last executing test programs: 1m6.441682134s ago: executing program 3 (id=2218): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2d, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f0000000180)) 1m6.25187385s ago: executing program 3 (id=2221): bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m6.25148566s ago: executing program 3 (id=2222): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0) 1m5.499937512s ago: executing program 3 (id=2228): r0 = socket$kcm(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a776"], &(0x7f0000000340)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0x20, 0x0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82de0ffff200000000002000aac14140ce02f", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000000), 0x4) recvmsg(r0, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 1m5.302372538s ago: executing program 3 (id=2232): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(r2, 0x0, 0x20a) 1m4.939906398s ago: executing program 3 (id=2238): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x30) 48.621556883s ago: executing program 32 (id=2238): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x30) 13.596064238s ago: executing program 4 (id=2498): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00') r1 = socket$kcm(0x29, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={0xffffffffffffffff, r2}) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/68, 0x44}, {&(0x7f0000000280)=""/103, 0x67}], 0x2, 0x0, 0xf29) 13.595910768s ago: executing program 1 (id=2499): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') r3 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x1a, 0x0) 13.548951022s ago: executing program 4 (id=2500): ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000005080)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x12}, @l2cap_cid_signaling={{0xe}, [@l2cap_conf_req={{0x4, 0x7, 0x4}, {0x0, 0x1}}, @l2cap_move_chan_cfm_rsp={{0x11, 0xa, 0x2}, {0x800}}]}}, 0x17) 13.488816817s ago: executing program 2 (id=2501): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[], 0xc) 13.364890397s ago: executing program 2 (id=2503): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x2) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xe) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7) 13.345062889s ago: executing program 1 (id=2504): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafbe863cac50580cd8b", 0x17}, {&(0x7f0000000440)="9c74dfbf77572856c809ff86bb648d", 0xf}], 0x2) 12.585321221s ago: executing program 4 (id=2506): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xa0}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 11.919955735s ago: executing program 5 (id=2510): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00') r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r2}) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/68, 0x44}, {&(0x7f0000000280)=""/103, 0x67}], 0x2, 0x0, 0xf29) 11.871992619s ago: executing program 5 (id=2511): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='\b\x00\x00\r'], 0xfdef) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 11.012049169s ago: executing program 2 (id=2512): sched_rr_get_interval(0x0, 0x0) mount$afs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000200)={[{@dyn}]}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[]) socket$nl_generic(0x10, 0x3, 0x10) 11.00033088s ago: executing program 2 (id=2513): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[], 0xc) 10.895229879s ago: executing program 2 (id=2514): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xf}, {0xd, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x8, 0x4, 0x0, 0x7}, 0xf0, 0x1, 0x31a, 0x3, 0x88a, 0xd, 0x8e, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) sendmmsg$inet(r0, 0x0, 0x0, 0x0) 1.197634872s ago: executing program 1 (id=2516): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) 1.162101955s ago: executing program 4 (id=2517): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x480000, @dev={0xfe, 0x80, '\x00', 0x37}}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="200000000000000029000053560000000100000000000000040103000000000014"], 0x38}, 0x40) 1.135130627s ago: executing program 5 (id=2518): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x679, @dev={0xfe, 0x80, '\x00', 0x7}, 0x2}, 0x1c) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x4e22, @private=0xe000e000}, 0x10, 0x0}, 0x8000) 1.084040091s ago: executing program 2 (id=2519): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = userfaultfd(0x80001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0}, 0x94) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x28, 0x13, 0xbaa23f3d13f2d1f5, 0x3, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_TXQLEN={0x8, 0xd, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 1.083877001s ago: executing program 0 (id=2520): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x0, {}, 0xfe}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) 1.072762462s ago: executing program 4 (id=2521): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00') r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r2}) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/68, 0x44}, {&(0x7f0000000280)=""/103, 0x67}], 0x2, 0x0, 0xf29) 973.70781ms ago: executing program 5 (id=2522): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') r3 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x1a, 0x0) 951.910132ms ago: executing program 0 (id=2523): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) close_range(r0, 0xffffffffffffffff, 0x0) 950.852272ms ago: executing program 4 (id=2524): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[], 0xc) 747.977809ms ago: executing program 0 (id=2525): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0xa26b1a4fb20b8820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 683.272034ms ago: executing program 5 (id=2526): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e24, 0x3000001, @mcast2, 0x9}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 608.761531ms ago: executing program 5 (id=2527): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_emit_ethernet(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000000c0)='./bus\x00') syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000440)={0x3, &(0x7f00000003c0)=[{0x8d, 0x7, 0x0, 0x2}, {0x8, 0x4f, 0x6, 0x9}, {0x1, 0xc2, 0x8, 0x120f}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000040)={0x38, 0x0, 0x200, 0x2, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x45}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f3}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}]}, 0x38}}, 0x45) request_key(&(0x7f0000000180)='user\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000280)='\xa9\x1c)\x00', 0xfffffffffffffffd) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) 568.367314ms ago: executing program 0 (id=2528): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x7, 0x2}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 487.11021ms ago: executing program 1 (id=2529): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='\b\x00\x00\r'], 0xfdef) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 341.691772ms ago: executing program 0 (id=2530): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x2c, r0, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_IDX={0x5}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x0) 254.071799ms ago: executing program 0 (id=2531): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2b82) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000800)={r2, 0x800, {0x2a00, 0x80010000, 0x0, 0x40, 0x100000001, 0x0, 0x0, 0x1f, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c55120000000000000000000000000000000000000000000000000800", [0x4, 0x40000000000000]}}) ioprio_set$pid(0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x7, 0x6, 0x0, 0x1, 0xe, 0x5, "d7472144ecc8c6950a91c1fb3924bc7f053db86b3c99dbf2516fad22dc027ba9cf62f516f0fbb9e2c2042757f2b1bf36e97f0f717ebabff89e48afe21de62d8b", "b567cb1805ece9861f225d91928b1d4949ace4d10d44903945f0ad009bac29d1590bef87d5019bcbb927f7156bcf066a958355ac80e89067bb74293bbd9c8701", "b819e584e23dbe14062fd5f17e4861ae301dd99277cd06b51a8cd6cb4b2e04fc", [0x7f, 0x1]}) setsockopt$packet_int(r2, 0x107, 0x9, 0x0, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xe7b, 0x0, 0x41) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') dup(0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20020009, 0x0, 0x0, 0x0, 0x7, 0x60000000, 0x0, 0x1, 0x101, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x94173000) close_range(r0, 0xffffffffffffffff, 0x0) 143.345768ms ago: executing program 1 (id=2532): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x22803, 0x0) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000280)) 0s ago: executing program 1 (id=2533): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x11, r2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): 10] Bluetooth: hci3: command 0x0406 tx timeout [ 158.730245][ T4310] Bluetooth: hci4: command 0x0406 tx timeout [ 159.534214][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 159.654661][ T7415] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1071'. [ 159.858680][ T7426] binder: 7425:7426 tried to acquire reference to desc 0, got 1 instead [ 159.975688][ T7428] binder: 7425:7428 got transaction with invalid data ptr [ 159.977861][ T7428] binder: 7425:7428 transaction call to 7425:0 failed 131/29201/-14, size 0-24 line 3342 [ 160.035843][ T7431] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1078'. [ 160.561575][ T7433] binder: 7425:7433 got transaction to invalid handle, 3 [ 160.783674][ T27] kauditd_printk_skb: 58 callbacks suppressed [ 160.783685][ T27] audit: type=1326 audit(160.770:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.803442][ T27] audit: type=1326 audit(160.770:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.809385][ T27] audit: type=1326 audit(160.770:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.833406][ T7433] binder: 7433:7425 cannot find target node [ 160.835037][ T7433] binder: 7425:7433 transaction call to 0:0 failed 132/29201/-22, size 0-0 line 3054 [ 160.845674][ T27] audit: type=1326 audit(160.770:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.851918][ T27] audit: type=1326 audit(160.770:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.858280][ T27] audit: type=1326 audit(160.770:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.865509][ T27] audit: type=1326 audit(160.770:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.876379][ T27] audit: type=1326 audit(160.770:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.898150][ T27] audit: type=1326 audit(160.770:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.909129][ T27] audit: type=1326 audit(160.770:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7425 comm="syz.1.1077" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 160.956764][ T1514] binder: undelivered TRANSACTION_ERROR: 29201 [ 160.983981][ T1514] binder: undelivered TRANSACTION_ERROR: 29201 [ 161.085055][ T7444] loop4: detected capacity change from 0 to 512 [ 161.131650][ T7444] EXT4-fs (loop4): Test dummy encryption mode enabled [ 161.133566][ T7444] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 161.158903][ T7444] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.1083: bad orphan inode 131083 [ 161.169565][ T7444] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 161.174704][ T7448] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1085'. [ 161.195703][ T7418] loop0: detected capacity change from 0 to 40427 [ 161.211790][ T7418] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 161.228112][ T7418] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 161.243435][ T7418] F2FS-fs (loop0): invalid crc value [ 161.355043][ T7418] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 161.445151][ T7418] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 161.449431][ T7418] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 161.812491][ T7467] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1090'. [ 162.160221][ T7476] binder: 7471:7476 tried to acquire reference to desc 0, got 1 instead [ 162.267597][ T7479] binder: 7471:7479 got transaction with invalid data ptr [ 162.269609][ T7479] binder: 7471:7479 transaction call to 7471:0 failed 137/29201/-14, size 0-24 line 3342 [ 162.311709][ T4307] syz-executor: attempt to access beyond end of device [ 162.311709][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 162.339776][ T7482] binder: 7471:7482 got transaction to invalid handle, 3 [ 162.353126][ T7482] binder: 7482:7471 cannot find target node [ 162.357585][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 162.649331][ T7496] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1101'. [ 163.011120][ T7506] loop4: detected capacity change from 0 to 512 [ 163.033807][ T4953] binder_debug: 1 callbacks suppressed [ 163.033821][ T4953] binder: undelivered TRANSACTION_ERROR: 29201 [ 163.037141][ T4953] binder: undelivered TRANSACTION_ERROR: 29201 [ 163.061518][ T7506] EXT4-fs (loop4): Test dummy encryption mode enabled [ 163.071526][ T7506] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 163.168678][ T7506] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.1106: bad orphan inode 131083 [ 163.173884][ T7506] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 163.316634][ T7502] loop0: detected capacity change from 0 to 40427 [ 163.367208][ T7502] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 163.368961][ T7502] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 163.387988][ T7502] F2FS-fs (loop0): invalid crc value [ 163.412883][ T7502] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 163.531611][ T7502] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 163.544122][ T7502] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 163.770470][ T7533] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1113'. [ 164.438760][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 164.464154][ T4307] syz-executor: attempt to access beyond end of device [ 164.464154][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 164.531404][ T7545] binder: 7541:7545 tried to acquire reference to desc 0, got 1 instead [ 164.648651][ T7547] binder: 7541:7547 got transaction with invalid data ptr [ 164.650677][ T7547] binder: 7541:7547 transaction call to 7541:0 failed 143/29201/-14, size 0-24 line 3342 [ 164.716639][ T7550] binder: 7541:7550 got transaction to invalid handle, 3 [ 164.718742][ T7550] binder: 7550:7541 cannot find target node [ 164.720297][ T7550] binder: 7541:7550 transaction call to 0:0 failed 144/29201/-22, size 0-0 line 3054 [ 164.944039][ T7559] device lo entered promiscuous mode [ 164.970242][ T7559] device tunl0 entered promiscuous mode [ 165.152753][ T7559] device gretap0 entered promiscuous mode [ 165.202537][ T7559] device erspan0 entered promiscuous mode [ 165.223200][ T7559] device ip_vti0 entered promiscuous mode [ 165.261076][ T7559] device ip6_vti0 entered promiscuous mode [ 165.309566][ T7559] device sit0 entered promiscuous mode [ 165.383593][ T7559] device ip6tnl0 entered promiscuous mode [ 165.405360][ T7559] device ip6gre0 entered promiscuous mode [ 165.427678][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.430808][ T7559] device ip6gretap0 entered promiscuous mode [ 165.463762][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.481181][ T7559] device vcan0 entered promiscuous mode [ 165.491200][ T7576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1124'. [ 165.495626][ T7559] device team0 entered promiscuous mode [ 165.497173][ T7559] device team_slave_0 entered promiscuous mode [ 165.499014][ T7559] device team_slave_1 entered promiscuous mode [ 165.531614][ T7559] device dummy0 entered promiscuous mode [ 165.566590][ T7559] device nlmon0 entered promiscuous mode [ 165.570042][ T7559] device caif0 entered promiscuous mode [ 165.588786][ T7559] device batadv0 entered promiscuous mode [ 165.656490][ T7559] device vxcan0 entered promiscuous mode [ 165.672221][ T7559] device vxcan1 entered promiscuous mode [ 165.691919][ T7559] device veth0 entered promiscuous mode [ 165.735877][ T7585] loop2: detected capacity change from 0 to 512 [ 165.749012][ T7559] device veth1 entered promiscuous mode [ 165.761652][ T7585] EXT4-fs (loop2): Test dummy encryption mode enabled [ 165.771623][ T7585] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 165.795820][ T7585] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1128: bad orphan inode 131083 [ 165.799983][ T7585] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.913703][ T7559] device wg0 entered promiscuous mode [ 166.033619][ T7559] device wg1 entered promiscuous mode [ 166.089662][ T7583] loop3: detected capacity change from 0 to 40427 [ 166.101904][ T7583] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 166.104102][ T7583] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 166.108238][ T7583] F2FS-fs (loop3): invalid crc value [ 166.121127][ T7583] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 166.124120][ T7559] device wg2 entered promiscuous mode [ 166.130389][ T7559] device veth0_to_bridge entered promiscuous mode [ 166.138861][ T7559] device bridge_slave_0 entered promiscuous mode [ 166.171392][ T7559] device veth1_to_bridge entered promiscuous mode [ 166.205798][ T7559] device bridge_slave_1 entered promiscuous mode [ 166.210692][ T7583] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 166.212589][ T7583] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 166.229742][ T7559] device veth0_to_bond entered promiscuous mode [ 166.408004][ T7559] device veth1_to_bond entered promiscuous mode [ 166.431514][ T7559] device veth0_to_team entered promiscuous mode [ 166.768638][ T7559] device veth1_to_team entered promiscuous mode [ 166.797979][ T7559] device veth0_to_batadv entered promiscuous mode [ 166.802137][ T7559] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.819251][ T7559] device batadv_slave_0 entered promiscuous mode [ 166.855897][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 166.875106][ T7559] device veth1_to_batadv entered promiscuous mode [ 166.879049][ T7559] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.912266][ T7559] device batadv_slave_1 entered promiscuous mode [ 166.940367][ T7559] device xfrm0 entered promiscuous mode [ 166.966218][ T7559] device veth0_to_hsr entered promiscuous mode [ 167.009556][ T7559] device veth1_to_hsr entered promiscuous mode [ 167.068299][ T7559] device hsr0 entered promiscuous mode [ 167.072560][ T4315] syz-executor: attempt to access beyond end of device [ 167.072560][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 167.092712][ T7559] device veth1_virt_wifi entered promiscuous mode [ 167.110421][ T7559] device veth0_virt_wifi entered promiscuous mode [ 167.115007][ T7559] device virt_wifi0 entered promiscuous mode [ 167.178794][ T7559] device vlan0 entered promiscuous mode [ 167.180419][ T7559] device vlan1 entered promiscuous mode [ 167.257820][ T7559] device macvlan0 entered promiscuous mode [ 167.323648][ T7559] device macvlan1 entered promiscuous mode [ 167.339139][ T7559] device ipvlan0 entered promiscuous mode [ 167.341228][ T7559] device ipvlan1 entered promiscuous mode [ 167.403621][ T7559] device macvtap0 entered promiscuous mode [ 167.418992][ T7559] device macsec0 entered promiscuous mode [ 167.436957][ T7559] device geneve0 entered promiscuous mode [ 167.503567][ T7559] device geneve1 entered promiscuous mode [ 167.594407][ T7559] device wlan0 entered promiscuous mode [ 167.684208][ T7559] device wlan1 entered promiscuous mode [ 167.697260][ T7559] device bond1 entered promiscuous mode [ 167.716267][ T7559] device bridge1 entered promiscuous mode [ 167.728656][ T7559] device gre1 entered promiscuous mode [ 167.735909][ T7559] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 167.738197][ T7559] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 167.740412][ T7559] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 167.742661][ T7559] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 167.792968][ T7559] device bridge2 entered promiscuous mode [ 167.805764][ T7559] device bridge3 entered promiscuous mode [ 167.818046][ T7559] device bridge0 entered promiscuous mode [ 167.830613][ T7559] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 256 - 0 [ 167.832874][ T7559] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 256 - 0 [ 167.835201][ T7559] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 256 - 0 [ 167.837543][ T7559] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 256 - 0 [ 167.890186][ T7559] device eth0 entered promiscuous mode [ 167.896436][ T7559] device eth1 entered promiscuous mode [ 167.898064][ T7559] device eth2 entered promiscuous mode [ 167.899611][ T7559] device eth3 entered promiscuous mode [ 167.901351][ T7569] A0: renamed from bond_slave_0 [ 167.944647][ T7591] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1131'. [ 167.997504][ T7615] binder: 7614:7615 tried to acquire reference to desc 0, got 1 instead [ 168.197632][ T7624] binder: 7614:7624 got transaction to invalid handle, 3 [ 168.199876][ T7624] binder: 7624:7614 cannot find target node [ 168.201492][ T7624] binder: 7614:7624 transaction call to 0:0 failed 150/29201/-22, size 0-0 line 3054 [ 168.217754][ T7625] netlink: 'syz.2.1139': attribute type 13 has an invalid length. [ 168.219892][ T7625] netlink: 'syz.2.1139': attribute type 17 has an invalid length. [ 168.250521][ T7625] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 168.253023][ T7625] device bond0 left promiscuous mode [ 168.255919][ T7625] device bond_slave_0 left promiscuous mode [ 168.258008][ T7625] device bond_slave_1 left promiscuous mode [ 168.260649][ T7625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.303433][ T7625] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 168.507195][ T7625] netlink: 'syz.2.1139': attribute type 10 has an invalid length. [ 168.551700][ T7625] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 168.621754][ T7625] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1139'. [ 168.624715][ T7625] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 168.639763][ T7625] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 168.742669][ T7643] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1146'. [ 168.780219][ T27] kauditd_printk_skb: 170 callbacks suppressed [ 168.780231][ T27] audit: type=1326 audit(168.760:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.800124][ T27] audit: type=1326 audit(168.760:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.820568][ T27] audit: type=1326 audit(168.760:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.843769][ T27] audit: type=1326 audit(168.760:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.868160][ T27] audit: type=1326 audit(168.760:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.892756][ T27] audit: type=1326 audit(168.760:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.918930][ T27] audit: type=1326 audit(168.760:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.935478][ T27] audit: type=1326 audit(168.760:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.941200][ T27] audit: type=1326 audit(168.760:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 168.977897][ T27] audit: type=1326 audit(168.760:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.0.1135" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb0d5af28 code=0x7fc00000 [ 169.016594][ T3886] binder: release 7614:7623 transaction 149 out, still active [ 169.043693][ T3886] binder: undelivered TRANSACTION_COMPLETE [ 169.045391][ T3886] binder: undelivered TRANSACTION_ERROR: 29201 [ 169.047075][ T3886] binder: send failed reply for transaction 149, target dead [ 169.335401][ T7667] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1158'. [ 169.526538][ T7676] binder: 7675:7676 tried to acquire reference to desc 0, got 1 instead [ 169.684625][ T7684] binder: 7675:7684 got transaction to invalid handle, 3 [ 169.686623][ T7684] binder: 7684:7675 cannot find target node [ 169.688155][ T7684] binder: 7675:7684 transaction call to 0:0 failed 156/29201/-22, size 0-0 line 3054 [ 169.707252][ T7683] syzkaller1: tun_chr_ioctl cmd 1074025673 [ 169.996892][ T7697] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1171'. [ 170.392014][ T4381] binder: release 7675:7681 transaction 155 out, still active [ 170.458685][ T4381] binder: undelivered TRANSACTION_COMPLETE [ 170.464199][ T7725] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1185'. [ 170.901573][ T7749] binder: 7748:7749 tried to acquire reference to desc 0, got 1 instead [ 171.031375][ T7758] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1200'. [ 171.063706][ T7761] binder: 7748:7761 got transaction to invalid handle, 3 [ 171.118366][ T7766] netlink: 'syz.3.1202': attribute type 10 has an invalid length. [ 171.628699][ T7772] netlink: 'syz.3.1205': attribute type 10 has an invalid length. [ 171.631141][ T7772] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1205'. [ 171.644826][ T7772] batman_adv: batadv0: Adding interface: virt_wifi0 [ 171.646762][ T7772] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.654463][ T7772] batman_adv: batadv0: Interface activated: virt_wifi0 [ 171.820458][ T7777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1207'. [ 171.953161][ T7784] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1210'. [ 172.029193][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1211'. [ 172.145308][ T7795] syzkaller1: tun_chr_ioctl cmd 2147767507 [ 172.260325][ T7801] binder: 7798:7801 tried to acquire reference to desc 0, got 1 instead [ 172.286822][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1219'. [ 172.289321][ T7807] netlink: zone id is out of range [ 172.837870][ T7821] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1226'. [ 173.394005][ T7836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1232'. [ 173.405786][ T7836] netlink: zone id is out of range [ 185.557072][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1238'. [ 185.561262][ T7880] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1248'. [ 186.477201][ T7911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1260'. [ 186.850238][ T7927] netlink: 'syz.1.1268': attribute type 2 has an invalid length. [ 186.859974][ T7927] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1268'. [ 187.049772][ T7933] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1271'. [ 187.270268][ T7941] netlink: 'syz.0.1274': attribute type 29 has an invalid length. [ 187.272718][ T7941] netlink: 'syz.0.1274': attribute type 29 has an invalid length. [ 187.373895][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.376192][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.735309][ T7953] netlink: 'syz.2.1278': attribute type 16 has an invalid length. [ 187.739586][ T7953] netlink: 'syz.2.1278': attribute type 17 has an invalid length. [ 187.750121][ T7953] netlink: 'syz.2.1278': attribute type 19 has an invalid length. [ 187.761074][ T7953] netlink: 'syz.2.1278': attribute type 27 has an invalid length. [ 187.770569][ T7953] netlink: 'syz.2.1278': attribute type 28 has an invalid length. [ 187.779241][ T7953] netlink: 'syz.2.1278': attribute type 29 has an invalid length. [ 187.785726][ T7953] netlink: 3783 bytes leftover after parsing attributes in process `syz.2.1278'. [ 187.801549][ T7953] netlink: 'syz.2.1278': attribute type 16 has an invalid length. [ 187.809888][ T7953] netlink: 3783 bytes leftover after parsing attributes in process `syz.2.1278'. [ 187.823653][ T7961] netlink: 3783 bytes leftover after parsing attributes in process `syz.2.1278'. [ 187.840339][ T7964] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1284'. [ 187.994391][ T7972] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1288'. [ 188.492633][ T7993] delete_channel: no stack [ 188.912042][ T8007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.925984][ T8007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.186157][ T8018] loop4: detected capacity change from 0 to 1024 [ 189.227542][ T7882] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 190.158569][ T8028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.160971][ T8028] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.450871][ T8046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.467324][ T8046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.590949][ T8053] loop3: detected capacity change from 0 to 1024 [ 191.643119][ T8075] binder: 8074:8075 tried to acquire reference to desc 0, got 1 instead [ 191.762306][ T8085] __nla_validate_parse: 4 callbacks suppressed [ 191.762321][ T8085] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1336'. [ 191.768861][ T8085] batman_adv: batadv0: Adding interface: virt_wifi0 [ 191.773542][ T8085] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.790941][ T8085] batman_adv: batadv0: Interface activated: virt_wifi0 [ 192.317237][ T8111] loop2: detected capacity change from 0 to 512 [ 192.329644][ T8111] EXT4-fs (loop2): Test dummy encryption mode enabled [ 192.334039][ T8111] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 192.364570][ T8111] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1348: bad orphan inode 131083 [ 192.367818][ T8111] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 192.533276][ T27] kauditd_printk_skb: 125 callbacks suppressed [ 192.533290][ T27] audit: type=1326 audit(192.529:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.564589][ T27] audit: type=1326 audit(192.529:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.594112][ T7] binder_debug: 14 callbacks suppressed [ 192.594125][ T7] binder: release 8074:8084 transaction 179 out, still active [ 192.605094][ T27] audit: type=1326 audit(192.529:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.626868][ T27] audit: type=1326 audit(192.529:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.650820][ T7] binder: undelivered TRANSACTION_COMPLETE [ 192.652557][ T7] binder: send failed reply for transaction 179, target dead [ 192.668834][ T27] audit: type=1326 audit(192.529:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.685158][ T27] audit: type=1326 audit(192.529:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.695892][ T27] audit: type=1326 audit(192.529:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.701968][ T27] audit: type=1326 audit(192.529:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.739215][ T27] audit: type=1326 audit(192.529:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.770332][ T27] audit: type=1326 audit(192.529:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8074 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a75af28 code=0x7fc00000 [ 192.812336][ T8127] tmpfs: Unknown parameter 'quota' [ 192.879214][ T8112] loop3: detected capacity change from 0 to 40427 [ 192.901227][ T8112] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 192.909727][ T8112] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 192.931358][ T8112] F2FS-fs (loop3): invalid crc value [ 192.963108][ T8112] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 193.036022][ T8112] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 193.041431][ T8112] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 193.913103][ T4315] syz-executor: attempt to access beyond end of device [ 193.913103][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 194.150766][ T8154] binder: 8153:8154 tried to acquire reference to desc 0, got 1 instead [ 194.492277][ T8171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.515519][ T8171] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.569316][ T8173] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 194.571310][ T8173] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 194.584067][ T8173] vhci_hcd vhci_hcd.0: Device attached [ 194.604228][ T8174] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0 [ 194.608851][ T5336] vhci_hcd: stop threads [ 194.611072][ T5336] vhci_hcd: release socket [ 194.612445][ T5336] vhci_hcd: disconnect device [ 194.998049][ T4622] binder: release 8153:8160 transaction 190 out, still active [ 195.057109][ T4622] binder: undelivered TRANSACTION_COMPLETE [ 195.058887][ T4622] binder: send failed reply for transaction 190, target dead [ 195.602876][ T8209] binder: 8208:8209 tried to acquire reference to desc 0, got 1 instead [ 195.785656][ T8218] binder: 8217:8218 ioctl 4018620d 0 returned -22 [ 195.787929][ T8218] binder: 8217:8218 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 195.791585][ T8218] binder: 8218 RLIMIT_NICE not set [ 196.488606][ T4953] binder: release 8208:8214 transaction 201 out, still active [ 196.529313][ T4953] binder: undelivered TRANSACTION_COMPLETE [ 196.531043][ T4953] binder: send failed reply for transaction 201, target dead [ 196.565989][ T8243] binder: 8242:8243 tried to acquire reference to desc 0, got 1 instead [ 196.575656][ T8243] binder: 8242:8243 got transaction with invalid data ptr [ 196.577756][ T8243] binder: 8242:8243 transaction call to 8242:0 failed 212/29201/-14, size 80-4016 line 3342 [ 196.800748][ T8254] device bond0 entered promiscuous mode [ 196.802392][ T8254] device bond_slave_0 entered promiscuous mode [ 196.804229][ T8254] device bond_slave_1 entered promiscuous mode [ 196.832556][ T8257] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1402'. [ 197.121371][ T8266] binder: 8265:8266 tried to acquire reference to desc 0, got 1 instead [ 197.408125][ T8278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.412283][ T8278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.486663][ T8280] binder: 8279:8280 tried to acquire reference to desc 0, got 1 instead [ 197.490174][ T8280] binder_alloc: 8279: binder_alloc_buf size 8216 failed, no address space [ 197.493608][ T8280] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 197.497941][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 197.621994][ T8286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.637657][ T8286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.974423][ T27] kauditd_printk_skb: 108 callbacks suppressed [ 197.974436][ T27] audit: type=1326 audit(197.958:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 197.981975][ T27] audit: type=1326 audit(197.958:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 197.992463][ T27] audit: type=1326 audit(197.958:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 197.998658][ T27] audit: type=1326 audit(197.958:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.004696][ T27] audit: type=1326 audit(197.958:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.012773][ T27] audit: type=1326 audit(197.958:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.019136][ T27] audit: type=1326 audit(197.958:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.057754][ T27] audit: type=1326 audit(197.958:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.069172][ T27] audit: type=1326 audit(197.958:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.075210][ T27] audit: type=1326 audit(197.958:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8265 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff88b5af28 code=0x7fc00000 [ 198.099106][ T4381] binder_debug: 4 callbacks suppressed [ 198.099119][ T4381] binder: release 8265:8269 transaction 219 out, still active [ 198.107881][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 198.196937][ T4381] binder: undelivered TRANSACTION_COMPLETE [ 198.199867][ T4381] binder: send failed reply for transaction 219, target dead [ 198.301955][ T8305] loop4: detected capacity change from 0 to 1024 [ 198.324256][ T7] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 198.328161][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.345203][ T8307] loop2: detected capacity change from 0 to 512 [ 198.350019][ T7] usb 1-1: config 0 descriptor?? [ 198.369683][ T8307] EXT4-fs (loop2): Test dummy encryption mode enabled [ 198.372149][ T8307] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 198.491946][ T8307] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1424: bad orphan inode 131083 [ 198.495772][ T8307] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 200.016456][ T7] ath6kl: Unsupported hardware version: 0x0 [ 200.019677][ T7] ath6kl: Failed to init ath6kl core: -22 [ 200.090140][ T7] ath6kl_usb: probe of 1-1:0.0 failed with error -22 [ 200.228371][ T4353] usb 1-1: USB disconnect, device number 2 [ 200.243853][ T8338] binder: 8337:8338 tried to acquire reference to desc 0, got 1 instead [ 200.894195][ T8355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.907673][ T8355] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.131598][ T4622] binder: release 8337:8341 transaction 235 out, still active [ 201.250719][ T4622] binder: undelivered TRANSACTION_COMPLETE [ 201.252461][ T4622] binder: send failed reply for transaction 235, target dead [ 201.412258][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 201.472629][ T4313] Bluetooth: hci4: unexpected event 0x2f length: 1017 > 260 [ 201.604415][ T8379] loop2: detected capacity change from 0 to 128 [ 201.618762][ T8379] EXT4-fs: Ignoring removed nobh option [ 201.629126][ T8379] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 202.599727][ T8393] tmpfs: Unknown parameter 'usrquota' [ 202.615173][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 202.781507][ T8390] binder: 8387:8390 got transaction to invalid handle, 1 [ 202.783440][ T8390] binder: 8390:8387 cannot find target node [ 202.785026][ T8390] binder: 8387:8390 transaction call to 0:0 failed 244/29201/-22, size 72-24 line 3054 [ 203.042538][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 203.043938][ T8410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1458'. [ 203.170880][ T8417] loop1: detected capacity change from 0 to 128 [ 203.176634][ T8417] EXT4-fs: Ignoring removed nobh option [ 203.203391][ T8417] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 204.279010][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 204.549848][ T8442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.561754][ T8442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.834891][ T8456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1476'. [ 204.968750][ T8460] loop0: detected capacity change from 0 to 128 [ 204.971156][ T8460] EXT4-fs: Ignoring removed nobh option [ 205.045176][ T8467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 205.047572][ T8467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 205.062145][ T8460] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 206.455733][ T8486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.462393][ T8486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.485154][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 206.606311][ T8493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.623692][ T8493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.660105][ T8495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1491'. [ 206.822149][ T8505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.826207][ T8505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.065400][ T7337] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 207.289533][ T7337] usb 1-1: Using ep0 maxpacket: 32 [ 207.354598][ T7337] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA6, skipping [ 207.357862][ T7337] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 207.416158][ T7337] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 207.656729][ T7337] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 207.659499][ T7337] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.665075][ T7337] usb 1-1: Product: syz [ 207.666213][ T7337] usb 1-1: Manufacturer: syz [ 207.667440][ T7337] usb 1-1: SerialNumber: syz [ 207.674970][ T7337] usb 1-1: config 0 descriptor?? [ 207.736363][ T8511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.759334][ T8511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.791915][ T8513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.794443][ T8513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.878039][ T8519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.880438][ T8519] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.086769][ T8517] loop4: detected capacity change from 0 to 40427 [ 208.097393][ T8517] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 208.099105][ T8517] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 208.103089][ T8517] F2FS-fs (loop4): invalid crc value [ 208.106569][ T8517] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 208.127876][ T8517] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 208.129911][ T8517] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 208.516547][ T8533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.526155][ T8533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.704341][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.708389][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.737626][ T8541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.748576][ T8541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.752632][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.754970][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.769025][ T8533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.772240][ T8533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.777707][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.781336][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.968717][ T8541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.972673][ T8541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.099874][ T4314] syz-executor: attempt to access beyond end of device [ 209.099874][ T4314] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.208645][ T8545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.214522][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.216994][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.218299][ T8545] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.226037][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.229117][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.348665][ T8547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.352311][ T8547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.448072][ T8539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.451405][ T8539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.521362][ T7] usb 1-1: USB disconnect, device number 3 [ 210.625719][ T8563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.628190][ T8563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.779182][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.783599][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.796027][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.799756][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.804540][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.808098][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.817973][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.821700][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.826626][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.830224][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.842025][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.845943][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.998779][ T7] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 211.031963][ T8574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.036617][ T8574] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.153090][ T8572] loop3: detected capacity change from 0 to 40427 [ 211.160828][ T8572] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 211.162627][ T8572] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 211.174226][ T8572] F2FS-fs (loop3): invalid crc value [ 211.182594][ T8572] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 211.196692][ T7] usb 1-1: Using ep0 maxpacket: 8 [ 211.199715][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.202612][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.206046][ T7] usb 1-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 211.209945][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.218384][ T7] usb 1-1: config 0 descriptor?? [ 211.234802][ T8572] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 211.236750][ T8572] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 211.252425][ T8580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.254972][ T8580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.426514][ T8582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.432083][ T8582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.438534][ T8558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.441201][ T8558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.863138][ T8586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.866891][ T8586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.878215][ T7] usbhid 1-1:0.0: can't add hid device: -71 [ 211.879949][ T7] usbhid: probe of 1-1:0.0 failed with error -71 [ 211.887608][ T7] usb 1-1: USB disconnect, device number 4 [ 212.211141][ T4315] syz-executor: attempt to access beyond end of device [ 212.211141][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 213.055250][ T8595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.060369][ T8595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.253671][ T8606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.256215][ T8606] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.288006][ T8608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.290602][ T8608] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.444342][ T8611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.446827][ T8611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.493692][ T8606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.496368][ T8606] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.504695][ T7] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 213.632543][ T8613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.635294][ T8613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.640866][ T8613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.643713][ T8613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.696991][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 213.699992][ T7] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 213.702245][ T7] usb 1-1: config 0 has no interface number 0 [ 213.703919][ T7] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 213.709313][ T7] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 213.711838][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.714132][ T7] usb 1-1: Product: syz [ 213.715279][ T7] usb 1-1: Manufacturer: syz [ 213.716684][ T7] usb 1-1: SerialNumber: syz [ 213.719773][ T7] usb 1-1: config 0 descriptor?? [ 213.721609][ T8602] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 213.725939][ T7] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 213.728775][ T7] em28xx 1-1:0.132: Video interface 132 found: bulk [ 213.861752][ T8613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.864322][ T8613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.943195][ T8602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.945871][ T8602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 213.949617][ T8602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 213.952252][ T8602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.104838][ T8615] loop3: detected capacity change from 0 to 40427 [ 214.112273][ T8615] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 214.114399][ T8615] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 214.119057][ T8615] F2FS-fs (loop3): invalid crc value [ 214.122734][ T8615] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 214.142225][ T8615] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 214.144189][ T8615] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 214.274830][ T8621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.277460][ T8621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.311983][ T8623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.314408][ T8623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.535464][ T8623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.538284][ T8623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.798534][ T8623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.801193][ T8623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.600649][ T8602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.603080][ T8602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.605783][ T7] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 215.691598][ T7] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 215.694143][ T7] em28xx 1-1:0.132: board has no eeprom [ 215.711134][ T8635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1545'. [ 215.794553][ T7] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 215.797159][ T7] em28xx 1-1:0.132: analog set to bulk mode. [ 215.808195][ T7] usb 1-1: USB disconnect, device number 5 [ 215.826267][ T7] em28xx 1-1:0.132: Disconnecting em28xx [ 215.828189][ T4953] em28xx 1-1:0.132: Registering V4L2 extension [ 216.036603][ T4953] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 216.041244][ T4953] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 216.043302][ T4953] em28xx 1-1:0.132: No AC97 audio processor [ 216.065969][ T4953] usb 1-1: Decoder not found [ 216.072468][ T4953] em28xx 1-1:0.132: failed to create media graph [ 216.074285][ T4953] em28xx 1-1:0.132: V4L2 device video11 deregistered [ 216.098198][ T8658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.100757][ T8658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.115182][ T4953] em28xx 1-1:0.132: Remote control support is not available for this card. [ 216.117728][ T7] em28xx 1-1:0.132: Closing input extension [ 216.126732][ T7] em28xx 1-1:0.132: Freeing device [ 216.143966][ T8658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.146937][ T8658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.149868][ T8658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.152357][ T8658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.166032][ T8661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.168681][ T8661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.171547][ T8662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.182919][ T8662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.190117][ T8662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.212367][ T8662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.250167][ T4315] syz-executor: attempt to access beyond end of device [ 216.250167][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 216.377532][ T8667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.381774][ T8667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.439419][ T8662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.442032][ T8662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.636063][ T7] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 216.769519][ T8669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.773683][ T8669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.828409][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 216.831822][ T7] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 216.834071][ T7] usb 1-1: config 0 has no interface number 0 [ 216.835864][ T7] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 216.838785][ T7] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 216.843118][ T7] usb 1-1: config 0 interface 41 has no altsetting 0 [ 216.847030][ T7] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 216.850145][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.852536][ T7] usb 1-1: Product: syz [ 216.853717][ T7] usb 1-1: Manufacturer: syz [ 216.855098][ T7] usb 1-1: SerialNumber: syz [ 216.858509][ T7] usb 1-1: config 0 descriptor?? [ 216.860525][ T8665] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 216.864944][ T8665] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 217.732042][ T8665] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 217.734072][ T8665] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 217.751093][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1556'. [ 217.825049][ T8682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.827612][ T8682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.958083][ T8690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.965420][ T8690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.186706][ T8690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.189260][ T8690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.303371][ T8696] loop4: detected capacity change from 0 to 40427 [ 218.314802][ T8696] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 218.316667][ T8696] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 218.320456][ T8696] F2FS-fs (loop4): invalid crc value [ 218.324281][ T8696] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 218.347087][ T8696] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 218.349173][ T8696] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 218.427433][ T7] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 218.535384][ T8705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.557130][ T8705] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.054862][ T8713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.067724][ T8713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.250461][ T4314] syz-executor: attempt to access beyond end of device [ 219.250461][ T4314] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 220.048008][ T8724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1571'. [ 220.203541][ T8733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.212129][ T8733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.224278][ T8736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.239095][ T8736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.239365][ T8733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.243935][ T8733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.370807][ T8742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.373855][ T8742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.382460][ T8742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.385013][ T8742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.397201][ T8742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.404859][ T8742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.410110][ T8742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.412963][ T8742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.631762][ T8742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.635747][ T8742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.829925][ T8744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.835591][ T8744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.858164][ T8748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.865133][ T8748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.510281][ T8755] loop3: detected capacity change from 0 to 40427 [ 221.514958][ T8755] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 221.517040][ T8755] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 221.520921][ T8755] F2FS-fs (loop3): invalid crc value [ 221.536584][ T8761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.539733][ T8761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.544348][ T8755] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 221.578007][ T8755] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 221.580252][ T8755] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 221.623869][ T7] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9 [ 221.627114][ T7] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9 [ 221.639247][ T7] CoreChips: probe of 1-1:0.41 failed with error -71 [ 221.645198][ T7] usb 1-1: USB disconnect, device number 6 [ 221.814387][ T8767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.819973][ T8767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.077147][ T7] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 222.354763][ T4315] syz-executor: attempt to access beyond end of device [ 222.354763][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 222.379388][ T7] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 223.102538][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 223.105400][ T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 223.107716][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.146162][ T7] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 223.148556][ T7] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 223.150680][ T7] usb 1-1: Product: syz [ 223.151775][ T7] usb 1-1: Manufacturer: syz [ 223.217977][ T7] cdc_wdm 1-1:1.0: skipping garbage [ 223.219516][ T7] cdc_wdm 1-1:1.0: skipping garbage [ 223.233634][ T7] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 223.235290][ T7] cdc_wdm 1-1:1.0: Unknown control protocol [ 223.239926][ T8783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.257377][ T8783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.369562][ T8789] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1591'. [ 223.372168][ T8789] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1591'. [ 223.381034][ T8789] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1591'. [ 223.422296][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 223.436745][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 223.439410][ T7] usb 1-1: USB disconnect, device number 7 [ 223.475104][ T8789] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 223.487234][ T8796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.490699][ T8796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 223.528820][ T8798] loop3: detected capacity change from 0 to 512 [ 223.533711][ T8798] EXT4-fs (loop3): Test dummy encryption mode enabled [ 223.540897][ T8798] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 223.559664][ T8798] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1593: bad orphan inode 131083 [ 223.563700][ T8798] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 223.571908][ T8802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.574500][ T8802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.044047][ T7] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 224.222018][ T8814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1598'. [ 224.241219][ T7] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 224.243752][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 224.246811][ T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 224.257251][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.266294][ T7] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 224.277778][ T7] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 224.282461][ T7] usb 1-1: Product: syz [ 224.284838][ T7] usb 1-1: Manufacturer: syz [ 224.306048][ T7] cdc_wdm 1-1:1.0: skipping garbage [ 224.308708][ T7] cdc_wdm 1-1:1.0: skipping garbage [ 224.327040][ T7] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 224.331098][ T7] cdc_wdm 1-1:1.0: Unknown control protocol [ 224.733946][ T8812] loop1: detected capacity change from 0 to 40427 [ 224.754620][ T8812] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 224.757165][ T8812] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 224.768725][ T8812] F2FS-fs (loop1): invalid crc value [ 225.078706][ T8812] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 225.537475][ T8812] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 225.539438][ T8812] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 225.595599][ T4953] usb 1-1: USB disconnect, device number 8 [ 225.784337][ T8835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.793625][ T8835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.800778][ T8836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.806664][ T8836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.813715][ T8835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.819496][ T8835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.823658][ T8835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.826073][ T8835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.846138][ T8836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.848524][ T8836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.857954][ T8836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.860253][ T8836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.866583][ T8835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.869071][ T8835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.093106][ T8835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.095575][ T8835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.584274][ T4306] syz-executor: attempt to access beyond end of device [ 226.584274][ T4306] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.735944][ T8836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.743779][ T8836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.675241][ T4315] EXT4-fs (loop3): unmounting filesystem. [ 238.816010][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1610'. [ 239.200062][ T8895] validate_nla: 15 callbacks suppressed [ 239.200077][ T8895] netlink: 'syz.2.1626': attribute type 6 has an invalid length. [ 240.245643][ T8908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1629'. [ 240.462421][ T8888] loop1: detected capacity change from 0 to 40427 [ 240.470693][ T8921] netlink: 'syz.2.1635': attribute type 10 has an invalid length. [ 240.502474][ T8888] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 240.504241][ T8888] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 240.528431][ T8888] F2FS-fs (loop1): invalid crc value [ 240.553222][ T8888] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 240.596655][ T8888] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 240.598812][ T8888] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 242.166575][ T4306] syz-executor: attempt to access beyond end of device [ 242.166575][ T4306] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 242.451440][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1647'. [ 243.821075][ T8992] netlink: 'syz.1.1658': attribute type 10 has an invalid length. [ 243.903885][ T8978] loop0: detected capacity change from 0 to 40427 [ 243.929157][ T8978] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 243.931102][ T8978] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 243.937638][ T8978] F2FS-fs (loop0): invalid crc value [ 244.006545][ T8978] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 244.052010][ T8978] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 244.054052][ T8978] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 244.791439][ T9005] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1662'. [ 244.864403][ T4307] syz-executor: attempt to access beyond end of device [ 244.864403][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 246.165147][ T9054] netlink: 'syz.3.1681': attribute type 10 has an invalid length. [ 246.254604][ T9064] binder: 9060:9064 got transaction to invalid handle, 1 [ 246.256639][ T9064] binder: 9064:9060 cannot find target node [ 246.272746][ T9064] binder: 9060:9064 transaction call to 0:0 failed 248/29201/-22, size 104-4016 line 3054 [ 246.286283][ T3886] binder: undelivered TRANSACTION_ERROR: 29201 [ 246.290129][ T9058] binder: 9056:9058 ioctl 4018620d 0 returned -22 [ 246.304511][ T9058] binder: 9056:9058 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 246.313134][ T9058] binder: 9058 RLIMIT_NICE not set [ 247.604545][ T9055] loop0: detected capacity change from 0 to 40427 [ 247.638863][ T9055] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 247.640612][ T9055] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 247.656441][ T9055] F2FS-fs (loop0): invalid crc value [ 247.687861][ T9055] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 247.701895][ T9104] binder: 9103:9104 got transaction to invalid handle, 1 [ 247.713303][ T9104] binder: 9104:9103 cannot find target node [ 247.715071][ T9104] binder: 9103:9104 transaction call to 0:0 failed 252/29201/-22, size 104-4016 line 3054 [ 247.730987][ T4622] binder: undelivered TRANSACTION_ERROR: 29201 [ 247.771933][ T9055] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 247.773976][ T9055] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 249.130359][ T9129] tipc: Enabled bearer , priority 0 [ 249.132883][ T9129] device syzkaller0 entered promiscuous mode [ 249.162522][ T9129] tipc: Resetting bearer [ 249.211027][ T9128] tipc: Resetting bearer [ 249.300830][ T9128] tipc: Disabling bearer [ 249.358294][ T9144] binder: 9143:9144 got transaction to invalid handle, 1 [ 249.360411][ T9144] binder: 9144:9143 cannot find target node [ 249.362005][ T9144] binder: 9143:9144 transaction call to 0:0 failed 256/29201/-22, size 104-4016 line 3054 [ 249.412301][ T4353] binder: undelivered TRANSACTION_ERROR: 29201 [ 250.604139][ T9170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.610344][ T9170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.844601][ T4307] syz-executor: attempt to access beyond end of device [ 250.844601][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 250.861814][ T9176] tipc: Started in network mode [ 250.863193][ T9176] tipc: Node identity 5e5398d6ccb7, cluster identity 4711 [ 250.865272][ T9176] tipc: Enabled bearer , priority 0 [ 250.882419][ T9176] device syzkaller0 entered promiscuous mode [ 250.911104][ T9176] tipc: Resetting bearer [ 250.921705][ T9175] tipc: Resetting bearer [ 250.984960][ T9175] tipc: Disabling bearer [ 251.135390][ T9195] binder: tried to use weak ref as strong ref [ 251.140924][ T9195] binder: 9194:9195 Acquire 1 refcount change on invalid ref 0 ret -22 [ 251.147637][ T9195] binder: 9194:9195 got transaction to invalid handle, 1 [ 251.153524][ T9195] binder: 9195:9194 cannot find target node [ 251.640235][ T9221] tipc: Started in network mode [ 251.641901][ T9221] tipc: Node identity 0a24b19b61e3, cluster identity 4711 [ 251.644161][ T9221] tipc: Enabled bearer , priority 0 [ 251.646848][ T9221] device syzkaller0 entered promiscuous mode [ 251.704791][ T9223] binder: tried to use weak ref as strong ref [ 251.706809][ T9223] binder: 9222:9223 Acquire 1 refcount change on invalid ref 0 ret -22 [ 251.710804][ T9223] binder: 9222:9223 got transaction to invalid handle, 1 [ 251.717059][ T9221] tipc: Resetting bearer [ 251.721956][ T9223] binder_debug: 2 callbacks suppressed [ 251.721968][ T9223] binder: 9223:9222 cannot find target node [ 251.725175][ T9223] binder: 9222:9223 transaction call to 0:0 failed 262/29201/-22, size 104-4016 line 3054 [ 251.728512][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 251.733526][ T9220] tipc: Resetting bearer [ 251.753637][ T9211] loop2: detected capacity change from 0 to 40427 [ 251.766215][ T9211] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 251.769242][ T9211] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 251.799183][ T9211] F2FS-fs (loop2): invalid crc value [ 251.830344][ T9211] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 251.872360][ T9220] tipc: Disabling bearer [ 251.878412][ T9211] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 251.880983][ T9211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 252.214307][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 252.216147][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 252.350883][ T9254] loop1: detected capacity change from 0 to 1024 [ 252.452557][ T8872] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 252.595106][ T9262] binder: tried to use weak ref as strong ref [ 252.603254][ T9262] binder: 9260:9262 Acquire 1 refcount change on invalid ref 0 ret -22 [ 252.606010][ T9262] binder: 9260:9262 got transaction to invalid handle, 1 [ 252.607864][ T9262] binder: 9262:9260 cannot find target node [ 252.610808][ T9262] binder: 9260:9262 transaction call to 0:0 failed 265/29201/-22, size 104-4016 line 3054 [ 252.614118][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 253.631690][ T9276] tipc: Enabled bearer , priority 0 [ 253.638395][ T9276] device syzkaller0 entered promiscuous mode [ 253.777008][ T9282] tipc: Resetting bearer [ 253.791476][ T9274] tipc: Resetting bearer [ 253.967703][ T9274] tipc: Disabling bearer [ 253.996777][ T9296] loop3: detected capacity change from 0 to 1024 [ 255.146516][ T9316] binder: 9315:9316 tried to acquire reference to desc 0, got 1 instead [ 255.149671][ T9316] binder_alloc: 9315: binder_alloc_buf, no vma [ 255.157209][ T9316] binder: cannot allocate buffer: vma cleared, target dead or dying [ 255.157245][ T9316] binder: 9315:9316 transaction call to 9315:0 failed 270/29189/-3, size 104-4016 line 3239 [ 255.174582][ T4374] binder: undelivered TRANSACTION_ERROR: 29189 [ 255.225723][ T4316] syz-executor: attempt to access beyond end of device [ 255.225723][ T4316] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 255.277080][ T9322] netlink: 'syz.4.1783': attribute type 10 has an invalid length. [ 255.755412][ T9342] loop2: detected capacity change from 0 to 1024 [ 256.962343][ T9367] binder: 9366:9367 tried to acquire reference to desc 0, got 1 instead [ 256.982049][ T9367] binder_alloc: 9366: binder_alloc_buf, no vma [ 256.983810][ T9367] binder: cannot allocate buffer: vma cleared, target dead or dying [ 257.274761][ T9385] loop1: detected capacity change from 0 to 512 [ 257.294684][ T9386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.301001][ T9385] EXT4-fs (loop1): Test dummy encryption mode enabled [ 257.303406][ T9385] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 257.311720][ T9386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.335784][ T9390] loop3: detected capacity change from 0 to 1024 [ 257.338058][ T9385] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.1809: bad orphan inode 131083 [ 257.341337][ T9385] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 257.376800][ T9386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.396935][ T9386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.414915][ T9353] loop0: detected capacity change from 0 to 40427 [ 257.428387][ T9353] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 257.437372][ T9353] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 257.445374][ T9353] F2FS-fs (loop0): invalid crc value [ 257.481553][ T9353] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 257.553601][ T9353] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 257.555887][ T9353] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 259.136182][ T9411] binder: BINDER_SET_CONTEXT_MGR already set [ 259.137806][ T9411] binder: 9410:9411 ioctl 4018620d 20000040 returned -16 [ 259.163036][ T9411] binder: tried to use weak ref as strong ref [ 259.164706][ T9411] binder: 9410:9411 Acquire 1 refcount change on invalid ref 0 ret -22 [ 259.184751][ T9411] binder: 9410:9411 got transaction to invalid handle, 1 [ 259.186722][ T9411] binder_debug: 2 callbacks suppressed [ 259.186730][ T9411] binder: 9411:9410 cannot find target node [ 259.226783][ T9411] binder: 9410:9411 transaction call to 0:0 failed 278/29201/-22, size 104-4016 line 3054 [ 259.259544][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 259.736348][ T9422] tipc: Enabled bearer , priority 0 [ 259.738837][ T9422] device syzkaller0 entered promiscuous mode [ 259.802883][ T9425] loop2: detected capacity change from 0 to 1024 [ 259.895991][ T9422] tipc: Resetting bearer [ 260.848434][ T9421] tipc: Resetting bearer [ 260.872162][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 261.036128][ T4953] tipc: Node number set to 205390490 [ 261.153980][ T9421] tipc: Disabling bearer [ 261.481914][ T9455] loop3: detected capacity change from 0 to 512 [ 261.500579][ T9455] EXT4-fs (loop3): Test dummy encryption mode enabled [ 261.502548][ T9455] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 261.551581][ T9455] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1836: bad orphan inode 131083 [ 261.555514][ T9455] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 261.631500][ T9461] loop2: detected capacity change from 0 to 1024 [ 261.825466][ T4307] syz-executor: attempt to access beyond end of device [ 261.825466][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 262.643134][ T9473] loop4: detected capacity change from 0 to 1024 [ 262.646367][ T9473] EXT4-fs: Ignoring removed bh option [ 262.653266][ T9473] EXT4-fs: Ignoring removed nomblk_io_submit option [ 262.719345][ T9473] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 263.715925][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 264.192798][ T9515] loop0: detected capacity change from 0 to 1024 [ 264.199268][ T9515] EXT4-fs: Ignoring removed bh option [ 264.200663][ T9515] EXT4-fs: Ignoring removed nomblk_io_submit option [ 264.221023][ T9515] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 265.176264][ T9522] device wg2 entered promiscuous mode [ 265.212030][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 265.675678][ T9553] loop1: detected capacity change from 0 to 1024 [ 265.678065][ T9553] EXT4-fs: Ignoring removed bh option [ 265.679600][ T9553] EXT4-fs: Ignoring removed nomblk_io_submit option [ 265.732136][ T9553] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 267.297897][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 268.064213][ T4315] EXT4-fs (loop3): unmounting filesystem. [ 278.346380][ T9641] loop0: detected capacity change from 0 to 512 [ 278.387880][ T9641] EXT4-fs (loop0): Test dummy encryption mode enabled [ 278.400818][ T9641] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 278.514475][ T9641] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.1913: bad orphan inode 131083 [ 278.524486][ T9641] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 281.006131][ T9696] loop4: detected capacity change from 0 to 1024 [ 283.373808][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 283.417707][ T9711] loop0: detected capacity change from 0 to 1024 [ 283.422318][ T9711] EXT4-fs: Ignoring removed bh option [ 283.424055][ T9711] EXT4-fs: Ignoring removed nomblk_io_submit option [ 283.430853][ T9711] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 284.375514][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 286.577420][ T9733] loop0: detected capacity change from 0 to 1024 [ 286.617948][ T9632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 