] loop2: detected capacity change from 0 to 256 [ 195.991816][ T7136] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 196.092251][ T7138] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 197.805293][ T4042] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 197.911721][ T7151] loop0: detected capacity change from 0 to 32768 [ 199.936719][ T7176] loop2: detected capacity change from 0 to 40427 [ 200.120480][ T7173] loop4: detected capacity change from 0 to 32768 [ 200.272037][ T7173] [ 200.272037][ T7173] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.272037][ T7173] [ 200.286346][ T7176] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 200.287683][ T7176] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 200.292282][ T7176] F2FS-fs (loop2): invalid crc value [ 200.305628][ T7176] F2FS-fs (loop2): Found nat_bits in checkpoint [ 200.622105][ T7176] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 200.623254][ T7176] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 200.655579][ T7171] loop3: detected capacity change from 0 to 32768 [ 201.180019][ T7196] attempt to access beyond end of device [ 201.180019][ T7196] loop2: rw=2049, want=78344, limit=40427 [ 201.256192][ T7194] [ 201.256192][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.256192][ T7194] [ 201.257911][ T7194] [ 201.257911][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.257911][ T7194] [ 201.259444][ T7194] [ 201.259444][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.259444][ T7194] [ 201.261099][ T7194] [ 201.261099][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.261099][ T7194] [ 201.262665][ T7194] [ 201.262665][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.262665][ T7194] [ 201.264159][ T7194] [ 201.264159][ T7194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.264159][ T7194] [ 201.270954][ T247] [ 201.270954][ T247] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.270954][ T247] [ 201.301751][ T7171] [ 201.301751][ T7171] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.301751][ T7171] [ 201.424073][ T4042] [ 201.424073][ T4042] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.424073][ T4042] [ 201.445736][ T4042] [ 201.445736][ T4042] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.445736][ T4042] [ 201.466808][ T7200] [ 201.466808][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.466808][ T7200] [ 201.468656][ T7200] [ 201.468656][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.468656][ T7200] [ 201.470184][ T7200] [ 201.470184][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.470184][ T7200] [ 201.471649][ T7200] [ 201.471649][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.471649][ T7200] [ 201.473344][ T7200] [ 201.473344][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.473344][ T7200] [ 201.474959][ T7200] [ 201.474959][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.474959][ T7200] [ 201.494029][ T247] [ 201.494029][ T247] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.494029][ T247] [ 201.980813][ T4044] [ 201.980813][ T4044] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.980813][ T4044] [ 201.982805][ T4044] [ 201.982805][ T4044] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.982805][ T4044] [ 201.994495][ T7207] loop4: detected capacity change from 0 to 512 [ 202.030767][ T7207] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 202.740934][ T7218] loop0: detected capacity change from 0 to 40427 [ 203.163091][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.790'. [ 203.880137][ T7218] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 203.881396][ T7218] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 203.883700][ T7218] F2FS-fs (loop0): invalid crc value [ 203.939374][ T7218] F2FS-fs (loop0): Found nat_bits in checkpoint [ 203.971527][ T7218] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 203.972674][ T7218] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 204.137468][ T7250] loop2: detected capacity change from 0 to 1024 [ 204.495424][ T7251] loop4: detected capacity change from 0 to 24 [ 204.495932][ T7255] attempt to access beyond end of device [ 204.495932][ T7255] loop0: rw=2049, want=78344, limit=40427 [ 204.528452][ T7251] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 204.730467][ T7256] loop3: detected capacity change from 0 to 2048 [ 204.837062][ T7251] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 204.837743][ T7250] EXT4-fs (loop2): Ignoring removed orlov option [ 204.857940][ T7256] UDF-fs: bad mount option "iocarset=maccysillic" or missing value [ 205.159216][ T7250] EXT4-fs (loop2): mounted filesystem without journal. Opts: acl,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,nodioread_nolock,orlov,barrier=0x0000000000000005,min_batch_time=0x0000000000000005,i_version,,errors=continue. Quota mode: writeback. [ 205.929792][ T7274] loop3: detected capacity change from 0 to 4096 [ 206.008351][ C0] dccp_v4_rcv: dropped packet with invalid checksum [ 206.009515][ C0] dccp_v4_rcv: dropped packet with invalid checksum [ 206.316217][ T7274] ntfs3: loop3: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 206.316217][ T7274] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 206.316217][ T7274] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 206.322798][ T7274] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 206.324469][ T7274] ntfs3: loop3: Failed to load $BadClus. [ 206.371385][ T7282] loop0: detected capacity change from 0 to 128 [ 206.414333][ T7282] ADFS-fs (loop0): error: can't find an ADFS filesystem on dev loop0. [ 206.927760][ T7286] loop3: detected capacity change from 0 to 256 [ 206.933109][ T7287] loop4: detected capacity change from 0 to 512 [ 207.485091][ T7287] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.800: casefold flag without casefold feature [ 207.490427][ T7287] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.800: couldn't read orphan inode 15 (err -117) [ 207.493235][ T7287] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 208.500007][ T7298] netlink: 'syz.0.801': attribute type 10 has an invalid length. [ 208.552989][ T7301] loop3: detected capacity change from 0 to 1024 [ 211.621266][ T4091] Bluetooth: hci4: command 0x0405 tx timeout [ 211.733289][ T7322] loop4: detected capacity change from 0 to 32768 [ 213.118706][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 213.118715][ T26] audit: type=1326 audit(212.519:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.122821][ T26] audit: type=1326 audit(212.519:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=179 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.126308][ T26] audit: type=1326 audit(212.519:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.174137][ T26] audit: type=1326 audit(212.519:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.177967][ T26] audit: type=1326 audit(212.529:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.181208][ T26] audit: type=1326 audit(212.529:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.184627][ T26] audit: type=1326 audit(212.529:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.192677][ T26] audit: type=1326 audit(212.529:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.195773][ T26] audit: type=1326 audit(212.539:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.199303][ T26] audit: type=1326 audit(212.539:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7355 comm="syz.0.817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=7 compat=0 ip=0xffffaf126f28 code=0x7ffc0000 [ 213.771450][ T7368] loop2: detected capacity change from 0 to 32768 [ 213.801875][ T7382] loop3: detected capacity change from 0 to 1764 [ 213.876529][ T7368] JBD2: Ignoring recovery information on journal [ 213.904720][ T7368] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 214.891990][ T7382] loop3: detected capacity change from 0 to 128 [ 214.932057][ T4050] (syz-executor,4050,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 66 [ 214.934633][ T4050] ocfs2: Unmounting device (7,2) on (node local) [ 215.052612][ T7382] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 215.385423][ T7394] loop4: detected capacity change from 0 to 512 [ 215.398187][ T7408] loop2: detected capacity change from 0 to 512 [ 215.445599][ T7394] EXT4-fs (loop4): error: journal path ./file0 is not a block device [ 215.526841][ T7408] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.827: casefold flag without casefold feature [ 215.535497][ T7408] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.827: couldn't read orphan inode 15 (err -117) [ 215.541143][ T7408] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 216.317322][ T7422] loop4: detected capacity change from 0 to 4096 [ 216.318016][ T7419] netlink: 'syz.1.830': attribute type 10 has an invalid length. [ 216.323909][ T7426] loop0: detected capacity change from 0 to 64 [ 216.507113][ T7430] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 216.512081][ T7430] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 217.329745][ T7422] ntfs3: loop4: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 217.329745][ T7422] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 217.329745][ T7422] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 217.336830][ T7422] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 217.338840][ T7422] ntfs3: loop4: Failed to load $BadClus. [ 218.178483][ T7445] loop4: detected capacity change from 0 to 64 [ 218.210595][ T7449] loop3: detected capacity change from 0 to 1024 [ 219.250516][ T7445] hfs: unable to parse mount options [ 219.558206][ T7456] loop4: detected capacity change from 0 to 4096 [ 220.466648][ T7456] ntfs3: loop4: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 220.466648][ T7456] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 220.466648][ T7456] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 220.479643][ T7456] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 220.482450][ T7456] ntfs3: loop4: Failed to load $BadClus. [ 221.650677][ T7497] loop3: detected capacity change from 0 to 4096 [ 221.736992][ T7500] loop0: detected capacity change from 0 to 4096 [ 222.193629][ T7500] ntfs3: loop0: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 222.193629][ T7500] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 222.193629][ T7500] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 222.197840][ T7500] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 222.199207][ T7500] ntfs3: loop0: Failed to load $BadClus. [ 222.831630][ T7497] ntfs3: loop3: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 222.831630][ T7497] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 222.831630][ T7497] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 222.960465][ T7497] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 223.028308][ T7497] ntfs3: loop3: Failed to load $BadClus. [ 224.997366][ T7531] loop2: detected capacity change from 0 to 4096 [ 225.589871][ T7553] loop4: detected capacity change from 0 to 32768 [ 225.656087][ T7531] ntfs3: loop2: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 225.656087][ T7531] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 225.656087][ T7531] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 225.664021][ T7531] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 225.665632][ T7531] ntfs3: loop2: Failed to load $BadClus. [ 225.668166][ T7553] jfs: Unrecognized mount option "0x0000000000000005" or missing value [ 227.024741][ T7569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.053769][ T7569] bond0: (slave rose0): Enslaving as an active interface with an up link [ 227.055276][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 227.225930][ T7587] loop4: detected capacity change from 0 to 512 [ 227.260769][ T7585] tipc: Enabling of bearer rejected, already enabled [ 227.640784][ T7604] tipc: Enabling of bearer rejected, already enabled [ 228.231106][ T7587] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 228.234534][ T7587] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 228.266665][ T7587] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.874: Invalid inode table block 1 in block_group 0 [ 228.363327][ T7587] EXT4-fs (loop4): get root inode failed [ 228.364270][ T7587] EXT4-fs (loop4): mount failed [ 229.735699][ T7661] tipc: Enabling of bearer rejected, already enabled [ 231.545199][ T7686] loop4: detected capacity change from 0 to 512 [ 231.778313][ T7693] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes [ 232.099451][ T7686] EXT4-fs (loop4): Unrecognized mount option "smackfstransmute=owerdir" or missing value [ 232.715652][ T7705] loop0: detected capacity change from 0 to 512 [ 233.126560][ T7713] loop3: detected capacity change from 0 to 8 [ 233.142097][ T7705] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 233.147245][ T7705] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 233.161292][ T7705] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.900: Invalid inode table block 1 in block_group 0 [ 233.170020][ T7705] EXT4-fs (loop0): get root inode failed [ 233.170947][ T7705] EXT4-fs (loop0): mount failed [ 234.657204][ T7739] loop0: detected capacity change from 0 to 512 [ 234.758111][ T7740] loop3: detected capacity change from 0 to 512 [ 234.840799][ T7739] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 234.847856][ T7739] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 234.851974][ T7739] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.910: Invalid inode table block 1 in block_group 0 [ 234.855529][ T7739] EXT4-fs (loop0): get root inode failed [ 234.856515][ T7739] EXT4-fs (loop0): mount failed [ 234.936069][ T7740] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2 [ 235.967177][ T7761] tipc: Enabled bearer , priority 0 [ 235.970337][ T7761] device syzkaller0 entered promiscuous mode [ 235.988762][ T7761] tipc: Resetting bearer [ 236.349554][ T7757] tipc: Resetting bearer [ 236.353872][ T7757] tipc: Disabling bearer [ 236.943474][ T7780] loop4: detected capacity change from 0 to 512 [ 237.524012][ T7780] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 237.529129][ T7780] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 237.694164][ T7794] netlink: 136 bytes leftover after parsing attributes in process `syz.2.922'. [ 238.223605][ T7780] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.921: Invalid inode table block 1 in block_group 0 [ 238.247286][ T7780] EXT4-fs (loop4): get root inode failed [ 238.251397][ T7780] EXT4-fs (loop4): mount failed [ 239.189971][ T7812] loop3: detected capacity change from 0 to 4096 [ 239.381135][ T7812] __ntfs_error: 14 callbacks suppressed [ 239.381146][ T7812] ntfs: (device loop3): parse_options(): NLS character set cpS not found. Using previous one iso8859-2. [ 239.391623][ T7812] ntfs: volume version 3.1. [ 239.435477][ T7819] tipc: Enabling of bearer rejected, already enabled [ 239.752685][ T7816] sched: RT throttling activated [ 240.839362][ T7843] netlink: 16 bytes leftover after parsing attributes in process `syz.3.935'. [ 241.926195][ T7873] tipc: Enabling of bearer rejected, failed to enable media [ 241.975178][ T7878] loop3: detected capacity change from 0 to 4096 [ 241.982604][ T7884] loop0: detected capacity change from 0 to 512 [ 241.983074][ T7883] loop4: detected capacity change from 0 to 512 [ 242.001512][ T7878] NILFS: invalid option "cp=0x0000000000000003": read-only option is not specified [ 242.031400][ T7884] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 242.033004][ T7884] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 242.034887][ T7883] EXT4-fs (loop4): Invalid commit interval 1204772868, must be smaller than 21474836 [ 242.037887][ T7884] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.944: Invalid inode table block 1 in block_group 0 [ 242.040914][ T7884] EXT4-fs (loop0): get root inode failed [ 242.041998][ T7884] EXT4-fs (loop0): mount failed [ 242.153426][ T7894] loop3: detected capacity change from 0 to 8 [ 242.232965][ T7909] loop0: detected capacity change from 0 to 4096 [ 242.242302][ T7911] tipc: Enabled bearer , priority 0 [ 242.243644][ T7911] device syzkaller0 