last executing test programs: 4.796501378s ago: executing program 2 (id=4441): syz_usb_connect$uac3(0x5, 0x8f, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x582, 0x582, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d, 0x3, 0x1, 0x8, 0x20, 0x6, {0x8, 0xb, 0x0, 0x2, 0x1, 0x25, 0x30, 0xb}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xad5022f93bae853c, 0xf, 0x7ff}, [@selector_unit={0x5, 0x24, 0xc, 0x8}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x51, 0x6, 0xce, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xff, 0x9, 0x8, {0xa, 0x25, 0x25, 0x0, 0xa, 0x710}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x5f, 0x2, 0x0, {0xa, 0x25, 0x25, 0x0, 0x10, 0x101}}}}}}}}]}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x6) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="63429860415b7ac7", 0x8) r4 = accept(r0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r4, &(0x7f000000b680)={0x0, 0xffffffffffffffc3, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2, 0x0, 0x0, 0x1000000}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 4.136972396s ago: executing program 1 (id=4449): r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(0x0, 0x1) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r5, 0xffff) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000001c0)=0x1) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r8, r7, 0x80000) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7) close_range(r0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) timer_settime(r9, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000000209"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 3.660941835s ago: executing program 1 (id=4452): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x20000000) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @bcast, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x1, [@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast, @null]}) ioctl$sock_rose_SIOCDELRT(r4, 0x890c, 0x0) 3.324048877s ago: executing program 1 (id=4453): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 3.208184717s ago: executing program 4 (id=4455): r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_open_dev$I2C(0x0, 0x1, 0x402) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 3.206475857s ago: executing program 1 (id=4457): r0 = syz_clone(0x21000200, 0x0, 0x0, 0x0, 0x0, 0x0) rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000480)={0x26, 0x0, 0xfffffffb}) 3.155086789s ago: executing program 1 (id=4458): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x801, 0x0) ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d03, &(0x7f0000000280)={{0x1, 0x3}, {0x81, 0x4}, 0xf}) 2.768166192s ago: executing program 1 (id=4460): r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x5, 0x20010, 0xffffffffffffffff, 0x4934f000) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[], 0x119) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x7, &(0x7f0000000100)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}}) 1.750898889s ago: executing program 2 (id=4474): r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(0x0, 0x1) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r5, 0xffff) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, 0x0) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r8, r7, 0x80000) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7) close_range(r0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) timer_settime(r9, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000000209"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 1.248563773s ago: executing program 2 (id=4477): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f0000000080)={[{@grpquota}, {@delalloc}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") 1.138706094s ago: executing program 2 (id=4480): setreuid(0xffffffffffffffff, 0xee01) r0 = getpgid(0x0) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000140)={0x2, r0}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x4040011) 1.043864898s ago: executing program 2 (id=4482): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f0000000080)={[{@grpquota}, {@delalloc}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat(0xffffffffffffff9c, 0x0, 0x101e42, 0x33) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x42) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000100)={0xff9c, 0x8001}) 969.957206ms ago: executing program 2 (id=4484): syz_usb_connect$uac3(0x5, 0x8f, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x582, 0x582, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d, 0x3, 0x1, 0x8, 0x20, 0x6, {0x8, 0xb, 0x0, 0x2, 0x1, 0x25, 0x30, 0xb}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xad5022f93bae853c, 0xf, 0x7ff}, [@selector_unit={0x5, 0x24, 0xc, 0x8}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x51, 0x6, 0xce, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xff, 0x9, 0x8, {0xa, 0x25, 0x25, 0x0, 0xa, 0x710}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x5f, 0x2, 0x0, {0xa, 0x25, 0x25, 0x0, 0x10, 0x101}}}}}}}}]}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x6) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="63429860415b7ac7", 0x8) r4 = accept(r0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r4, &(0x7f000000b680)={0x0, 0xffffffffffffffc3, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2, 0x0, 0x0, 0x1000000}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 916.566656ms ago: executing program 0 (id=4485): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x1a}, @ptr={0x70742a85, 0x20000000, 0x0, 0x24, 0x1, 0x26}, @fda={0x66646185, 0x9, 0x1, 0xb8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0}) 857.773506ms ago: executing program 0 (id=4486): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 469.145761ms ago: executing program 0 (id=4488): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, 0x0, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x20000000) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @bcast, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x1, [@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast, @null]}) ioctl$sock_rose_SIOCDELRT(r5, 0x890c, 0x0) 443.378136ms ago: executing program 0 (id=4489): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 388.141466ms ago: executing program 0 (id=4490): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200013, 0xfffffffe, 0x8000, 0x525, 0x9}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 319.703485ms ago: executing program 0 (id=4493): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000005c0), 0x0) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0) sendfile(r3, r3, 0x0, 0x4800000009) 312.165853ms ago: executing program 3 (id=4494): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f0000000080)={[{@grpquota}, {@delalloc}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat(0xffffffffffffff9c, 0x0, 0x101e42, 0x33) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) ioctl$FITRIM(r0, 0xc0185879, 0x0) 245.611312ms ago: executing program 3 (id=4495): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000380)=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000340)={r2, &(0x7f0000000280)}, 0x20) 206.883945ms ago: executing program 4 (id=4496): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) futex(&(0x7f0000000000), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x3) 147.915136ms ago: executing program 3 (id=4497): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r0, &(0x7f0000000640)=[{{&(0x7f0000000e80)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000001dc0)="bb", 0x1}], 0x1}}, {{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000140)="9a72192a50d4f615bf122aa54887d89282468d829d79a183a5eb6ce014af21b9e8639f09a14bbbbe014e813c205c64ec811c84ede8cc9161610e534726ab1c1f7e36de617a6c55b8121803ff22aa3aa10e2b039d5d95371693", 0x59}, {&(0x7f00000006c0)="bf954bd7bbb3f448403b0d9f54e57e858323ad0f8bd1ac55c58c09adc3987bd31a2d68c7747f88d283bccc9b48a670f38095adb76337d45341165e77b080039049f28e790ca4bb5e295cd485634f3c96eaaaf2400da8983136d0c40a2b8477ba4ff31357d52604e9a8a9debba9be4059d08dfc705ad3a45bde1803b6adcc4e", 0x7f}, {&(0x7f0000000400)="640ba0c601e59cd06e0be66027d5ad38f0c3498e4ea912", 0x17}, {&(0x7f00000002c0)="a4b64e00be53953fb538ba182e1648f06d77dd389ea2ed519e52dfffbb0163d7ce11d94c0e38454e1a5b05e64ae89b640141dc41124d3c32539a94602e07aac3d33b61231b8e6fa70ef4550fe9879d81cd424423c67e137ce0588100f8f876c24552af59cce66539f3196474ef954d52d1a2a7ba91c49ca4c1f3e0acce2a527f74eeed2e867b0054e673c6", 0x8b}, {&(0x7f0000000380)="500a40e3f252ce653b58b0afb055c91500"/31, 0x1f}, {&(0x7f00000003c0)="7a06e9880996b7ba0c810ce39853f6d5b278db1a155e7c4da61d0b1ec61b50576f16a9bca2a3f720c5c9", 0x2a}, {&(0x7f0000000780)="2473c9a98c99568b0279dd1f01d26e8de804ffea5594cc6689c09d8fd40e8899e34c69c9e1779d157e0b0d97fba3bcf838a634a91281a1bcf1099b0af049d433ac48e5bee46519be80358693a3f0731d96dd1505d96bb67e11cda4513bc4fea72f31d213602c04e1f68eb4d8a2c3c9dcbfd0b63346621cb546292d2d270761cf1c0a5662d7113481713395ccea4a6e94a307ace1d6326fc6e7ce2d48653856175bdf9473c051eb6d1d14db1c808462cc020d996fbfe6f64bdca6c3348a17523c73c415198754d99eb91c871aacfd99ba53f11bc6cbcc46be630e4e2ae38038bf1a805b6e2d095af357af559343bcb65d9c83e4acea0667c0e0f3bb885795a58728e9e9adf31f1018e37c36767e583ad1215d9e987d5a05cf4d9eb705d5cddeeec5a35d410fe6082eecbf12fa7f369b758c37447c53dfbb376bc20fa17263a42c96dfe505", 0x144}, {&(0x7f0000000900)="06a2817b604853b278ca60c5ab8db435ff681a9a98ae9b76b42c788d064aaf537259acf34aabcde36aa810b131effb2c876587b4c89c16834f7948971fa93f317551d44d0000000000000000f0aa66961d69d0243267f65bad856f6992dda77492dc30cb9492d999641a1d5255542984015643b554c35441131b11f489f33cfdec2f5a162b4cf1a70399a6bdbc064089d5b76813e8410f723cd50f1aa26feeaa463331321a91ce243c00e61a34d30923b236cfbbc6ace789a94643f6027c31cbe007ff2bebbfcd46e33687acf6082a95567f7091ec003b82457400", 0xdb}], 0x8, &(0x7f0000000200)=[@cred={{0x1c}}], 0x20, 0x20000090}}], 0x2, 0x4040018) 147.786826ms ago: executing program 4 (id=4498): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 146.700566ms ago: executing program 3 (id=4499): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, 0x0, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x20000000) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @bcast, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x1, [@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast, @null]}) ioctl$sock_rose_SIOCDELRT(r5, 0x890c, 0x0) 123.315061ms ago: executing program 3 (id=4500): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) 79.326494ms ago: executing program 4 (id=4501): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, @none={0x0, 0xffff}}, 0x14, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0xa7aae24e7270a133}, 0x24000804) 58.51556ms ago: executing program 3 (id=4502): r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(0x0, 0x1) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r5, 0xffff) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, 0x0) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r8, r7, 0x80000) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7) close_range(r0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) timer_settime(r9, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000000209"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 184.551µs ago: executing program 4 (id=4503): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000fffffff02e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000048000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 0s ago: executing program 4 (id=4504): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x56c, &(0x7f0000001500)="$eJzs3U1rG0cfAPD/SlbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KmzFBMtRsOQQu4Emh+ZcQi+lgdJ76bnH0C/QQz9DoA2EEkx76EVl5ZXiF8mWE9lWqt8P1szsrjQ7mv2PZzQSCmBojaV/chEvR8TXScTxiEiyYyORHRxbPW/lya3pdEui0fj0z6R5XppvPVfrcUezzEsR8ctXEWdym8utLS3PlSqV8kKWH6/PXx+vLS2fvTpfmi3Plq9NTk2df2dq8v333u1bXd+89Pe3nzzIZ7kT95K4EMey3Np6PIfbazNjMZa9JoW4sOHEiT4UNkiSjnt/2vPrYGfyWZwXIu0Djkc+i3rgv+/LiGgAQyrZcfz/VtidKwH2Vmsc0Jrb92ke/MJ4/OHqBGhz/UdW3xuJQ8250ZGVZN3MKJ3vjvah/LSMn/+4fy/don/vQwBs6/adiDg3MrK5/0uy/u/ZnevhnI1l6P9g7zxIxz9vdRr/5Nrjn+gw/jnaIXafxfbxn3vUh2K6Ssd/H3Qc/7YXrUbzWe5/zTFfIblytVJO+7b/R8TpKBxM81ut55xfedjodmzt+C/d0vJbY8HsOh6NHFz/mJlSvfQ8dV7r8Z2IVzqOf5N2+ycd2j99PS71WMap8v3Xuh3bvv67q/FDxBsd2//pilay9frkePN+GG/dFZv9dffUr93K3+/6p+1/ZOv6jyZr12trOy/j+0P/lKO9nrzeuvpH7/f/geSzZvpAtu9mqV5fmIg4kHzc3p9r7Z98+thWvnV+Wv/Tr2/d/3W6/w9HxOc91v/uyR9f7XZsENp/pmP7t2e3G9p/54mHH33xXbfye+v/3m6mTmd7eun/er3A53ntAAAAAAAAYNDkIuJYJLliO53LFYurn+84GUdylWqtfuZKdfHaTDS/KzsahVxrpfv4ms9DTGQrhq385Ib8VESciIhv8oeb+eJ0tTKz35UHAAAAAAAAAAAAAAAAAACAAXG0y/f/U7/n9/vqgF3nJ79heG0b//34pSdgIPn/D8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NWlixfTrbHy5NZ0mp+5sbQ4V71xdqZcmyvOL04Xp6sL14uz1epspVycrs5v93yVavX6xGQs3hyvl2v18drS8uX56uK1+uWr86XZ8uVyYU9qBQAAAAAAAAAAAAAAAAAAAC+W2tLyXKlSKS/sR6LR2M/SJfqSGBmMy9jjRH4wLmMXE/vdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAU/8GAAD//3jNM7E=") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f0000000380)="30573472b621739984c336124406e8a5c812ca847e3bf1b82ec91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000300)=ANY=[], 0xfe37, 0x0) kernel console output (not intermixed with test programs): 142][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 797.345952][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 797.349984][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 798.020765][T14507] binder_user_error: 3 callbacks suppressed [ 798.020775][T14507] binder: tried to use weak ref as strong ref [ 798.022953][T14507] binder: 14506:14507 Acquire 1 refcount change on invalid ref 0 ret -22 [ 798.027272][T14507] binder: 14506:14507 got transaction to invalid handle, 1 [ 798.028516][T14507] binder_debug: 3 callbacks suppressed [ 798.028530][T14507] binder: 14507:14506 cannot find target node [ 798.030360][T14507] binder: 14506:14507 transaction call to 0:0 failed 935/29201/-22, size 88-24 line 3045 [ 798.032596][T10033] binder: undelivered TRANSACTION_ERROR: 29201 [ 798.058465][T14497] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 798.059967][T14497] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 798.069406][T14510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 798.070837][ T4490] device hsr_slave_0 left promiscuous mode [ 798.073264][T14510] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.082984][T13701] Bluetooth: hci3: command 0x040f tx timeout [ 798.154602][ T4490] device hsr_slave_1 left promiscuous mode [ 798.537043][ T4490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 798.538515][ T4490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 798.540043][ T4490] device bridge_slave_1 left promiscuous mode [ 798.542266][ T4490] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.591580][ T4490] device bridge_slave_0 left promiscuous mode [ 798.593418][ T4490] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.636383][T14522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 798.645396][T14522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.650289][T10034] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0 [ 798.652092][T10034] hid-generic 0000:0000:0000.0019: hidraw0: HID v0.00 Device [syz1] on syz0 [ 798.666789][ T4490] device veth1_macvtap left promiscuous mode [ 798.667914][ T4490] device veth0_macvtap left promiscuous mode [ 798.670296][ T4490] device veth1_vlan left promiscuous mode [ 798.671296][ T4490] device veth0_vlan left promiscuous mode [ 800.166698][ T4337] Bluetooth: hci3: command 0x0419 tx timeout [ 801.488965][ T4490] team0 (unregistering): Port device team_slave_1 removed [ 801.648312][ T4490] team0 (unregistering): Port device team_slave_0 removed [ 801.680880][T14532] binder: 14531:14532 got transaction to invalid handle, 1 [ 801.682076][T14532] binder: 14532:14531 cannot find target node [ 801.683029][T14532] binder: 14531:14532 transaction call to 0:0 failed 939/29201/-22, size 88-24 line 