293.264688][ T9742] loop1: detected capacity change from 0 to 1024 [ 293.302575][ T9742] EXT4-fs: Ignoring removed bh option [ 293.304129][ T9742] EXT4-fs: Ignoring removed nomblk_io_submit option [ 293.361063][ T9742] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 293.486832][ T9761] loop3: detected capacity change from 0 to 1024 [ 295.678032][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 296.802793][ T9805] loop1: detected capacity change from 0 to 1024 [ 308.505352][ T9835] loop1: detected capacity change from 0 to 1024 [ 308.515281][ T9835] EXT4-fs: Ignoring removed bh option [ 308.517097][ T9835] EXT4-fs: Ignoring removed nomblk_io_submit option [ 308.584595][ T9835] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 309.000479][ T9855] loop3: detected capacity change from 0 to 1024 [ 310.321442][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 311.504120][ T9903] loop1: detected capacity change from 0 to 1024 [ 311.506843][ T9903] EXT4-fs: Ignoring removed bh option [ 311.508287][ T9903] EXT4-fs: Ignoring removed nomblk_io_submit option [ 311.515969][ T9903] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 312.470333][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 313.589106][ T9919] 9pnet_fd: Insufficient options for proto=fd [ 317.887648][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.889409][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.650185][ T9938] loop2: detected capacity change from 0 to 1024 [ 322.652346][ T9938] EXT4-fs: Ignoring removed bh option [ 322.693585][ T9938] EXT4-fs: Ignoring removed nomblk_io_submit option [ 322.742335][ T9938] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 322.783008][ T9948] 9pnet_fd: Insufficient options for proto=fd [ 323.742908][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 323.848284][ T9941] loop1: detected capacity change from 0 to 40427 [ 323.871617][ T9941] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 323.873787][ T9941] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 323.878281][ T9941] F2FS-fs (loop1): invalid crc value [ 323.940183][ T9941] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 323.984733][ T9941] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 323.986762][ T9941] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 324.784080][ T9990] 9pnet_fd: Insufficient options for proto=fd [ 324.796051][ T4306] syz-executor: attempt to access beyond end of device [ 324.796051][ T4306] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 325.003347][ T9994] tipc: Enabled bearer , priority 0 [ 325.005858][ T9994] device syzkaller0 entered promiscuous mode [ 325.061163][T10001] loop2: detected capacity change from 0 to 512 [ 325.066734][T10001] EXT4-fs (loop2): Test dummy encryption mode enabled [ 325.075936][T10001] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 325.103050][ T9993] tipc: Resetting bearer [ 325.144019][T10001] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.2035: bad orphan inode 131083 [ 325.152305][T10001] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 325.562143][T10014] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.2035: iget: bad extra_isize 1312 (inode size 256) [ 325.671681][ T9993] tipc: Disabling bearer [ 326.944446][T10037] 9pnet_fd: Insufficient options for proto=fd [ 327.506933][ T4316] EXT4-fs (loop2): unmounting filesystem. [ 327.621894][T10049] tipc: Enabled bearer , priority 0 [ 327.634144][T10049] tipc: Resetting bearer [ 327.665548][T10031] loop4: detected capacity change from 0 to 40427 [ 327.674702][T10031] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 327.676557][T10031] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 327.696316][T10031] F2FS-fs (loop4): invalid crc value [ 327.712104][T10031] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 327.755329][T10031] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 327.757442][T10031] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 327.797200][T10048] tipc: Disabling bearer [ 328.418002][T10074] loop3: detected capacity change from 0 to 1024 [ 328.432398][T10074] EXT4-fs: Ignoring removed bh option [ 328.434057][T10074] EXT4-fs: Ignoring removed nomblk_io_submit option [ 328.607107][ T4314] syz-executor: attempt to access beyond end of device [ 328.607107][ T4314] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 328.637361][T10074] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 328.718228][T10084] loop1: detected capacity change from 0 to 512 [ 328.778276][T10084] EXT4-fs (loop1): Test dummy encryption mode enabled [ 328.781586][T10084] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 328.809522][T10084] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.2063: bad orphan inode 131083 [ 328.820823][T10084] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 330.320872][T10096] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.2063: iget: bad extra_isize 1312 (inode size 256) [ 330.677152][T10102] tipc: Enabled bearer , priority 0 [ 330.701934][T10102] tipc: Resetting bearer [ 331.237511][ T4315] EXT4-fs (loop3): unmounting filesystem. [ 331.378524][T10101] tipc: Disabling bearer [ 332.039584][T10126] loop4: detected capacity change from 0 to 1024 [ 332.058214][T10126] EXT4-fs: Ignoring removed bh option [ 332.071275][T10126] EXT4-fs: Ignoring removed nomblk_io_submit option [ 332.170989][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 332.181125][T10110] loop0: detected capacity change from 0 to 40427 [ 332.189226][T10110] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 332.191118][T10110] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 332.191482][T10126] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 332.221080][T10110] F2FS-fs (loop0): invalid crc value [ 332.322865][T10110] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 332.447347][T10110] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 332.449574][T10110] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 332.502377][T10147] tipc: Enabled bearer , priority 0 [ 332.509183][T10147] tipc: Resetting bearer [ 333.003601][T10146] tipc: Disabling bearer [ 333.282483][ T4307] syz-executor: attempt to access beyond end of device [ 333.282483][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 334.862677][T10195] device syzkaller0 entered promiscuous mode [ 335.814094][T10193] loop3: detected capacity change from 0 to 40427 [ 335.865549][T10193] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 335.867346][T10193] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 335.905125][T10193] F2FS-fs (loop3): invalid crc value [ 335.923933][T10193] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 335.956255][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 336.001390][T10193] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 336.003588][T10193] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 336.173476][T10232] 9pnet_fd: Insufficient options for proto=fd [ 336.818231][ T4315] syz-executor: attempt to access beyond end of device [ 336.818231][ T4315] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 336.969303][T10243] loop1: detected capacity change from 0 to 1024 [ 336.971638][T10243] EXT4-fs: Ignoring removed bh option [ 336.973086][T10243] EXT4-fs: Ignoring removed nomblk_io_submit option [ 336.990739][T10245] loop0: detected capacity change from 0 to 512 [ 337.021833][T10245] EXT4-fs (loop0): Test dummy encryption mode enabled [ 337.024422][T10243] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 337.031293][T10245] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 337.272325][T10245] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.2119: bad orphan inode 131083 [ 337.275522][T10245] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 337.653843][T10262] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.2119: iget: bad extra_isize 1312 (inode size 256) [ 338.377581][ T4306] EXT4-fs (loop1): unmounting filesystem. [ 338.984073][T10290] 9pnet_fd: Insufficient options for proto=fd [ 339.522113][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 339.665268][T10303] netlink: 'syz.3.2142': attribute type 10 has an invalid length. [ 340.003542][T10325] loop4: detected capacity change from 0 to 512 [ 340.005754][T10321] 9pnet_fd: Insufficient options for proto=fd [ 340.023463][T10325] EXT4-fs (loop4): Test dummy encryption mode enabled [ 340.025321][T10325] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 340.076507][T10325] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.2151: bad orphan inode 131083 [ 340.090284][T10325] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 340.340191][T10335] netlink: 'syz.2.2155': attribute type 10 has an invalid length. [ 341.005463][T10343] device pim6reg1 entered promiscuous mode [ 341.541485][T10360] 9pnet_fd: Insufficient options for proto=fd [ 341.946492][T10373] device pim6reg1 entered promiscuous mode [ 342.496336][T10381] netlink: 'syz.1.2172': attribute type 10 has an invalid length. [ 342.516715][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 342.687202][T10396] loop2: detected capacity change from 0 to 1024 [ 343.732454][T10418] netlink: 'syz.1.2187': attribute type 10 has an invalid length. [ 343.789879][T10420] loop0: detected capacity change from 0 to 512 [ 343.807965][T10420] EXT4-fs (loop0): Test dummy encryption mode enabled [ 343.818352][T10420] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 343.875067][T10420] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.2186: bad orphan inode 131083 [ 343.879448][T10420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 344.929273][T10444] device pim6reg1 entered promiscuous mode [ 345.204328][T10454] netlink: 'syz.1.2199': attribute type 10 has an invalid length. [ 345.423195][T10452] loop4: detected capacity change from 0 to 40427 [ 345.440559][T10452] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 345.444801][T10452] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 345.454141][T10452] F2FS-fs (loop4): invalid crc value [ 345.516468][T10460] loop1: detected capacity change from 0 to 1024 [ 345.694531][T10452] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 345.837771][T10452] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 345.859846][T10452] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 346.508952][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 346.678003][ T4314] syz-executor: attempt to access beyond end of device [ 346.678003][ T4314] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 347.077763][T10489] netlink: 'syz.2.2210': attribute type 10 has an invalid length. [ 347.696111][T10501] loop0: detected capacity change from 0 to 40427 [ 347.711263][T10501] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 347.727428][T10501] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 347.740870][T10501] F2FS-fs (loop0): invalid crc value [ 347.765017][T10501] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 347.885073][T10501] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 347.887124][T10501] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 348.108740][T10534] netlink: 'syz.4.2225': attribute type 10 has an invalid length. [ 348.693988][ T4307] syz-executor: attempt to access beyond end of device [ 348.693988][ T4307] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 348.966169][T10555] loop4: detected capacity change from 0 to 1024 [ 349.166577][T10570] netlink: 'syz.2.2237': attribute type 10 has an invalid length. [ 350.460245][T10575] loop2: detected capacity change from 0 to 40427 [ 350.470854][T10575] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 350.473064][T10575] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 350.478120][T10575] F2FS-fs (loop2): invalid crc value [ 350.500979][T10575] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 350.561711][T10575] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 350.564120][T10575] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 351.357419][ T4316] syz-executor: attempt to access beyond end of device [ 351.357419][ T4316] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 351.514599][T10617] loop1: detected capacity change from 0 to 1024 [ 351.687187][ T9967] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 365.456806][T10604] device wg2 left promiscuous mode [ 365.458989][T10605] device wg2 entered promiscuous mode [ 365.461509][T10609] netlink: 'syz.4.2249': attribute type 10 has an invalid length. [ 366.541244][T10671] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 366.569748][T10671] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 366.577883][ T4310] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 366.580704][T10671] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 366.589202][ T4310] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 366.592260][T10671] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 367.446006][T10668] chnl_net:caif_netlink_parms(): no params data found [ 367.550062][T10668] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.553175][T10668] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.560123][T10668] device bridge_slave_0 entered promiscuous mode [ 367.563541][T10700] netlink: 'syz.2.2273': attribute type 10 has an invalid length. [ 367.573365][T10668] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.582453][T10668] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.590707][T10668] device bridge_slave_1 entered promiscuous mode [ 367.639983][T10668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 367.693994][T10668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 367.723528][T10668] team0: Port device team_slave_0 added [ 367.726889][T10668] team0: Port device team_slave_1 added [ 367.738149][T10668] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 367.740124][T10668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.748037][T10668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 367.752472][T10668] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 367.754568][T10668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.761939][T10668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 367.866486][T10668] device hsr_slave_0 entered promiscuous mode [ 367.963003][T10668] device hsr_slave_1 entered promiscuous mode [ 368.010552][T10668] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.012782][T10668] Cannot create hsr debugfs directory [ 368.018006][T10711] netlink: 'syz.0.2278': attribute type 1 has an invalid length. [ 368.299491][T10668] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 368.366203][T10668] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 368.422995][T10668] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 368.532579][T10668] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 368.537073][ T5292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.539863][ T5292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.790885][ T4313] Bluetooth: hci5: command 0x0409 