last executing test programs: 2m18.144375802s ago: executing program 1 (id=364): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}}) statx(0xffffffffffffff9c, 0x0, 0x100, 0x800, 0x0) 2m17.107991035s ago: executing program 1 (id=368): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x6e) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0xa}}, 0x18) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f00000004c0)=0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) close_range(r0, 0xffffffffffffffff, 0x0) 2m16.984132456s ago: executing program 1 (id=372): socket$vsock_stream(0x28, 0x1, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b20, 0x0) ioctl$SNDRV_PCM_IOCTL_PREPARE(r0, 0x4140, 0x0) 2m16.066434759s ago: executing program 1 (id=377): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000003c0)={[{@noload}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@auto_da_alloc}, {@dioread_nolock}, {@nobarrier}]}, 0x3, 0x45d, &(0x7f0000001380)="$eJzs3M9vFOUbAPBnpi1Q4PtlJYjyQ62isfFHSwsiBw9qNPGgiYke8FjbQpCFGloTIUTRGDwaEm+aGI8m/gWe9GLUk4lX9WxIiHIBPa2Z7ky7u91tu6XtqPv5JAPvO/Nu3ufZmXf3nXlZAuhZQ9kfScTOiPg5InbVq80Nhup/3bpxafLPG5cmk6jVXvk9mW9388alyaJp8bodRaU/Iv0giQNt+p29cPHMRLU6fT6vj86dfXN09sLFxwc/jZg+NX1u/Pjxo0fGnjw2/kTH2Ld1kWeW183978wc3PfCa1dfmjxx9fXvv0yK/FvyWCdDyx18qFZb5+7K9b+GctJfYiB0pa8+TGNgfvzvir5YPHm74vn3Sw0O2FC1Wq22t6j8uuTw5RrwH5ZE2REA5Si+6LP732LbxOlH6a4/U78ByvK+lW/1I/2R5m0GWu5v19NQRJy4/Ndn2RYb8xwCAKDJ19n857F287809ja0+3++hlKJiDsiYndEHIuIPRFxZ8R827si4u4u+29dJFk6/0mvrSmxVcrmf0/la1vN879i9heVvryWzQErgwPJydPV6cP5ezIcA1uz+tgyfXzz3E8fdTrWOP/Ltqz/Yi6Yx3Gtf2vza6Ym5iZuJ+dG19+L2N/fLv9kYSUgiYh9EbF/jX2cfuSLg52OrZz/MtZhnan2ecTD9fN/OVryLySN65Onz06cal6fHN0W1enDo8VVsdQPP155uVP/q8r/k9vPs5Ps/G9ve/0v5F9JGtdrZ7vv48ovH3a8p1nr9b8lebVp39sTc3PnxyK2JC/Wg27cP97SbnyxfZb/8KH24393LL4TByIiu4jviYh7I+K+PPb7I+KBiDi0TP7fPfvgG007hnd2kf/GyvKf6ur8Lxa2ROue9oW+M99+1dRpJbrIPzv/R+dLw/me1Xz+rSautV3NAAAA8O+TRsTOSNKRhXKajozU/w3/ntieVmdm5x49OfPWuan6bwQqMZAWT7rqz4Prz0PH8tv6oj7eUj+SPzf+uG9wvj4yOVOdKjt56HE7Ooz/zG99ZUcHbDi/14LeZfxD7zL+oWclf5QdAVCaNt//g2XEAWy+dvP/d0uIA9h8LeN/Ydnv6RJiATaX53/Qu4x/6F3GP/Sk2cFY+UfyCgpLCpGu2GbbKv+DiF4rpPGPCGP5QtmfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOvj7wAAAP//4E/nIA==") pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000100)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x4000) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224"], 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0x12) 2m14.885391224s ago: executing program 1 (id=385): r0 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$vhost_msg_v2(r1, 0x0, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) bind$inet(r2, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c) sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) memfd_create(0x0, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e24, 0xa4ffffff, @loopback}}}, 0x108) socket$kcm(0x10, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2m12.143315224s ago: executing program 1 (id=401): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setresgid(0x0, 0xee01, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd) 2m12.065198891s ago: executing program 32 (id=401): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setresgid(0x0, 0xee01, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd) 8.805187372s ago: executing program 3 (id=993): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 7.052161914s ago: executing program 3 (id=1003): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045503, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) 5.541826525s ago: executing program 0 (id=1011): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x4, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 4.962858992s ago: executing program 3 (id=1013): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 4.410588646s ago: executing program 0 (id=1015): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000005c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x2000010, &(0x7f00000001c0)=ANY=[@ANYBLOB="666c7573682c6e66732c74696d655f6f66667365743d3078303030303030303030303030303264372c6e6f646f74732c6e6f646f74732c00e94f858cc5add951be5560b2b10409b2caf19b89679412fda54378d58ee92ed254f0ee62ee26a42300865e346b9c349298940af1212e42e147254d296cc87c0fff526f02d3d27b3fdae5f61f56", @ANYRES64], 0x1, 0x243, &(0x7f00000002c0)="$eJzs3cFqE1EUBuBjmrShC+1aXAy4cRXUNxikgjggRGahKwfUTSvCdDO6yton8Bl8JB+jq+5G7AxNWxMVTDKx830Q5sCfwLkJ5GZxT+bNvQ9Hbz+evK+/f43xOIlhxCzOIg5iEDvRuNVeB+f1blw2CwDgfzOdFmnXPbBeZZkWo4jY+yXJv3XSEAAAAAAAAAAAAP/M+X8A6B/n/2++skyL/fb321XO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdOavrO/VvHl33BwCsnv0fAPrH/g8A/WP/B4D+efnq9fM0yw6nSTKOOJ1VeZU31yZ/+iw7fJicO5i/6rSq8p2L/FGTJ1fzUey3+eOF+W48uN/kP7MnL7Jr+d5w/asHAAAAAAAAAAAAAAAAAACA7TBJLiyc759MluVNden/Aa7N7w/jrgl+AAAAAAAAAAAAAAAAAAAA+Csnnz4fFcfH70rFn4pB+5ZtSz+KVRaj9tPdln46Lzr8UgIAAAAAAAAAAAAAAAAAgJ6aD/0uf86X25vsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2b37///UVXa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6IcfAQAA//+Xjo1A") 4.302478945s ago: executing program 2 (id=1016): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="460400", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r3, r1, 0x0, 0x100000000) 3.641159798s ago: executing program 2 (id=1019): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x6, 0x0, @tick, {}, {}, @raw32}], 0x1c) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r4, r3, &(0x7f0000002080)=0x64, 0x23b) 3.247428889s ago: executing program 4 (id=1020): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045503, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) 3.24657668s ago: executing program 5 (id=1021): syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32=r1], 0xc) 3.186390264s ago: executing program 3 (id=1022): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sysinfo(&(0x7f0000000000)=""/196) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"}) 3.074612153s ago: executing program 0 (id=1023): syz_open_procfs(0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r4, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0) 3.055184015s ago: executing program 5 (id=1024): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045503, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) 2.886576899s ago: executing program 3 (id=1025): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x4, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 2.765079618s ago: executing program 2 (id=1026): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x100000001, @random, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000440)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000080211000001080211000000080211"], 0x20) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 2.333459733s ago: executing program 4 (id=1027): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sysinfo(&(0x7f0000000000)=""/196) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"}) 2.156880617s ago: executing program 0 (id=1028): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x4, 0x4) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 2.044116176s ago: executing program 5 (id=1029): syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="00042abd7000fddbdf250200000014000200"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000095) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x46, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), r3) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00', @ANYRES16=r4], 0x78}, 0x1, 0xffffffff00000003}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0x5ee, 0xfd000004, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e0330020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472be0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 1.776660108s ago: executing program 2 (id=1030): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="460400", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r3, r1, 0x0, 0x100000000) 1.775847508s ago: executing program 4 (id=1031): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x4, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 1.178220706s ago: executing program 5 (id=1032): syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x46, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), r3) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00', @ANYRES16=r4], 0x78}, 0x1, 0xffffffff00000003}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0x5ee, 0xfd000004, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e0330020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472be0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 1.12665123s ago: executing program 4 (id=1033): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.109282781s ago: executing program 2 (id=1034): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000005c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x2000010, &(0x7f00000001c0)=ANY=[@ANYBLOB="666c7573682c6e66732c74696d655f6f66667365743d3078303030303030303030303030303264372c6e6f646f74732c6e6f646f74732c00e94f858cc5add951be5560b2b10409b2caf19b89679412fda54378d58ee92ed254f0ee62ee26a42300865e346b9c349298940af1212e42e147254d296cc87c0fff526f02d3d27b3fdae5f61f56", @ANYRES64], 0x1, 0x243, &(0x7f00000002c0)="$eJzs3cFqE1EUBuBjmrShC+1aXAy4cRXUNxikgjggRGahKwfUTSvCdDO6yton8Bl8JB+jq+5G7AxNWxMVTDKx830Q5sCfwLkJ5GZxT+bNvQ9Hbz+evK+/f43xOIlhxCzOIg5iEDvRuNVeB+f1blw2CwDgfzOdFmnXPbBeZZkWo4jY+yXJv3XSEAAAAAAAAAAAAP/M+X8A6B/n/2++skyL/fb321XO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdOavrO/VvHl33BwCsnv0fAPrH/g8A/WP/B4D+efnq9fM0yw6nSTKOOJ1VeZU31yZ/+iw7fJicO5i/6rSq8p2L/FGTJ1fzUey3+eOF+W48uN/kP7MnL7Jr+d5w/asHAAAAAAAAAAAAAAAAAACA7TBJLiyc759MluVNden/Aa7N7w/jrgl+AAAAAAAAAAAAAAAAAAAA+Csnnz4fFcfH70rFn4pB+5ZtSz+KVRaj9tPdln46Lzr8UgIAAAAAAAAAAAAAAAAAgJ6aD/0uf86X25vsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2b37///UVXa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6IcfAQAA//+Xjo1A") 536.446297ms ago: executing program 3 (id=1035): syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32=r1], 0xc) 396.339708ms ago: executing program 0 (id=1036): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sysinfo(&(0x7f0000000000)=""/196) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"}) 229.844992ms ago: executing program 5 (id=1037): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x3, 0x8000000003c) socket$inet6(0xa, 0x3, 0x8000000003c) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r3, r1, 0x25, 0x0, @val=@tcx={@void, @value=r3}}, 0x1c) syz_emit_ethernet(0x82, &(0x7f0000000700)=ANY=[], 0x0) 229.395832ms ago: executing program 2 (id=1038): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045503, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) 146.558709ms ago: executing program 4 (id=1039): syz_open_procfs(0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x53) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r4, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0) 83.953814ms ago: executing program 5 (id=1040): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x100000001, @random, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000440)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000080211000001080211000000080211"], 0x20) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 43.569357ms ago: executing program 0 (id=1041): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045503, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) 0s ago: executing program 4 (id=1042): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sysinfo(&(0x7f0000000000)=""/196) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"}) kernel console output (not intermixed with test programs): : macvtap0: link becomes ready [ 35.677909][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.679379][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.681650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.683115][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.684640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.686002][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.688651][ T4051] device veth1_macvtap entered promiscuous mode [ 35.694350][ T4054] device veth0_vlan entered promiscuous mode [ 35.700688][ T4051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.702237][ T4051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.703690][ T4051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.705202][ T4051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.707172][ T4051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.708576][ T4047] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.711183][ T4047] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.713282][ T4047] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.717513][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.718856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.721561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.723018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.724418][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.727741][ T4047] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.729118][ T4047] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.731070][ T4047] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.732447][ T4047] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.735162][ T4051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.736755][ T4051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.738338][ T4051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.740625][ T4051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.742745][ T4051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.748881][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.750685][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.753335][ T4051] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.754792][ T4051] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.756265][ T4051] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.757712][ T4051] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.761360][ T4054] device veth1_vlan entered promiscuous mode [ 35.775378][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.776931][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 35.778396][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.811004][ T4053] device veth0_vlan entered promiscuous mode [ 35.815149][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.816692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.818114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.819710][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.822875][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.827390][ T4053] device veth1_vlan