3045 [ 801.684984][T10968] binder: undelivered TRANSACTION_ERROR: 29201 [ 801.757045][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 801.758104][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 801.787182][ T4490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 801.997132][ T4490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 803.467729][ T4490] bond0 (unregistering): Released all slaves [ 803.761205][T14328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 803.782414][ T7693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 803.784131][ T7693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 803.792276][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 803.793988][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 803.795541][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 803.803812][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 803.813800][T14328] device veth0_vlan entered promiscuous mode [ 803.821579][T14328] device veth1_vlan entered promiscuous mode [ 803.831131][T14328] device veth0_macvtap entered promiscuous mode [ 803.833672][T14328] device veth1_macvtap entered promiscuous mode [ 803.838742][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 803.840384][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.842084][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 803.843848][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.845366][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 803.847654][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.849972][T14328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 803.852063][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 803.853728][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.855388][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 803.857369][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.858927][T14328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 803.860700][T14328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.863034][T14328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 803.865703][T14328] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.876892][T14328] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.878333][T14328] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.880045][T14328] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.907538][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 803.909567][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 803.911133][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 803.912809][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 803.914734][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 803.916195][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 803.992108][T14543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3114'. [ 804.039974][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 804.041721][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 804.043513][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 804.045373][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 804.054125][T14541] binder: 14539:14541 got transaction to invalid handle, 1 [ 804.055451][T14541] binder: 14541:14539 cannot find target node [ 804.056506][T14541] binder: 14539:14541 transaction call to 0:0 failed 942/29201/-22, size 88-24 line 3045 [ 804.061452][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.166229][ T4458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.167614][ T4458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.168947][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 804.188256][ T7693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.189533][ T7693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.190968][ T7693] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 804.195618][T14550] device veth0_to_team entered promiscuous mode [ 804.222182][T14552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 804.223880][T14552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 805.145253][ T4337] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 805.148367][ T4337] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 805.149957][ T4337] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 805.152388][ T4337] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 805.154269][ T4337] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 805.155660][ T4337] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 806.045810][T14550] Set syz1 is full, maxelem 65536 reached [ 807.196718][ T4337] Bluetooth: hci1: command 0x0409 tx timeout [ 807.261678][T14585] binder: tried to use weak ref as strong ref [ 807.262630][T14585] binder: 14584:14585 Acquire 1 refcount change on invalid ref 0 ret -22 [ 807.264385][T14585] binder: 14584:14585 got transaction to invalid handle, 1 [ 807.265498][T14585] binder: 14585:14584 cannot find target node [ 807.266566][T14585] binder: 14584:14585 transaction call to 0:0 failed 945/29201/-22, size 88-24 line 3045 [ 807.268910][ T3442] binder: undelivered TRANSACTION_ERROR: 29201 [ 807.541819][T14591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3128'. [ 807.846240][T14595] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 807.847288][T14595] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 807.853948][T14595] vhci_hcd vhci_hcd.0: Device attached [ 807.858003][T14595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 807.859537][T14595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 807.861220][T14596] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0 [ 807.862466][ T7693] vhci_hcd: stop threads [ 807.863074][ T7693] vhci_hcd: release socket [ 807.863870][ T7693] vhci_hcd: disconnect device [ 808.401444][T14601] binder: BINDER_SET_CONTEXT_MGR already set [ 808.402622][T14601] binder: 14600:14601 ioctl 4018620d 20004a80 returned -16 [ 809.276685][ T4337] Bluetooth: hci1: command 0x041b tx timeout [ 811.357203][ T4337] Bluetooth: hci1: command 0x040f tx timeout [ 813.446707][ T4337] Bluetooth: hci1: command 0x0419 tx timeout [ 817.023098][T14564] lo speed is unknown, defaulting to 1000 [ 817.071915][T14573] tipc: Enabling of bearer rejected, failed to enable media [ 817.107958][T14583] device macvlan0 entered promiscuous mode [ 817.180140][T14619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 817.181751][T14619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 817.467563][T14625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3139'. [ 817.663721][T14564] chnl_net:caif_netlink_parms(): no params data found [ 817.694238][T14632] 8021q: adding VLAN 0 to HW filter on device bond1 [ 817.697449][T14632] device bond1 entered promiscuous mode [ 817.698701][T14632] bond0: (slave bond1): Enslaving as an active interface with an up link [ 818.443203][ T4490] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.511895][T14564] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.522481][T14564] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.545130][T14564] device bridge_slave_0 entered promiscuous mode [ 818.767020][T14564] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.770367][T14564] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.772935][T14564] device bridge_slave_1 entered promiscuous mode [ 818.779277][T14632] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3140'. [ 818.788307][T14632] bridge2: port 1(bond0) entered disabled state [ 818.918596][T14632] bridge2: port 1(bond0) entered disabled state [ 818.968530][T14632] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 819.026890][T14632] device bond_slave_0 left promiscuous mode [ 819.031620][T14632] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 819.066827][T14632] device bond_slave_1 left promiscuous mode [ 819.071707][T14632] bond0 (unregistering): (slave bond1): Releasing backup interface [ 819.107204][T14632] device bond1 left promiscuous mode [ 819.113237][T14632] bond0 (unregistering): Released all slaves [ 819.117512][T14649] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 819.119603][T14649] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 819.120894][T14649] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 819.131435][T14652] lo speed is unknown, defaulting to 1000 [ 819.193589][ T4490] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 819.204313][T14564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 819.212718][T14564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 819.234341][ T4490] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 819.240170][T14564] team0: Port device team_slave_0 added [ 819.243403][T14564] team0: Port device team_slave_1 added [ 819.250273][T14564] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 819.251468][T14564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 819.255822][T14564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 819.259827][T14564] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 819.260955][T14564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 819.264996][T14564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 819.271166][ T4490] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 819.276087][T14656] device syzkaller0 entered promiscuous mode [ 819.285620][T14656] tc action pedit offset must be on 32 bit boundaries [ 819.321841][T14564] device hsr_slave_0 entered promiscuous mode [ 819.357699][T14564] device hsr_slave_1 entered promiscuous mode [ 819.837236][ T4490] tipc: Left network mode [ 820.456518][T14673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3151'. [ 820.544436][T14677] device syzkaller0 entered promiscuous mode [ 820.703741][T14636] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 821.308276][T14564] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 821.325488][T14707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 821.329648][T14707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.772389][T14564] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 822.081426][T14717] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3159'. [ 822.170612][T14564] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 822.198013][T14564] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 822.469682][T14564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 822.474213][T14729] binder: 14728:14729 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 822.489330][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 822.490873][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 822.714949][T14564] 8021q: adding VLAN 0 to HW filter on device team0 [ 822.969681][T14744] tipc: Started in network mode [ 822.970528][T14744] tipc: Node identity a25b207fd256, cluster identity 4711 [ 822.971712][T14744] tipc: Enabled bearer , priority 0 [ 823.028326][T14744] device syzkaller0 entered promiscuous mode [ 823.031014][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 823.032782][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 823.034414][ T4458] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.035584][ T4458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.041716][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 823.251636][T14737] tipc: Resetting bearer [ 823.370301][T14737] tipc: Disabling bearer [ 823.396389][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 823.398253][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 823.401732][ T4491] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.402944][ T4491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.406323][ T4491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 823.445926][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 823.455739][ T4490] device hsr_slave_0 left promiscuous mode [ 823.537010][ T4490] device hsr_slave_1 left promiscuous mode [ 824.046839][ T4490] device veth1_macvtap left promiscuous mode [ 824.048028][ T4490] device veth0_macvtap left promiscuous mode [ 824.049305][ T4490] device veth1_vlan left promiscuous mode [ 824.050330][ T4490] device veth0_vlan left promiscuous mode [ 824.427979][T14770] binder: 14769:14770 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 825.847712][ T4490] bond1 (unregistering): Released all slaves [ 827.402067][T13701] Bluetooth: hci4: link tx timeout [ 827.402904][T13701] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 827.404225][T13701] Bluetooth: hci4: link tx timeout [ 827.405060][T13701] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 830.008133][ T4490] bond0 (unregistering): Released all slaves [ 830.271035][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 830.272910][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 830.274462][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 830.276076][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 830.279695][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 830.283494][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 830.349298][T14774] bridge0: port 2(bridge_slave_1) entered disabled state [ 830.351345][T14774] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.358362][T14782] tipc: Enabling of bearer rejected, failed to enable media [ 830.363056][T14564] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 830.365070][T14564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 830.366885][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 830.368585][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 830.370100][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 830.477410][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 830.478648][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 830.489184][T14811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 830.490635][T14811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 830.497632][T14564] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 830.506536][T14813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 830.511452][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 830.513111][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 830.515189][T14813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 830.618910][T14564] device veth0_vlan entered promiscuous mode [ 830.622233][T14564] device veth1_vlan entered promiscuous mode [ 830.871135][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 830.888840][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 830.894652][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 830.896505][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 830.898025][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 830.899557][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 830.901067][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 830.902437][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 830.906376][T14564] device veth0_macvtap entered promiscuous mode [ 830.915081][T14564] device veth1_macvtap entered promiscuous mode [ 830.923689][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 830.925414][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.928364][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 830.935969][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.940910][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 830.942773][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.944477][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 830.946367][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.950146][T14564] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 830.952876][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 830.954485][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.956137][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 830.958285][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.960001][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 830.961745][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.963433][T14564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 830.965226][T14564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 