entered promiscuous mode [ 242.249551][ T7911] tipc: Resetting bearer [ 242.251475][ T7910] tipc: Resetting bearer [ 242.253299][ T7894] SQUASHFS error: Unable to read inode 0x127 [ 242.261549][ T7910] tipc: Disabling bearer [ 242.282488][ T7909] ntfs3: loop0: Failed to load $MFT. [ 242.365438][ T7925] loop0: detected capacity change from 0 to 512 [ 242.395502][ T7933] loop3: detected capacity change from 0 to 64 [ 242.433996][ T7940] loop4: detected capacity change from 0 to 8 [ 242.471810][ T7925] EXT2-fs (loop0): (no)acl options not supported [ 242.486325][ T7940] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 242.520228][ T7940] cramfs: unsupported filesystem features [ 242.647467][ T7954] loop3: detected capacity change from 0 to 4096 [ 242.651864][ T7954] ntfs: (device loop3): parse_options(): Unrecognized mount option cayes. [ 242.693622][ T7963] tipc: Enabling of bearer rejected, failed to enable media [ 242.734268][ T7960] loop4: detected capacity change from 0 to 8192 [ 242.821241][ T7960] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 242.826470][ T7960] REISERFS (device loop4): using ordered data mode [ 242.829996][ T7960] reiserfs: using flush barriers [ 242.831269][ T7960] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 242.834116][ T7960] REISERFS (device loop4): checking transaction log (loop4) [ 242.835842][ T7960] REISERFS warning: reiserfs-5084 is_leaf: item location seems wrong: *3.5*[1 2 0x0 SD], item_len 44, item_location 15261, free_space(entry_count) 0 [ 242.875867][ T7960] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 242.887770][ T7960] REISERFS (device loop4): Remounting filesystem read-only [ 242.888913][ T7960] REISERFS error (device loop4): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 242.933926][ T7951] loop0: detected capacity change from 0 to 40427 [ 242.984169][ T7964] loop3: detected capacity change from 0 to 32768 [ 242.993293][ T7951] F2FS-fs (loop0): build fault injection attr: rate: 16, type: 0x1ffff [ 242.994764][ T7951] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x2 [ 242.997450][ T7951] F2FS-fs (loop0): invalid crc value [ 243.010881][ T7994] tipc: Enabling of bearer rejected, failed to enable media [ 243.014781][ T7951] F2FS-fs (loop0) : inject kvmalloc in f2fs_kvmalloc of build_dirty_segmap+0xbd4/0xd0c [ 243.016430][ T7951] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12) [ 243.058504][ T7964] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.984 (7964) [ 243.064386][ T7964] BTRFS error (device loop3): unsupported checksum algorithm: 256 [ 243.079821][ T7964] BTRFS error (device loop3): open_ctree failed: -22 [ 243.105887][ T5698] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by udevd (5698) [ 243.108460][ T8002] loop4: detected capacity change from 0 to 512 [ 243.130962][ T8002] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 243.132669][ T8002] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 243.152932][ T8002] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.999: Invalid inode table block 1 in block_group 0 [ 243.171373][ T8002] EXT4-fs (loop4): get root inode failed [ 243.172376][ T8002] EXT4-fs (loop4): mount failed [ 243.173005][ T8017] loop0: detected capacity change from 0 to 512 [ 243.243376][ T8017] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 243.245435][ T8017] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 243.246861][ T8017] EXT4-fs (loop0): can't mount with commit=1023, fs mounted w/o journal [ 243.755548][ T8032] tipc: Enabling of bearer rejected, already enabled [ 243.770476][ T8034] loop4: detected capacity change from 0 to 8 [ 243.798690][ T8036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1013'. [ 243.803306][ T8036] device syz_tun entered promiscuous mode [ 243.860525][ T8034] unable to read xattr id index table [ 243.866293][ T8029] loop3: detected capacity change from 0 to 40427 [ 243.976983][ T8044] tipc: Enabling of bearer rejected, already enabled [ 244.785888][ T8072] loop0: detected capacity change from 0 to 512 [ 244.807765][ T8072] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled [ 244.809507][ T8072] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 244.811239][ T8072] EXT4-fs (loop0): filesystem is read-only [ 244.828296][ T8072] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (28015!=33349) [ 244.830146][ T8072] EXT4-fs (loop0): Unsupported blocksize for fs-verity [ 245.195055][ T8075] loop4: detected capacity change from 0 to 8192 [ 245.305975][ T8084] tipc: Enabling of bearer rejected, already enabled [ 245.307995][ T8083] loop0: detected capacity change from 0 to 2048 [ 245.340181][ T8083] UDF-fs: warning (device loop0): udf_verify_domain_identifier: Descriptor for logical volume marked write protected. Forcing read only mount. [ 245.408860][ T8078] loop3: detected capacity change from 0 to 32768 [ 245.463925][ T8078] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 245.465439][ T8078] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 245.903731][ T8078] gfs2: fsid=syz:syz.0: journal 0 mapped with 23 extents in 0ms [ 245.907345][ T4105] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 245.908621][ T4105] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 245.930497][ T4105] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 21ms [ 245.932322][ T4105] gfs2: fsid=syz:syz.0: jid=0: Done [ 245.933926][ T8078] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 247.011713][ T8104] loop0: detected capacity change from 0 to 1024 [ 247.055306][ T8104] hfsplus: bad catalog entry used to create inode [ 247.057190][ T8104] hfsplus: failed to load root directory [ 247.126796][ T8103] loop4: detected capacity change from 0 to 32768 [ 247.145581][ T8103] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1041 (8103) [ 247.147967][ T8114] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 247.163596][ T5698] udevd[5698]: incorrect btrfs checksum on /dev/loop4 [ 247.167878][ T8114] device syzkaller0 entered promiscuous mode [ 247.172669][ T8115] loop0: detected capacity change from 0 to 4096 [ 247.270939][ T8115] ntfs: (device loop0): ntfs_read_inode_mount(): Incorrect mft record size 1572864 in superblock, should be 1024. [ 247.272755][ T8115] ntfs: (device loop0): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 247.274087][ T8115] ntfs: (device loop0): ntfs_fill_super(): Failed to load essential metadata. [ 247.451615][ T8133] loop4: detected capacity change from 0 to 256 [ 247.453240][ T8119] loop3: detected capacity change from 0 to 32768 [ 247.471346][ T8129] loop0: detected capacity change from 0 to 4096 [ 247.534600][ T8119] jfs_mount: Mount Failure: superblock is corrupt! [ 247.535659][ T8119] Mount JFS Failure: -22 [ 247.537159][ T8119] jfs_mount failed w/return code = -22 [ 247.575828][ T8133] FAT-fs (loop4): IO charset ma#8 not found [ 247.576660][ T8129] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 247.586642][ T8142] tipc: Enabling of bearer rejected, already enabled [ 247.586653][ T8129] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 247.589395][ T8129] ntfs3: loop0: Failed to load $AttrDef -> 0 [ 247.590430][ T8129] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 247.591534][ T8129] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22. [ 248.324159][ T8143] loop3: detected capacity change from 0 to 32768 [ 248.349321][ T8150] loop0: detected capacity change from 0 to 32768 [ 248.375022][ T8143] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 248.380257][ T8143] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 248.383702][ T8143] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 248.383702][ T8143] bh = 23 (magic number) [ 248.383702][ T8143] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493 [ 248.387034][ T8143] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 248.389010][ T8143] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 248.390579][ T8143] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 248.394152][ T8143] gfs2: fsid=syz:syz.0: File system withdrawn [ 248.395221][ T8143] CPU: 1 PID: 8143 Comm: syz.3.1058 Not tainted 5.15.189-syzkaller #0 [ 248.395406][ T8150] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 248.396522][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 248.399183][ T8143] Call trace: [ 248.399651][ T8143] dump_backtrace+0x0/0x43c [ 248.400355][ T8143] show_stack+0x2c/0x3c [ 248.401079][ T8143] __dump_stack+0x30/0x40 [ 248.401775][ T8143] dump_stack_lvl+0xf8/0x160 [ 248.402520][ T8143] dump_stack+0x1c/0x5c [ 248.403270][ T8143] gfs2_withdraw+0xc60/0x129c [ 248.404005][ T8143] gfs2_meta_check_ii+0x80/0x9c [ 248.404737][ T8143] gfs2_meta_buffer+0x228/0x2ec [ 248.405523][ T8143] __fillup_metapath+0x138/0x2e0 [ 248.406293][ T8143] __gfs2_iomap_get+0x4e8/0x100c [ 248.407087][ T8143] gfs2_block_map+0x2b4/0xbc8 [ 248.407847][ T8143] gfs2_write_alloc_required+0x298/0x4dc [ 248.408759][ T8143] gfs2_jdesc_check+0x19c/0x264 [ 248.409539][ T8143] init_journal+0xa5c/0x1d7c [ 248.410304][ T8143] init_inodes+0xe0/0x2d4 [ 248.411008][ T8143] gfs2_fill_super+0x121c/0x19e0 [ 248.411871][ T8143] get_tree_bdev+0x358/0x544 [ 248.412689][ T8143] gfs2_get_tree+0x54/0x1b4 [ 248.413429][ T8143] vfs_get_tree+0x90/0x274 [ 248.414166][ T8143] do_new_mount+0x228/0x810 [ 248.414902][ T8143] path_mount+0x5b4/0x1000 [ 248.415657][ T8143] __arm64_sys_mount+0x514/0x5e4 [ 248.416512][ T8143] invoke_syscall+0x98/0x2b8 [ 248.417281][ T8143] el0_svc_common+0x138/0x258 [ 248.418046][ T8143] do_el0_svc+0x58/0x14c [ 248.418750][ T8143] el0_svc+0x78/0x1e0 [ 248.419425][ T8143] el0t_64_sync_handler+0xcc/0xe4 [ 248.420226][ T8143] el0t_64_sync+0x1a0/0x1a4 [ 248.422807][ T8143] gfs2: fsid=syz:syz.0: my journal (0) is bad: -5 [ 248.432104][ T8150] CPU: 0 PID: 8150 Comm: syz.0.1060 Not tainted 5.15.189-syzkaller #0 [ 248.433470][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 248.435047][ T8150] Call trace: [ 248.435543][ T8150] dump_backtrace+0x0/0x43c [ 248.436228][ T8150] show_stack+0x2c/0x3c [ 248.436858][ T8150] __dump_stack+0x30/0x40 [ 248.437546][ T8150] dump_stack_lvl+0xf8/0x160 [ 248.438250][ T8150] dump_stack+0x1c/0x5c [ 248.438870][ T8150] sysfs_create_dir_ns+0x22c/0x24c [ 248.439643][ T8150] kobject_add_internal+0x590/0xc54 [ 248.440452][ T8150] kobject_init_and_add+0x118/0x17c [ 248.441297][ T8150] gfs2_sys_fs_add+0x1dc/0x3d8 [ 248.442082][ T8150] gfs2_fill_super+0xdac/0x19e0 [ 248.442817][ T8150] get_tree_bdev+0x358/0x544 [ 248.443495][ T8150] gfs2_get_tree+0x54/0x1b4 [ 248.444167][ T8150] vfs_get_tree+0x90/0x274 [ 248.444872][ T8150] do_new_mount+0x228/0x810 [ 248.445635][ T8150] path_mount+0x5b4/0x1000 [ 248.446307][ T8150] __arm64_sys_mount+0x514/0x5e4 [ 248.447024][ T8150] invoke_syscall+0x98/0x2b8 [ 248.447758][ T8150] el0_svc_common+0x138/0x258 [ 248.448541][ T8150] do_el0_svc+0x58/0x14c [ 248.449188][ T8150] el0_svc+0x78/0x1e0 [ 248.449851][ T8150] el0t_64_sync_handler+0xcc/0xe4 [ 248.450728][ T8150] el0t_64_sync+0x1a0/0x1a4 [ 248.832181][ T8150] kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 248.834536][ T8150] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 248.925376][ T8166] loop4: detected capacity change from 0 to 7 [ 248.932985][ T8161] loop3: detected capacity change from 0 to 128 [ 248.937578][ T8166] Dev loop4: unable to read RDB block 7 [ 248.938488][ T8166] loop4: AHDI p1 p2 [ 248.939150][ T8166] loop4: partition table partially beyond EOD, truncated [ 248.940379][ T8166] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 249.352898][ T8161] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 249.356729][ T8161] EXT4-fs (loop3): group descriptors corrupted! [ 249.385633][ T8173] netlink: 'syz.2.1067': attribute type 4 has an invalid length. [ 249.474441][ T8179] tipc: Enabled bearer , priority 10 [ 249.561408][ T8185] netlink: 'syz.3.1073': attribute type 4 has an invalid length. [ 249.720059][ T8192] netlink: 'syz.0.1069': attribute type 2 has an invalid length. [ 249.987435][ T8197] loop3: detected capacity change from 0 to 512 [ 250.049767][ T8197] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 250.051362][ T8197] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 250.057918][ T8197] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1076: Invalid inode table block 1 in block_group 0 [ 250.060288][ T8197] EXT4-fs (loop3): get root inode failed [ 250.061157][ T8197] EXT4-fs (loop3): mount failed [ 250.483629][ T8205] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 250.488172][ T8205] device syzkaller0 entered promiscuous mode [ 250.570908][ T8214] loop3: detected capacity change from 0 to 128 [ 250.575356][ T8214] UBIFS error (pid: 8214): cannot open "/dev/loop3", error -22 [ 250.651779][ T8222] loop0: detected capacity change from 0 to 2048 [ 250.669938][ T8224] loop3: detected capacity change from 0 to 512 [ 250.702866][ T8224] EXT2-fs (loop3): Invalid log block size: 4294967295 [ 250.725804][ T8222] NILFS (loop0): error -5 while loading last checkpoint (checkpoint number=2) [ 250.863080][ T8228] loop3: detected capacity change from 0 to 512 [ 250.872834][ T8229] loop0: detected capacity change from 0 to 512 [ 250.885192][ T8232] loop4: detected capacity change from 0 to 1024 [ 250.932529][ T8232] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 250.934562][ T8228] EXT4-fs (loop3): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0 [ 250.936085][ T8228] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 250.940627][ T8232] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 250.942144][ T8232] EXT4-fs (loop4): filesystem has both journal inode and journal device! [ 250.946336][ T8228] EXT4-fs (loop3): The Hurd can't support 64-bit file systems [ 250.955469][ T8229] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 250.957128][ T8229] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 250.979261][ T8229] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.1091: Invalid inode table block 1 in block_group 0 [ 250.981747][ T8229] EXT4-fs (loop0): get root inode failed [ 250.982583][ T8229] EXT4-fs (loop0): mount failed [ 251.086580][ T8237] tipc: Enabled bearer , priority 0 [ 251.120843][ T8237] device syzkaller0 entered promiscuous mode [ 251.127167][ T8237] tipc: Resetting bearer [ 251.130894][ T8234] tipc: Resetting bearer [ 251.134224][ T8234] tipc: Disabling bearer [ 251.370595][ T8250] loop4: detected capacity change from 0 to 8192 [ 251.393359][ T8242] loop0: detected capacity change from 0 to 32768 [ 251.398824][ T8243] loop3: detected capacity change from 0 to 32768 [ 251.469406][ T8243] BTRFS: device fsid 97240a68-9a28-4597-b04c-66b27e1182f2 devid 1 transid 8 /dev/loop3 scanned by syz.3.1097 (8243) [ 251.525458][ T8243] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 251.527081][ T8243] BTRFS info (device loop3): using free space tree [ 251.532330][ T8243] BTRFS info (device loop3): has skinny extents [ 251.586181][ T8267] loop0: detected capacity change from 0 to 512 [ 251.642525][ T8267] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 251.644211][ T8267] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 251.660724][ T8267] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.1110: Invalid inode table block 1 in block_group 0 [ 251.671598][ T8267] EXT4-fs (loop0): get root inode failed [ 251.672493][ T8267] EXT4-fs (loop0): mount failed [ 251.675041][ T8243] BTRFS info (device loop3): enabling ssd optimizations [ 251.749904][ T8287] loop4: detected capacity change from 0 to 164 [ 251.793088][ T8290] tipc: Enabling of bearer rejected, already enabled [ 252.562505][ T8316] loop4: detected capacity change from 0 to 1024 [ 252.576238][ T8316] hfsplus: invalid btree flag [ 252.577067][ T8316] hfsplus: failed to load catalog file [ 252.599650][ T8305] loop3: detected capacity change from 0 to 32768 [ 252.636844][ T8321] loop4: detected capacity change from 0 to 512 [ 252.644330][ T8321] EXT4-fs (loop4): Ignoring removed orlov option [ 252.647106][ T8321] EXT4-fs (loop4): journaled quota format not specified [ 252.657310][ T8305] JBD2: Ignoring recovery information on journal [ 252.659682][ T8305] OCFS2: ERROR (device loop3): int ocfs2_get_clusters_nocache(struct inode *, struct