entered promiscuous mode [ 35.840224][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.841433][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.847002][ T4054] device veth0_macvtap entered promiscuous mode [ 35.848829][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.850398][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.851863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.853277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.854733][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.856309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.859067][ T4054] device veth1_macvtap entered promiscuous mode [ 35.863467][ T445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.864716][ T445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.869491][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.871747][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.886461][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.887710][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.889174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.899047][ T4053] device veth0_macvtap entered promiscuous mode [ 35.903608][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.904780][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.905730][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.907448][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.909132][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.913160][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.918593][ T4053] device veth1_macvtap entered promiscuous mode [ 35.927908][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.929265][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.934377][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.936080][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.954172][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.955858][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.957334][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.958866][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.962147][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.964417][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.966693][ T4054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.985491][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.987095][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.991898][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.992826][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.993136][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.995062][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.997486][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.999153][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.002823][ T4054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.004493][ T4054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.007058][ T4054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.011321][ T4054] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.012757][ T4054] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.014106][ T4054] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.015490][ T4054] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.047820][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.049000][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.068709][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.070131][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.085623][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.087606][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.089123][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.091035][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.092519][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.094209][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.095866][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.097500][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.099767][ T4053] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.106577][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.108024][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.109589][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.111254][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.112654][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.114106][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.115711][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.128453][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.131637][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.133181][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.134761][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.136344][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.467285][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.468861][ T4053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.470651][ T4053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.472672][ T4053] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.476719][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.479695][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.505021][ T4053] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.506526][ T4053] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.507952][ T4053] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.509385][ T4053] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.615486][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.618816][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.624324][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.668832][ T4157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.671766][ T4157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.673881][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.045046][ T4101] Bluetooth: hci1: command 0x041b tx timeout [ 37.046441][ T4101] Bluetooth: hci0: command 0x041b tx timeout [ 37.070322][ T4109] Bluetooth: hci4: command 0x041b tx timeout [ 37.071375][ T4109] Bluetooth: hci2: command 0x041b tx timeout [ 37.072356][ T4109] Bluetooth: hci3: command 0x041b tx timeout [ 37.126526][ T4166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 37.128973][ T4169] loop3: detected capacity change from 0 to 16 [ 37.152610][ T4169] ======================================================= [ 37.152610][ T4169] WARNING: The mand mount option has been deprecated and [ 37.152610][ T4169] and is ignored by this kernel. Remove the mand [ 37.152610][ T4169] option from the mount to silence this warning. [ 37.152610][ T4169] ======================================================= [ 37.164651][ T4169] erofs: (device loop3): mounted with root inode @ nid 36. [ 37.174223][ T4173] tipc: Started in network mode [ 37.179821][ T4173] tipc: Node identity fab8e99f9fdc, cluster identity 4711 [ 37.185709][ T4173] tipc: Enabled bearer , priority 0 [ 37.252780][ T4173] device syzkaller0 entered promiscuous mode [ 37.262598][ T4173] tipc: Resetting bearer [ 37.270455][ T4170] tipc: Resetting bearer [ 37.274372][ T4170] tipc: Disabling bearer [ 37.729016][ T4183] loop0: detected capacity change from 0 to 1024 [ 37.779480][ T4183] EXT4-fs (loop0): Ignoring removed bh option [ 37.792902][ T4187] tipc: Failed to obtain node identity [ 37.794004][ T4187] tipc: Enabling of bearer rejected, failed to enable media [ 38.164515][ T4193] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15'. [ 38.167624][ T4183] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 38.184796][ T4183] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 38.266724][ T4193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.277042][ T4193] bond0: (slave rose0): Enslaving as an active interface with an up link [ 38.279036][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 38.658972][ T4235] netlink: 28 bytes leftover after parsing attributes in process `syz.0.19'. [ 38.703810][ T4238] loop0: detected capacity change from 0 to 2048 [ 38.726938][ T4238] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 38.740496][ T4037] udevd[4037]: incorrect nilfs2 checksum on /dev/loop0 [ 38.756766][ T4243] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 38.759034][ T4238] NILFS (loop0): corrupt root inode [ 38.864408][ T4226] loop2: detected capacity change from 0 to 32768 [ 38.947016][ T4226] XFS (loop2): Mounting V5 Filesystem [ 38.984986][ T4226] XFS (loop2): Ending clean mount [ 38.998564][ T4233] loop3: detected capacity change from 0 to 32768 [ 39.060260][ T4101] Bluetooth: hci0: command 0x040f tx timeout [ 39.061355][ T4101] Bluetooth: hci1: command 0x040f tx timeout [ 39.067447][ T4233] XFS (loop3): Mounting V5 Filesystem [ 39.091178][ T4233] XFS (loop3): Ending clean mount [ 39.096278][ T4233] XFS (loop3): Quotacheck needed: Please wait. [ 39.103032][ T4238] loop0: detected capacity change from 0 to 32768 [ 39.110226][ T4233] XFS (loop3): Quotacheck: Done. [ 39.140147][ T13] Bluetooth: hci3: command 0x040f tx timeout [ 39.141151][ T13] Bluetooth: hci2: command 0x040f tx timeout [ 39.142330][ T13] Bluetooth: hci4: command 0x040f tx timeout [ 39.155852][ T4047] XFS (loop3): Unmounting Filesystem [ 39.274343][ T4037] udevd[4037]: incorrect btrfs checksum on /dev/loop0 [ 39.296667][ T4051] XFS (loop2): Unmounting Filesystem [ 39.371164][ T4275] bridge0: port 3(netdevsim0) entered blocking state [ 39.372594][ T4275] bridge0: port 3(netdevsim0) entered disabled state [ 39.379452][ T4275] device netdevsim0 entered promiscuous mode [ 39.382460][ T4275] bridge0: port 3(netdevsim0) entered blocking state [ 39.383525][ T4275] bridge0: port 3(netdevsim0) entered forwarding state [ 40.155598][ T4284] loop0: detected capacity change from 0 to 128 [ 40.232345][ T4284] EXT4-fs (loop0): mounted filesystem without journal. Opts: auto_da_alloc=0x000000000000032b,nobarrier,,errors=continue. Quota mode: none. [ 40.832025][ T4306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 41.140795][ T3625] Bluetooth: hci1: command 0x0419 tx timeout [ 41.142288][ T3625] Bluetooth: hci0: command 0x0419 tx timeout [ 41.203720][ T4309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 41.220235][ T3625] Bluetooth: hci4: command 0x0419 tx timeout [ 41.222367][ T3625] Bluetooth: hci2: command 0x0419 tx timeout [ 41.223432][ T3625] Bluetooth: hci3: command 0x0419 tx timeout [ 41.244215][ T4315] loop2: detected capacity change from 0 to 1024 [ 41.256903][ T4315] EXT4-fs (loop2): inline encryption not supported [ 41.261220][ T4315] EXT4-fs (loop2): Ignoring removed bh option [ 41.263389][ T4315] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 41.279278][ T4315] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,discard,data_err=ignore,grpquota,noblock_validity,lazytime,bh,errors=remount-ro,. Quota mode: writeback. [ 41.325987][ T4315] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3876: comm syz.2.33: Allocating blocks 497-513 which overlap fs metadata [ 41.328861][ T4315] EXT4-fs (loop2): Remounting filesystem read-only [ 41.333490][ T4315] EXT4-fs (loop2): pa 00000000f39264da: logic 128, phys. 385, len 8 [ 41.334778][ T4315] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1 [ 41.337016][ T4315] EXT4-fs (loop2): Remounting filesystem read-only [ 41.345052][ T4312] loop3: detected capacity change from 0 to 32768 [ 42.094538][ T4328] loop1: detected capacity change from 0 to 2048 [ 42.115019][ T4037] udevd[4037]: incorrect nilfs2 checksum on /dev/loop1 [ 42.118421][ T4328] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 42.160064][ T4329] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 42.163723][ T4328] NILFS (loop1): corrupt root inode [ 42.187791][ T4322] loop2: detected capacity change from 0 to 32768 [ 42.244585][ T4337] tipc: Enabled bearer , priority 10 [ 42.258399][ T4336] loop3: detected capacity change from 0 to 1024 [ 42.265371][ T4326] loop4: detected capacity change from 0 to 32768 [ 42.269481][ T4336] EXT4-fs (loop3): Ignoring removed bh option [ 42.276126][ T4322] XFS (loop2): Mounting V5 Filesystem [ 42.287867][ T4336] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 42.316516][ T4322] XFS (loop2): Ending clean mount [ 42.389076][ T4353] Zero length message leads to an empty skb [ 42.413272][ T4326] XFS (loop4): Mounting V5 Filesystem [ 42.429754][ T4328] loop1: detected capacity change from 0 to 32768 [ 42.449327][ T4326] XFS (loop4): Ending clean mount [ 42.451421][ T4326] XFS (loop4): Quotacheck needed: Please wait. [ 42.466219][ T4326] XFS (loop4): Quotacheck: Done. [ 42.529616][ T4054] XFS (loop4): Unmounting Filesystem [ 42.804165][ T4051] XFS (loop2): Unmounting Filesystem [ 43.474930][ T7] tipc: Node number set to 1701112223 [ 43.798292][ T4389] netlink: 28 bytes leftover after parsing attributes in process `syz.4.53'. [ 43.863949][ T4378] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.865524][ T4378] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.905053][ T4396] loop0: detected capacity change from 0 to 2048 [ 43.924052][ T4396] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 44.324237][ T4378] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.339124][ T4378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.616990][ T4378] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.618553][ T4378] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.620054][ T4378] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.621678][ T4378] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.767561][ T4386] tipc: Failed to obtain node identity [ 44.768538][ T4386] tipc: Enabling of bearer rejected, failed to enable media [ 44.875656][ T4405] loop0: detected capacity change from 0 to 2048 [ 44.924634][ T4403] loop3: detected capacity change from 0 to 32768 [ 45.280515][ T4405] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 45.305271][ T4037] udevd[4037]: incorrect nilfs2 checksum on /dev/loop0 [ 45.316999][ T4417] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 45.319281][ T4405] NILFS (loop0): corrupt root inode [ 45.351328][ T4037] udevd[4037]: incorrect nilfs2 checksum on /dev/loop0 [ 45.355851][ T4403] XFS (loop3): Mounting V5 Filesystem [ 45.400713][ T4403] XFS (loop3): Ending clean mount [ 45.411091][ T4403] XFS (loop3): Quotacheck needed: Please wait. [ 45.421766][ T4403] XFS (loop3): Quotacheck: Done. [ 45.466423][ T4047] XFS (loop3): Unmounting Filesystem [ 45.573373][ T4405] loop0: detected capacity change from 0 to 32768 [ 45.602866][ T4037] udevd[4037]: incorrect btrfs checksum on /dev/loop0 [ 45.719285][ T4442] tipc: Failed to obtain node identity [ 45.735983][ T4442] tipc: Enabling of bearer rejected, failed to enable media [ 46.093620][ T4446] loop4: detected capacity change