830.968086][T14564] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 830.970965][T14564] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.972489][T14564] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.973994][T14564] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.975454][T14564] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.016515][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 831.018530][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 831.020101][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 831.022373][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 831.025910][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 831.031692][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 831.042572][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.045284][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 831.046667][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 831.330245][ T4458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 831.331566][ T4458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 831.332907][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 831.666677][ T4371] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 831.777938][ T4337] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 831.780763][ T4337] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 831.782487][ T4337] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 831.785538][ T4337] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 831.788745][ T4337] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 831.790578][ T4337] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 831.846833][ T4371] usb 1-1: Using ep0 maxpacket: 32 [ 831.849686][ T4371] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 831.851329][ T4371] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 831.854321][ T4371] usb 1-1: config 0 descriptor?? [ 831.879784][T14840] tipc: Started in network mode [ 831.880677][T14840] tipc: Node identity beeb2aa4d2ba, cluster identity 4711 [ 831.882034][T14840] tipc: Enabled bearer , priority 0 [ 831.890082][T14840] tipc: Resetting bearer [ 831.978814][T14839] tipc: Disabling bearer [ 832.030488][T14833] chnl_net:caif_netlink_parms(): no params data found [ 832.058135][ T4371] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 832.061506][ T4371] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 832.069743][ T4371] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 832.071938][ T4371] usb 1-1: media controller created [ 832.080341][ T4371] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 832.094494][T14833] bridge0: port 1(bridge_slave_0) entered blocking state [ 832.095902][T14833] bridge0: port 1(bridge_slave_0) entered disabled state [ 832.098564][T14833] device bridge_slave_0 entered promiscuous mode [ 832.100624][T14849] tipc: Enabled bearer , priority 0 [ 832.101966][T14833] bridge0: port 2(bridge_slave_1) entered blocking state [ 832.103297][T14833] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.105126][T14833] device bridge_slave_1 entered promiscuous mode [ 832.113070][T14849] device syzkaller0 entered promiscuous mode [ 832.159254][T14833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 832.319958][T14833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 832.667974][T14848] tipc: Resetting bearer [ 832.758222][T14848] tipc: Disabling bearer [ 832.772775][T14833] team0: Port device team_slave_0 added [ 832.778703][T14833] team0: Port device team_slave_1 added [ 832.793760][T14833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 832.795004][T14833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 832.799788][T14833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 832.802290][T14833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 832.803530][T14833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 832.807982][T14833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 832.835238][T14869] kAFS: unable to lookup cell 'Þ({^ú@' [ 832.890080][T14833] device hsr_slave_0 entered promiscuous mode [ 832.927220][T14833] device hsr_slave_1 entered promiscuous mode [ 832.966901][T14833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 832.968616][T14833] Cannot create hsr debugfs directory [ 833.352228][T14833] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.533250][T14833] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.730239][T14833] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.819064][T14914] ======================================================= [ 833.819064][T14914] WARNING: The mand mount option has been deprecated and [ 833.819064][T14914] and is ignored by this kernel. Remove the mand [ 833.819064][T14914] option from the mount to silence this warning. [ 833.819064][T14914] ======================================================= [ 833.840199][T14914] overlayfs: overlapping lowerdir path [ 833.843046][T13701] Bluetooth: hci0: command 0x0409 tx timeout [ 834.130704][T14833] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.166968][ T4371] az6027: usb out operation failed. (-110) [ 834.168183][ T4371] az6027: usb out operation failed. (-32) [ 834.169310][ T4371] stb0899_attach: Driver disabled by Kconfig [ 834.170323][ T4371] az6027: no front-end attached [ 834.170323][ T4371] [ 834.171711][ T4371] az6027: usb out operation failed. (-32) [ 834.172699][ T4371] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 834.174959][ T4371] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7 [ 834.188850][ T4371] dvb-usb: schedule remote query interval to 400 msecs. [ 834.191054][ T4371] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 834.321038][T14929] tipc: Enabled bearer , priority 0 [ 834.325994][T14933] tipc: Enabled bearer , priority 0 [ 834.328771][T14933] device syzkaller0 entered promiscuous mode [ 834.338334][T14933] tipc: Resetting bearer [ 834.408353][T14922] tipc: Disabling bearer [ 834.424335][ T4370] usb 1-1: USB disconnect, device number 32 [ 834.427260][T14931] tipc: Resetting bearer [ 834.501839][T14931] tipc: Disabling bearer [ 834.511875][T14959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 834.513514][T14959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 834.544209][ T4370] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 834.896808][ T4370] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 834.979237][ T4490] tipc: Left network mode [ 835.136780][ T4370] usb 1-1: Using ep0 maxpacket: 16 [ 835.142658][ T4370] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 835.146161][ T4370] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7 [ 835.198712][ T4370] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 835.208727][ T4370] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 835.296910][ T4370] usb 1-1: Product: syz [ 835.309144][ T4370] usb 1-1: Manufacturer: syz [ 835.332246][ T4370] usb 1-1: SerialNumber: syz [ 835.484531][T14997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 835.491127][T14997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 835.916865][ T4337] Bluetooth: hci0: command 0x041b tx timeout [ 836.216823][T15016] (syz.2.3213,15016,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 836.218755][T15016] (syz.2.3213,15016,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 836.242124][T14833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 836.269437][T14833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 836.386979][T14833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 836.418902][T14833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 836.511370][T14833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 836.519066][T14833] 8021q: adding VLAN 0 to HW filter on device team0 [ 836.571393][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 836.573232][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 836.578028][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 836.579968][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 836.581770][ T1613] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.582893][ T1613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 836.584867][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 836.588337][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 836.590205][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 836.591853][ T1613] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.592987][ T1613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 836.596486][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 836.603427][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 836.699279][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 836.702392][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 836.704010][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 836.708397][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 836.710061][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 836.714040][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 836.715550][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 836.720983][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 836.722506][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 836.725799][T14833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 836.868148][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 836.869513][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 836.874299][T14833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 836.934621][T15040] device syzkaller0 entered promiscuous mode [ 837.232964][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 837.234713][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 837.249694][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 837.251502][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 837.253322][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 837.254888][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 837.268346][T14833] device veth0_vlan entered promiscuous mode [ 837.274164][T14833] device veth1_vlan entered promiscuous mode [ 837.295381][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 837.297744][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 837.299576][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 837.299767][T15050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 837.301322][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 837.303553][T15050] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 837.473122][ T4370] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile [ 837.475450][ T4370] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile [ 837.485580][ T4370] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 837.489220][ T4370] usb 1-1: USB disconnect, device number 33 [ 837.537205][T14833] device veth0_macvtap entered promiscuous mode [ 837.542105][T14833] device veth1_macvtap entered promiscuous mode [ 837.548972][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 837.550830][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.552369][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 837.554035][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.556944][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 837.559284][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.560885][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 837.562696][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.571993][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 837.573704][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.579999][T14833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 837.581534][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 837.583107][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 837.584620][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 837.586240][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 837.626249][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 837.629215][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.630802][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 837.632688][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.636511][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 837.641239][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.642924][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 837.644794][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.646443][T14833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 837.650015][T14833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 837.652480][T14833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 837.655134][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 837.656852][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 837.662124][T14833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.663630][T14833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.665265][T14833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.670207][T14833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.729906][T14932] udevd[14932]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 837.746911][T15064] binder: BINDER_SET_CONTEXT_MGR already set [ 837.748804][T15064] binder: 15063:15064 ioctl 4018620d 20004a80 returned -16 [ 837.835046][T15075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 837.841022][T15075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 837.924463][T15076] device syzkaller0 entered promiscuous mode [ 837.951725][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 837.953684][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 838.046697][T13701] Bluetooth: hci0: command 0x040f tx timeout [ 838.076910][ T4371] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 838.267941][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 838.283000][ T4490] device hsr_slave_0 left promiscuous mode [ 838.316925][ T4490] device hsr_slave_1 left promiscuous mode [ 838.386707][ T4371] usb 1-1: Using ep0 maxpacket: 16 [ 838.388748][ T4371] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 838.390527][ T4371] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7 [ 838.393940][ T4371] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 838.395364][ T4371] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 838.397236][ T4371] usb 1-1: Product: syz [ 838.397982][ T4371] usb 1-1: Manufacturer: syz [ 838.398710][ T4371] usb 1-1: SerialNumber: syz [ 838.406795][ T4490] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 838.408548][ T4490] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 838.410301][ T4490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 838.411523][ T4490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 838.412943][ T4490] device bridge_slave_1 left promiscuous mode [ 838.414121][ T4490] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.448070][ T4490] device bridge_slave_0 left promiscuous mode [ 838.449359][ T4490] bridge0: port 1(bridge_slave_0) entered disabled state [ 838.576862][ T4490] device veth1_macvtap left promiscuous mode [ 838.577940][ T4490] device veth0_macvtap left promiscuous mode [ 838.578931][ T4490] device veth1_vlan left promiscuous mode [ 838.579967][ T4490] device veth0_vlan left promiscuous mode [ 839.538133][ T4490] bond1 (unregistering): Released all slaves [ 840.076731][T13701] Bluetooth: hci0: command 0x0419 tx timeout [ 842.263445][T15104] binder: BINDER_SET_CONTEXT_MGR already set [ 842.264487][T15104] binder: 15103:15104 ioctl 4018620d 20004a80 returned -16 [ 842.391634][ T4371] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile [ 842.392976][ T4371] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile [ 842.509882][ T4371] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 842.516957][ T4371] usb 1-1: USB disconnect, device number 34 [ 843.521339][T15112] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 843.645962][T15112] overlayfs: failed to look up (tracing) for ino (-66) [ 843.970428][T14932] udevd[14932]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 