buffer_head *, u32, unsigned int *, struct ocfs2_extent_rec *, unsigned int *): Inode 75 has bad extent record (0, 304, 0) [ 252.663791][ T8305] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 252.671209][ T8305] (syz.3.1112,8305,1):ocfs2_get_clusters:624 ERROR: status = -30 [ 252.672556][ T8305] (syz.3.1112,8305,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -30 [ 252.673990][ T8325] tipc: Enabling of bearer rejected, already enabled [ 252.674162][ T8305] (syz.3.1112,8305,1):ocfs2_bmap:488 ERROR: get_blocks() failed, block = 32 [ 252.676657][ T8305] (syz.3.1112,8305,1):ocfs2_bmap:489 ERROR: status = -30 [ 252.678534][ T8305] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 252.679983][ T8305] JBD2: bad block at offset 32 [ 252.685694][ T8305] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 252.702179][ T8328] loop4: detected capacity change from 0 to 2048 [ 252.722515][ T4044] ocfs2: Unmounting device (7,3) on (node local) [ 252.750712][ T8328] NILFS (loop4): invalid segment: Inconsistency found [ 252.752381][ T8328] NILFS (loop4): trying rollback from an earlier position [ 252.792502][ T8328] NILFS (loop4): recovery complete [ 252.811261][ T8337] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 252.875268][ T8336] loop3: detected capacity change from 0 to 4096 [ 252.884617][ T8336] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 252.926319][ T8336] ntfs: (device loop3): parse_options(): NLS character set macgre not found. Using previous one utf8. [ 252.939041][ T8336] ntfs: (device loop3): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 252.951360][ T8336] ntfs: (device loop3): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 252.955070][ T8336] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 252.956990][ T8336] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 252.958673][ T8346] loop4: detected capacity change from 0 to 1024 [ 252.966079][ T8346] hfsplus: invalid catalog max_key_len 0 [ 252.967123][ T8343] loop0: detected capacity change from 0 to 4096 [ 252.967159][ T8346] hfsplus: failed to load catalog file [ 252.983564][ T8336] ntfs: volume version 3.1. [ 253.013284][ T8343] ntfs: (device loop0): ntfs_read_inode_mount(): Corrupt attribute list attribute. [ 253.014707][ T8343] ntfs: (device loop0): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 253.016032][ T8343] ntfs: (device loop0): ntfs_fill_super(): Failed to load essential metadata. [ 253.084381][ T8352] loop4: detected capacity change from 0 to 8192 [ 253.125860][ T8357] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 253.128163][ T8352] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 253.128732][ T8357] device syzkaller0 entered promiscuous mode [ 253.129696][ T8352] REISERFS (device loop4): using ordered data mode [ 253.153080][ T8352] reiserfs: using flush barriers [ 253.156836][ T8352] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 253.159674][ T8352] REISERFS (device loop4): checking transaction log (loop4) [ 253.174151][ T8359] loop0: detected capacity change from 0 to 1024 [ 253.214403][ T8363] loop3: detected capacity change from 0 to 512 [ 253.261953][ T8359] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 253.263683][ T8359] EXT4-fs (loop0): group descriptors corrupted! [ 253.305453][ T8363] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 253.306597][ T8363] EXT4-fs (loop3): filesystem is read-only [ 253.328108][ T8363] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 253.335219][ T8363] EXT4-fs (loop3): filesystem is read-only [ 253.336261][ T8363] EXT4-fs (loop3): orphan cleanup on readonly fs [ 253.342432][ T8365] loop0: detected capacity change from 0 to 16 [ 253.352548][ T8363] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #16: comm syz.3.1143: iget: bad i_size value: 648518346341360424 [ 253.355014][ T8363] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1143: couldn't read orphan inode 16 (err -117) [ 253.357289][ T8363] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,auto_da_alloc=0x0000000000000000,inode_readahead_blks=0x0000000004000000,user_xattr,noblock_validity,nomblk_io_submit,nolazytime,grpid,noauto_da_alloc,,errors=continue. Quota mode: none. [ 253.460778][ T8374] loop3: detected capacity change from 0 to 760 [ 253.574278][ T8377] loop3: detected capacity change from 0 to 1024 [ 253.641717][ T4516] hfsplus: b-tree write err: -5, ino 4 [ 253.643197][ T8378] loop0: detected capacity change from 0 to 4096 [ 253.650378][ T8378] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 253.661416][ T8378] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 253.662802][ T8378] ntfs3: loop0: Failed to load $MFT. [ 253.811532][ T8368] loop4: detected capacity change from 0 to 32768 [ 254.070106][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.071264][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.394148][ T8368] XFS (loop4): Mounting V5 Filesystem [ 254.408318][ T8387] loop0: detected capacity change from 0 to 32768 [ 254.435054][ T8406] tipc: Enabling of bearer rejected, already enabled [ 254.435809][ T8368] XFS (loop4): Ending clean mount [ 254.447164][ T8368] XFS (loop4): Quotacheck needed: Please wait. [ 254.482728][ T8368] XFS (loop4): Quotacheck: Done. [ 254.508736][ T4042] XFS (loop4): Unmounting Filesystem [ 254.611133][ T8387] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 254.660865][ T8415] loop3: detected capacity change from 0 to 1024 [ 254.694307][ T4043] (syz-executor,4043,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 254.696270][ T4043] ocfs2: Unmounting device (7,0) on (node local) [ 254.753292][ T8415] EXT4-fs (loop3): bad geometry: block count 216172782113784320 exceeds size of device (512 blocks) [ 254.918788][ T8420] loop0: detected capacity change from 0 to 4096 [ 254.959126][ T8420] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 254.969027][ T8420] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 254.970463][ T8420] ntfs3: loop0: Failed to load $MFT. [ 255.015551][ T8424] loop4: detected capacity change from 0 to 1764 [ 255.112801][ T8426] loop3: detected capacity change from 0 to 2048 [ 255.122446][ T8428] loop0: detected capacity change from 0 to 2048 [ 255.509091][ T8428] NILFS (loop0): invalid segment: Inconsistency found [ 255.510308][ T8428] NILFS (loop0): trying rollback from an earlier position [ 255.523693][ T8428] NILFS (loop0): recovery complete [ 255.587651][ T8434] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 255.760744][ T8438] loop3: detected capacity change from 0 to 512 [ 256.167756][ T8438] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 256.190024][ T8438] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 256.192052][ T8438] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1170: Invalid inode table block 1 in block_group 0 [ 256.194457][ T8438] EXT4-fs (loop3): get root inode failed [ 256.195441][ T8438] EXT4-fs (loop3): mount failed [ 256.224181][ T8451] tipc: Enabling of bearer rejected, already enabled [ 256.243760][ T8454] loop0: detected capacity change from 0 to 512 [ 256.263537][ T8454] EXT4-fs (loop0): orphan cleanup on readonly fs [ 256.265481][ T8454] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 256.275201][ T8454] EXT4-fs (loop0): 1 truncate cleaned up [ 256.276598][ T8454] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback. [ 256.425499][ T8463] loop4: detected capacity change from 0 to 256 [ 256.505771][ T8468] netlink: 'syz.3.1183': attribute type 10 has an invalid length. [ 257.799807][ T8463] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 257.801558][ T8463] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 257.833908][ T8468] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 257.840162][ T8463] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 257.860486][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 257.879250][ T8481] loop3: detected capacity change from 0 to 512 [ 257.933232][ T8485] tipc: Enabling of bearer rejected, failed to enable media [ 258.501751][ T8487] loop0: detected capacity change from 0 to 32768 [ 258.930462][ T8481] EXT4-fs