from 0 to 512 [ 46.122519][ T4446] EXT4-fs (loop4): Ignoring removed orlov option [ 46.198427][ T4446] EXT4-fs (loop4): mounted filesystem without journal. Opts: acl,nolazytime,orlov,i_version,lazytime,nodiscard,grpjquota=,block_validity,errors=remount-ro,. Quota mode: writeback. [ 46.236071][ T4446] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #2: comm syz.4.70: corrupted inode contents [ 46.247806][ T4446] EXT4-fs (loop4): Remounting filesystem read-only [ 46.255302][ T4446] EXT4-fs error (device loop4): ext4_dirty_inode:6040: inode #2: comm syz.4.70: mark_inode_dirty error [ 46.268323][ T4446] EXT4-fs (loop4): Remounting filesystem read-only [ 46.278652][ T4446] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #2: comm syz.4.70: corrupted inode contents [ 46.289212][ T4446] EXT4-fs (loop4): Remounting filesystem read-only [ 46.350426][ T4451] loop2: detected capacity change from 0 to 128 [ 46.423441][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.426467][ T9] EXT4-fs (loop4): Remounting filesystem read-only [ 46.433042][ T4054] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 46.827441][ T4054] EXT4-fs (loop4): Remounting filesystem read-only [ 46.829669][ T4054] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 46.834194][ T4054] EXT4-fs (loop4): Remounting filesystem read-only [ 46.835401][ T4054] EXT4-fs error (device loop4): ext4_quota_off:6513: inode #3: comm syz-executor: mark_inode_dirty error [ 46.850019][ T4054] EXT4-fs (loop4): Remounting filesystem read-only [ 46.942377][ T4462] loop4: detected capacity change from 0 to 1024 [ 46.966159][ T4464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 46.971551][ T4464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 46.977410][ T401] attempt to access beyond end of device [ 46.977410][ T401] loop2: rw=1, want=1041, limit=128 [ 47.001110][ T4462] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 47.049546][ T4462] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.72: corrupted xattr block 128 [ 47.065641][ T4462] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 47.080831][ T4462] EXT4-fs error (device loop4): ext4_dirty_inode:6040: inode #15: comm syz.4.72: mark_inode_dirty error [ 47.089623][ T4462] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 47.099036][ T4462] EXT4-fs error (device loop4): ext4_punch_hole:4113: inode #15: comm syz.4.72: mark_inode_dirty error [ 47.143046][ T4472] loop2: detected capacity change from 0 to 2048 [ 47.223955][ T4470] loop1: detected capacity change from 0 to 32768 [ 47.236369][ T4472] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 47.263635][ T4472] NILFS (loop2): corrupt root inode [ 47.264537][ T4476] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 47.266582][ T4365] udevd[4365]: incorrect nilfs2 checksum on /dev/loop2 [ 47.675113][ T4470] XFS (loop1): Mounting V5 Filesystem [ 47.694580][ T4490] loop4: detected capacity change from 0 to 512 [ 47.734616][ T4470] XFS (loop1): Ending clean mount [ 47.742015][ T4470] XFS (loop1): Quotacheck needed: Please wait. [ 47.758904][ T4470] XFS (loop1): Quotacheck: Done. [ 47.765280][ T4490] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 47.822597][ T4472] loop2: detected capacity change from 0 to 32768 [ 47.833837][ T4490] syz.4.82 uses obsolete (PF_INET,SOCK_PACKET) [ 47.841945][ T4053] XFS (loop1): Unmounting Filesystem [ 47.902078][ T4500] loop0: detected capacity change from 0 to 1024 [ 47.944673][ T4500] EXT4-fs (loop0): Ignoring removed bh option [ 47.964561][ T4500] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 47.973795][ T4500] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2755: inode #15: comm syz.0.86: corrupted in-inode xattr [ 48.000893][ T4500] EXT4-fs (loop0): Remounting filesystem read-only [ 48.107721][ T4043] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 48.110203][ T4043] EXT4-fs (loop0): Remounting filesystem read-only [ 48.111251][ T4043] EXT4-fs error (device loop0): ext4_dirty_inode:6040: inode #15: comm syz-executor: mark_inode_dirty error [ 48.115782][ T4043] EXT4-fs (loop0): Remounting filesystem read-only [ 48.121311][ T4509] loop3: detected capacity change from 0 to 1024 [ 48.779213][ T4509] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 49.183759][ T4509] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.90: corrupted xattr block 128 [ 49.188077][ T4509] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 49.203919][ T4509] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #15: comm syz.3.90: mark_inode_dirty error [ 49.208102][ T4509] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 49.210293][ T4509] EXT4-fs error (device loop3): ext4_punch_hole:4113: inode #15: comm syz.3.90: mark_inode_dirty error [ 49.255574][ T4528] device ipip0 entered promiscuous mode [ 49.259552][ T4532] binder: 4529:4532 tried to acquire reference to desc 0, got 1 instead [ 49.282274][ T4102] binder: undelivered transaction 5, process died. [ 49.367251][ T4537] netlink: 'syz.4.97': attribute type 11 has an invalid length. [ 49.449948][ T4540] ptrace attach of "./syz-executor exec"[4043] was attempted by "\x09   Àÿ Àÿ Ðÿ 0 ðÿ °ÿ Àÿ ÿÿÿÿ  "[4540] [ 49.766490][ T4543] loop4: detected capacity change from 0 to 256 [ 49.788311][ T4547] loop3: detected capacity change from 0 to 128 [ 49.808232][ T4546] netlink: 12 bytes leftover after parsing attributes in process `syz.2.100'. [ 49.833940][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 49.844140][ T4547] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 49.845334][ T4549] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 49.858548][ T4539] EXT4-fs (loop3): resizing filesystem from 64 to 2 blocks [ 49.863815][ T4539] EXT4-fs warning (device loop3): ext4_resize_fs:2004: can't shrink FS - resize aborted [ 50.030512][ T4563] netlink: 20 bytes leftover after parsing attributes in process `syz.1.105'. [ 50.047062][ T4555] sctp: failed to load transform for md5: -4 [ 50.186153][ T4574] loop2: detected capacity change from 0 to 1024 [ 50.537093][ T4560] loop3: detected capacity change from 0 to 32768 [ 50.567451][ T4574] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 50.605150][ T4560] XFS (loop3): Mounting V5 Filesystem [ 50.638062][ T4560] XFS (loop3): Ending clean mount [ 50.640837][ T4560] XFS (loop3): Quotacheck needed: Please wait. [ 50.653714][ T4574] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.107: corrupted xattr block 128 [ 50.656611][ T4560] XFS (loop3): Quotacheck: Done. [ 50.661438][ T4574] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 50.664432][ T4574] EXT4-fs error (device loop2): ext4_dirty_inode:6040: inode #15: comm syz.2.107: mark_inode_dirty error [ 50.670474][ T4574] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 50.675812][ T4574] EXT4-fs error (device loop2): ext4_punch_hole:4113: inode #15: comm syz.2.107: mark_inode_dirty error [ 50.692450][ T4047] XFS (loop3): Unmounting Filesystem [ 50.877024][ T4610] loop4: detected capacity change from 0 to 64 [ 50.879344][ T4610] hfs: type requires a 4 character value [ 50.880863][ T4610] hfs: unable to parse mount options [ 51.788932][ T4614] netlink: 24 bytes leftover after parsing attributes in process `syz.4.113'. [ 53.443877][ T4632] loop4: detected capacity change from 0 to 16 [ 53.456159][ T4633] tipc: Failed to obtain node identity [ 53.457105][ T4633] tipc: Enabling of bearer rejected, failed to enable media [ 53.583561][ T4632] erofs: (device loop4): mounted with root inode @ nid 36. [ 54.822421][ T4650] loop4: detected capacity change from 0 to 164 [ 54.825036][ T4648] loop3: detected capacity change from 0 to 1024 [ 54.832762][ T4652] loop0: detected capacity change from 0 to 1024 [ 54.838649][ T4642] loop1: detected capacity change from 0 to 32768 [ 54.884704][ T4652] EXT4-fs (loop0): Ignoring removed bh option [ 54.905328][ T4642] XFS (loop1): Mounting V5 Filesystem [ 54.905330][ T4650] process 'syz.4.124' launched '/dev/fd/5' with NULL argv: empty string added [ 54.911055][ T4650] attempt to access beyond end of device [ 54.911055][ T4650] loop4: rw=524288, want=263332, limit=164 [ 54.911718][ T4637] loop2: detected capacity change from 0 to 32768 [ 54.912966][ T4650] attempt to access beyond end of device [ 54.912966][ T4650] loop4: rw=0, want=263332, limit=164 [ 54.916494][ T4652] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 54.927611][ T4648] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 54.943296][ T4642] XFS (loop1): Ending clean mount [ 54.951835][ T4642] XFS (loop1): Quotacheck needed: Please wait. [ 54.964210][ T4642] XFS (loop1): Quotacheck: Done. [ 54.977058][ T4648] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.123: corrupted xattr block 128 [ 54.988561][ T4648] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 54.990500][ T4648] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #15: comm syz.3.123: mark_inode_dirty error [ 54.992846][ T4648] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 54.994608][ T4648] EXT4-fs error (device loop3): ext4_punch_hole:4113: inode #15: comm syz.3.123: mark_inode_dirty error [ 55.006085][ T4637] XFS (loop2): Mounting V5 Filesystem [ 55.069159][ T4637] XFS (loop2): Ending clean mount [ 55.076276][ T4053] XFS (loop1): Unmounting Filesystem [ 55.087934][ T4680] loop3: detected capacity change from 0 to 64 [ 55.103575][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 55.105944][ T4678] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 55.121833][ T4680] hfs: type requires a 4 character value [ 55.122778][ T4680] hfs: unable to parse mount options [ 55.319881][ T4682] netlink: 24 bytes leftover after parsing attributes in process `syz.3.127'. [ 55.727273][ T4051] XFS (loop2): Unmounting Filesystem [ 57.864074][ T4714] netlink: 'syz.1.135': attribute type 4 has an invalid length. [ 57.987744][ T4719] loop4: detected capacity change from 0 to 8 [ 58.012107][ T4719] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 58.425828][ T4719] cramfs: Error -5 while decompressing! [ 58.427011][ T4719] cramfs: 000000009c6be865(26)->0000000052ebd732(4096) [ 58.428026][ T4719] cramfs: Error -3 while decompressing! [ 58.429044][ T4719] cramfs: 00000000515023d5(26)->00000000513e30d5(4096) [ 58.430182][ T4719] cramfs: Error -3 while decompressing! [ 58.431139][ T4719] cramfs: 0000000028aacef2(16)->0000000094cb353e(4096) [ 58.432342][ T4719] cramfs: Error -5 while decompressing! [ 58.433232][ T4719] cramfs: 000000009c6be865(26)->0000000052ebd732(4096) [ 58.844183][ T4725] loop2: detected capacity change from 0 to 128 [ 58.963913][ T4037] udevd[4037]: incorrect cramfs checksum on /dev/loop4 [ 59.805374][ T4725] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 60.523207][ T4748] loop2: detected capacity change from 0 to 128 [ 61.195719][ T4758] loop4: detected capacity change from 0 to 1024 [ 62.543600][ T4780] udc-core: couldn't find an available UDC or it's busy [ 62.544863][ T4780] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 63.628160][ T4803] tipc: Started in network mode [ 63.629036][ T4803] tipc: Node identity 4, cluster identity 4711 [ 63.962250][ T4803] tipc: Node number set to 4 [ 63.995483][ T4807] netlink: 'syz.0.162': attribute type 21 has an invalid length. [ 63.996847][ T4807] netlink: 156 bytes leftover after parsing attributes in process `syz.0.162'. [ 64.005193][ T4809] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 64.013235][ T4809] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 64.017812][ T4809] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.026707][ T4809] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.037764][ T4809] device bridge_slave_0 left promiscuous mode [ 64.041222][ T4809] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.066692][ T4809] device bridge_slave_1 left promiscuous mode [ 64.067890][ T4809] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.123454][ T4809] bond0: (slave bond_slave_0): Releasing backup interface [ 64.164698][ T4809] bond0: (slave bond_slave_1): Releasing backup interface [ 64.234648][ T4809] team0: Failed to send options change via netlink (err -105) [ 64.236188][ T4809] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 64.238225][ T4809] team0: Port device team_slave_0 removed [ 64.245660][ T4809] team0: Failed to send options change via netlink (err -105) [ 64.247214][ T4809] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 64.249081][ T4809] team0: Port device team_slave_1 removed [ 64.253823][ T4809] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.255229][ T4809] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.257357][ T4809] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.258559][ T4809] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.264455][ T4807] netlink: 'syz.0.162': attribute type 21 has an invalid length. [ 64.267556][ T4807] netlink: 6 bytes leftover after parsing attributes in process `syz.0.162'. [ 64.273623][ T4811] team0: Failed to send options change via netlink (err -105) [ 64.282532][ T4811] team0: Mode changed to "activebackup" [ 64.309104][ T4819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.166'. [ 64.347351][ T4823] loop4: detected capacity change from 0 to 8 [ 64.481187][ T4823] squashfs: Unknown parameter 'ÿÿÿÿÿÿÿÿ0xffffffffffffffffgp1H´ñûÎ%¸SqXQî¼^½Œ' [ 66.523295][ T4860] netlink: 52 bytes leftover after parsing attributes in process `syz.2.179'. [ 66.562838][ T4864] loop2: detected capacity change from 0 to 1024 [ 66.619781][ T4865] ptrace attach of "./syz-executor exec"[4054] was attempted by " [ 66.683316][ T4864] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 66.822413][ T4864] EXT4-fs (loop2): inline encryption not supported [ 67.023358][ T4864] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.181: bad orphan inode 11 [ 67.026248][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.028454][ T4864] ext4_test_bit(bit=10, block=4) = 1 [ 67.033198][ T4864] is_bad_inode(inode)=0 [ 67.034078][ T4864] NEXT_ORPHAN(inode)=3254779904 [ 67.034774][ T4864] max_ino=32 [ 67.035375][ T4864] i_nlink=0 [ 67.038045][ T4864] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 2: comm syz.2.181: lblock 2 mapped to illegal pblock 2 (length 1) [ 67.041627][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.042837][ T4864] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 67.044173][ T4864] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 48: comm syz.2.181: lblock 0 mapped to illegal pblock 48 (length 1) [ 67.046827][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.047956][ T4864] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 67.049711][ T4864] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.181: Failed to acquire dquot type 0 [ 