845.546644][ T4370] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 845.736657][ T4370] usb 1-1: Using ep0 maxpacket: 16 [ 845.738804][ T4370] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 845.740514][ T4370] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7 [ 845.743685][ T4370] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 845.745004][ T4370] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.746288][ T4370] usb 1-1: Product: syz [ 845.747023][ T4370] usb 1-1: Manufacturer: syz [ 845.747708][ T4370] usb 1-1: SerialNumber: syz [ 846.518979][ T4490] team0 (unregistering): Port device team_slave_1 removed [ 846.691326][ T4490] team0 (unregistering): Port device team_slave_0 removed [ 848.282217][ T4370] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile [ 848.283745][ T4370] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile [ 848.305665][ T4370] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 848.311255][ T4370] usb 1-1: USB disconnect, device number 35 [ 848.666642][ T4370] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 848.729227][ T4458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 848.730557][ T4458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 848.737323][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 848.834988][T15130] tipc: Enabling of bearer rejected, failed to enable media [ 848.846721][ T4370] usb 1-1: Using ep0 maxpacket: 16 [ 848.867478][T15149] binder: BINDER_SET_CONTEXT_MGR already set [ 848.868423][T15149] binder: 15148:15149 ioctl 4018620d 20004a80 returned -16 [ 848.874522][ T4370] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 848.876214][ T4370] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7 [ 848.906770][ T4370] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 848.908168][ T4370] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 848.909486][ T4370] usb 1-1: Product: syz [ 848.910219][ T4370] usb 1-1: Manufacturer: syz [ 848.910945][ T4370] usb 1-1: SerialNumber: syz [ 848.931620][T15153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 848.936072][T15153] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 849.138650][T15168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3255'. [ 849.229894][T15170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 849.232593][T15170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 849.708096][T15178] binder: 15177:15178 ioctl c0306201 0 returned -14 [ 849.711284][T15178] binder: 15177:15178 got transaction to invalid handle, 1 [ 849.712698][T15178] binder: 15178:15177 cannot find target node [ 849.713896][T15178] binder: 15177:15178 transaction call to 0:0 failed 955/29201/-22, size 88-24 line 3045 [ 849.716066][ T3442] binder: undelivered TRANSACTION_ERROR: 29201 [ 849.959655][T15184] (syz.4.3259,15184,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 849.961263][T15184] (syz.4.3259,15184,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 850.724084][T15186] device syzkaller0 entered promiscuous mode [ 850.793279][T15188] tipc: Started in network mode [ 850.794271][T15188] tipc: Node identity 860f1207fcd3, cluster identity 4711 [ 850.795836][T15188] tipc: Enabled bearer , priority 0 [ 850.894174][T15188] device syzkaller0 entered promiscuous mode [ 850.941858][T15188] tipc: Resetting bearer [ 850.947284][T15187] tipc: Resetting bearer [ 851.009450][T15187] tipc: Disabling bearer [ 851.380415][ T4370] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile [ 851.381851][ T4370] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile [ 851.447349][ T4370] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 851.457523][ T4370] usb 1-1: USB disconnect, device number 36 [ 851.457862][T14932] udevd[14932]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 851.490451][T15204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3268'. [ 851.513909][T15206] binder: 15205:15206 ioctl c0306201 0 returned -14 [ 851.525073][T15206] binder: 15205:15206 got transaction to invalid handle, 1 [ 851.528523][T15206] binder: 15206:15205 cannot find target node [ 851.530612][T15206] binder: 15205:15206 transaction call to 0:0 failed 959/29201/-22, size 88-24 line 3045 [ 851.538255][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 851.575870][T15210] device syzkaller0 entered promiscuous mode [ 851.582037][T15210] tc action pedit offset must be on 32 bit boundaries [ 851.667562][T14932] udevd[14932]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 851.699330][T15213] device syzkaller0 entered promiscuous mode [ 851.928833][T15217] (syz.3.3273,15217,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 851.930293][T15217] (syz.3.3273,15217,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 852.220983][T15219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 852.222429][T15219] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 852.249442][T15223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 852.251295][T15223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 853.586683][ T14] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 853.776662][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 853.781251][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 853.783150][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 853.784786][ T14] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 853.786304][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.835290][ T14] usb 1-1: config 0 descriptor?? [ 854.404377][ T14] savu 0003:1E7D:2D5A.001A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 854.420873][T15244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3281'. [ 854.483263][T15247] tipc: Enabled bearer , priority 0 [ 854.484814][T15247] device syzkaller0 entered promiscuous mode [ 854.497392][T15247] tipc: Resetting bearer [ 854.502318][T15246] tipc: Resetting bearer [ 854.553008][T15249] binder: 15248:15249 ioctl c0306201 0 returned -14 [ 854.555773][T15249] binder: 15248:15249 got transaction to invalid handle, 1 [ 854.557332][T15246] tipc: Disabling bearer [ 854.559779][T15249] binder: 15249:15248 cannot find target node [ 854.560951][T15249] binder: 15248:15249 transaction call to 0:0 failed 963/29201/-22, size 88-24 line 3045 [ 854.562986][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 854.588489][T15251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 854.590095][T15251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 854.655705][ T24] usb 1-1: USB disconnect, device number 37 [ 856.382077][T15270] sp0: Synchronizing with TNC [ 857.493420][T15264] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 857.495549][T15264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 857.496800][T15264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 857.554541][T15275] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3292'. [ 857.562247][T15275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3292'. [ 858.200611][T15292] binder: BINDER_SET_CONTEXT_MGR already set [ 858.201542][T15292] binder: 15291:15292 ioctl 4018620d 20004a80 returned -16 [ 858.202954][T15292] binder: 15291:15292 Acquire 1 refcount change on invalid ref 0 ret -22 [ 858.204386][T15292] binder: 15291:15292 got transaction to invalid handle, 1 [ 858.212527][T15292] binder: 15292:15291 cannot find target node [ 858.213600][T15292] binder: 15291:15292 transaction call to 0:0 failed 965/29201/-22, size 88-24 line 3045 [ 858.216040][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 858.218799][T15283] tipc: Started in network mode [ 858.219585][T15283] tipc: Node identity 4608b78426ba, cluster identity 4711 [ 858.220744][T15283] tipc: Enabled bearer , priority 0 [ 858.227026][T15284] device syzkaller0 entered promiscuous mode [ 858.229926][T15295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 858.240058][T15281] tipc: Resetting bearer [ 858.244842][T15295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 858.248235][T15280] tipc: Resetting bearer [ 858.548517][T15280] tipc: Disabling bearer [ 858.571022][T15297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3298'. [ 858.581274][T15303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 858.582833][T15303] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 859.467986][T15325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 859.470581][T15325] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 861.276215][T15337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 861.279214][T15337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 861.719452][T15342] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3311'. [ 861.722918][T15342] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3311'. [ 861.740891][T15342] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.698063][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 863.699875][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 863.930451][T15342] device bridge_slave_0 left promiscuous mode [ 863.932698][T15342] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.945713][T15349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3313'. [ 865.013376][T15369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 865.014810][T15369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 865.463251][T15376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 865.464796][T15376] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 865.466817][ T14] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 865.896671][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 865.898742][ T14] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 865.900170][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 865.902699][ T14] usb 1-1: config 0 descriptor?? [ 866.111353][ T14] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 866.120241][ T14] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 866.122135][ T14] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 866.123378][ T14] usb 1-1: media controller created [ 866.126864][ T14] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 868.046023][T15389] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3326'. [ 868.051379][T15389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3326'. [ 868.145432][T15391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3327'. [ 868.157788][ T14] az6027: usb out operation failed. (-110) [ 868.162036][ T14] az6027: usb out operation failed. (-32) [ 868.163004][ T14] stb0899_attach: Driver disabled by Kconfig [ 868.165679][ T14] az6027: no front-end attached [ 868.165679][ T14] [ 868.169519][ T14] az6027: usb out operation failed. (-32) [ 868.170639][ T14] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 868.172318][ T14] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input8 [ 868.174348][ T14] dvb-usb: schedule remote query interval to 400 msecs. [ 868.175428][ T14] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 868.284650][T15401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 868.286097][T15401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 868.586462][ T4372] usb 1-1: USB disconnect, device number 38 [ 868.712108][T15410] fuse: Bad value for 'fd' [ 869.458854][ T4372] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 870.610497][T13701] Bluetooth: hci5: command 0x0406 tx timeout [ 870.616086][T15420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 870.626372][T15420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 870.885401][T15427] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3338'. [ 870.897212][T15427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3338'. [ 871.161832][T15431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3341'. [ 871.351836][T15443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 871.649708][T15443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 872.128217][T15454] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3349'. [ 872.131384][T15454] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3349'. [ 872.198125][T15459] binder: 15458:15459 ioctl 4018620d 0 returned -22 [ 872.205360][T15459] binder: tried to use weak ref as strong ref [ 872.206434][T15459] binder: 15458:15459 Acquire 1 refcount change on invalid ref 0 ret -22 [ 872.286121][T15459] binder: 15458:15459 got transaction to invalid handle, 1 [ 872.311711][T15459] binder: 15459:15458 cannot find target node [ 872.475043][T15459] binder: 15458:15459 transaction call to 0:0 failed 968/29201/-22, size 88-24 line 3045 [ 873.017276][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 873.941844][T15471] (syz.3.3354,15471,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 873.954817][T15471] (syz.3.3354,15471,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 874.062967][T15474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3355'. [ 874.190285][T15478] sp0: Synchronizing with TNC [ 874.661938][T15486] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3360'. [ 874.680758][T15486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3360'. [ 874.684037][T15492] binder: 15491:15492 ioctl c0306201 0 returned -14 [ 874.685492][T15492] binder: 15491:15492 got transaction to invalid handle, 1 [ 874.686695][T15492] binder: 15492:15491 cannot find target node [ 874.688652][T15492] binder: 15491:15492 transaction call to 0:0 failed 972/29201/-22, size 88-24 line 3045 [ 874.693202][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 875.753199][T15512] (syz.0.3368,15512,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 875.754873][T15512] (syz.0.3368,15512,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 876.346377][T15521] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3371'. [ 876.810998][T15488] tipc: Enabled bearer , priority 0 [ 876.812532][T15498] device syzkaller0 entered promiscuous mode [ 878.569742][T15509] tipc: Resetting bearer [ 878.575507][T15487] tipc: Resetting bearer [ 878.623837][T15533] binder: 15532:15533 ioctl c0306201 0 returned -14 [ 878.625326][T15533] binder: 15532:15533 got transaction to invalid handle, 1 [ 878.629496][T15533] binder: 15533:15532 cannot find target node [ 878.630872][T15533] binder: 15532:15533 transaction call to 0:0 failed 976/29201/-22, size 88-24 line 3045 [ 878.633007][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 879.578975][T15487] tipc: Disabling bearer [ 879.584218][T14990] tipc: Node number set to 1817258660 [ 880.187655][T15562] (syz.1.3382,15562,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 880.189267][T15562] (syz.1.3382,15562,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 880.648246][T15570] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3386'. [ 880.661504][T15570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3386'. [ 880.941307][T15573] binder: 15572:15573 ioctl c0306201 0 returned -14 [ 880.957553][T15573] binder: 15572:15573 got transaction to invalid handle, 1 [ 880.958821][T15573] binder: 15573:15572 cannot find target node [ 880.959830][T15573] binder: 15572:15573 transaction call to 0:0 failed 980/29201/-22, size 88-24 line 3045 [ 880.977524][ T113] binder: undelivered TRANSACTION_ERROR: 29201 [ 882.541963][T15601] tipc: Enabled bearer , priority 0 [ 882.551132][T15601] tipc: Resetting bearer [ 882.841002][T15610] binder: 15609:15610 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 882.857778][T15600] tipc: Disabling bearer [ 882.860569][T15597] tipc: Enabling of bearer rejected, failed to enable media [ 882.953177][T15623] binder: 15621:15623 got transaction to invalid handle, 1 [ 882.954528][T15623] binder: 15623:15621 cannot find target node [ 882.955505][T15623] binder: 15621:15623 transaction call to 0:0 failed 985/29201/-22, size 88-24 line 3045 [ 882.957671][T15330] binder: undelivered TRANSACTION_ERROR: 29201 [ 884.981051][T15644] tipc: Enabled bearer , priority 0 [ 884.989600][T15644] tipc: Resetting bearer [ 885.002130][T15646] binder: 15645:15646 ioctl 4018620d 0 returned -22 [ 885.009410][T15646] binder: 15645:15646 