tx timeout [ 369.634550][T10668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.696648][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 369.699234][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 369.722243][T10668] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.804921][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 369.807889][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 369.810885][ T5292] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.812810][ T5292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.832742][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 369.835559][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 369.835799][T10760] loop6: detected capacity change from 0 to 7 [ 369.838060][ T5292] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.841484][ T5292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.864445][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 369.867301][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 369.870314][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 369.873111][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 369.876877][ T5292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 369.898340][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 369.908847][T10760] Dev loop6: unable to read RDB block 7 [ 369.910615][T10760] loop6: unable to read partition table [ 369.912245][T10760] loop6: partition table beyond EOD, truncated [ 369.931225][ T4374] Process accounting resumed [ 369.949645][T10760] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 370.393539][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 370.396585][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 370.407010][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 370.416836][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 370.531654][ T4518] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.545068][T10668] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 370.551586][T10668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 370.627563][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 370.630365][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 370.712362][ T4518] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.892095][ T4518] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.899047][T10783] netlink: 'syz.1.2302': attribute type 10 has an invalid length. [ 370.978441][ T4518] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.997325][ T4313] Bluetooth: hci5: command 0x041b tx timeout [ 371.018143][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 371.021847][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 371.034109][T10668] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.276310][ T4518] tipc: Left network mode [ 371.335410][T10809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.361373][T10809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.505145][T10816] binder: 10815:10816 ioctl c0306201 0 returned -14 [ 371.523942][T10813] loop4: detected capacity change from 0 to 1024 [ 371.537308][T10816] binder: 10815:10816 got transaction to invalid handle, 1 [ 371.539272][T10816] binder: 10816:10815 cannot find target node [ 371.540816][T10816] binder: 10815:10816 transaction call to 0:0 failed 282/29201/-22, size 104-4016 line 3054 [ 371.562274][ T4374] binder: undelivered TRANSACTION_ERROR: 29201 [ 371.572284][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 371.577024][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 371.607975][T10801] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 371.635674][T10668] device veth0_vlan entered promiscuous mode [ 371.646969][T10668] device veth1_vlan entered promiscuous mode [ 371.737485][T10668] device veth0_macvtap entered promiscuous mode [ 372.512470][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 372.515594][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 372.518411][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 372.525161][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 372.528318][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 372.534926][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 372.542545][T10668] device veth1_macvtap entered promiscuous mode [ 372.720465][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 372.723185][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 372.725792][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 372.730894][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 372.824456][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.829533][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.832231][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.835032][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.842928][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.846401][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.850120][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.853279][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.865302][T10668] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 373.001061][T10856] binder: 10855:10856 ioctl c0306201 0 returned -14 [ 373.006677][T10856] binder: 10855:10856 got transaction to invalid handle, 1 [ 373.009224][T10856] binder: 10856:10855 cannot find target node [ 373.010913][T10856] binder: 10855:10856 transaction call to 0:0 failed 286/29201/-22, size 104-4016 line 3054 [ 373.013796][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 373.014113][ T4381] binder: undelivered TRANSACTION_ERROR: 29201 [ 373.016602][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 373.024169][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.027029][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.035495][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.038230][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.042310][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.056268][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.058863][T10668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.062536][T10668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.066469][T10668] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 373.149870][T10862] loop2: detected capacity change from 0 to 1024 [ 373.240220][ T4313] Bluetooth: hci5: command 0x040f tx timeout [ 373.330948][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 373.334278][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 373.339051][T10668] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.341526][T10668] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.343861][T10668] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.346189][T10668] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.200921][T10866] netlink: 'syz.0.2328': attribute type 12 has an invalid length. [ 374.269183][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2328'. [ 374.272183][T10866] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.275700][T10866] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.469226][ T5384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.473135][ T5384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.477295][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 374.533449][T10886] binder: 10885:10886 got transaction to invalid handle, 1 [ 374.535771][T10886] binder: 10886:10885 cannot find target node [ 374.537641][T10886] binder: 10885:10886 transaction call to 0:0 failed 290/29201/-22, size 104-4016 line 3054 [ 374.546917][ T3886] binder: undelivered TRANSACTION_ERROR: 29201 [ 374.557959][T10878] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 374.563226][T10878] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 374.565330][ T5291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.565396][T10878] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 374.567615][ T5291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.600321][T10878] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 374.605289][T10878] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 374.609427][T10878] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 374.622639][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 374.633473][T10878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 374.654910][T10878] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 374.662512][T10878] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 374.670685][T10878] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 374.701394][T10878] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 374.726125][T10878] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 374.736823][T10878] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 374.748442][T10878] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 374.758272][T10878] Bluetooth: hci5: Suspend notifier action (1) failed: -4 [ 375.048086][T10919] loop1: detected capacity change from 0 to 1024 [ 376.235989][T10934] xt_socket: unknown flags 0x20 [ 376.317204][ T4518] device team0 left promiscuous mode [ 376.318983][ T4518] device team_slave_0 left promiscuous mode [ 376.332184][ T4518] device team_slave_1 left promiscuous mode [ 376.368060][T10940] binder: 10939:10940 got transaction to invalid handle, 1 [ 376.370008][T10940] binder: 10940:10939 cannot find target node [ 376.467274][T10948] binder: 10943:10948 unknown command 0 [ 376.468854][T10948] binder: 10943:10948 ioctl c0306201 20000080 returned -22 [ 376.481102][T10915] loop5: detected capacity change from 0 to 40427 [ 376.488704][T10948] binder: 10943:10948 context manager tried to acquire desc 0 [ 376.490754][T10948] binder: 10943:10948 ioctl c0306201 200003c0 returned -22 [ 376.495548][T10915] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 376.497348][T10915] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 376.500172][ T4518] device hsr_slave_0 left promiscuous mode [ 376.530278][T10948] binder: 10943:10948 got transaction to invalid handle, 1 [ 376.532740][T10915] F2FS-fs (loop5): invalid crc value [ 376.535220][ T4518] device hsr_slave_1 left promiscuous mode [ 376.561670][T10915] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 376.601886][ T4518] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 376.603984][ T4518] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 376.609401][ T4518] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.612003][ T4518] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 376.625439][ T4518] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 376.627339][ T4518] batman_adv: batadv0: Removing interface: virt_wifi0 [ 376.631845][T10915] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 376.633827][T10915] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 376.642519][ T4310] Bluetooth: hci0: command 0x0c1a tx timeout [ 376.657994][ T4518] device bridge_slave_1 left promiscuous mode [ 376.660948][ T4518] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.687329][ T4518] device bridge_slave_0 left promiscuous mode [ 376.689129][ T4518] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.813114][ T4310] Bluetooth: hci4: command 0x0c1a tx timeout [ 376.814904][ T4310] Bluetooth: hci2: command 0x0c1a tx timeout [ 376.816622][ T4310] Bluetooth: hci1: command 0x0c1a tx timeout [ 377.334921][ T4381] binder_debug: 4 callbacks suppressed [ 377.334937][ T4381] binder: undelivered TRANSACTION_ERROR: 29201 [ 377.418249][T10979] loop1: detected capacity change from 0 to 1024 [ 377.474224][ T4313] Bluetooth: hci5: command 0x0405 tx timeout [ 377.478772][T10668] syz-executor: attempt to access beyond end of device [ 377.478772][T10668] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 377.573319][ T4518] device veth1_vlan left promiscuous mode [ 377.575445][ T4518] device veth0_vlan left promiscuous mode [ 378.554213][T10991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.593867][T10991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.622198][T10995] binder: 10994:10995 got transaction to invalid handle, 1 [ 378.624185][T10995] binder: 10995:10994 cannot find target node [ 378.625835][T10995] binder: 10994:10995 transaction call to 0:0 failed 302/29201/-22, size 104-4016 line 3054 [ 378.629825][ T4381] binder: undelivered TRANSACTION_ERROR: 29201 [ 378.665860][T10997] loop5: detected capacity change from 0 to 512 [ 378.675857][T10997] EXT4-fs (loop5): Test dummy encryption mode enabled [ 378.677823][T10997] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 378.689401][T10997] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.2363: bad orphan inode 131083 [ 378.694229][T10997] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 378.866059][ T4313] Bluetooth: hci0: command 0x0406 tx timeout [ 379.036733][ T4310] Bluetooth: hci1: command 0x0406 tx timeout [ 379.039623][ T4310] Bluetooth: hci2: command 0x0406 tx timeout [ 379.041922][ T4310] Bluetooth: hci4: command 0x0406 tx timeout [ 379.096415][T11007] EXT4-fs error (device loop5): ext4_lookup:1858: inode #15: comm syz.5.2363: iget: bad extra_isize 1312 (inode size 256) [ 379.635107][ T4313] Bluetooth: hci5: command 0x0c1a tx timeout [ 379.698923][T11009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.704353][T11009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 380.072608][T11019] loop0: detected capacity change from 0 to 1024 [ 381.672989][T10668] EXT4-fs (loop5): unmounting filesystem. [ 381.758121][T11031] binder: 11029:11031 got transaction to invalid handle, 1 [ 381.760233][T11031] binder: 11031:11029 cannot find target node [ 381.761946][T11031] binder: 11029:11031 transaction call to 0:0 failed 306/29201/-22, size 104-4016 line 3054 [ 381.767402][ T4374] binder: undelivered TRANSACTION_ERROR: 29201 [ 381.858398][T11039] binder: 11038:11039 tried to acquire reference to desc 0, got 1 instead [ 381.861135][ T4310] Bluetooth: hci5: command 0x0406 tx timeout [ 382.726372][ T7] binder: release 11038:11039 transaction 311 out, still active [ 382.728515][ T7] binder: undelivered TRANSACTION_COMPLETE [ 382.748272][ T4622] binder: send failed reply for transaction 311, target dead [ 382.790900][T11048] loop0: detected capacity change from 0 to 512 [ 382.806784][T11048] EXT4-fs (loop0): Test dummy encryption mode enabled [ 382.815664][T11048] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 382.850473][T11048] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.2384: bad orphan inode 131083 [ 382.856074][T11048] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 382.964754][T11054] loop1: detected capacity change from 0 to 1024 [ 383.041342][T10801] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 383.900933][T11061] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.2384: iget: bad extra_isize 1312 (inode size 256) [ 383.920977][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.928722][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.312600][T11067] loop1: detected capacity change from 0 to 40427 [ 385.331358][T11067] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 