warning (device loop3): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 258.938610][ T8481] EXT4-fs (loop3): mount failed [ 258.958896][ T8487] JBD2: Ignoring recovery information on journal [ 258.991660][ T8487] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 259.391187][ T4043] ocfs2: Unmounting device (7,0) on (node local) [ 260.723613][ T8540] tipc: Enabled bearer , priority 0 [ 260.725176][ T8540] device syzkaller0 entered promiscuous mode [ 260.733096][ T8536] tipc: Resetting bearer [ 260.740537][ T8536] tipc: Disabling bearer [ 262.200953][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1210'. [ 262.223525][ T8557] loop3: detected capacity change from 0 to 512 [ 262.236131][ T8560] loop0: detected capacity change from 0 to 2048 [ 262.270860][ T8557] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 262.272464][ T8557] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 262.277554][ T8560] loop0: [ICS] [ 262.291381][ T8557] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1211: Invalid inode table block 1 in block_group 0 [ 262.308248][ T8557] EXT4-fs (loop3): get root inode failed [ 262.309431][ T8557] EXT4-fs (loop3): mount failed [ 262.473643][ T8583] tipc: Enabling of bearer rejected, failed to enable media [ 262.501778][ T8586] loop0: detected capacity change from 0 to 65 [ 262.561681][ T8586] BFS-fs: bfs_fill_super(): Impossible last inode number 4088 > 513 on loop0 [ 263.674062][ T8624] loop4: detected capacity change from 0 to 512 [ 263.679634][ T8622] loop3: detected capacity change from 0 to 512 [ 263.690243][ T8625] tipc: Enabling of bearer rejected, already enabled [ 263.691817][ T8624] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 263.693228][ T8624] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 263.703691][ T8624] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.1238: Invalid inode table block 1 in block_group 0 [ 263.708773][ T8624] EXT4-fs (loop4): get root inode failed [ 263.709665][ T8624] EXT4-fs (loop4): mount failed [ 263.774675][ T8622] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 263.800195][ T8622] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 263.801712][ T8622] System zones: 0-2, 18-18, 34-34 [ 263.812131][ T8622] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.1239: iget: bad i_size value: 360287970189639680 [ 263.844131][ T8632] loop0: detected capacity change from 0 to 32768 [ 263.845396][ T8622] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1239: couldn't read orphan inode 15 (err -117) [ 263.905357][ T8622] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 264.004477][ T8632] XFS (loop0): sunit and swidth must be specified together [ 264.075461][ T8648] loop3: detected capacity change from 0 to 4096 [ 264.145478][ T8660] tipc: Enabling of bearer rejected, failed to enable media [ 264.196892][ T8657] loop4: detected capacity change from 0 to 512 [ 264.220984][ T8648] ntfs3: loop3: ino=3, Correct links count -> 2. [ 264.514568][ T8648] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 264.533261][ T8657] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001) [ 264.572585][ T8670] loop0: detected capacity change from 0 to 128 [ 264.593048][ T8670] gfs2: gfs2 mount does not exist [ 264.612074][ T8676] loop4: detected capacity change from 0 to 512 [ 264.615748][ T8678] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 264.654689][ T8676] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 264.667734][ T8676] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 3)! [ 264.669366][ T8676] EXT4-fs (loop4): group descriptors corrupted! [ 264.693283][ T8682] loop0: detected capacity change from 0 to 64 [ 264.697090][ T8685] loop4: detected capacity change from 0 to 512 [ 264.700607][ T8686] loop3: detected capacity change from 0 to 512 [ 264.709505][ T8685] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 264.711163][ T8685] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 264.713119][ T8685] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.1261: Invalid inode table block 1 in block_group 0 [ 264.715519][ T8685] EXT4-fs (loop4): get root inode failed [ 264.716361][ T8685] EXT4-fs (loop4): mount failed [ 264.735242][ T8686] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 264.749552][ T8686] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,noquota,nombcache,,errors=continue. Quota mode: writeback. [ 264.771178][ T8682] hfs: get root inode failed [ 264.961138][ T8694] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1264'. [ 264.970225][ T8691] loop3: detected capacity change from 0 to 512 [ 264.971491][ T8694] loop0: detected capacity change from 0 to 1024 [ 264.990696][ T8694] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 265.004171][ T8694] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.1264: bg 0: block 260: invalid block bitmap [ 265.011241][ T8694] smc: net device bond0 applied user defined pnetid SYZ0 [ 265.012911][ T8694] smc: net device bond0 erased user defined pnetid SYZ0 [ 265.042045][ T8691] EXT4-fs (loop3): Ignoring removed orlov option [ 265.075418][ T8704] tipc: Enabling of bearer rejected, already enabled [ 265.080117][ T8704] sch_tbf: burst 127 is lower than device syzkaller0 mtu (313) ! [ 265.097291][ T8691] EXT4-fs (loop3): mounted filesystem without journal. Opts: acl,nolazytime,orlov,i_version,lazytime,nodiscard,grpjquota=,block_validity,errors=remount-ro,. Quota mode: writeback. [ 265.890481][ T8722] sctp: [Deprecated]: syz.1.1270 (pid 8722) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.890481][ T8722] Use struct sctp_sack_info instead [ 266.019912][ T8691] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.1262: corrupted inode contents [ 266.022687][ T8691] EXT4-fs (loop3): Remounting filesystem read-only [ 266.023874][ T8691] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #2: comm syz.3.1262: mark_inode_dirty error [ 266.025802][ T8691] EXT4-fs (loop3): Remounting filesystem read-only [ 266.027044][ T8691] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #2: comm syz.3.1262: corrupted inode contents [ 266.033587][ T8691] EXT4-fs (loop3): Remounting filesystem read-only [ 266.438043][ T4091] Bluetooth: hci4: command 0x0406 tx timeout [ 266.445855][ T4136] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 266.448624][ T4136] EXT4-fs (loop3): Remounting filesystem read-only [ 266.451237][ T4044] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 266.453545][ T4044] EXT4-fs (loop3): Remounting filesystem read-only [ 266.454684][ T4044] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 266.456407][ T4044] EXT4-fs (loop3): Remounting filesystem read-only [ 266.461152][ T4044] EXT4-fs error (device loop3): ext4_quota_off:6513: inode #3: comm syz-executor: mark_inode_dirty error [ 266.463150][ T4044] EXT4-fs (loop3): Remounting filesystem read-only [ 266.732021][ T8743] overlayfs: failed to clone lowerpath [ 267.844810][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'. [ 267.847215][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'. [ 267.848911][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'. [ 267.850492][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'. [ 267.851937][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'. [ 269.463057][ T8789] tipc: Enabling of bearer rejected, already enabled [ 269.507769][ T8786] tipc: Enabled bearer , priority 0 [ 269.509555][ T8786] device syzkaller0 entered promiscuous mode [ 269.513745][ T8786] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 269.520157][ T8786] tipc: Resetting bearer [ 269.531970][ T8784] tipc: Resetting bearer [ 269.535430][ T8784] tipc: Disabling bearer [ 270.537256][ T8804] loop3: detected capacity change from 0 to 32768 [ 271.494538][ T8804] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1292 (8804) [ 271.503017][ T8804] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 271.504698][ T8804] BTRFS info (device loop3): setting nodatacow, compression disabled [ 271.507170][ T8804] BTRFS info (device loop3): max_inline at 0 [ 271.510410][ T8804] BTRFS info (device loop3): enabling disk space