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 885.015059][T15646] binder: 15645:15646 got transaction to invalid handle, 1 [ 885.016114][T15646] binder: 15646:15645 cannot find target node [ 885.021105][T15646] binder: 15645:15646 transaction call to 0:0 failed 988/29201/-22, size 88-24 line 3045 [ 885.026264][T15330] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.240287][T15641] tipc: Disabling bearer [ 885.243858][T15651] tipc: Enabled bearer , priority 0 [ 885.245390][T15656] device syzkaller0 entered promiscuous mode [ 885.320374][T15650] tipc: Resetting bearer [ 885.328879][T15648] tipc: Resetting bearer [ 885.418603][T15648] tipc: Disabling bearer [ 885.428877][T15667] binder: 15666:15667 got transaction to invalid handle, 1 [ 885.431982][T15667] binder: 15667:15666 cannot find target node [ 885.432941][T15667] binder: 15666:15667 transaction call to 0:0 failed 992/29201/-22, size 88-24 line 3045 [ 885.435637][ T113] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.495145][T15674] binder: 15673:15674 ioctl 4018620d 0 returned -22 [ 885.507347][T15674] binder: 15673:15674 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 885.509873][T15674] binder: 15673:15674 got transaction to invalid handle, 1 [ 885.511011][T15674] binder: 15674:15673 cannot find target node [ 885.511989][T15674] binder: 15673:15674 transaction call to 0:0 failed 995/29201/-22, size 88-24 line 3045 [ 885.513885][T14990] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.594133][T15677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3418'. Úÿÿÿ[ 886.826553][T15694] device syzkaller0 entered promiscuous mode [ 888.233443][T15711] binder: 15710:15711 got transaction to invalid handle, 1 [ 888.234662][T15711] binder: 15711:15710 cannot find target node [ 888.266204][T15715] binder: 15714:15715 ioctl 4018620d 0 returned -22 [ 888.269524][T15715] binder: 15714:15715 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 888.272130][T15715] binder: 15714:15715 got transaction to invalid handle, 1 [ 888.320357][T15702] tipc: Started in network mode [ 888.321160][T15702] tipc: Node identity 5ec790167a59, cluster identity 4711 [ 888.322517][T15702] tipc: Enabled bearer , priority 0 [ 888.323718][T15703] device syzkaller0 entered promiscuous mode [ 888.341913][T15712] tipc: Resetting bearer [ 888.350590][T15699] tipc: Resetting bearer Úÿÿÿ[ 888.387377][T15699] tipc: Disabling bearer [ 888.410505][T15727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 888.422252][T15727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 888.555106][T15739] binder: 15736:15739 got transaction to invalid handle, 1 [ 888.602869][T15743] binder: BINDER_SET_CONTEXT_MGR already set [ 888.604505][T15744] device syzkaller0 entered promiscuous mode [ 888.606579][T15743] binder: 15740:15743 ioctl 4018620d 20004a80 returned -16 [ 890.175195][T15755] device syzkaller0 entered promiscuous mode Úÿÿÿ[ 890.442970][T15765] tipc: Enabled bearer , priority 0 [ 890.444733][T15765] device syzkaller0 entered promiscuous mode [ 890.518572][T15770] tipc: Resetting bearer [ 890.540606][T15764] tipc: Resetting bearer [ 890.597644][T15764] tipc: Disabling bearer [ 891.164889][T15783] (syz.2.3456,15783,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 891.166382][T15783] (syz.2.3456,15783,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 891.560794][T15787] device syzkaller0 entered promiscuous mode [ 891.811498][T15793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 891.813103][T15793] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 891.835779][T15796] device syzkaller0 entered promiscuous mode [ 892.844830][T15807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 892.857670][T15807] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 893.373068][T15820] device syzkaller0 entered promiscuous mode [ 893.882802][T15829] (syz.2.3475,15829,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 893.884231][T15829] (syz.2.3475,15829,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 894.184813][T15833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 894.186511][T15833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 894.451518][T15838] tipc: Enabled bearer , priority 0 [ 894.453320][T15838] device syzkaller0 entered promiscuous mode [ 894.480770][T15838] tipc: Resetting bearer [ 894.483348][T15837] tipc: Resetting bearer [ 894.537355][T15837] tipc: Disabling bearer [ 895.932433][T15855] device syzkaller0 entered promiscuous mode [ 896.232253][T15862] device syzkaller0 entered promiscuous mode [ 897.160712][T15878] (syz.2.3491,15878,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 897.162437][T15878] (syz.2.3491,15878,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 897.448854][T15882] random: crng reseeded on system resumption [ 897.793453][T15884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 897.796092][T15884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 897.896855][T15894] binder: 15893:15894 tried to acquire reference to desc 0, got 1 instead [ 897.898670][T15894] binder: 15893:15894 ioctl c0306201 0 returned -14 [ 898.802565][T15903] device syzkaller0 entered promiscuous mode [ 898.826434][T15905] tipc: Enabled bearer , priority 0 [ 898.834588][T15905] device syzkaller0 entered promiscuous mode [ 899.011052][T15905] tipc: Resetting bearer [ 899.019707][T15904] tipc: Resetting bearer [ 899.088077][T15904] tipc: Disabling bearer [ 899.111361][T15910] device syzkaller0 entered promiscuous mode [ 900.883654][T15934] binder: 15932:15934 tried to acquire reference to desc 0, got 1 instead [ 901.003399][T15941] device syzkaller0 entered promiscuous mode [ 902.152694][T15961] binder: BINDER_SET_CONTEXT_MGR already set [ 902.153707][T15961] binder: 15959:15961 ioctl 4018620d 20004a80 returned -16 [ 902.638703][T15969] device syzkaller0 entered promiscuous mode [ 902.681996][T15973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 902.684926][T15973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 903.038427][T15982] binder: 15981:15982 tried to acquire reference to desc 0, got 1 instead [ 903.952372][T15989] device syzkaller0 entered promiscuous mode [ 904.024230][T15991] binder: 15990:15991 ioctl c0306201 0 returned -14 [ 904.029491][T15991] binder: 15990:15991 got transaction to invalid handle, 1 [ 904.030865][T15991] binder_debug: 8 callbacks suppressed [ 904.030874][T15991] binder: 15991:15990 cannot find target node [ 904.032803][T15991] binder: 15990:15991 transaction call to 0:0 failed 1024/29201/-22, size 88-24 line 3045 [ 904.034721][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.485591][T16005] device syzkaller0 entered promiscuous mode [ 905.587253][T16011] binder: 16010:16011 tried to acquire reference to desc 0, got 1 instead [ 905.964340][T16018] binder: 16017:16018 ioctl c0306201 0 returned -14 [ 905.975740][T16018] binder: 16017:16018 got transaction to invalid handle, 1 [ 905.978292][T16018] binder: 16018:16017 cannot find target node [ 905.979316][T16018] binder: 16017:16018 transaction call to 0:0 failed 1032/29201/-22, size 88-24 line 3045 [ 905.981605][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 906.095458][T16027] binder: BINDER_SET_CONTEXT_MGR already set [ 906.096411][T16027] binder: 16024:16027 ioctl 4018620d 20000040 returned -16 [ 906.100683][T16027] binder: tried to use weak ref as strong ref [ 906.110239][T16027] binder: 16024:16027 Acquire 1 refcount change on invalid ref 0 ret -22 [ 906.111694][T16027] binder: 16024:16027 ioctl c0306201 200003c0 returned -14 [ 906.113429][T16027] binder: 16024:16027 got transaction to invalid handle, 1 [ 906.114569][T16027] binder: 16027:16024 cannot find target node [ 906.115527][T16027] binder: 16024:16027 transaction async to 0:0 failed 1035/29201/-22, size 112-24 line 3045 [ 906.120442][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 906.236680][T13701] Bluetooth: hci2: command 0x0406 tx timeout [ 906.257666][T16038] binder: 16037:16038 tried to acquire reference to desc 0, got 1 instead [ 907.134133][T16042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 907.141896][T16042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 908.126084][T16050] binder: 16047:16050 ioctl c0306201 0 returned -14 [ 908.140622][T16050] binder: 16047:16050 got transaction to invalid handle, 1 [ 908.141727][T16050] binder: 16050:16047 cannot find target node [ 908.148987][T16049] device syzkaller0 entered promiscuous mode [ 908.209625][T16052] device syzkaller0 entered promiscuous mode [ 908.845346][T16070] binder: 16068:16070 tried to acquire reference to desc 0, got 1 instead [ 909.215675][T16078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 909.222285][T16078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 910.421020][T16087] binder: 16085:16087 got transaction to invalid handle, 1 [ 910.422109][T16087] binder_debug: 2 callbacks suppressed [ 910.422120][T16087] binder: 16087:16085 cannot find target node [ 910.432340][T16088] device syzkaller0 entered promiscuous mode [ 910.441268][T16087] binder: 16085:16087 transaction call to 0:0 failed 1051/29201/-22, size 88-24 line 3045 [ 910.452113][T15330] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.579375][T16095] device syzkaller0 entered promiscuous mode [ 910.888446][T16106] binder: 16105:16106 tried to acquire reference to desc 0, got 1 instead [ 910.984139][T16111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 910.989569][T16111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 911.903957][T16125] binder: 16124:16125 got transaction to invalid handle, 1 [ 911.912234][T16125] binder: 16125:16124 cannot find target node [ 911.915157][T16125] binder: 16124:16125 transaction call to 0:0 failed 1059/29201/-22, size 88-24 line 3045 [ 911.966162][T10968] binder: undelivered TRANSACTION_ERROR: 29201 [ 912.011603][T16132] binder: 16131:16132 tried to acquire reference to desc 0, got 1 instead [ 912.021808][T16132] binder: 16131:16132 got transaction with invalid data ptr [ 912.023023][T16132] binder: 16131:16132 transaction call to 16131:0 failed 1064/29201/-14, size 0-24 line 3333 [ 912.036999][T10968] binder: undelivered TRANSACTION_ERROR: 29201 [ 912.095531][T16140] device syzkaller0 entered promiscuous mode [ 912.197201][T16145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 912.198694][T16145] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 913.276166][T16155] device syzkaller0 entered promiscuous mode [ 914.061269][T16161] binder: 16160:16161 got transaction to invalid handle, 1 [ 914.062586][T16161] binder: 16161:16160 cannot find target node [ 914.064669][T16161] binder: 16160:16161 transaction call to 0:0 failed 1068/29201/-22, size 88-24 line 3045 [ 914.123781][T16165] binder: 16164:16165 tried to acquire reference to desc 0, got 1 instead [ 914.126071][T16165] binder: 16164:16165 got transaction with invalid data ptr [ 914.185038][T16171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 914.190955][T16171] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 914.221705][T16173] device syzkaller0 entered promiscuous mode [ 914.790569][T16181] (syz.0.3602,16181,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 914.792046][T16181] (syz.0.3602,16181,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 915.294444][T16186] device syzkaller0 entered promiscuous mode [ 915.348370][T16188] binder: 16187:16188 got transaction to invalid handle, 1 [ 915.394112][T16195] binder: 16193:16195 tried to acquire reference to desc 0, got 1 instead [ 915.395795][T16195] binder: 16193:16195 got transaction with invalid data ptr [ 915.961392][T16210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 915.963928][T16210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 916.055991][T16212] sp0: Synchronizing with TNC [ 916.069821][T16212] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 916.074548][T16212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 916.076937][T16212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 916.476714][T13701] Bluetooth: hci3: command 0x0406 tx timeout [ 917.490755][T16229] binder: 16228:16229 got transaction to invalid handle, 1 [ 917.492055][T16229] binder_debug: 8 callbacks suppressed [ 917.492068][T16229] binder: 16229:16228 cannot find target node [ 917.494017][T16229] binder: 16228:16229 transaction call to 0:0 failed 1086/29201/-22, size 88-24 line 3045 [ 917.495947][ T3442] binder: undelivered TRANSACTION_ERROR: 29201 [ 917.677030][T16237] device syzkaller0 entered promiscuous mode [ 917.904961][T16241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3623'. [ 919.682340][T16261] binder: 16259:16261 got transaction to invalid handle, 1 [ 919.693966][T16261] binder: 16261:16259 cannot find target node [ 919.695001][T16261] binder: 16259:16261 transaction call to 0:0 failed 1090/29201/-22, size 88-24 line 3045 [ 919.700043][T16263] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3630'. [ 919.702683][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 919.986870][T16273] binder: 16272:16273 ioctl c00c620f 20000140 returned -22 [ 920.373449][T16271] sp0: Synchronizing with TNC [ 920.375033][T16278] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 920.377297][T16278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 920.378790][T16278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 920.489129][T16284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3637'. [ 920.612038][T16290] device syzkaller0 entered promiscuous mode [ 921.367944][T16299] binder: tried to use weak ref as strong ref [ 921.369119][T16299] binder: 16298:16299 Acquire 1 refcount change on invalid ref 0 ret -22 [ 921.371298][T16299] binder: 16298:16299 got transaction to invalid handle, 1 [ 921.372591][T16299] binder: 16299:16298 cannot find target node [ 921.373664][T16299] binder: 16298:16299 transaction call to 0:0 failed 1093/29201/-22, size 88-24 line 3045 [ 921.375639][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 921.820337][T16313] tipc: Enabled bearer , priority 0 [ 921.831023][T16313] tipc: Resetting bearer [ 922.017573][T16312] tipc: Disabling bearer [ 922.287941][T10968] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 922.331792][T16322] device syzkaller0 entered promiscuous mode [ 922.506672][T10968] usb 1-1: Using ep0 maxpacket: 16 [ 922.722181][T10968] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 922.724096][T10968] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 95, changing to 7 [ 922.727647][T10968] usb 1-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 922.729073][T10968] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.730863][T10968] usb 1-1: Product: syz [ 922.731620][T10968] usb 1-1: Manufacturer: syz [ 922.732347][T10968] usb 1-1: SerialNumber: syz [ 922.753527][T16329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3653'. [ 922.933015][T16333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 922.934546][T16333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 923.324744][T16342] tipc: Enabled bearer , priority 0 [ 923.326436][T16342] device syzkaller0 entered promiscuous mode [ 923.333747][T16342] tipc: Resetting bearer [ 923.336051][T16340] tipc: Resetting bearer [ 923.417261][T16340] tipc: Disabling bearer [ 924.373531][T10968] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile [ 924.374926][T10968] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile [ 924.378951][T10968] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 924.385911][T10968] usb 1-1: USB disconnect, device number 39 [ 925.247931][T14932] udevd[14932]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 925.254156][T16356] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 925.256223][T16356] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 925.257479][T16356] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 925.297248][T16352] tipc: Enabled bearer , priority 0 [ 925.314630][T16352] tipc: Resetting bearer [ 925.479560][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 