385.337635][ T4518] team0 (unregistering): Port device team_slave_1 removed [ 385.354974][T11067] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 385.361759][T11067] F2FS-fs (loop1): invalid crc value [ 385.445444][T11067] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 385.477910][T11067] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 385.479912][T11067] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 385.687152][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 385.751677][ T4518] team0 (unregistering): Port device team_slave_0 removed [ 385.861712][T11074] binder: 11073:11074 got transaction to invalid handle, 1 [ 385.865209][T11074] binder: 11074:11073 cannot find target node [ 385.867023][T11074] binder: 11073:11074 transaction call to 0:0 failed 315/29201/-22, size 104-4016 line 3054 [ 385.871874][ T4381] binder: undelivered TRANSACTION_ERROR: 29201 [ 386.326886][ T4306] syz-executor: attempt to access beyond end of device [ 386.326886][ T4306] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 386.478137][ T4518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.509348][ T4518] device bond_slave_1 left promiscuous mode [ 386.705375][ T4518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.755714][ T4518] device bond_slave_0 left promiscuous mode [ 387.257530][ T4381] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 387.450059][ T4381] usb 1-1: Using ep0 maxpacket: 8 [ 387.452931][ T4381] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 387.455188][ T4381] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 387.457861][ T4381] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 387.460531][ T4381] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 387.478058][ T4381] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 387.481749][ T4381] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 387.484580][ T4381] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.718499][ T4381] usb 1-1: GET_CAPABILITIES returned 0 [ 387.720155][ T4381] usbtmc 1-1:16.0: can't read capabilities [ 387.943875][ T4374] usb 1-1: USB disconnect, device number 9 [ 389.290671][ T4518] bond0 (unregistering): Released all slaves [ 389.672725][T11096] netlink: 'syz.1.2398': attribute type 1 has an invalid length. [ 389.689752][ T4313] Bluetooth: hci5: unexpected event for opcode 0x0000 [ 389.760811][T11101] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2400'. [ 389.818030][T11106] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 389.971186][ T5336] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 389.975531][T11096] 8021q: adding VLAN 0 to HW filter on device bond1 [ 389.981295][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 390.065349][T11096] device veth3 entered promiscuous mode [ 390.070301][T11096] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 390.091690][ T5291] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 390.257203][ T4313] Bluetooth: hci1: unexpected event for opcode 0x2002 [ 390.309588][T11131] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 390.441145][T11139] loop0: detected capacity change from 0 to 1024 [ 390.472418][T11139] EXT4-fs: Ignoring removed bh option [ 390.473959][T11139] EXT4-fs: Ignoring removed nomblk_io_submit option [ 390.529722][T11139] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 390.785685][T11110] loop5: detected capacity change from 0 to 40427 [ 391.264909][T11110] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 391.410839][T11110] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 391.444068][T11110] F2FS-fs (loop5): invalid crc value [ 391.485887][T11110] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 391.531755][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 391.596860][T11110] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 391.601988][T11110] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 391.826040][T11176] binder: 11175:11176 unknown command 0 [ 391.827571][T11176] binder: 11175:11176 ioctl c0306201 20000080 returned -22 [ 392.100426][T11176] binder: 11175:11176 tried to acquire reference to desc 0, got 1 instead [ 392.103280][T11176] binder: 11175:11176 got reply transaction with bad transaction stack, transaction 320 has target 11175:0 [ 392.106624][T11176] binder: 11175:11176 transaction reply to 0:0 failed 321/29201/-71, size 0-0 line 2970 [ 392.110131][ T4367] binder: release 11175:11176 transaction 320 out, still active [ 392.123129][ T4367] binder: undelivered TRANSACTION_ERROR: 29201 [ 392.176581][ T4367] binder: send failed reply for transaction 320, target dead [ 392.422967][T10668] syz-executor: attempt to access beyond end of device [ 392.422967][T10668] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 392.635572][ T4313] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260 [ 392.698298][T11189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.703973][T11189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.807691][T11209] loop5: detected capacity change from 0 to 1024 [ 392.812282][T11209] EXT4-fs: Ignoring removed bh option [ 392.816226][T11209] EXT4-fs: Ignoring removed nomblk_io_submit option [ 392.832731][T11209] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 393.004072][T11223] binder: 11222:11223 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 393.007907][T11223] binder: 11223 RLIMIT_NICE not set [ 393.059433][T11225] binder: 11222:11225 tried to acquire reference to desc 0, got 1 instead [ 393.061846][T11225] binder: 11225:11222 failed to get security context [ 393.063801][T11225] binder: 11222:11225 transaction async to 11222:0 failed 326/29201/-22, size 0-0 line 3206 [ 393.840880][T10668] EXT4-fs (loop5): unmounting filesystem. [ 393.884861][ T3886] binder: undelivered TRANSACTION_ERROR: 29201 [ 394.004628][ T4313] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 394.007759][ T4313] Bluetooth: hci5: Injecting HCI hardware error event [ 394.010657][ T4310] Bluetooth: hci5: hardware error 0x00 [ 394.455635][T11262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.460788][T11262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.587051][T11236] loop5: detected capacity change from 0 to 40427 [ 394.599637][T11236] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 394.611322][T11236] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 394.623142][T11236] F2FS-fs (loop5): invalid crc value [ 394.660731][T11236] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 394.681975][T11262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.684476][T11262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.737131][T11236] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 394.739263][T11236] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 394.779970][T11284] loop0: detected capacity change from 0 to 1024 [ 394.794597][T11284] EXT4-fs: Ignoring removed bh option [ 394.801832][T11284] EXT4-fs: Ignoring removed nomblk_io_submit option [ 394.937352][T11284] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 396.158205][ T4307] EXT4-fs (loop0): unmounting filesystem. [ 396.398030][ T4310] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 396.669858][T11338] netlink: 'syz.5.2462': attribute type 10 has an invalid length. [ 396.872641][T11330] loop1: detected capacity change from 0 to 40427 [ 396.887982][T11330] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 396.890139][T11330] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 396.893655][T11330] F2FS-fs (loop1): invalid crc value [ 396.898240][T11330] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 396.926596][T11330] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 396.928754][T11330] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 397.710147][T11360] loop4: detected capacity change from 0 to 1024 [ 397.738119][T11361] mac80211_hwsim hwsim4 aëÿÿ: renamed from wlan1 [ 397.758602][T11360] EXT4-fs: Ignoring removed bh option [ 397.760113][T11360] EXT4-fs: Ignoring removed nomblk_io_submit option [ 397.800363][T11360] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 398.839264][ T4314] EXT4-fs (loop4): unmounting filesystem. [ 399.454576][T11399] loop5: detected capacity change from 0 to 40427 [ 399.458107][T11399] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 399.459895][T11399] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 399.463365][T11399] F2FS-fs (loop5): invalid crc value [ 399.486254][T11399] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 399.540753][T11399] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 399.542936][T11399] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 400.375924][T11444] tap0: tun_chr_ioctl cmd 1074025675 [ 400.377554][T11444] tap0: persist disabled [ 400.602993][T11454] binder: 11452:11454 tried to acquire reference to desc 0, got 1 instead [ 400.618067][T11454] binder: 11452:11454 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 400.629083][T11454] binder: 11454 RLIMIT_NICE not set [ 400.640698][T11454] binder: 11454 RLIMIT_NICE not set [ 400.646346][T11454] binder: 11452:11454 got reply transaction with bad transaction stack, transaction 331 has target 11452:11454 [ 400.653994][T11454] binder: 11452:11454 transaction reply to 0:0 failed 332/29201/-71, size 0-0 line 2970 [ 400.666191][ T4353] binder: release 11452:11454 transaction 331 out, still active [ 400.668515][ T4353] binder: undelivered TRANSACTION_COMPLETE [ 400.670270][ T4353] binder: undelivered TRANSACTION_ERROR: 29201 [ 400.699535][ T4353] binder: release 11452:11454 transaction 331 in, still active [ 400.701796][ T4353] binder: send failed reply for transaction 331, target dead [ 400.867643][T11468] Bluetooth: hci3: Frame reassembly failed (-90) [ 400.915663][T11467] tipc: Enabled bearer , priority 0 [ 400.919414][T11466] tipc: Resetting bearer [ 402.123238][ T7] tipc: Node number set to 1808249243 [ 403.068994][ T4310] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 403.069019][ T4313] Bluetooth: hci3: command 0x1003 tx timeout [ 412.886554][T11466] tipc: Disabling bearer [ 412.908873][T11502] sch_tbf: burst 4398 is lower than device lo mtu (39799) ! [ 413.426172][T11540] binder: 11539:11540 tried to acquire reference to desc 0, got 1 instead [ 413.440957][T11540] binder: 11539:11540 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 413.450621][T11540] binder: 11540 RLIMIT_NICE not set [ 413.458098][T11540] binder: 11540 RLIMIT_NICE not set [ 413.465478][T11540] binder: 11540 RLIMIT_NICE not set [ 413.470503][T11540] binder_alloc: 11539: binder_alloc_buf, no vma [ 413.480965][T11540] binder: cannot allocate buffer: vma cleared, target dead or dying [ 413.480998][T11540] binder: 11539:11540 transaction reply to 11539:11540 failed 338/29189/-3, size 0-0 line 3239 [ 413.501174][T11540] binder: send failed reply for transaction 337 to 11539:11540 [ 413.513907][ T7] binder: undelivered TRANSACTION_COMPLETE [ 413.515548][ T7] binder: undelivered TRANSACTION_ERROR: 29189 [ 413.565888][ T4353] binder: undelivered TRANSACTION_ERROR: 29190 [ 413.603620][T11549] loop5: detected capacity change from 0 to 512 [ 413.622626][T11549] EXT4-fs (loop5): Test dummy encryption mode enabled [ 413.624456][T11549] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 413.640452][T11549] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.2527: bad orphan inode 131083 [ 413.645580][T11549] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 413.987804][T11572] support for the xor transformation has been removed. [ 414.165138][T11580] page:00000000dfdb7c8c refcount:4 mapcount:1 mapping:00000000cc05a037 index:0x0 pfn:0x13faf1 [ 414.168536][T11580] memcg:ffff0000dbf3c000 [ 414.169783][T11580] aops:shmem_aops ino:b1 [ 414.170944][T11580] flags: 0x5ffd80000080015(locked|uptodate|lru|swapbacked|node=0|zone=2|lastcpupid=0x7ff) [ 414.173691][T11580] raw: 05ffd80000080015 ffff0000dbf3e258 fffffc0003febc88 ffff0000cbf2c8d8 [ 414.176132][T11580] raw: 0000000000000000 0000000000000000 0000000400000000 ffff0000dbf3c000 [ 414.178624][T11580] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio)) [ 414.180677][T11580] ------------[ cut here ]------------ [ 414.182182][T11580] kernel BUG at mm/filemap.c:153! [ 414.183816][T11580] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 414.185989][T11580] Modules linked in: [ 414.187020][T11580] CPU: 0 PID: 11580 Comm: syz.1.2533 Not tainted 6.1.147-syzkaller #0 [ 414.189331][T11580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.192148][T11580] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 414.194330][T11580] pc : filemap_unaccount_folio+0x464/0x50c [ 414.195926][T11580] lr : filemap_unaccount_folio+0x464/0x50c [ 414.197524][T11580] sp : ffff800021827140 [ 414.198691][T11580] x29: ffff800021827150 x28: ffff8000218274c0 x27: dfff800000000000 [ 414.200909][T11580] x26: ffff700004304e3c x25: 0000000000000001 x24: ffff8000218274c0 [ 414.203125][T11580] x23: ffff800021827200 x22: ffff0000cbf2c8d8 x21: fffffc0003febc58 [ 414.205401][T11580] x20: ffff0000cbf2c8d8 x19: fffffc0003febc40 x18: 0000000000000000 [ 414.207652][T11580] x17: 0000000000000000 x16: ffff8000082e7bb0 x15: 0000000000000000 [ 414.209919][T11580] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 414.212157][T11580] x11: ff008000087ae1cc x10: 0000000000000000 x9 : ffff8000087ae1cc [ 414.214403][T11580] x8 : ffff0000d46d5340 x7 : 0000000000000001 x6 : 0000000000000001 [ 414.216650][T11580] x5 : ffff800021826b78 x4 : ffff800015194800 x3 : ffff80000852e34c [ 414.218858][T11580] x2 : 0000000000000001 x1 : 0000000100000002 x0 : 0000000000000039 [ 414.221095][T11580] Call trace: [ 414.222022][T11580] filemap_unaccount_folio+0x464/0x50c [ 414.223548][T11580] __filemap_remove_folio+0xc0/0x4d4 [ 414.225090][T11580] filemap_remove_folio+0xcc/0x1bc [ 414.226559][T11580] truncate_inode_folio+0x6c/0x84 [ 414.227973][T11580] shmem_undo_range+0x400/0x1610 [ 414.229411][T11580] shmem_evict_inode+0x204/0x8a0 [ 414.230825][T11580] evict+0x3c8/0x810 [ 414.231922][T11580] iput+0x764/0x7f4 [ 414.233046][T11580] dentry_unlink_inode+0x360/0x438 [ 414.234531][T11580] __dentry_kill+0x320/0x598 [ 414.235831][T11580] dentry_kill+0xc8/0x248 [ 414.237063][T11580] dput+0x238/0x454 [ 414.238125][T11580] __fput+0x480/0x7c0 [ 414.239231][T11580] ____fput+0x20/0x30 [ 414.240325][T11580] task_work_run+0x1ec/0x270 [ 414.241633][T11580] do_notify_resume+0x1f70/0x2b0c [ 414.243035][T11580] el0_svc+0x98/0x138 [ 414.244121][T11580] el0t_64_sync_handler+0x84/0xf0 [ 414.245534][T11580] el0t_64_sync+0x18c/0x190 [ 414.246823][T11580] Code: f004a2a1 91220021 aa1303e0 94037abd (d4210000) [ 414.248774][T11580] ---[ end trace 0000000000000000 ]--- [ 414.696223][T11580] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 414.698258][T11580] SMP: stopping secondary CPUs [ 414.699654][T11580] Kernel Offset: disabled [ 414.700828][T11580] CPU features: 0x080000,02070084,26017203 [ 414.702444][T11580] Memory Limit: none [ 415.117290][T11580] Rebooting in 86400 seconds..