caching [ 271.513768][ T8804] BTRFS info (device loop3): turning off barriers [ 271.517967][ T8804] BTRFS info (device loop3): turning on flush-on-commit [ 271.521883][ T8804] BTRFS info (device loop3): doing ref verification [ 271.526472][ T8804] BTRFS info (device loop3): force clearing of disk cache [ 271.532020][ T8804] BTRFS info (device loop3): enabling ssd optimizations [ 271.535533][ T8804] BTRFS info (device loop3): max_inline at 4096 [ 271.544942][ T8804] BTRFS info (device loop3): disk space caching is enabled [ 271.550373][ T8804] BTRFS info (device loop3): has skinny extents [ 272.036974][ T8828] loop4: detected capacity change from 0 to 8192 [ 272.078421][ T8828] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 272.080049][ T8828] REISERFS (device loop4): using ordered data mode [ 272.081227][ T8828] reiserfs: using flush barriers [ 272.085152][ T8828] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 272.096836][ T8828] REISERFS (device loop4): checking transaction log (loop4) [ 272.100860][ T8828] REISERFS (device loop4): Using r5 hash to sort names [ 272.103238][ T8828] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 272.855899][ T8804] BTRFS info (device loop3): clearing free space tree [ 272.857091][ T8804] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 272.863870][ T8804] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 275.184058][ T8899] syz.4.1311 (8899): drop_caches: 2 [ 275.724125][ T8916] tipc: Enabling of bearer rejected, failed to enable media [ 278.280694][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 278.282844][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 278.284448][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 278.285894][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 278.287230][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1325'. [ 278.407388][ T8967] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709551 [ 278.490549][ T8970] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1329'. [ 278.492170][ T8970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1329'. [ 278.494208][ T8970] bridge0: port 3(team0) entered blocking state [ 278.495280][ T8970] bridge0: port 3(team0) entered forwarding state [ 278.496548][ T8970] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.497698][ T8970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.498805][ T8970] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.499974][ T8970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.502893][ T8970] device bridge0 left promiscuous mode [ 278.504277][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 278.527148][ T8971] delete_channel: no stack [ 281.080968][ T9016] tipc: Enabling of bearer rejected, failed to enable media [ 281.198154][ T9028] loop4: detected capacity change from 0 to 512 [ 281.214440][ T9028] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 281.215896][ T9028] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 281.814331][ T9041] batman_adv: batadv0: Local translation table size (136) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a [ 281.819577][ T9028] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.1344: Invalid inode table block 1 in block_group 0 [ 281.822199][ T9028] EXT4-fs (loop4): get root inode failed [ 281.823302][ T9028] EXT4-fs (loop4): mount failed [ 283.540162][ T9070] tipc: Enabling of bearer rejected, already enabled [ 285.714252][ T9090] tipc: Enabled bearer , priority 0 [ 285.716496][ T9102] batman_adv: batadv0: Adding interface: dummy0 [ 285.720053][ T9102] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.735333][ T9102] batman_adv: batadv0: Interface activated: dummy0 [ 285.737434][ T9090] device syzkaller0 entered promiscuous mode [ 285.746589][ T9090] tipc: Resetting bearer [ 285.757868][ T9088] tipc: Resetting bearer [ 285.776277][ T9088] tipc: Disabling bearer [ 285.784151][ T9095] batadv0: mtu less than device minimum [ 285.787814][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.791650][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.795612][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.799499][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.803374][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.807130][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.811022][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 285.814801][ T9095] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 286.114616][ T9116] loop3: detected capacity change from 0 to 128 [ 286.306250][ T9116] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 286.330989][ T9116] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 287.295514][ T9124] device syzkaller0 entered promiscuous mode [ 287.296699][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 289.314992][ T9153] loop3: detected capacity change from 0 to 512 [ 290.139842][ T9153] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 290.141651][ T9153] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 290.143547][ T9153] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1385: Invalid inode table block 1 in block_group 0 [ 290.146206][ T9153] EXT4-fs (loop3): get root inode failed [ 290.147229][ T9153] EXT4-fs (loop3): mount failed [ 292.204476][ T9201] siw: device registration error -23 [ 292.621764][ T9212] loop3: detected capacity change from 0 to 64 [ 295.714570][ T9258] loop3: detected capacity change from 0 to 512 [ 295.758395][ T9258] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 295.760025][ T9258] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 295.764828][ T9258] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1412: Invalid inode table block 1 in block_group 0 [ 295.773582][ T9258] EXT4-fs (loop3): get root inode failed [ 296.118044][ T9258] EXT4-fs (loop3): mount failed [ 299.371266][ T9340] loop4: detected capacity change from 0 to 2048 [ 299.434589][ T9340] UDF-fs: bad mount option "iocarset=maccysillic" or missing value [ 299.944901][ T9350] loop3: detected capacity change from 0 to 512 [ 300.323962][ T9350] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 300.332124][ T9350] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 300.340745][ T9353] loop4: detected capacity change from 0 to 1024 [ 300.376890][ T9350] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.1442: Invalid inode table block 1 in block_group 0 [ 300.382978][ T9350] EXT4-fs (loop3): get root inode failed [ 300.385648][ T9350] EXT4-fs (loop3): mount failed [ 302.357777][ T9410] loop3: detected capacity change from 0 to 512 [ 302.431061][ T9413] xt_nat: multiple ranges no longer supported [ 302.733578][ T9418] loop4: detected capacity change from 0 to 512 [ 302.746233][ T9410] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 302.755429][ T9410] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #4: comm syz.3.1461: corrupted inode contents [ 302.761647][ T9410] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #4: comm syz.3.1461: mark_inode_dirty error [ 302.763982][ T9410] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #4: comm syz.3.1461: corrupted inode contents [ 302.767082][ T9410] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #4: comm syz.3.1461: mark_inode_dirty error [ 302.779119][ T9410] Quota error (device loop3): write_blk: dquota write failed [ 302.780330][ T9410] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 302.781786][ T9410] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 302.783364][ T9410] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.1461: Failed to acquire dquot type 1 [ 302.791196][ T9418] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 302.807332][ T9418] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 302.841900][ T9418] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.1463: Invalid inode table block 1 in block_group 0 [ 302.849590][ T9418] EXT4-fs (loop4): get root inode failed [ 302.850713][ T9418] EXT4-fs (loop4): mount failed [ 303.559590][ T9430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1466'. [ 303.666169][ T9455] netlink: 'syz.1.1476': attribute