925.480746][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 925.873506][T16375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 925.875515][T16375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 925.889290][T16350] tipc: Disabling bearer [ 926.406867][T16383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3670'. [ 926.532699][T16384] tipc: Enabled bearer , priority 0 [ 926.538395][T16384] device syzkaller0 entered promiscuous mode [ 926.552999][T16384] tipc: Resetting bearer [ 926.565955][T16382] tipc: Resetting bearer [ 926.647237][T16382] tipc: Disabling bearer [ 926.705586][T16390] binder: 16389:16390 ioctl 4018620d 0 returned -22 [ 926.707298][T16390] binder: tried to use weak ref as strong ref [ 926.708271][T16390] binder: 16389:16390 Acquire 1 refcount change on invalid ref 0 ret -22 [ 926.712969][T16390] binder: 16389:16390 got transaction to invalid handle, 1 [ 926.718114][T16390] binder: 16390:16389 cannot find target node [ 926.719191][T16390] binder: 16389:16390 transaction call to 0:0 failed 1096/29201/-22, size 88-24 line 3045 [ 926.777029][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 927.920629][T16407] tipc: Enabled bearer , priority 0 [ 927.922350][T16407] device syzkaller0 entered promiscuous mode [ 928.040621][T16393] sp0: Synchronizing with TNC [ 928.044737][T16393] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 928.047972][T16393] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 928.049226][T16393] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 928.070394][T16406] tipc: Resetting bearer [ 928.388201][T16415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3685'. [ 928.388738][T16406] tipc: Disabling bearer [ 928.520038][T16425] tipc: Enabled bearer , priority 0 [ 928.521783][T16425] device syzkaller0 entered promiscuous mode [ 928.976939][T16425] tipc: Resetting bearer [ 928.988665][T16423] tipc: Resetting bearer [ 929.055678][T16433] binder: 16432:16433 ioctl 4018620d 0 returned -22 [ 929.061612][T16433] binder: tried to use weak ref as strong ref [ 929.062759][T16433] binder: 16432:16433 Acquire 1 refcount change on invalid ref 0 ret -22 [ 929.065166][T16433] binder: 16432:16433 got transaction to invalid handle, 1 [ 929.066375][T16433] binder: 16433:16432 cannot find target node [ 929.067847][T16433] binder: 16432:16433 transaction call to 0:0 failed 1099/29201/-22, size 88-24 line 3045 [ 929.069937][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 929.210831][T16423] tipc: Disabling bearer [ 929.269252][T16437] device syzkaller0 entered promiscuous mode [ 930.149321][T16449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 930.150842][T16449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 930.823219][T16467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3698'. [ 931.085671][T16479] binder: 16478:16479 ioctl 4018620d 0 returned -22 [ 931.087637][T16479] binder: tried to use weak ref as strong ref [ 931.088601][T16479] binder: 16478:16479 Acquire 1 refcount change on invalid ref 0 ret -22 [ 931.090093][T16479] binder: 16478:16479 got transaction to invalid handle, 1 [ 931.091208][T16479] binder: 16479:16478 cannot find target node [ 931.092296][T16479] binder: 16478:16479 transaction call to 0:0 failed 1102/29201/-22, size 88-24 line 3045 [ 931.094415][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.076714][T13701] Bluetooth: hci1: command 0x0406 tx timeout [ 941.883826][T16457] tipc: Enabling of bearer rejected, failed to enable media [ 944.276887][T16531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3712'. [ 945.393790][T16550] IPVS: ip_vs_add_dest(): server weight less than zero [ 945.467053][T16554] tipc: Enabled bearer , priority 0 [ 945.469317][T16554] device syzkaller0 entered promiscuous mode [ 945.515833][T16554] tipc: Resetting bearer [ 945.523377][ T14] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 946.118528][T16553] tipc: Resetting bearer [ 946.226659][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 946.228955][ T14] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 946.230510][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 946.287497][ T14] usb 1-1: config 0 descriptor?? [ 946.360053][T16553] tipc: Disabling bearer [ 946.438989][T16578] tipc: Can't bind to reserved service type 1 [ 946.507491][T16579] (syz.2.3728,16579,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 946.509091][T16579] (syz.2.3728,16579,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 946.720839][T14836] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 946.783751][T14836] hid-generic 0000:0000:0000.001B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 947.063661][T16591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3730'. [ 947.246433][T16594] tipc: Enabled bearer , priority 0 [ 947.248934][T16594] device syzkaller0 entered promiscuous mode [ 947.256951][T16594] tipc: Resetting bearer [ 947.267338][T16593] tipc: Resetting bearer [ 947.320593][T16593] tipc: Disabling bearer [ 948.092869][T16613] binder: 16612:16613 got transaction to invalid handle, 1 [ 948.094259][T16613] binder: 16613:16612 cannot find target node [ 948.095285][T16613] binder: 16612:16613 transaction call to 0:0 failed 1106/29201/-22, size 88-24 line 3045 [ 948.100629][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 948.168913][ T14] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 948.183674][ T14] usb 1-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 948.185053][ T14] usb 1-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 948.198117][T16616] tipc: Enabled bearer , priority 0 [ 948.199894][T16616] device syzkaller0 entered promiscuous mode [ 948.228897][T16616] tipc: Resetting bearer [ 948.236362][T16615] tipc: Resetting bearer [ 948.337725][T16615] tipc: Disabling bearer [ 948.434224][T16628] (syz.0.3745,16628,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 948.435953][T16628] (syz.0.3745,16628,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 948.990043][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3749'. [ 949.204566][T16639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 949.206048][T16639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 949.325014][T16645] binder: 16644:16645 got transaction to invalid handle, 1 [ 949.326305][T16645] binder: 16645:16644 cannot find target node [ 949.327691][T16645] binder: 16644:16645 transaction call to 0:0 failed 1110/29201/-22, size 88-24 line 3045 [ 949.329689][T16366] binder: undelivered TRANSACTION_ERROR: 29201 [ 949.425979][ T24] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0 [ 949.429105][ T24] hid-generic 0000:0000:0000.001C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 949.529854][T16660] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3758'. [ 950.641816][T16678] (syz.4.3763,16678,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 950.643325][T16678] (syz.4.3763,16678,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 950.964315][T16679] I/O error, dev loop3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 950.966720][T16679] ADFS-fs (loop3): error: unable to read block 3, try 0 [ 951.029853][T16676] usb usb3: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 951.031012][T16676] vhci_hcd: invalid port number 96 [ 951.031878][T16676] vhci_hcd: default hub control req: 1f0a vfffa i0060 l0 [ 951.074650][T16683] binder: 16682:16683 got transaction to invalid handle, 1 [ 951.076034][T16683] binder: 16683:16682 cannot find target node [ 951.078833][T16683] binder: 16682:16683 transaction call to 0:0 failed 1114/29201/-22, size 88-24 line 3045 [ 951.084756][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 951.149983][T16685] binder: 16684:16685 ioctl c040583f 0 returned -22 [ 951.617541][T16701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3770'. [ 952.202189][T16705] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3773'. [ 952.250943][ T4370] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 952.252689][ T4370] hid-generic 0000:0000:0000.001D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 952.569444][T16716] binder: 16715:16716 got transaction to invalid handle, 1 [ 952.570803][T16716] binder: 16716:16715 cannot find target node [ 953.130524][T16733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 953.132082][T16733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 953.322053][T16738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3783'. [ 953.793030][T16746] binder: 16745:16746 tried to acquire reference to desc 0, got 1 instead [ 953.796939][T16746] binder: 16745:16746 ioctl c0306201 0 returned -14 [ 954.498157][T16759] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3792'. [ 954.615140][T16762] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3793'. [ 954.891301][T14990] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0 [ 954.893021][T14990] hid-generic 0000:0000:0000.001E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 954.933687][T16772] netlink: 'syz.2.3794': attribute type 27 has an invalid length. [ 955.469313][T16780] binder: 16779:16780 tried to acquire reference to desc 0, got 1 instead [ 955.473842][T16780] binder: 16779:16780 ioctl c0306201 0 returned -14 [ 955.717602][T16789] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3800'. [ 956.454134][T16797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 956.460755][T16797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 957.292311][T16813] binder: 16812:16813 tried to acquire reference to desc 0, got 1 instead [ 957.300452][T16813] binder: 16812:16813 ioctl c0306201 0 returned -14 [ 957.437287][ T4337] Bluetooth: hci0: command 0x0406 tx timeout [ 957.446323][T16825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 957.457881][T16825] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 957.460932][ T22] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0 [ 957.462730][ T22] hid-generic 0000:0000:0000.001F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 957.936182][T16835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 957.938108][T16835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 957.941354][T16835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 957.942954][T16835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 957.944758][T16835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 957.946439][T16835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 957.953615][T13701] Bluetooth: hci0: unknown advertising packet type: 0x17 [ 957.953660][T13701] Bluetooth: hci0: unknown advertising packet type: 0x5c [ 957.954972][T13701] Bluetooth: hci0: Dropping invalid advertising data [ 957.957508][T13701] Bluetooth: hci0: unknown advertising packet type: 0x0d [ 957.957519][T13701] Bluetooth: hci0: unknown advertising packet type: 0x09 [ 957.958989][T13701] Bluetooth: hci0: unknown advertising packet type: 0x05 [ 957.960169][T13701] Bluetooth: hci0: Malformed LE Event: 0x02 [ 957.991510][T16836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3816'. [ 958.540611][T16847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 958.543370][T16847] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 959.022694][T16851] binder: 16850:16851 tried to acquire reference to desc 0, got 1 instead [ 960.574638][T16879] binder: 16878:16879 tried to acquire reference to desc 0, got 1 instead [ 960.599220][T16881] loop2: detected capacity change from 0 to 7 [ 960.600631][T16881] loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 960.601805][T16881] loop2: partition table partially beyond EOD, truncated [ 960.603675][T16881] loop2: p1 size 2574515542 extends beyond EOD, truncated [ 961.366143][T16881] loop2: p2 start 445263249 is beyond EOD, truncated [ 961.471535][T16505] udevd[16505]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 962.112109][T16908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 962.113439][T16908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 962.120582][T11185] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0 [ 962.122782][T11185] hid-generic 0000:0000:0000.0020: hidraw0: HID v0.00 Device [syz1] on syz0 [ 962.213790][T16913] tipc: Enabled bearer , priority 0 [ 962.215271][T16913] device syzkaller0 entered promiscuous mode [ 962.222075][T16913] tipc: Resetting bearer [ 962.224373][T16912] tipc: Resetting bearer [ 962.597173][T16912] tipc: Disabling bearer [ 962.614086][T16917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 962.616455][T16917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 962.958939][T16923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3848'. [ 963.538453][T16927] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3850'. [ 965.394004][T16950] tipc: Enabled bearer , priority 0 [ 965.395773][T16950] device syzkaller0 entered promiscuous mode [ 965.405193][T16950] tipc: Resetting bearer [ 965.408082][T16949] tipc: Resetting bearer [ 965.479546][T16949] tipc: Disabling bearer [ 965.985043][T16963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 965.988316][T16963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 966.405697][T16972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 966.409006][T16972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 966.414072][T11185] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 966.416167][T11185] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz1] on syz0 [ 968.050892][T16986] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 969.817443][T17033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.819123][T17033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 970.179905][T17036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 970.183688][T17036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 971.315887][T17065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 971.330967][T17065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 971.348535][T11185] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0 [ 971.350088][T11185] hid-generic 0000:0000:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 972.351328][T17080] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 973.279800][T17102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 973.281439][T17102] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 973.859007][T17120] device syzkaller0 entered promiscuous mode [ 973.917661][T17120] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3908'. [ 973.928151][T17120] snd_dummy snd_dummy.0: control 0:0:1073741824:syz0:-4 is already present [ 974.348306][T17124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 974.350677][T17124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 974.737913][T17136] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3916'. [ 974.740766][T17136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3916'. [ 974.742278][T17136] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3916'. [ 974.743822][T17136] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3916'. [ 975.741851][ T22] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0 [ 975.748804][ T22] hid-generic 0000:0000:0000.0023: hidraw0: HID v0.00 Device [syz1] on syz0 [ 975.817511][T17156] tipc: Enabling of bearer rejected, failed to enable media [ 976.378909][T17170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 976.384454][T17170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 977.226432][T17185] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3933'. [ 977.231713][T17184] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3934'. [ 977.361104][T17196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 977.362727][T17196] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 977.785446][T17200] tipc: Enabled bearer , priority 0 [ 977.787329][T17200] device syzkaller0 entered promiscuous mode [ 977.883418][T17200] tipc: Resetting bearer [ 977.890814][T17199] tipc: Resetting bearer [ 978.037214][T17199] tipc: Disabling bearer [ 979.361268][T17216] atomic_op 00000000ead74dfe conn xmit_atomic 0000000000000000 [ 979.540088][T17222] binder: 17221:17222 tried to acquire reference to desc 0, got 1 instead [ 979.541731][T17222] binder: 17221:17222 sending u0000008000000000 node 1145, cookie mismatch 0000000000000000 != 00000000000000f0 [ 979.543691][T17222] binder_debug: 2 callbacks suppressed [ 979.543702][T17222] binder: 17222:17221 translate binder failed [ 979.545563][T17222] binder: 17221:17222 transaction call to 17221:0 failed 1144/29201/-22, size 88-24 line 3374 [ 979.555527][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 979.683282][ T113] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0 [ 979.684907][ T113] hid-generic 0000:0000:0000.0024: hidraw0: HID v0.00 Device [syz1] on syz0 [ 979.727851][T17236] tipc: Enabled bearer , priority 0 [ 979.729491][T17236] device syzkaller0 entered promiscuous mode [ 980.131482][T17236] tipc: Resetting bearer [ 980.139577][T17232] tipc: Resetting bearer [ 980.264560][T17232] tipc: Disabling bearer [ 981.545727][T17271] device syzkaller0 entered promiscuous mode [ 981.656349][T17273] loop0: detected capacity change from 0 to 1024 [ 981.675747][T17273] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 981.693711][T17273] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 981.750924][T17273] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.3966: bg 0: block 112: padding at end of block bitmap is not set [ 981.760829][T17273] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 28 [ 981.763054][T17273] EXT4-fs (loop0): This should not happen!! Data will be lost [ 981.763054][T17273] [ 981.764647][T17273] EXT4-fs (loop0): Total free blocks count 0 [ 981.765870][T17273] EXT4-fs (loop0): Free/Dirty block details [ 981.768598][T17273] EXT4-fs (loop0): free_blocks=0 [ 981.769454][T17273] EXT4-fs (loop0): dirty_blocks=0 [ 981.770264][T17273] EXT4-fs (loop0): Block reservation details [ 981.771274][T17273] EXT4-fs (loop0): i_reserved_data_blocks=0 [ 981.792569][T14564] EXT4-fs (loop0): unmounting filesystem. [ 981.881963][T17280] binder: tried to use weak ref as strong ref [ 981.884131][T17280] binder: 17277:17280 Acquire 1 refcount change on invalid ref 0 ret -22 [ 981.886575][T17280] binder: 17277:17280 ioctl c0306201 200003c0 returned -14 [ 981.909417][T17280] binder: 17277:17280 got transaction to invalid handle, 1 [ 981.910732][T17280] binder: 17280:17277 cannot find target node [ 981.932052][T17280] binder: 17277:17280 transaction async to 0:0 failed 1149/29201/-22, size 112-24 line 3045 [ 981.946484][ T4370] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.000324][T17289] loop2: detected capacity change from 0 to 1024 [ 982.003964][T17289] EXT4-fs: Ignoring removed orlov option [ 982.005744][T17290] tipc: Enabled bearer , priority 0 [ 982.014661][T17290] device syzkaller0 entered promiscuous mode [ 982.020047][T17291] loop0: detected capacity change from 0 to 1024 [ 982.021421][T17291] EXT4-fs: inline encryption not supported [ 982.039722][T17289] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 982.047551][T17291] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 982.062992][T14155] EXT4-fs (loop2): unmounting filesystem. [ 982.073379][T17291] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 982.082159][T17296] tipc: Resetting bearer [ 982.091005][T17287] tipc: Resetting bearer [ 982.120249][T14564] EXT4-fs (loop0): unmounting filesystem. [ 982.177265][T17287] tipc: Disabling bearer [ 982.412823][T17314] loop1: detected capacity change from 0 to 1024 [ 982.416317][T17314] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 982.418472][T17314] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 982.420899][T17314] EXT4-fs error (device loop1): ext4_get_journal_inode:5756: inode #5: comm syz.1.3981: unexpected bad inode w/o EXT4_IGET_BAD [ 982.424241][T17314] EXT4-fs (loop1): no journal found [ 982.425086][T17314] EXT4-fs (loop1): can't get journal size [ 982.426512][T17314] EXT4-fs (loop1): failed to initialize system zone (-117) [ 982.428581][T17314] EXT4-fs (loop1): mount failed [ 983.329466][T17322] binder: tried to use weak ref as strong ref [ 983.334952][T17322] binder: 17319:17322 Acquire 1 refcount change on invalid ref 0 ret -22 [ 983.336431][T17322] binder: 17319:17322 ioctl c0306201 200003c0 returned -14 [ 983.360305][T17322] binder: 17319:17322 got transaction to invalid handle, 1 [ 983.361500][T17322] binder: 17322:17319 cannot find target node [ 983.376492][T17322] binder: 17319:17322 transaction async to 0:0 failed 1152/29201/-22, size 112-24 line 3045 [ 983.391092][ T3442] binder: undelivered TRANSACTION_ERROR: 29201 [ 983.491482][T17330] loop2: detected capacity change from 0 to 512 [ 983.517925][T17330] EXT4-fs (loop2): 1 truncate cleaned up [ 983.518848][T17330] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 983.541721][T17333] tipc: Enabled bearer , priority 0 [ 983.550440][T17333] device syzkaller0 entered promiscuous mode [ 983.638054][T14155] EXT4-fs (loop2): unmounting filesystem. [ 983.658135][T17336] tipc: Resetting bearer [ 983.669014][T17331] tipc: Resetting bearer [ 983.737999][T17331] tipc: Disabling bearer [ 983.794486][ T3442] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 983.800455][ T3442] hid-generic 0000:0000:0000.0025: hidraw0: HID v0.00 Device [syz1] on syz0 [ 983.895197][T17350] loop2: detected capacity change from 0 to 7 [ 983.897035][T17350] Dev loop2: unable to read RDB block 7 [ 983.897869][T17350] loop2: unable to read partition table [ 983.898852][T17350] loop2: partition table beyond EOD, truncated [ 983.899862][T17350] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 984.242616][T17353] binder: tried to use weak ref as strong ref [ 984.243860][T17353] binder: 17352:17353 Acquire 1 refcount change on invalid ref 0 ret -22 [ 984.247261][T17353] binder: 17352:17353 ioctl c0306201 200003c0 returned -14 [ 984.250725][T17353] binder: 17353:17352 cannot find target node [ 984.991932][T17368] loop0: detected capacity change from 0 to 8192 [ 986.298521][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 986.303963][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 986.310239][T17388] binder_user_error: 1 callbacks suppressed [ 986.310248][T17388] binder: 17386:17388 tried to acquire reference to desc 0, got 1 instead [ 986.312706][T17388] binder: 17386:17388 ioctl c0306201 200003c0 returned -14 [ 986.314365][T17388] binder_alloc: 17386: binder_alloc_buf, no vma [ 986.315368][T17388] binder_debug: 2 callbacks suppressed [ 986.315379][T17388] binder: cannot allocate buffer: vma cleared, target dead or dying [ 986.329770][T17388] binder: 17386:17388 transaction async to 17386:0 failed 1160/29189/-3, size 112-24 line 3230 [ 986.335284][T16366] binder: undelivered TRANSACTION_ERROR: 29189 [ 986.586136][T17407] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4014'. [ 986.589060][T17407] device geneve2 entered promiscuous mode [ 986.675086][T17411] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4017'. [ 987.634600][T17427] binder: 17423:17427 tried to acquire reference to desc 0, got 1 instead [ 987.636151][T17427] binder: 17423:17427 ioctl c0306201 200003c0 returned -14 [ 987.644276][T17427] binder_alloc: 17423: binder_alloc_buf, no vma [ 987.645246][T17427] binder: cannot allocate buffer: vma cleared, target dead or dying [ 987.645286][T17427] binder: 17423:17427 transaction async to 17423:0 failed 1165/29189/-3, size 112-24 line 3230 [ 987.662559][T16366] binder: undelivered TRANSACTION_ERROR: 29189 [ 987.882977][T17441] loop0: detected capacity change from 0 to 512 [ 987.986686][T11185] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 987.990480][T11185] hid-generic 0000:0000:0000.0026: hidraw0: HID v0.00 Device [syz1] on syz0 [ 988.093321][T17461] binder: 17460:17461 tried to acquire reference to desc 0, got 1 instead [ 988.094834][T17461] binder: 17460:17461 ioctl c0306201 200003c0 returned -14 [ 988.490128][T17461] binder_alloc: 17460: binder_alloc_buf, no vma [ 988.491388][T17461] binder: cannot allocate buffer: vma cleared, target dead or dying [ 988.491418][T17461] binder: 17460:17461 transaction async to 17460:0 failed 1170/29189/-3, size 112-24 line 3230 [ 988.531863][ T4370] binder: undelivered TRANSACTION_ERROR: 29189 [ 988.636920][T17474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4035'. [ 990.028878][T17503] (syz.0.4049,17503,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 990.030335][T17503] (syz.0.4049,17503,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 990.330291][T17510] loop3: detected capacity change from 0 to 256 [ 990.540274][T17514] syz.3.4052: attempt to access beyond end of device [ 990.540274][T17514] loop3: rw=2049, sector=256, nr_sectors = 288 limit=256 [ 990.551947][T17514] syz.3.4052: attempt to access beyond end of device [ 990.551947][T17514] loop3: rw=2049, sector=608, nr_sectors = 416 limit=256 [ 990.565660][T17514] syz.3.4052: attempt to access beyond end of device [ 990.565660][T17514] loop3: rw=2049, sector=1056, nr_sectors = 512 limit=256 [ 991.622303][T14557] kworker/u4:14: attempt to access beyond end of device [ 991.622303][T14557] loop3: rw=1, sector=352, nr_sectors = 8 limit=256 [ 992.067987][T17544] loop2: detected capacity change from 0 to 128 [ 992.303317][T17562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4072'. [ 992.305172][T17562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4072'. [ 992.433916][T17569] binder: tried to use weak ref as strong ref [ 992.439277][T17569] binder: 17568:17569 Acquire 1 refcount change on invalid ref 0 ret -22 [ 992.443774][T17569] binder: 17568:17569 ioctl c0306201 200003c0 returned -14 [ 992.446466][T17569] binder: 17568:17569 got transaction to invalid handle, 1 [ 992.452298][T17569] binder: 17569:17568 cannot find target node [ 992.457662][T17569] binder: 17568:17569 transaction async to 0:0 failed 1173/29201/-22, size 112-24 line 3045 [ 992.466044][T14990] binder: undelivered TRANSACTION_ERROR: 29201 [ 993.509710][T17589] loop2: detected capacity change from 0 to 512 [ 993.610469][T17589] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.4081: inode has both inline data and extents flags [ 993.612599][T17589] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.4081: couldn't read orphan inode 15 (err -117) [ 993.614654][T17589] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 993.639637][T17595] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4083'. [ 993.752668][T14155] EXT4-fs (loop2): unmounting filesystem. [ 994.018195][T17607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 994.025314][T17607] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 994.092503][T17608] (syz.3.4091,17608,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 994.093891][T17608] (syz.3.4091,17608,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 994.633419][T17632] loop3: detected capacity change from 0 to 512 [ 994.636370][T17632] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 994.676359][T17632] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 994.684374][ T27] audit: type=1326 audit(994.670:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.692362][ T27] audit: type=1326 audit(994.680:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=119 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.699016][ T27] audit: type=1326 audit(994.680:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.706673][ T27] audit: type=1326 audit(994.680:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=119 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.710627][ T27] audit: type=1326 audit(994.680:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.714329][ T27] audit: type=1326 audit(994.680:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=88 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.717799][ T27] audit: type=1326 audit(994.680:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.0.4101" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92177128 code=0x7ffc0000 [ 994.791218][T14328] EXT4-fs (loop3): unmounting filesystem. [ 994.833578][T17643] (syz.0.4103,17643,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 994.835136][T17643] (syz.0.4103,17643,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 994.873554][T17645] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 994.879240][T17645] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 994.880745][T17645] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 994.888752][T17645] device veth0_to_team left promiscuous mode [ 994.902684][T17645] device macvlan0 left promiscuous mode [ 996.018695][T17668] loop2: detected capacity change from 0 to 7 [ 996.020229][T17668] Dev loop2: unable to read RDB block 7 [ 996.021186][T17668] loop2: unable to read partition table [ 996.022201][T17668] loop2: partition table beyond EOD, truncated [ 996.023251][T17668] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 999.139418][T17674] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1006.697601][T17692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4119'. [ 1006.844251][T17714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4126'. [ 1007.232919][T17723] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4129'. [ 1007.238426][T17723] loop1: detected capacity change from 0 to 136 [ 1007.245827][T17723] Attempt to read inode for relocated directory [ 1007.255853][T17723] netlink: 42503 bytes leftover after parsing attributes in process `syz.1.4129'. [ 1007.311819][T17727] device syzkaller0 entered promiscuous mode [ 1007.476330][T17735] loop1: detected capacity change from 0 to 512 [ 1007.506137][T17738] device syzkaller0 entered promiscuous mode [ 1007.513531][T17735] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1007.554841][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1007.713957][T17748] loop3: detected capacity change from 0 to 1024 [ 1007.722816][T17748] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1007.764080][T17748] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1007.770987][T17748] EXT4-fs (loop3): shut down requested (1) [ 1007.821729][T14328] EXT4-fs (loop3): unmounting filesystem. [ 1007.962850][T17767] device syzkaller0 entered promiscuous mode [ 1008.031416][T17773] device syzkaller0 entered promiscuous mode [ 1008.769491][T17793] sp0: Synchronizing with TNC [ 1008.796152][T17793] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1008.797753][T17793] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1009.827662][T17801] capability: warning: `syz.4.4158' uses 32-bit capabilities (legacy support in use) [ 1009.928351][T17807] device syzkaller0 entered promiscuous mode [ 1010.234376][T17829] netlink: 88 bytes leftover after parsing attributes in process `syz.4.4168'. [ 1010.531417][T17838] loop4: detected capacity change from 0 to 512 [ 1010.547344][T17839] tipc: Enabled bearer , priority 0 [ 1010.549133][T17839] device syzkaller0 entered promiscuous mode [ 1010.586254][T17838] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1010.624159][T14833] EXT4-fs (loop4): unmounting filesystem. [ 1010.659782][T17839] tipc: Resetting bearer [ 1010.672812][T17837] tipc: Resetting bearer [ 1010.748056][T17837] tipc: Disabling bearer [ 1010.937998][T17859] device syzkaller0 entered promiscuous mode [ 1011.415622][T17874] fuse: Bad value for 'fd' [ 1011.678789][ T14] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 1011.681146][ T14] dvb_usb_az6027: probe of 1-1:0.0 failed with error -110 [ 1011.693724][ T14] usb 1-1: USB disconnect, device number 40 [ 1011.980652][T17897] usb usb6: usbfs: process 17897 (syz.1.4194) did not claim interface 0 before use [ 1012.054014][T17901] device syzkaller0 entered promiscuous mode [ 1012.222805][T17903] fuse: Bad value for 'fd' [ 1012.509339][T17925] fuse: Bad value for 'fd' [ 1012.543303][T17927] device syzkaller0 entered promiscuous mode [ 1012.601706][T17937] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4214'. [ 1012.603210][T17937] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4214'. [ 