67.054844][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.056033][ T4864] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 67.061694][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.063964][ T4864] EXT4-fs error (device loop2): ext4_evict_inode:282: inode #11: comm syz.2.181: mark_inode_dirty error [ 67.066189][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.067349][ T4864] EXT4-fs warning (device loop2): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 67.069157][ T4864] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier,noblock_validity,mblk_io_submit,data_err=ignore,errors=remount-ro,inlinecrypt,. Quota mode: none. [ 67.147521][ T4864] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #2: block 16: comm syz.2.181: lblock 0 mapped to illegal pblock 16 (length 1) [ 67.150124][ T4087] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 67.152982][ T4864] EXT4-fs (loop2): Remounting filesystem read-only [ 67.411507][ T4087] usb 1-1: Using ep0 maxpacket: 32 [ 67.524376][ T4863] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.181: Invalid inode table block 1 in block_group 0 [ 67.535136][ T4863] EXT4-fs (loop2): Remounting filesystem read-only [ 67.536192][ T4863] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 67.548062][ T4863] EXT4-fs (loop2): Remounting filesystem read-only [ 67.549205][ T4863] EXT4-fs error (device loop2): ext4_quota_off:6513: inode #3: comm syz.2.181: mark_inode_dirty error [ 67.553014][ T4863] EXT4-fs (loop2): Remounting filesystem read-only [ 67.564592][ T4881] device syzkaller1 entered promiscuous mode [ 67.607258][ T4886] fuse: Bad value for 'fd' [ 67.640263][ T4087] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.645263][ T4087] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.647719][ T4087] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 67.649286][ T4087] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.676406][ T4087] usb 1-1: config 0 descriptor?? [ 68.486705][ T4900] netlink: 52 bytes leftover after parsing attributes in process `syz.3.193'. [ 68.923963][ T26] audit: type=1326 audit(68.900:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4905 comm="syz.3.195" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb924bf28 code=0x0 [ 69.076582][ T4913] loop0: detected capacity change from 0 to 1024 [ 69.113311][ T4087] usbhid 1-1:0.0: can't add hid device: -71 [ 69.215469][ T4087] usbhid: probe of 1-1:0.0 failed with error -71 [ 69.515988][ T4087] usb 1-1: USB disconnect, device number 2 [ 69.550610][ T4916] loop3: detected capacity change from 0 to 1024 [ 69.564838][ T4916] EXT4-fs (loop3): Ignoring removed bh option [ 69.580699][ T4916] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 69.632243][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.633859][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.939654][ T1969] cfg80211: failed to load regulatory.db [ 69.953831][ T4913] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 69.985896][ T4915] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.198: Invalid block bitmap block 5043000792520342900 in block_group 0 [ 70.032246][ T4915] EXT4-fs (loop3): Remounting filesystem read-only [ 70.043601][ T4915] EXT4-fs error (device loop3): ext4_discard_preallocations:5131: comm syz.3.198: Error -117 reading block bitmap for 0 [ 70.056709][ T4913] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.196: corrupted xattr block 128 [ 70.071145][ T4913] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 70.081966][ T4915] EXT4-fs (loop3): Remounting filesystem read-only [ 70.084328][ T4913] EXT4-fs error (device loop0): ext4_dirty_inode:6040: inode #15: comm syz.0.196: mark_inode_dirty error [ 70.091353][ T4913] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 70.095017][ T4913] EXT4-fs error (device loop0): ext4_punch_hole:4113: inode #15: comm syz.0.196: mark_inode_dirty error [ 70.111551][ T4938] netlink: 20 bytes leftover after parsing attributes in process `syz.4.203'. [ 70.113582][ T4938] netlink: 20 bytes leftover after parsing attributes in process `syz.4.203'. [ 71.394567][ T4976] loop3: detected capacity change from 0 to 1024 [ 71.791436][ T4976] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 71.926783][ T4989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.933976][ T4989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 71.953004][ T4985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.992616][ T5004] netlink: 56 bytes leftover after parsing attributes in process `syz.1.232'. [ 72.999156][ T5004] netlink: 56 bytes leftover after parsing attributes in process `syz.1.232'. [ 73.375613][ T5010] udc-core: couldn't find an available UDC or it's busy [ 73.376947][ T5010] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 73.381523][ T5004] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 73.852859][ T5016] netlink: 4 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 73.958050][ T5023] loop1: detected capacity change from 0 to 1024 [ 74.056365][ T5023] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 74.064720][ T5030] loop4: detected capacity change from 0 to 1024 [ 74.477745][ T5030] EXT4-fs (loop4): Ignoring removed bh option [ 74.543607][ T5030] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 74.566414][ T5035] loop0: detected capacity change from 0 to 2048 [ 74.571852][ T5037] binder: 5036:5037 tried to acquire reference to desc 0, got 1 instead [ 74.594010][ T4088] binder: undelivered TRANSACTION_COMPLETE [ 74.599318][ T5035] hpfs: hpfs_map_sector(): read error [ 74.616331][ T4088] binder: undelivered transaction 10, process died. [ 74.822982][ T5044] batman_adv: batadv0: Adding interface: dummy0 [ 74.824034][ T5044] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.836901][ T5044] batman_adv: batadv0: Interface activated: dummy0 [ 74.885104][ T5046] batadv0: mtu less than device minimum [ 74.888841][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.892700][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.896578][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.900426][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.904181][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.907971][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.911788][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.915611][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 74.919407][ T5046] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 75.080371][ T5051] fuse: Bad value for 'fd' [ 75.903014][ T5063] loop1: detected capacity change from 0 to 1024 [ 76.221672][ T5072] loop0: detected capacity change from 0 to 1024 [ 76.302514][ T5063] EXT4-fs (loop1): Ignoring removed bh option [ 76.313973][ T5078] netlink: 'syz.2.245': attribute type 9 has an invalid length. [ 76.323883][ T5063] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 76.570272][ T5082] xt_nat: multiple ranges no longer supported [ 76.634908][ T5072] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 76.695363][ T5063] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.241: Invalid block bitmap block 5043000792520342900 in block_group 0 [ 76.698197][ T5063] EXT4-fs (loop1): Remounting filesystem read-only [ 76.699517][ T5063] EXT4-fs error (device loop1): ext4_discard_preallocations:5131: comm syz.1.241: Error -117 reading block bitmap for 0 [ 76.712053][ T5063] EXT4-fs (loop1): Remounting filesystem read-only [ 76.729514][ T5091] loop0: detected capacity change from 0 to 1024 [ 76.738822][ T5091] EXT4-fs (loop0): Ignoring removed nobh option [ 76.741112][ T5091] EXT4-fs (loop0): inline encryption not supported [ 76.744757][ T5091] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,jqfmt=vfsold,barrier=0x0000000000000002,dioread_lock,data_err=ignore,resgid=0x0000000000000000,jqfmt=vfsold,journal_dev=0x0000000000000800,nobh,inlinecrypt,grpquota,init_itable,,errors=continue. Quota mode: writeback. [ 76.983818][ T5102] loop0: detected capacity change from 0 to 1024 [ 76.988650][ T5102] EXT4-fs (loop0): Ignoring removed bh option [ 77.001851][ T5102] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 77.524569][ T5109] tipc: Failed to obtain node identity [ 77.525636][ T5109] tipc: Enabling of bearer rejected, failed to enable media [ 78.468035][ T5112] netlink: 'syz.4.255': attribute type 1 has an invalid length. [ 78.499313][ T5112] 8021q: adding VLAN 0 to HW filter on device bond1 [ 78.573340][ T5123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.579214][ T5123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.595587][ T5123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.690016][ T5112] bond1: (slave gretap1): making interface the new active one [ 78.692858][ T5112] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 78.696600][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 78.782002][ T5128] netlink: 'syz.2.260': attribute type 2 has an invalid length. [ 78.966185][ T5125] sched: RT throttling activated [ 79.156117][ T5134] binder: 5133:5134 tried to acquire reference to desc 0, got 1 instead [ 79.210532][ T5138] binder: 5133:5138 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 79.212897][ T5138] binder: 5138 RLIMIT_NICE not set [ 79.213780][ T5138] binder: 5138 RLIMIT_NICE not set [ 79.216565][ T5138] binder: 5138 RLIMIT_NICE not set [ 79.224543][ T4102] binder: undelivered TRANSACTION_COMPLETE [ 80.295327][ T5154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.301957][ T5154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.305928][ T5154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 81.111892][ T5180] overlayfs: failed to clone upperpath [ 81.155920][ T5182] fuse: Bad value for 'fd' [ 81.158460][ T5182] overlayfs: failed to clone upperpath [ 81.257855][ T5194] netlink: 48 bytes leftover after parsing attributes in process `syz.4.283'. [ 81.824283][ T5204] batman_adv: batadv0: Adding interface: dummy0 [ 81.825570][ T5204] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.829686][ T5204] batman_adv: batadv0: Interface activated: dummy0 [ 81.847214][ T5204] net_ratelimit: 10 callbacks suppressed [ 81.847223][ T5204] batadv0: mtu less than device minimum [ 81.851918][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.855845][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.859645][ T5206] loop4: detected capacity change from 0 to 512 [ 81.859807][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.864552][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.868393][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.872201][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.875943][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.877806][ T5206] EXT4-fs (loop4): orphan cleanup on readonly fs [ 81.879819][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.880339][ T5206] EXT4-fs error (device loop4): ext4_find_extent:929: inode #4: comm syz.4.287: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0) [ 81.883610][ T5204] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 81.886148][ T5206] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=-117 [ 81.888157][ T5206] EXT4-fs warning (device loop4): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 81.890670][ T5206] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 81.891908][ T5206] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 81.931940][ T5206] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 81.937559][ T5206] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 81.992402][ T5209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 81.996686][ T5209] device bond_slave_0 entered promiscuous mode [ 81.997858][ T5209] device bond_slave_1 entered promiscuous mode [ 81.999060][ T5209] device macvlan2 entered promiscuous mode [ 82.003873][ T5209] device bond0 entered promiscuous mode [ 82.005605][ T5209] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 82.112190][ T5213] loop0: detected capacity change from 0 to 512 [ 82.117755][ T5213] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001) [ 83.114558][ T5234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.295'. [ 83.127939][ T5235] netlink: 56 bytes leftover after parsing attributes in process `syz.2.297'. [ 83.129481][ T5235] netlink: 56 bytes leftover after parsing attributes in process `syz.2.297'. [ 83.138917][ T5236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 83.157522][ T5236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 83.173945][ T5236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 83.685577][ T5248] binder: 5247:5248 tried to acquire reference to desc 0, got 1 instead [ 83.688432][ T25] binder: undelivered TRANSACTION_COMPLETE [ 83.697040][ T25] binder: undelivered transaction 21, process died. [ 83.710228][ T5251] tipc: Enabled bearer , priority 10 [ 86.189527][ T5296] loop1: detected capacity change from 0 to 512 [ 86.316705][ T5296] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none. [ 87.020212][ T5296] netlink: 'syz.1.316': attribute type 10 has an invalid length. [ 87.024268][ T5296] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 87.188714][ T5329] loop4: detected capacity change from 0 to 8 [ 87.440084][ T5329] SQUASHFS error: xz decompression failed, data probably corrupt [ 87.441505][ T5329] SQUASHFS error: Failed to read block 0x108: -5 [ 87.442338][ T5329] SQUASHFS error: Unable to read metadata cache entry [106] [ 87.443581][ T5329] SQUASHFS error: Unable to read inode 0x11f [ 87.560947][ T5337] loop3: detected capacity change from 0 to 1024 [ 87.567189][ T5337] EXT4-fs (loop3): Ignoring removed bh option [ 87.616619][ T5337] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 88.113088][ T5350] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 88.160801][ T5350] EXT4-fs (loop3): Remounting filesystem read-only [ 88.164104][ T5350] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #15: comm syz.3.331: mark_inode_dirty error [ 88.166737][ T5350] EXT4-fs (loop3): Remounting filesystem read-only [ 88.176494][ T5354] loop4: detected capacity change from 0 to 7 [ 88.179649][ T5354] Dev loop4: unable to read RDB block 7 [ 88.184604][ T5354] loop4: AHDI p1 p2 [ 88.185312][ T5354] loop4: partition table partially beyond EOD, truncated [ 88.188431][ T5354] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 88.250383][ T5336] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.331: Invalid block bitmap block 5043000792520342900 in block_group 0 [ 88.253219][ T5336] EXT4-fs (loop3): Remounting filesystem read-only [ 88.254468][ T5336] EXT4-fs error (device loop3): ext4_discard_preallocations:5131: comm syz.3.331: Error -117 reading block bitmap for 0 [ 88.256887][ T5336] EXT4-fs (loop3): Remounting filesystem read-only [ 88.258531][ T4047] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 88.262837][ T4047] EXT4-fs (loop3): Remounting filesystem read-only [ 88.265040][ T4047] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #15: comm syz-executor: mark_inode_dirty error [ 88.273397][ T4047] EXT4-fs (loop3): Remounting filesystem read-only [ 89.077979][ T5370] netlink: 16 bytes leftover after parsing attributes in process `syz.2.338'. [ 89.179244][ T5369] loop4: detected capacity change from 0 to 512 [ 89.226463][ T5369] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none. [ 89.246954][ T5369] netlink: 'syz.4.339': attribute type 10 has an invalid length. [ 89.250494][ T5369] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 90.000328][ T5398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.349'. [ 90.004428][ T5398] device syz_tun entered promiscuous mode [ 90.907720][ T5415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.913554][ T5415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.916097][ T5415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.916484][ T5416] loop3: detected capacity change from 0 to 256 [ 92.579053][ T5461] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 92.583998][ T5461] batman_adv: batadv0: Interface deactivated: dummy0 [ 92.585061][ T5461] batman_adv: batadv0: Removing interface: dummy0 [ 92.589020][ T5461] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 92.593092][ T5461] device bridge_slave_0 left promiscuous mode [ 92.594255][ T5461] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.213906][ T5461] device bridge_slave_1 left promiscuous mode [ 93.215125][ T5461] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.288170][ T5461] bond0: (slave bond_slave_0): Releasing backup interface [ 93.305173][ C1] vcan0: j1939_tp_rxtimer: 0x0000000061ce4bfc: rx timeout, send abort [ 93.306875][ C1] vcan0: j1939_tp_rxtimer: 0x000000009cec2bf4: rx timeout, send abort [ 93.321752][ T5461] device bond_slave_0 left promiscuous mode [ 93.326339][ T5461] bond0: (slave bond_slave_1): Releasing backup interface [ 93.360667][ T5461] device bond_slave_1 left promiscuous mode [ 93.379802][ T5461] team0: Port device team_slave_0 removed [ 93.387434][ T5461] team0: Port device team_slave_1 removed [ 93.389096][ T5461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.390669][ T5461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.392629][ T5461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.394022][ T5461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.398205][ T5461] device netdevsim0 left promiscuous mode [ 93.399308][ T5461] bridge0: port 3(netdevsim0) entered disabled state [ 93.464519][ T5487] loop1: detected capacity change from 0 to 512 [ 93.469345][ T5487] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 93.470672][ T5487] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.472721][ T5487] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 93.474868][ T5487] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 93.478440][ T5470] team0: Mode changed to "loadbalance" [ 93.486269][ T5487] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters [ 93.498921][ T5487] EXT4-fs (loop1): 1 truncate cleaned up [ 93.501398][ T5487] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,mblk_io_submit,debug_want_extra_isize=0x000000000000002e,auto_da_alloc,dioread_nolock,nobarrier,,errors=continue. Quota mode: none. [ 93.544226][ T5487] udc-core: couldn't find an available UDC or it's busy [ 93.546356][ T5487] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 93.806742][ C1] vcan0: j1939_tp_rxtimer: 0x0000000061ce4bfc: abort rx timeout. Force session deactivation [ 93.808410][ C1] vcan0: j1939_tp_rxtimer: 0x000000009cec2bf4: abort rx timeout. Force session deactivation [ 94.678491][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 18: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=61441, size=1024 fake=0 [ 94.678862][ T5511] netlink: 96 bytes leftover after parsing attributes in process `syz.0.384'. [ 94.683779][ T5511] netlink: 80 bytes leftover after parsing attributes in process `syz.0.384'. [ 95.043386][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 95.056007][ T4053] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=61441, size=1024 fake=0 [ 95.059739][ T5511] macvtap0: refused to change device tx_queue_len [ 95.074380][ T5511] loop0: detected capacity change from 0 to 256 [ 95.075871][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 18: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=61441, size=1024 fake=0 [ 95.088198][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 95.092503][ T4053] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=61441, size=1024 fake=0 [ 95.097790][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 18: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=61441, size=1024 fake=0 [ 95.103080][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 95.106695][ T4053] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=61441, size=1024 fake=0 [ 95.110788][ T5518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.127077][ T5518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.130529][ T4053] EXT4-fs error (device loop1): ext4_readdir:263: inode #11: block 18: comm syz-executor: path /72/bus/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=61441, size=1024 fake=0 [ 95.132555][ T5518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.151003][ T5511] attempt to access beyond end of device [ 95.151003][ T5511] loop0: rw=2049, want=260, limit=256 [ 95.217579][ T5516] loop3: detected capacity change from 0 to 32768 [ 95.239192][ T5516] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.387 (5516) [ 95.260853][ T5516] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 95.269759][ T5516] BTRFS info (device loop3): enabling auto defrag [ 95.273411][ T5516] BTRFS info (device loop3): use no compression [ 95.276553][ T5516] BTRFS info (device loop3): force clearing of disk cache [ 95.278781][ T5516] BTRFS info (device loop3): turning on sync discard [ 95.283392][ T5522] tipc: Enabled bearer , priority 0 [ 95.285338][ T5516] BTRFS info (device loop3): turning off barriers [ 95.287993][ T5516] BTRFS info (device loop3): using free space tree [ 95.290824][ T5516] BTRFS info (device loop3): has skinny extents [ 95.302143][ T5522] tipc: Resetting bearer [ 95.304793][ T5521] tipc: Resetting bearer [ 95.307497][ T5521] tipc: Disabling bearer [ 95.326446][ T5516] BTRFS info (device loop3): enabling ssd optimizations [ 95.332602][ T5516] BTRFS info (device loop3): clearing free space tree [ 95.334091][ T5516] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.335754][ T5516] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 95.358747][ T5516] BTRFS info (device loop3): creating free space tree [ 95.361994][ T5516] BTRFS info (device loop3): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.363964][ T5516] BTRFS info (device loop3): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.382374][ T5557] loop4: detected capacity change from 0 to 1764 [ 98.093649][ T5586] syz.3.400 (5586): drop_caches: 2 [ 98.101275][ T5586] syz.3.400 (5586): drop_caches: 2 [ 99.627457][ T5620] loop3: detected capacity change from 0 to 256 [ 99.687207][ T5620] FAT-fs (loop3): Directory bread(block 64) failed [ 99.688472][ T5620] FAT-fs (loop3): Directory bread(block 65) failed [ 99.689597][ T5620] FAT-fs (loop3): Directory bread(block 66) failed [ 99.691300][ T5620] FAT-fs (loop3): Directory bread(block 67) failed [ 99.692547][ T5620] FAT-fs (loop3): Directory bread(block 68) failed [ 99.693679][ T5620] FAT-fs (loop3): Directory bread(block 69) failed [ 99.694775][ T5620] FAT-fs (loop3): Directory bread(block 70) failed [ 99.694890][ T5600] chnl_net:caif_netlink_parms(): no params data found [ 99.696230][ T5620] FAT-fs (loop3): Directory bread(block 71) failed [ 99.698166][ T5620] FAT-fs (loop3): Directory bread(block 72) failed [ 99.699269][ T5620] FAT-fs (loop3): Directory bread(block 73) failed [ 100.236650][ T5634] tipc: Enabled bearer , priority 0 [ 100.237866][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.239125][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.260688][ T5600] device bridge_slave_0 entered promiscuous mode [ 100.262861][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.264053][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.265481][ T5600] device bridge_slave_1 entered promiscuous mode [ 100.266849][ T5634] device syzkaller0 entered promiscuous mode [ 100.275814][ T5636] loop3: detected capacity change from 0 to 1024 [ 100.283205][ T5636] EXT4-fs (loop3): Ignoring removed bh option [ 100.329402][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.335755][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.346275][ T5636] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 100.362018][ T5600] team0: Port device team_slave_0 added [ 100.366992][ T5634] tipc: Resetting bearer [ 100.370762][ T5600] team0: Port device team_slave_1 added [ 100.378163][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.379334][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.383819][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.386312][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.387392][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.393516][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.404069][ T5632] tipc: Resetting bearer [ 100.722032][ T5632] tipc: Disabling bearer [ 100.750466][ T4102] Bluetooth: hci3: command 0x0409 tx timeout [ 100.816370][ T5600] device hsr_slave_0 entered promiscuous mode [ 100.860235][ T5600] device hsr_slave_1 entered promiscuous mode [ 100.862069][ T5650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.864570][ T5650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.960977][ T5651] sctp: [Deprecated]: syz.3.417 (pid 5651) Use of struct sctp_assoc_value in delayed_ack socket option. [ 100.960977][ T5651] Use struct sctp_sack_info instead [ 101.236488][ T5652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.270874][ T5600] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.272767][ T5600] Cannot create hsr debugfs directory [ 101.414076][ T5600] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 102.191399][ T5600] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 102.232663][ T5665] tipc: Enabled bearer , priority 0 [ 102.234485][ T5600] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 102.282572][ T5600] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 102.834713][ T4087] Bluetooth: hci3: command 0x041b tx timeout [ 103.005276][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.012063][ T1621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.013729][ T1621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.016738][ T5600] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.020544][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.022184][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.023671][ T4157] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.024828][ T4157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.099565][ T4157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.752240][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.754102][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.756941][ T445] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.758103][ T445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.760675][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.775531][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 103.777588][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.785379][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.787074][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.790980][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.793971][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 103.797836][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 103.826517][ T5600] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 103.836137][ T5600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 103.838513][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 103.841969][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 103.843788][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 103.945490][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 103.946900][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 103.956832][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.319645][ T5714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.323748][ T5714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.326831][ T5714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.411880][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.413722][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.428312][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.430370][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.433331][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.434883][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.437768][ T5600] device veth0_vlan entered promiscuous mode [ 104.447273][ T5600] device veth1_vlan entered promiscuous mode [ 104.909595][ T25] Bluetooth: hci3: command 0x040f tx timeout [ 104.947719][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 104.950475][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 104.971728][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.973595][ T5052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.979685][ T5600] device veth0_macvtap entered promiscuous mode [ 104.986416][ T5600] device veth1_macvtap entered promiscuous mode [ 104.997822][ T5600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.999496][ T5600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.002639][ T5600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.004197][ T5600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.006502][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.007761][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 105.009189][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 105.014540][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 105.016336][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 105.019142][ T5600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.024509][ T5600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.026308][ T5600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.028146][ T5600] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.032543][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.034160][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 105.035965][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 105.038928][ T5600] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.040842][ T5600] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.042193][ T5600] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.043656][ T5600] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.073691][ T5730] binder: 5727:5730 tried to acquire reference to desc 0, got 1 instead [ 105.078561][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.084205][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.088567][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 105.092285][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.094035][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.096271][ T445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 105.149519][ T5733] device syzkaller0 entered promiscuous mode [ 105.325839][ T5741] netlink: 'syz.0.440': attribute type 10 has an invalid length. [ 105.336264][ T5741] device wlan1 entered promiscuous mode [ 105.337531][ T5741] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 105.371302][ T5745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.374163][ T5745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.376750][ T5745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.861937][ T5566] binder: release 5727:5730 transaction 32 out, still active [ 105.899554][ T5751] loop3: detected capacity change from 0 to 1764 [ 105.910293][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 105.911408][ T5566] binder: send failed reply for transaction 39 to 5727:5732 [ 105.912742][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 105.913725][ T5566] binder: undelivered TRANSACTION_ERROR: 29189 [ 105.914767][ T5566] binder: send failed reply for transaction 32, target dead [ 106.979912][ T4102] Bluetooth: hci3: command 0x0419 tx timeout [ 107.028652][ T5771] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370955 [ 107.158674][ T5780] tipc: Started in network mode [ 107.159534][ T5780] tipc: Node identity 1ab88ae7e044, cluster identity 4711 [ 107.161345][ T5780] tipc: Enabled bearer , priority 0 [ 107.163412][ T5780] device syzkaller0 entered promiscuous mode [ 107.177517][ T5780] tipc: Resetting bearer [ 107.183115][ T5779] tipc: Resetting bearer [ 107.187138][ T5779] tipc: Disabling bearer [ 108.030266][ T5787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.032939][ T5787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.051144][ T5787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.639107][ T5799] sctp: [Deprecated]: syz.4.460 (pid 5799) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.639107][ T5799] Use struct sctp_sack_info instead [ 109.245996][ T5810] loop0: detected capacity change from 0 to 1764 [ 110.310774][ T5826] tipc: Enabled bearer , priority 0 [ 110.312339][ T5826] device syzkaller0 entered promiscuous mode [ 110.351692][ T5826] tipc: Resetting bearer [ 110.657509][ T5824] tipc: Resetting bearer [ 110.665400][ T5824] tipc: Disabling bearer [ 110.668164][ T5829] tipc: Enabling of bearer rejected, failed to enable media [ 111.263509][ T5843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.266850][ T5843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.269700][ T5843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.702443][ T5849] binder: 5844:5849 ioctl c0306201 0 returned -14 [ 111.703943][ T5849] binder: 5844:5849 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 111.914674][ T5858] IPVS: Error joining to the multicast group [ 112.541931][ T5868] syz.5.481 (5868): drop_caches: 2 [ 112.544514][ T5868] syz.5.481 (5868): drop_caches: 2 [ 112.796978][ T5871] tipc: Enabling of bearer rejected, failed to enable media [ 112.814034][ T5875] tipc: Enabled bearer , priority 0 [ 112.818577][ T5875] device syzkaller0 entered promiscuous mode [ 113.257831][ T5875] tipc: Resetting bearer [ 113.280270][ T5872] tipc: Resetting bearer [ 113.284404][ T5872] tipc: Disabling bearer [ 113.436932][ T5890] tipc: Enabling of bearer rejected, failed to enable media [ 114.114509][ T5902] loop4: detected capacity change from 0 to 256 [ 114.198490][ T5905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.204147][ T5905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.207867][ T5905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.219239][ T5909] tipc: Enabling of bearer rejected, failed to enable media [ 114.230099][ T5902] FAT-fs (loop4): Directory bread(block 64) failed [ 114.231232][ T5902] FAT-fs (loop4): Directory bread(block 65) failed [ 114.232263][ T5902] FAT-fs (loop4): Directory bread(block 66) failed [ 114.233320][ T5902] FAT-fs (loop4): Directory bread(block 67) failed [ 114.234771][ T5902] FAT-fs (loop4): Directory bread(block 68) failed [ 114.235841][ T5902] FAT-fs (loop4): Directory bread(block 69) failed [ 114.237012][ T5902] FAT-fs (loop4): Directory bread(block 70) failed [ 114.779975][ T5902] FAT-fs (loop4): Directory bread(block 71) failed [ 114.780135][ T5902] FAT-fs (loop4): Directory bread(block 72) failed [ 114.780157][ T5902] FAT-fs (loop4): Directory bread(block 73) failed [ 115.570458][ T5930] FAT-fs (loop4): error, invalid access to FAT (entry 0x00006c61) [ 117.537922][ T5954] tipc: Enabling of bearer rejected, already enabled [ 117.550146][ T5954] device syzkaller0 entered promiscuous mode [ 118.826880][ T5972] loop5: detected capacity change from 0 to 512 [ 119.737391][ T5978] tipc: Enabling of bearer rejected, failed to enable media [ 120.135382][ T5989] overlayfs: failed to clone lowerpath [ 120.230881][ T5979] tipc: Enabled bearer , priority 0 [ 120.236213][ T5979] device syzkaller0 entered promiscuous mode [ 120.775059][ T5979] tipc: Resetting bearer [ 120.776355][ T5992] tipc: Enabling of bearer rejected, failed to enable media [ 120.790777][ T5976] tipc: Resetting bearer [ 120.794300][ T5976] tipc: Disabling bearer [ 121.250460][ T5998] tipc: Enabling of bearer rejected, already enabled [ 121.295182][ T6019] tipc: Enabling of bearer rejected, failed to enable media [ 121.348578][ T6023] netlink: 12 bytes leftover after parsing attributes in process `syz.2.522'. [ 121.372830][ T6024] loop4: detected capacity change from 0 to 128 [ 121.965258][ T6029] sctp: [Deprecated]: syz.2.525 (pid 6029) Use of struct sctp_assoc_value in delayed_ack socket option. [ 121.965258][ T6029] Use struct sctp_sack_info instead [ 122.631401][ T6044] loop3: detected capacity change from 0 to 512 [ 124.544287][ T6052] netlink: 48 bytes leftover after parsing attributes in process `syz.5.530'. [ 125.476521][ T6069] tipc: Enabled bearer , priority 0 [ 125.477991][ T6069] device syzkaller0 entered promiscuous mode [ 125.488534][ T6069] tipc: Resetting bearer [ 125.492876][ T6068] tipc: Resetting bearer [ 125.496649][ T6068] tipc: Disabling bearer [ 125.513112][ T6071] tipc: Enabled bearer , priority 0 [ 125.560985][ T6071] device syzkaller0 entered promiscuous mode [ 125.571123][ T6071] tipc: Resetting bearer [ 126.195298][ T6086] tipc: Enabled bearer , priority 0 [ 126.199245][ T6086] device syzkaller0 entered promiscuous mode [ 126.255165][ T6086] tipc: Resetting bearer [ 126.299792][ T6084] tipc: Resetting bearer [ 126.315775][ T6084] tipc: Disabling bearer [ 126.422955][ T6091] loop5: detected capacity change from 0 to 64 [ 127.114301][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'. [ 127.118836][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'. [ 127.122468][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'. [ 127.126503][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'. [ 127.128703][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'. [ 127.469561][ T6116] tipc: Enabling of bearer rejected, failed to enable media [ 127.826920][ T6121] binder: 6117:6121 Acquire 1 refcount change on invalid ref 3 ret -22 [ 127.879539][ T6121] loop5: detected capacity change from 0 to 256 [ 127.890323][ T6121] exfat: Deprecated parameter 'utf8' [ 127.943031][ T6121] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 129.041153][ T6139] tipc: Enabling of bearer rejected, already enabled [ 129.069564][ T6141] tipc: Enabling of bearer rejected, failed to enable media [ 129.093778][ T6143] binder: 6136:6143 tried to acquire reference to desc 0, got 1 instead [ 129.189139][ T6144] tipc: Enabled bearer , priority 0 [ 129.202377][ T6144] device syzkaller0 entered promiscuous mode [ 129.322080][ T6144] tipc: Resetting bearer [ 129.637323][ T6142] tipc: Resetting bearer [ 129.645472][ T6142] tipc: Disabling bearer [ 130.164143][ T5562] binder: release 6136:6143 transaction 44 out, still active [ 130.165465][ T5562] binder: undelivered TRANSACTION_COMPLETE [ 130.166404][ T5562] binder: send failed reply for transaction 51 to 6136:6143 [ 130.167736][ T5562] binder: undelivered TRANSACTION_COMPLETE [ 130.170662][ T5562] binder: undelivered TRANSACTION_ERROR: 29189 [ 130.187625][ T5562] binder: send failed reply for transaction 44, target dead [ 130.901704][ T6178] loop0: detected capacity change from 0 to 40427 [ 130.966355][ T6178] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 130.967752][ T6178] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 130.975255][ T6178] F2FS-fs (loop0): invalid crc value [ 131.084946][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.086345][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.293780][ T6178] F2FS-fs (loop0): Found nat_bits in checkpoint [ 131.325897][ T6178] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 131.327156][ T6178] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 132.082126][ T6190] loop5: detected capacity change from 0 to 512 [ 132.129683][ T6190] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 132.147157][ T6190] EXT4-fs (loop5): orphan cleanup on readonly fs [ 132.148267][ T6190] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #3: comm syz.5.573: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 132.495465][ T6190] EXT4-fs error (device loop5): ext4_quota_enable:6418: comm syz.5.573: Bad quota inode: 3, type: 0 [ 132.497483][ T6190] EXT4-fs warning (device loop5): ext4_enable_quotas:6459: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 132.499773][ T6190] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 132.500939][ T6190] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.142946][ T6211] tipc: Started in network mode [ 133.143793][ T6211] tipc: Node identity de32b89013f3, cluster identity 4711 [ 133.144986][ T6211] tipc: Enabled bearer , priority 0 [ 133.500358][ T6211] device syzkaller0 entered promiscuous mode [ 133.515279][ T6211] tipc: Resetting bearer [ 133.524777][ T6209] tipc: Resetting bearer [ 133.536449][ T6209] tipc: Disabling bearer [ 133.704530][ T6217] tipc: Enabling of bearer rejected, already enabled [ 137.721406][ T6271] tipc: Enabling of bearer rejected, already enabled [ 143.843669][ T6376] loop5: detected capacity change from 0 to 40427 [ 143.883802][ T6376] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x1ffff [ 143.885234][ T6376] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x4 [ 143.887475][ T6376] F2FS-fs (loop5): invalid crc value [ 143.907317][ T6376] F2FS-fs (loop5): Found nat_bits in checkpoint [ 143.922021][ T6376] F2FS-fs (loop5): Start checkpoint disabled! [ 143.938632][ T6376] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 144.693955][ T6401] loop0: detected capacity change from 0 to 512 [ 144.772646][ T6401] EXT4-fs (loop0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 144.774295][ T6401] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 144.775691][ T6401] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 144.777077][ T6401] EXT4-fs (loop0): DAX unsupported by block device. [ 145.355869][ T6406] netlink: 'syz.3.633': attribute type 10 has an invalid length. [ 145.365590][ T6406] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 145.468995][ T6417] netlink: 'syz.5.634': attribute type 8 has an invalid length. [ 145.761339][ T6417] bridge0: port 3(syz_tun) entered blocking state [ 145.762433][ T6417] bridge0: port 3(syz_tun) entered disabled state [ 145.764498][ T6417] device syz_tun entered promiscuous mode [ 145.765719][ T6417] bridge0: port 3(syz_tun) entered blocking state [ 145.766752][ T6417] bridge0: port 3(syz_tun) entered forwarding state [ 146.112096][ T6433] netlink: 48 bytes leftover after parsing attributes in process `syz.5.641'. [ 147.872025][ T6454] loop0: detected capacity change from 0 to 512 [ 148.641917][ T6470] netlink: 'syz.2.651': attribute type 10 has an invalid length. [ 148.643311][ T6470] netlink: 40 bytes leftover after parsing attributes in process `syz.2.651'. [ 148.649234][ T6470] batman_adv: batadv0: Adding interface: vlan1 [ 148.650309][ T6470] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.654215][ T6470] batman_adv: batadv0: Interface activated: vlan1 [ 149.069675][ T6475] tipc: Enabling of bearer rejected, already enabled [ 149.163260][ T6479] udc-core: couldn't find an available UDC or it's busy [ 149.164439][ T6479] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 150.851222][ T6507] loop0: detected capacity change from 0 to 64 [ 151.062916][ T6509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.662'. [ 151.064784][ T6509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.662'. [ 152.544558][ T6534] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.546182][ T6534] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.547555][ T6534] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.548958][ T6534] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.549822][ T6538] loop5: detected capacity change from 0 to 4096 [ 152.966595][ T6534] team0: Port device vxlan0 added [ 152.970899][ T6545] loop4: detected capacity change from 0 to 512 [ 152.990889][ T6538] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 153.092383][ T6545] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.672: iget: bad i_size value: 38620345925642 [ 153.094575][ T6545] EXT4-fs (loop4): Remounting filesystem read-only [ 153.095706][ T6545] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.672: couldn't read orphan inode 15 (err -117) [ 153.097858][ T6545] EXT4-fs (loop4): Remounting filesystem read-only [ 153.098936][ T6545] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,debug_want_extra_isize=0x0000000000000008,data_err=ignore,. Quota mode: writeback. [ 153.385449][ T5600] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22. [ 153.580187][ T6565] loop0: detected capacity change from 0 to 40427 [ 154.951949][ T6565] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 154.953727][ T6565] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 154.985734][ T6565] F2FS-fs (loop0): invalid crc value [ 154.999526][ T6565] F2FS-fs (loop0): Found nat_bits in checkpoint [ 155.015943][ T6565] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 155.017106][ T6565] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 156.648824][ T6616] loop5: detected capacity change from 0 to 512 [ 157.125492][ T6616] EXT4-fs (loop5): mounted filesystem without journal. Opts: nombcache,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 158.183842][ T6629] EXT4-fs error (device loop5): ext4_do_update_inode:5204: inode #2: comm syz.5.693: corrupted inode contents [ 158.193221][ T6629] EXT4-fs error (device loop5): ext4_dirty_inode:6040: inode #2: comm syz.5.693: mark_inode_dirty error [ 158.195362][ T6629] EXT4-fs error (device loop5): ext4_do_update_inode:5204: inode #2: comm syz.5.693: corrupted inode contents [ 158.197462][ T6629] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.693: mark_inode_dirty error [ 158.739968][ T4124] Bluetooth: hci4: command 0x0406 tx timeout [ 158.741296][ T4124] Bluetooth: hci2: command 0x0406 tx timeout [ 158.742355][ T4124] Bluetooth: hci1: command 0x0406 tx timeout [ 158.893971][ T5566] Bluetooth: hci0: command 0x0406 tx timeout [ 159.407666][ T6657] tipc: Enabled bearer , priority 0 [ 159.409766][ T6657] device syzkaller0 entered promiscuous mode [ 159.429805][ T6657] tipc: Resetting bearer [ 159.441067][ T6656] tipc: Resetting bearer [ 159.444817][ T6656] tipc: Disabling bearer [ 159.701848][ T6662] loop0: detected capacity change from 0 to 512 [ 159.803092][ T6662] EXT4-fs (loop0): Ignoring removed nobh option [ 159.804217][ T6662] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 159.848045][ T6662] EXT4-fs (loop0): 1 truncate cleaned up [ 159.848976][ T6662] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 160.547435][ T6686] netlink: 128 bytes leftover after parsing attributes in process `syz.0.703'. [ 160.548944][ T6686] netlink: 44 bytes leftover after parsing attributes in process `syz.0.703'. [ 160.827516][ T6677] loop3: detected capacity change from 0 to 40427 [ 160.848455][ T6677] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 160.849679][ T6677] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 160.857083][ T6677] F2FS-fs (loop3): invalid crc value [ 160.977521][ T6677] F2FS-fs (loop3): Found nat_bits in checkpoint [ 161.642652][ T6703] loop4: detected capacity change from 0 to 764 [ 162.096848][ T6703] rock: directory entry would overflow storage [ 162.098092][ T6703] rock: sig=0x5245, size=8, remaining=5 [ 162.145086][ T6677] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 162.146377][ T6677] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 162.375333][ T6713] loop5: detected capacity change from 0 to 128 [ 162.756499][ T6715] capability: warning: `syz.4.718' uses deprecated v2 capabilities in a way that may be insecure [ 164.105014][ T6733] loop4: detected capacity change from 0 to 256 [ 164.607196][ T6739] loop5: detected capacity change from 0 to 40427 [ 164.614661][ T6739] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 164.616016][ T6739] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 164.618317][ T6739] F2FS-fs (loop5): invalid crc value [ 165.245223][ T6739] F2FS-fs (loop5): Found nat_bits in checkpoint [ 165.280583][ T6739] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 165.281687][ T6739] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 166.793060][ T6779] loop0: detected capacity change from 0 to 64 [ 167.648182][ T6784] loop3: detected capacity change from 0 to 16 [ 167.836113][ T6784] erofs: (device loop3): mounted with root inode @ nid 36. [ 167.841858][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 360447 of nid 36 [ 167.843478][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 167.844823][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 167.846403][ T6783] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 84 of nid 36 [ 167.847816][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 85 @ nid 36 [ 167.849159][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 348159 of nid 36 [ 167.850999][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 167.853187][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 344063 of nid 36 [ 167.854685][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 83 @ nid 36 [ 167.856078][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.857527][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 82 @ nid 36 [ 167.859029][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 81 @ nid 36 [ 167.860496][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 79 @ nid 36 [ 167.861862][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 78 @ nid 36 [ 167.863274][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 167.864741][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 315391 of nid 36 [ 167.866272][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 76 @ nid 36 [ 167.867622][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.869090][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 75 @ nid 36 [ 167.870521][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 307199 of nid 36 [ 167.871970][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 167.873283][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 73 @ nid 36 [ 167.874536][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 167.875803][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 71 @ nid 36 [ 167.877060][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 290815 of nid 36 [ 167.878437][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 167.879736][ T6783] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 64 of nid 36 [ 167.881122][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 65 @ nid 36 [ 167.882361][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 266239 of nid 36 [ 167.883733][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 167.884968][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 262143 of nid 36 [ 167.886354][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 167.887610][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 61 @ nid 36 [ 167.889056][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 60 @ nid 36 [ 167.890437][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 59 @ nid 36 [ 167.891815][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.893132][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 167.894433][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 167.895691][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 56 @ nid 36 [ 167.896943][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 55 @ nid 36 [ 167.898207][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 167.899485][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 221183 of nid 36 [ 167.900958][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 167.902239][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 217087 of nid 36 [ 167.903846][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 167.905272][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 212991 of nid 36 [ 167.906940][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 167.908344][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 208895 of nid 36 [ 167.909967][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 167.911198][ T6790] loop5: detected capacity change from 0 to 1024 [ 167.911397][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 204799 of nid 36 [ 167.913956][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 49 @ nid 36 [ 167.915345][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 200703 of nid 36 [ 167.916840][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 48 @ nid 36 [ 167.918166][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 196607 of nid 36 [ 167.919615][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 167.921095][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.922505][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 167.923899][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 45 @ nid 36 [ 167.925312][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 44 @ nid 36 [ 167.926696][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 43 @ nid 36 [ 167.928093][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.929619][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 42 @ nid 36 [ 167.931055][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 41 @ nid 36 [ 167.932393][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.933725][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 167.935044][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 167.936345][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 167.937706][ T6783] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 167.939146][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 167.940718][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 167.942155][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 167.943545][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 106495 of nid 36 [ 167.944983][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 167.946443][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 167.947882][ T6783] erofs: (device loop3): z_erofs_extent_lookback: unknown type 3 @ lcn 15 of nid 36 [ 167.949389][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 167.950848][ T6783] erofs: (device loop3): z_erofs_map_blocks_iter: unknown type 3 @ offset 65535 of nid 36 [ 167.952376][ T6783] erofs: (device loop3): z_erofs_readahead: readahead error at page 15 @ nid 36 [ 167.953880][ T6783] attempt to access beyond end of device [ 167.953880][ T6783] loop3: rw=524288, want=848, limit=16 [ 167.955566][ T6783] attempt to access beyond end of device [ 167.955566][ T6783] loop3: rw=524288, want=13478624104, limit=16 [ 167.957286][ T6783] attempt to access beyond end of device [ 167.957286][ T6783] loop3: rw=524288, want=13478624080, limit=16 [ 167.958971][ T6783] attempt to access beyond end of device [ 167.958971][ T6783] loop3: rw=524288, want=40, limit=16 [ 167.960611][ T6783] attempt to access beyond end of device [ 167.960611][ T6783] loop3: rw=524288, want=96, limit=16 [ 167.962389][ T6783] attempt to access beyond end of device [ 167.962389][ T6783] loop3: rw=524288, want=32, limit=16 [ 168.075061][ T6790] EXT4-fs (loop5): Ignoring removed nobh option [ 168.076045][ T6790] EXT4-fs (loop5): Ignoring removed bh option [ 168.556049][ T6803] loop3: detected capacity change from 0 to 512 [ 168.842609][ T6790] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback. [ 170.012065][ T6816] netlink: 48 bytes leftover after parsing attributes in process `syz.0.744'. [ 171.227951][ T6823] loop3: detected capacity change from 0 to 8192 [ 171.773631][ T6842] loop5: detected capacity change from 0 to 8 [ 171.847773][ T6842] SQUASHFS error: zlib decompression failed, data probably corrupt [ 171.849139][ T6842] SQUASHFS error: Failed to read block 0x9b: -5 [ 171.850151][ T6842] SQUASHFS error: Unable to read metadata cache entry [99] [ 171.851340][ T6842] SQUASHFS error: Unable to read inode 0x127 [ 171.899995][ T6823] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 172.024886][ T6823] REISERFS (device loop3): using ordered data mode [ 172.032897][ T6823] reiserfs: using flush barriers [ 172.124266][ T6823] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 172.127163][ T6823] REISERFS (device loop3): checking transaction log (loop3) [ 172.147702][ T6823] REISERFS (device loop3): Using r5 hash to sort names [ 172.149721][ T6823] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 172.259264][ T6858] loop0: detected capacity change from 0 to 512 [ 173.453883][ T6870] loop0: detected capacity change from 0 to 1024 [ 173.561370][ T6870] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 175.357709][ T6904] loop3: detected capacity change from 0 to 4096 [ 177.205269][ T6904] ntfs3: loop3: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 177.205269][ T6904] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 177.205269][ T6904] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 177.795230][ T6904] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 177.825770][ T6904] ntfs3: loop3: Failed to load $BadClus. [ 179.974589][ T6955] binder: tried to use weak ref as strong ref [ 179.975640][ T6955] binder: 6941:6955 Acquire 1 refcount change on invalid ref 0 ret -22 [ 180.736792][ T6955] binder: 6941:6955 got transaction to invalid handle, 1 [ 180.738166][ T6955] binder: 6941:6955 transaction failed 29201/-22, size 72-24 line 2917 [ 180.849766][ T6962] binder: 6941:6962 got transaction to invalid handle, 3 [ 180.851184][ T6962] binder: 6941:6962 transaction failed 29201/-22, size 0-0 line 2917 [ 181.379036][ T6976] loop4: detected capacity change from 0 to 8 [ 181.382164][ T6976] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 181.390456][ T5565] binder: undelivered TRANSACTION_ERROR: 29201 [ 181.392069][ T5565] binder: undelivered TRANSACTION_ERROR: 29201 [ 182.277630][ T6006] udevd[6006]: incorrect cramfs checksum on /dev/loop4 [ 182.919532][ T6998] loop0: detected capacity change from 0 to 4096 [ 182.924342][ T6006] udevd[6006]: incorrect cramfs checksum on /dev/loop4 [ 183.355149][ T7002] loop5: detected capacity change from 0 to 2048 [ 183.357380][ T7002] UDF-fs: bad mount option "iocarset=maccysillic" or missing value [ 183.615589][ T6006] udevd[6006]: incorrect cramfs checksum on /dev/loop4 [ 183.725907][ T6998] ntfs3: loop0: This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver). [ 183.725907][ T6998] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff. [ 183.725907][ T6998] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case [ 184.164753][ T7014] loop5: detected capacity change from 0 to 1764 [ 184.190782][ T6998] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 184.204952][ T6998] ntfs3: loop0: Failed to load $BadClus. [ 186.504504][ T7044] loop5: detected capacity change from 0 to 40427 [ 186.971955][ T7044] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 186.973302][ T7044] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 186.975951][ T7044] F2FS-fs (loop5): invalid crc value [ 187.013402][ T7044] F2FS-fs (loop5): Found nat_bits in checkpoint [ 187.052272][ T7044] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 187.053455][ T7044] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 187.167977][ T7072] loop4: detected capacity change from 0 to 128 [ 187.271855][ T7073] attempt to access beyond end of device [ 187.271855][ T7073] loop5: rw=2049, want=78344, limit=40427 [ 187.563315][ T7072] EXT4-fs warning (device loop4): ext4_fill_super:3980: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 187.565602][ T7072] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 188.504816][ T7081] loop4: detected capacity change from 0 to 32768 [ 188.508487][ T26] audit: type=1326 audit(188.081:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.519552][ T26] audit: type=1326 audit(188.081:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=179 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.559890][ T26] audit: type=1326 audit(188.081:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.563516][ T26] audit: type=1326 audit(188.081:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.566868][ T26] audit: type=1326 audit(188.081:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.588978][ T26] audit: type=1326 audit(188.081:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.608958][ T26] audit: type=1326 audit(188.081:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.621139][ T26] audit: type=1326 audit(188.081:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.635478][ T26] audit: type=1326 audit(188.081:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 188.638966][ T26] audit: type=1326 audit(188.091:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa4680f28 code=0x7ffc0000 [ 191.300535][ T7113] loop5: detected capacity change from 0 to 1024 [ 191.304359][ T7131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.317426][ T7131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.326385][ T7113] hfsplus: unable to parse mount options [ 191.334565][ T7125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.529019][ T7135] loop3: detected capacity change from 0 to 8 [ 191.591719][ T7135] squashfs: Unknown parameter '0xffffffffffffffff01777777777777777777777' [ 191.979309][ T7141] binder: 7140:7141 tried to acquire reference to desc 0, got 1 instead [ 191.984162][ T7141] binder: 7140:7141 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 191.986334][ T7141] binder: 7141 RLIMIT_NICE not set [ 191.987144][ T7141] binder: 7141 RLIMIT_NICE not set [ 191.997240][ T7141] binder: 7141 RLIMIT_NICE not set [ 191.998438][ T7141] binder_alloc: 7140: binder_alloc_buf, no vma [ 191.999657][ T7141] binder: 7140:7141 transaction failed 29189/-3, size 0-0 line 3085 [ 192.005419][ T7141] binder: send failed reply for transaction 60 to 7140:7141 [ 192.085337][ T5566] binder: undelivered TRANSACTION_ERROR: 29190 [ 192.537748][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.539959][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.584017][ T7151] loop5: detected capacity change from 0 to 512 [ 192.681093][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 192.682193][ T5566] binder: undelivered TRANSACTION_ERROR: 29189 [ 193.114188][ T7160] netlink: 48 bytes leftover after parsing attributes in process `syz.0.839'. [ 193.602608][ T7162] loop0: detected capacity change from 0 to 32768 [ 194.060213][ T7178] binder: 7177:7178 tried to acquire reference to desc 0, got 1 instead [ 194.969805][ T5566] binder: release 7177:7178 transaction 66 out, still active [ 195.020694][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 195.022876][ T5566] binder: send failed reply for transaction 73 to 7177:7180 [ 195.026271][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 195.027488][ T5566] binder: undelivered TRANSACTION_ERROR: 29189 [ 195.030108][ T5566] binder: send failed reply for transaction 66, target dead [ 195.385156][ T7188] loop0: detected capacity change from 0 to 32768 [ 195.437361][ T7188] [ 195.437361][ T7188] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.437361][ T7188] [ 195.583649][ T7195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.604777][ T7195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.748279][ T7195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 196.316262][ T7200] [ 196.316262][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.316262][ T7200] [ 196.318175][ T7200] [ 196.318175][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.318175][ T7200] [ 196.319767][ T7200] [ 196.319767][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.319767][ T7200] [ 196.321494][ T7200] [ 196.321494][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.321494][ T7200] [ 196.323102][ T7200] [ 196.323102][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.323102][ T7200] [ 196.324752][ T7200] [ 196.324752][ T7200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.324752][ T7200] [ 196.344260][ T247] [ 196.344260][ T247] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.344260][ T247] [ 196.480433][ T4043] [ 196.480433][ T4043] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.480433][ T4043] [ 196.484969][ T4043] [ 196.484969][ T4043] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.484969][ T4043] [ 196.929605][ T7217] loop3: detected capacity change from 0 to 512 [ 197.745255][ T7231] binder: 7230:7231 tried to acquire reference to desc 0, got 1 instead [ 198.586807][ T25] binder: release 7230:7231 transaction 78 out, still active [ 198.630549][ T25] binder: undelivered TRANSACTION_COMPLETE [ 198.632036][ T25] binder: send failed reply for transaction 85 to 7230:7234 [ 198.633481][ T25] binder: undelivered TRANSACTION_COMPLETE [ 198.634627][ T25] binder: undelivered TRANSACTION_ERROR: 29189 [ 198.635768][ T25] binder: send failed reply for transaction 78, target dead [ 199.332446][ T7253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.336653][ T7253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.339739][ T7253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.108630][ T7266] loop3: detected capacity change from 0 to 512 [ 200.715146][ T7275] binder: 7274:7275 tried to acquire reference to desc 0, got 1 instead [ 201.993687][ T5565] binder: release 7274:7275 transaction 90 out, still active [ 202.214429][ T5565] binder: undelivered TRANSACTION_COMPLETE [ 202.215484][ T5565] binder: send failed reply for transaction 97 to 7274:7276 [ 202.216701][ T5565] binder: undelivered TRANSACTION_COMPLETE [ 202.217701][ T5565] binder: undelivered TRANSACTION_ERROR: 29189 [ 202.218731][ T5565] binder: send failed reply for transaction 90, target dead [ 203.117931][ T7309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.125555][ T7309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.129423][ T7309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.240320][ T7319] loop4: detected capacity change from 0 to 512 [ 205.629628][ T7357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.636571][ T7357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.641767][ T7357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.335034][ T7371] loop0: detected capacity change from 0 to 512 [ 208.193148][ T7406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.196087][ T7406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.198989][ T7406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.818994][ T7416] binder: 7415:7416 tried to acquire reference to desc 0, got 1 instead [ 209.655317][ T5565] binder: release 7415:7416 transaction 102 out, still active [ 209.807523][ T7434] loop5: detected capacity change from 0 to 512 [ 209.972927][ T5565] binder: undelivered TRANSACTION_COMPLETE [ 209.974099][ T5565] binder: send failed reply for transaction 109 to 7415:7418 [ 209.975586][ T5565] binder: undelivered TRANSACTION_COMPLETE [ 209.976691][ T5565] binder: undelivered TRANSACTION_ERROR: 29189 [ 209.977825][ T5565] binder: send failed reply for transaction 102, target dead [ 210.627820][ T6006] udevd[6006]: setting mode of /dev/gsmtty11 to 020600 failed: No such file or directory [ 210.639207][ T6006] udevd[6006]: setting owner of /dev/gsmtty11 to uid=0, gid=0 failed: No such file or directory [ 210.881952][ T7455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.982024][ T7455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.999459][ T7455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.057830][ T7475] binder: 7471:7475 tried to acquire reference to desc 0, got 1 instead [ 212.061171][ T7475] binder_alloc: 7471: binder_alloc_buf, no vma [ 212.063262][ T7475] binder: 7471:7475 transaction failed 29189/-3, size 72-24 line 3085 [ 212.116758][ T7476] binder: 7471:7476 got transaction to invalid handle, 3 [ 212.117961][ T7476] binder: 7471:7476 transaction failed 29201/-22, size 0-0 line 2917 [ 212.582858][ T7486] loop5: detected capacity change from 0 to 512 [ 212.922302][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 [ 213.380935][ T1541] binder: undelivered TRANSACTION_ERROR: 29189 [ 213.562696][ T7510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.675898][ T7510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.743414][ T7510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.826309][ T7536] binder: 7532:7536 tried to acquire reference to desc 0, got 1 instead [ 214.831363][ T7536] binder_alloc: 7532: binder_alloc_buf, no vma [ 214.832446][ T7536] binder: 7532:7536 transaction failed 29189/-3, size 72-24 line 3085 [ 214.893255][ T7539] loop3: detected capacity change from 0 to 512 [ 214.908930][ T7541] binder: 7532:7541 got transaction to invalid handle, 3 [ 214.915642][ T7541] binder: 7532:7541 transaction failed 29201/-22, size 0-0 line 2917 [ 215.601914][ T4109] binder: undelivered TRANSACTION_ERROR: 29201 [ 215.699943][ T5566] binder: undelivered TRANSACTION_ERROR: 29189 [ 217.962135][ T7564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.970356][ T7564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.962382][ T7599] loop4: detected capacity change from 0 to 512 [ 220.580904][ T7617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.599278][ T7617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.701274][ T7617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.838139][ T7628] binder: tried to use weak ref as strong ref [ 220.839211][ T7628] binder: 7624:7628 Acquire 1 refcount change on invalid ref 0 ret -22 [ 220.843135][ T7628] binder: 7624:7628 got transaction to invalid handle, 1 [ 220.844343][ T7628] binder: 7624:7628 transaction failed 29201/-22, size 72-24 line 2917 [ 222.645245][ T5562] binder: undelivered TRANSACTION_ERROR: 29201 [ 223.922478][ T7676] IPVS: Error joining to the multicast group [ 223.981550][ T7678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.992009][ T7678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.998443][ T7678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.869979][ T7701] loop0: detected capacity change from 0 to 512 [ 225.903247][ T7700] binder: tried to use weak ref as strong ref [ 225.904407][ T7700] binder: 7688:7700 Acquire 1 refcount change on invalid ref 0 ret -22 [ 225.906252][ T7700] binder: 7688:7700 got transaction to invalid handle, 1 [ 225.907473][ T7700] binder: 7688:7700 transaction failed 29201/-22, size 72-24 line 2917 [ 226.358145][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 [ 226.848913][ T7726] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.543368][ T7753] binder: tried to use weak ref as strong ref [ 228.544430][ T7753] binder: 7748:7753 Acquire 1 refcount change on invalid ref 0 ret -22 [ 228.545904][ T7753] binder: 7748:7753 got transaction to invalid handle, 1 [ 228.546993][ T7753] binder: 7748:7753 transaction failed 29201/-22, size 72-24 line 2917 [ 229.411162][ T5562] binder: undelivered TRANSACTION_ERROR: 29201 [ 229.564168][ T7770] wlan1: authenticate with 08:02:11:00:00:00 [ 229.565807][ T7770] ------------[ cut here ]------------ [ 229.566674][ T7770] WARNING: CPU: 1 PID: 7770 at net/mac80211/mlme.c:335 ieee80211_determine_chantype+0x7d4/0xef0 [ 229.568187][ T7770] Modules linked in: [ 229.568751][ T7770] CPU: 1 PID: 7770 Comm: syz.5.1040 Not tainted 5.15.189-syzkaller #0 [ 229.569870][ T7770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 229.571415][ T7770] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 229.572560][ T7770] pc : ieee80211_determine_chantype+0x7d4/0xef0 [ 229.573497][ T7770] lr : ieee80211_determine_chantype+0x7d4/0xef0 [ 229.574450][ T7770] sp : ffff80001fe86660 [ 229.575095][ T7770] x29: ffff80001fe867c0 x28: 0000000000000001 x27: 0000000000000003 [ 229.576367][ T7770] x26: 1fffe0001e424a51 x25: 0000000000010810 x24: 1fffe0001aa8a6ae [ 229.577580][ T7770] x23: 0000000000000000 x22: ffff80001fe86938 x21: ffff0000f2125288 [ 229.578818][ T7770] x20: ffff80001fe86930 x19: dfff800000000000 x18: 0000000000000000 [ 229.580004][ T7770] x17: 0000000000000002 x16: ffff800010a19950 x15: 000000000000000c [ 229.581184][ T7770] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000080000 [ 229.582415][ T7770] x11: 000000000000392b x10: ffff80002b608000 x9 : ffff800010c2c868 [ 229.583580][ T7770] x8 : 000000000000392c x7 : 0000096c00000000 x6 : ffff0000d5453570 [ 229.584784][ T7770] x5 : ffff80001fe86720 x4 : ffff80001fe86950 x3 : ffff800010c2c3bc [ 229.585914][ T7770] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000 [ 229.587112][ T7770] Call trace: [ 229.587608][ T7770] ieee80211_determine_chantype+0x7d4/0xef0 [ 229.588547][ T7770] ieee80211_prep_connection+0x1e18/0x2fd0 [ 229.589517][ T7770] ieee80211_mgd_auth+0x858/0xbf0 [ 229.590342][ T7770] ieee80211_auth+0x28/0x38 [ 229.591081][ T7770] cfg80211_mlme_auth+0x378/0x8a0 [ 229.591900][ T7770] cfg80211_conn_do_work+0x3c0/0x980 [ 229.592746][ T7770] cfg80211_connect+0x1250/0x1c7c [ 229.593578][ T7770] nl80211_connect+0xfb0/0x1434 [ 229.594438][ T7770] genl_rcv_msg+0x8b4/0xb6c [ 229.595200][ T7770] netlink_rcv_skb+0x208/0x3c4 [ 229.595986][ T7770] genl_rcv+0x38/0x50 [ 229.596656][ T7770] netlink_unicast+0x624/0x8b0 [ 229.597469][ T7770] netlink_sendmsg+0x6e8/0x9cc [ 229.598271][ T7770] ____sys_sendmsg+0x61c/0x920 [ 229.599071][ T7770] ___sys_sendmsg+0x1d0/0x240 [ 229.599795][ T7770] __arm64_sys_sendmsg+0x1a8/0x254 [ 229.600651][ T7770] invoke_syscall+0x98/0x2b8 [ 229.601377][ T7770] el0_svc_common+0x138/0x258 [ 229.602153][ T7770] do_el0_svc+0x58/0x14c [ 229.602855][ T7770] el0_svc+0x78/0x1e0 [ 229.603511][ T7770] el0t_64_sync_handler+0xcc/0xe4 [ 229.604254][ T7770] el0t_64_sync+0x1a0/0x1a4 [ 229.604930][ T7770] irq event stamp: 880 [ 229.605593][ T7770] hardirqs last enabled at (879): [] kmalloc_order+0xc4/0x160 [ 229.607055][ T7770] hardirqs last disabled at (880): [] el1_dbg+0x24/0x80 [ 229.608370][ T7770] softirqs last enabled at (850): [] cfg80211_get_bss+0x824/0xc68 [ 229.609769][ T7770] softirqs last disabled at (848): [] cfg80211_get_bss+0x120/0xc68 [ 229.611181][ T7770] ---[ end trace 40cf47969fce8aa9 ]--- [ 229.804130][ T7770] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 229.809464][ T7769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.140133][ T1621] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 231.141671][ T1621] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 231.142766][ T1621] wlan1: authentication with 08:02:11:00:00:00 timed out