type 10 has an invalid length. [ 305.817846][ T9496] binder: 9493:9496 tried to acquire reference to desc 0, got 1 instead [ 305.820595][ T9496] binder: 9493:9496 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30) [ 305.822616][ T9496] binder: 9496 RLIMIT_NICE not set [ 305.908833][ T9496] binder: 9496 RLIMIT_NICE not set [ 305.929117][ T4495] binder: release 9493:9502 transaction 37 out, still active [ 305.931418][ T4495] binder: undelivered TRANSACTION_COMPLETE [ 305.932277][ T4495] binder: release 9493:9496 transaction 37 in, still active [ 305.967598][ T4495] binder: send failed reply for transaction 37, target dead [ 308.246352][ T9534] loop4: detected capacity change from 0 to 512 [ 308.257717][ T9534] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 308.259226][ T9534] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349) [ 308.266167][ T9534] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.1498: Invalid inode table block 1 in block_group 0 [ 308.268730][ T9534] EXT4-fs (loop4): get root inode failed [ 308.269632][ T9534] EXT4-fs (loop4): mount failed [ 308.735911][ T9543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1503'. [ 309.741399][ T9569] tipc: Enabling of bearer rejected, already enabled [ 310.215571][ T9583] tipc: Enabling of bearer rejected, already enabled [ 310.247967][ C1] ================================================================== [ 310.249605][ C1] BUG: KASAN: use-after-free in rose_timer_expiry+0x40c/0x470 [ 310.250752][ C1] Read of size 2 at addr ffff0000e882a82a by task syz.4.1512/9582 [ 310.251834][ C1] [ 310.252150][ C1] CPU: 1 PID: 9582 Comm: syz.4.1512 Not tainted 5.15.189-syzkaller #0 [ 310.253400][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 310.254821][ C1] Call trace: [ 310.255262][ C1] dump_backtrace+0x0/0x43c [ 310.256001][ C1] show_stack+0x2c/0x3c [ 310.256713][ C1] __dump_stack+0x30/0x40 [ 310.257394][ C1] dump_stack_lvl+0xf8/0x160 [ 310.258164][ C1] print_address_description+0x78/0x30c [ 310.259080][ C1] kasan_report+0xec/0x15c [ 310.259754][ C1] __asan_report_load2_noabort+0x44/0x50 [ 310.260626][ C1] rose_timer_expiry+0x40c/0x470 [ 310.261490][ C1] call_timer_fn+0x19c/0x858 [ 310.262274][ C1] __run_timers+0x46c/0x6c4 [ 310.263037][ C1] run_timer_softirq+0x7c/0x114 [ 310.263880][ C1] handle_softirqs+0x344/0xbf0 [ 310.264684][ C1] __irq_exit_rcu+0x240/0x440 [ 310.265395][ C1] irq_exit+0x14/0x88 [ 310.266041][ C1] handle_domain_irq+0x14c/0x1fc [ 310.266841][ C1] gic_handle_irq+0x78/0x1c8 [ 310.267626][ C1] call_on_irq_stack+0x24/0x30 [ 310.268405][ C1] do_interrupt_handler+0x6c/0x88 [ 310.269185][ C1] el1_interrupt+0x30/0x58 [ 310.269861][ C1] el1h_64_irq_handler+0x18/0x24 [ 310.270669][ C1] el1h_64_irq+0x78/0x7c [ 310.271356][ C1] seqcount_lockdep_reader_access+0x15c/0x230 [ 310.272268][ C1] bad_range+0xa0/0x2a0 [ 310.272898][ C1] get_page_from_freelist+0x2954/0x2aa8 [ 310.273696][ C1] __alloc_pages+0x1a0/0x470 [ 310.274350][ C1] alloc_pages_vma+0x284/0x7a8 [ 310.275080][ C1] shmem_alloc_and_acct_page+0x38c/0xac4 [ 310.275960][ C1] shmem_getpage_gfp+0x1028/0x1ef0 [ 310.276797][ C1] shmem_fault+0x170/0x430 [ 310.277541][ C1] __do_fault+0x120/0x5d0 [ 310.278267][ C1] handle_mm_fault+0x1b4c/0x2950 [ 310.279072][ C1] __get_user_pages+0x3f4/0x9a4 [ 310.279857][ C1] populate_vma_page_range+0x1f4/0x284 [ 310.280734][ C1] __mm_populate+0x238/0x36c [ 310.281487][ C1] vm_mmap_pgoff+0x1cc/0x284 [ 310.282174][ C1] ksys_mmap_pgoff+0x11c/0x620 [ 310.282903][ C1] __arm64_sys_mmap+0xf8/0x110 [ 310.283626][ C1] invoke_syscall+0x98/0x2b8 [ 310.284343][ C1] el0_svc_common+0x138/0x258 [ 310.285109][ C1] do_el0_svc+0x58/0x14c [ 310.285762][ C1] el0_svc+0x78/0x1e0 [ 310.286403][ C1] el0t_64_sync_handler+0xcc/0xe4 [ 310.287182][ C1] el0t_64_sync+0x1a0/0x1a4 [ 310.287885][ C1] [ 310.288255][ C1] Allocated by task 9530: [ 310.288974][ C1] __kasan_kmalloc+0xb0/0xf0 [ 310.289710][ C1] __kmalloc_node_track_caller+0x234/0x3bc [ 310.290682][ C1] kmalloc_reserve+0xe4/0x26c [ 310.291443][ C1] __alloc_skb+0x23c/0x67c [ 310.292193][ C1] __netdev_alloc_skb+0xb4/0x3b8 [ 310.292988][ C1] __ieee80211_beacon_get+0x934/0x19dc [ 310.293856][ C1] ieee80211_beacon_get_tim+0x5c/0x790 [ 310.294709][ C1] mac80211_hwsim_beacon_tx+0x10c/0x7ac [ 310.295613][ C1] __iterate_interfaces+0x204/0x484 [ 310.296399][ C1] ieee80211_iterate_active_interfaces_atomic+0xd4/0x180 [ 310.297474][ C1] mac80211_hwsim_beacon+0x90/0x174 [ 310.298354][ C1] __hrtimer_run_queues+0x428/0xb6c [ 310.299208][ C1] hrtimer_run_softirq+0x160/0x400 [ 310.300035][ C1] handle_softirqs+0x344/0xbf0 [ 310.300844][ C1] __irq_exit_rcu+0x240/0x440 [ 310.301570][ C1] irq_exit+0x14/0x88 [ 310.302211][ C1] handle_domain_irq+0x14c/0x1fc [ 310.303039][ C1] gic_handle_irq+0x78/0x1c8 [ 310.303800][ C1] [ 310.304162][ C1] Freed by task 9530: [ 310.304814][ C1] kasan_set_track+0x4c/0x84 [ 310.305517][ C1] kasan_set_free_info+0x28/0x4c [ 310.306338][ C1] ____kasan_slab_free+0x118/0x164 [ 310.307162][ C1] __kasan_slab_free+0x18/0x28 [ 310.307943][ C1] slab_free_freelist_hook+0x128/0x1e8 [ 310.308803][ C1] kfree+0x170/0x40c [ 310.309425][ C1] skb_release_data+0x3c0/0x5ac [ 310.310239][ C1] consume_skb+0x138/0x33c [ 310.310920][ C1] mac80211_hwsim_tx_frame+0x1c8/0x1f4 [ 310.311881][ C1] mac80211_hwsim_beacon_tx+0x3e8/0x7ac [ 310.312787][ C1] __iterate_interfaces+0x204/0x484 [ 310.313661][ C1] ieee80211_iterate_active_interfaces_atomic+0xd4/0x180 [ 310.314817][ C1] mac80211_hwsim_beacon+0x90/0x174 [ 310.315656][ C1] __hrtimer_run_queues+0x428/0xb6c [ 310.316493][ C1] hrtimer_run_softirq+0x160/0x400 [ 310.317278][ C1] handle_softirqs+0x344/0xbf0 [ 310.318009][ C1] __irq_exit_rcu+0x240/0x440 [ 310.318778][ C1] irq_exit+0x14/0x88 [ 310.319424][ C1] handle_domain_irq+0x14c/0x1fc [ 310.320235][ C1] gic_handle_irq+0x78/0x1c8 [ 310.320949][ C1] [ 310.321317][ C1] Last potentially related work creation: [ 310.322214][ C1] kasan_save_stack+0x38/0x68 [ 310.322970][ C1] kasan_record_aux_stack+0xcc/0x114 [ 310.323840][ C1] insert_work+0x64/0x388 [ 310.324540][ C1] __queue_work+0xb30/0x1054 [ 310.325250][ C1] delayed_work_timer_fn+0x74/0x90 [ 310.326033][ C1] call_timer_fn+0x19c/0x858 [ 310.326783][ C1] __run_timers+0x49c/0x6c4 [ 310.327452][ C1] run_timer_softirq+0x7c/0x114 [ 310.328231][ C1] handle_softirqs+0x344/0xbf0 [ 310.328968][ C1] __irq_exit_rcu+0x240/0x440 [ 310.329650][ C1] irq_exit+0x14/0x88 [ 310.330270][ C1] handle_domain_irq+0x14c/0x1fc [ 310.330979][ C1] gic_handle_irq+0x78/0x1c8 [ 310.331639][ C1] [ 310.331989][ C1] The buggy address belongs to the object at ffff0000e882a800 [ 310.331989][ C1] which belongs to the cache kmalloc-512 of size 512 [ 310.334314][ C1] The buggy address is located 42 bytes inside of [ 310.334314][ C1] 512-byte region [ffff0000e882a800, ffff0000e882aa00) [ 310.336328][ C1] The buggy address belongs to the page: [ 310.337189][ C1] page:00000000a4928c1b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x128828 [ 310.338777][ C1] head:00000000a4928c1b order:2 compound_mapcount:0 compound_pincount:0 [ 310.340094][ C1] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 310.341346][ C1] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002600 [ 310.342670][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 310.344023][ C1] page dumped because: kasan: bad access detected [ 310.345083][ C1] [ 310.345484][ C1] Memory state around the buggy address: [ 310.346464][ C1] ffff0000e882a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 310.347817][ C1] ffff0000e882a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 310.349221][ C1] >ffff0000e882a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 310.350615][ C1] ^ [ 310.351435][ C1] ffff0000e882a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 310.352675][ C1] ffff0000e882a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 310.353956][ C1] ================================================================== [ 310.355229][ C1] Disabling lock debugging due to kernel taint [ 315.368143][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 315.369327][ T2063] ieee802154 phy1 wpan1: encryption failed: -22