1012.604591][T17937] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4214'. [ 1012.615658][T17937] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4214'. [ 1012.693161][T17943] loop1: detected capacity change from 0 to 1024 [ 1012.753380][T17943] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1012.772448][T17951] loop2: detected capacity change from 0 to 512 [ 1012.793970][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1012.983483][T17966] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4226'. [ 1013.051280][T17971] device syzkaller0 entered promiscuous mode [ 1013.053219][T17972] device syzkaller0 entered promiscuous mode [ 1017.942610][T18037] loop1: detected capacity change from 0 to 8192 [ 1018.018937][T18039] usb usb3: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1025.447211][T18059] device bond_slave_0 entered promiscuous mode [ 1025.448244][T18059] device bond_slave_1 entered promiscuous mode [ 1025.449326][T18059] device vlan2 entered promiscuous mode [ 1025.450247][T18059] device bond0 entered promiscuous mode [ 1026.584534][T18089] loop4: detected capacity change from 0 to 8192 [ 1026.591474][T18089] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1026.764324][T18092] device geneve1 entered promiscuous mode [ 1026.834924][T18099] device syzkaller0 entered promiscuous mode [ 1028.666430][T18127] loop1: detected capacity change from 0 to 512 [ 1028.685604][T18127] EXT2-fs (loop1): warning: feature flags set on rev 0 fs, running e2fsck is recommended [ 1037.817435][T18135] device erspan0 entered promiscuous mode [ 1038.880890][ T27] audit: type=1326 audit(1038.870:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18165 comm="syz.3.4294" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1f77128 code=0x0 [ 1038.989526][T18172] loop1: detected capacity change from 0 to 512 [ 1039.028715][T18172] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1039.204375][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1039.294798][T14557] Bluetooth: hci4: Frame reassembly failed (-84) [ 1039.732917][T18192] loop3: detected capacity change from 0 to 512 [ 1039.743994][T18192] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1039.755650][T14328] EXT4-fs (loop3): unmounting filesystem. [ 1041.356670][T13701] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1041.356702][ T4337] Bluetooth: hci4: command 0x1003 tx timeout [ 1047.527593][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 1047.528669][ T2060] ieee802154 phy1 wpan1: encryption failed: -22 [ 1049.551830][T18216] device syzkaller0 entered promiscuous mode [ 1049.554509][T18216] 0: reclassify loop, rule prio 0, protocol 800 [ 1049.660281][T18226] loop1: detected capacity change from 0 to 512 [ 1049.690170][T18228] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1049.691679][T18228] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1049.737925][T18226] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1049.772430][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1050.175233][T18246] binder: BINDER_SET_CONTEXT_MGR already set [ 1050.176163][T18246] binder: 18245:18246 ioctl 4018620d 20000040 returned -16 [ 1050.181219][T18246] binder: 18245:18246 got transaction to invalid handle, 1 [ 1050.182316][T18246] binder: 18246:18245 cannot find target node [ 1050.189487][T18246] binder: 18245:18246 transaction async to 0:0 failed 1175/29201/-22, size 112-24 line 3045 [ 1050.191789][T10034] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.337759][T18258] device syzkaller0 entered promiscuous mode [ 1050.474355][T18264] loop2: detected capacity change from 0 to 512 [ 1050.505986][T18264] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1050.545101][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1050.629750][T18272] binder: 18271:18272 ioctl c0306201 0 returned -14 [ 1050.637246][T18272] binder: 18271:18272 ioctl c0306201 200003c0 returned -14 [ 1050.648109][T18272] binder: 18271:18272 got transaction to invalid handle, 1 [ 1050.649239][T18272] binder: 18272:18271 cannot find target node [ 1050.650220][T18272] binder: 18271:18272 transaction async to 0:0 failed 1179/29201/-22, size 112-24 line 3045 [ 1050.652218][T10968] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.711133][T18278] device geneve2 entered promiscuous mode [ 1050.870273][T18286] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1050.872529][T18286] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1050.873962][T18286] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1050.876442][T18286] device bridge_slave_0 left promiscuous mode [ 1050.882041][T18286] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.929384][T18286] device bridge_slave_1 left promiscuous mode [ 1050.930576][T18286] bridge0: port 2(bridge_slave_1) entered disabled state [ 1050.968511][T18286] bond0: (slave bond_slave_0): Releasing backup interface [ 1050.996178][T18286] bond0: (slave bond_slave_1): Releasing backup interface [ 1051.113259][T18286] team0: Port device team_slave_0 removed [ 1051.123335][T18286] team0: Port device team_slave_1 removed [ 1051.124728][T18286] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1051.126067][T18286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1051.128634][T18286] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1051.130018][T18286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1051.141273][T18291] device syzkaller0 entered promiscuous mode [ 1051.772042][T18324] loop1: detected capacity change from 0 to 1764 [ 1051.892588][T18329] device syzkaller0 entered promiscuous mode [ 1051.898230][T18330] Cannot find set identified by id 1 to match [ 1051.939632][T18332] loop1: detected capacity change from 0 to 512 [ 1051.950980][T18332] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1051.952259][T18332] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 1051.958382][T18332] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1111: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1051.968634][T18332] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.4353: attempt to clear invalid blocks 2 len 1 [ 1051.974587][T18332] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.4353: invalid indirect mapped block 1819239214 (level 0) [ 1051.977484][T18332] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.4353: invalid indirect mapped block 1819239214 (level 1) [ 1051.980195][T18332] EXT4-fs (loop1): 1 truncate cleaned up [ 1051.981093][T18332] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1052.003546][T18332] EXT4-fs error (device loop1): ext4_lookup:1855: inode #2: comm syz.1.4353: 'file1' linked to parent dir [ 1052.045899][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1052.421856][T18377] loop0: detected capacity change from 0 to 128 [ 1052.442177][T18375] loop1: detected capacity change from 0 to 1024 [ 1052.452753][T18375] EXT4-fs: Ignoring removed orlov option [ 1052.458138][T18375] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1052.463008][T18379] device syzkaller0 entered promiscuous mode [ 1052.502863][T18375] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1052.582703][T18387] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3850: comm syz.1.4372: Allocating blocks 497-513 which overlap fs metadata [ 1052.598266][T18387] EXT4-fs (loop1): Remounting filesystem read-only [ 1052.599804][T18387] EXT4-fs (loop1): pa 000000002238fda5: logic 131072, phys. 193, len 20 [ 1052.601230][T18387] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4890: group 0, free 0, pa_free 1 [ 1052.611593][T18387] EXT4-fs (loop1): Remounting filesystem read-only [ 1052.731681][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1053.047033][T18419] loop1: detected capacity change from 0 to 512 [ 1053.080082][T18419] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1053.388326][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1053.522622][T18433] device syzkaller0 entered promiscuous mode [ 1053.900603][T18457] loop1: detected capacity change from 0 to 512 [ 1053.942231][T18457] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1053.980268][T18463] loop2: detected capacity change from 0 to 512 [ 1053.982654][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1053.985424][T18463] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 1053.987933][T18463] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1054.004027][T18463] EXT4-fs (loop2): 1 orphan inode deleted [ 1054.005120][T18463] EXT4-fs (loop2): 1 truncate cleaned up [ 1054.006038][T18463] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1054.095224][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1054.461174][T18488] loop1: detected capacity change from 0 to 512 [ 1054.505230][T18488] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1054.630480][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1054.701826][T18502] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1054.739816][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1054.874043][T18514] device syzkaller0 entered promiscuous mode [ 1054.934652][T18519] set_capacity_and_notify: 1 callbacks suppressed [ 1054.934664][T18519] loop1: detected capacity change from 0 to 1764 [ 1055.029019][T18523] loop2: detected capacity change from 0 to 512 [ 1055.068537][T18523] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1055.087435][T18527] loop3: detected capacity change from 0 to 512 [ 1055.107846][T18527] EXT4-fs (loop3): 1 truncate cleaned up [ 1055.108753][T18527] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1055.139674][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1055.157196][T14328] EXT4-fs (loop3): unmounting filesystem. [ 1055.190587][T18532] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4438'. [ 1055.245402][T18536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1055.251608][T18536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1055.746263][T18549] loop1: detected capacity change from 0 to 1764 [ 1055.812484][T18553] loop1: detected capacity change from 0 to 512 [ 1055.845432][T18553] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1055.891376][T13699] EXT4-fs (loop1): unmounting filesystem. [ 1056.123027][T18562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4449'. [ 1056.891726][T18584] loop0: detected capacity change from 0 to 512 [ 1057.186355][T18584] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1057.272163][T14564] EXT4-fs (loop0): unmounting filesystem. [ 1057.590750][T18600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4462'. [ 1057.861670][T18606] loop0: detected capacity change from 0 to 512 [ 1057.899654][T18606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1057.912087][T14564] EXT4-fs (loop0): unmounting filesystem. [ 1058.103877][T18618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4470'. [ 1058.107910][T18618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4470'. [ 1058.140740][T18620] loop0: detected capacity change from 0 to 512 [ 1058.166268][T18620] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1058.192243][T14564] EXT4-fs (loop0): unmounting filesystem. [ 1058.491352][T18631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4474'. [ 1058.809175][T18637] loop2: detected capacity change from 0 to 512 [ 1058.842654][T18637] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1058.889697][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1058.972417][T18649] loop2: detected capacity change from 0 to 512 [ 1058.985301][T18648] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 1058.988099][T18648] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1058.989590][T18648] EXT4-fs warning (device loop0): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 1058.995678][T18648] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 1059.002577][T18648] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #13: comm syz.0.4481: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1059.010260][T18648] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.4481: couldn't read orphan inode 13 (err -117) [ 1059.014946][T18648] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1059.018198][T18649] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1059.035666][T18648] EXT4-fs (loop0): shut down requested (0) [ 1059.061899][T14155] EXT4-fs (loop2): unmounting filesystem. [ 1059.086371][T14564] EXT4-fs (loop0): unmounting filesystem. [ 1059.102829][T18656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1059.115172][T18656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1059.117480][T18658] binder: 18657:18658 ioctl c0306201 200003c0 returned -14 [ 1059.118929][T18658] binder: 18657:18658 got transaction to invalid handle, 1 [ 1059.120242][T18658] binder: 18658:18657 cannot find target node [ 1059.124417][T18658] binder: 18657:18658 transaction async to 0:0 failed 1183/29201/-22, size 112-24 line 3045 [ 1059.129686][T16366] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.490900][T18666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4487'. [ 1059.686096][T18676] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1059.760669][T18680] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1059.783990][T14328] EXT4-fs (loop3): unmounting filesystem. [ 1060.032735][T18704] set_capacity_and_notify: 3 callbacks suppressed [ 1060.032746][T18704] loop4: detected capacity change from 0 to 1024 [ 1060.076165][T18704] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1060.173364][T18708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4502'. [ 1060.399303][T18704] ================================================================== [ 1060.400576][T18704] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x7c0/0x15a0 [ 1060.401887][T18704] Read of size 18446744073709551588 at addr ffff0000dd61d840 by task syz.4.4504/18704 [ 1060.403486][T18704] [ 1060.403844][T18704] CPU: 0 PID: 18704 Comm: syz.4.4504 Not tainted syzkaller #0 [ 1060.405081][T18704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 1060.406719][T18704] Call trace: [ 1060.407249][T18704] dump_backtrace+0x1c0/0x1ec [ 1060.408083][T18704] show_stack+0x2c/0x3c [ 1060.408755][T18704] __dump_stack+0x30/0x40 [ 1060.409455][T18704] dump_stack_lvl+0xf4/0x15c [ 1060.410209][T18704] print_address_description+0x88/0x218 [ 1060.411111][T18704] print_report+0x50/0x68 [ 1060.411847][T18704] kasan_report+0xa8/0xfc [ 1060.412601][T18704] kasan_check_range+0x258/0x290 [ 1060.413383][T18704] memmove+0x48/0x90 [ 1060.413979][T18704] ext4_xattr_set_entry+0x7c0/0x15a0 [ 1060.414810][T18704] ext4_xattr_block_set+0x640/0x2880 [ 1060.415573][T18704] ext4_xattr_set_handle+0x10dc/0x1344 [ 1060.416490][T18704] ext4_xattr_set+0x1f4/0x2c0 [ 1060.417295][T18704] ext4_xattr_trusted_set+0x4c/0x64 [ 1060.418136][T18704] __vfs_setxattr+0x384/0x3a0 [ 1060.418880][T18704] __vfs_setxattr_noperm+0x120/0x564 [ 1060.419725][T18704] __vfs_setxattr_locked+0x1ec/0x218 [ 1060.420646][T18704] vfs_setxattr+0x158/0x2ac [ 1060.421445][T18704] setxattr+0x258/0x2d8 [ 1060.422101][T18704] path_setxattr+0x130/0x260 [ 1060.422851][T18704] __arm64_sys_lsetxattr+0xbc/0xd8 [ 1060.423620][T18704] invoke_syscall+0x98/0x2b4 [ 1060.424397][T18704] el0_svc_common+0x138/0x258 [ 1060.425172][T18704] do_el0_svc+0x58/0x130 [ 1060.425838][T18704] el0_svc+0x58/0x128 [ 1060.426472][T18704] el0t_64_sync_handler+0x84/0xf0 [ 1060.427290][T18704] el0t_64_sync+0x18c/0x190 [ 1060.427997][T18704] [ 1060.428335][T18704] Allocated by task 18704: [ 1060.428955][T18704] kasan_set_track+0x4c/0x80 [ 1060.429650][T18704] kasan_save_alloc_info+0x24/0x30 [ 1060.430432][T18704] __kasan_kmalloc+0xa0/0xb8 [ 1060.431258][T18704] __kmalloc_node_track_caller+0xe0/0x16c [ 1060.432244][T18704] kmemdup+0x5c/0x98 [ 1060.432903][T18704] ext4_xattr_block_set+0x574/0x2880 [ 1060.433705][T18704] ext4_xattr_set_handle+0x10dc/0x1344 [ 1060.434596][T18704] ext4_xattr_set+0x1f4/0x2c0 [ 1060.435413][T18704] ext4_xattr_trusted_set+0x4c/0x64 [ 1060.436223][T18704] __vfs_setxattr+0x384/0x3a0 [ 1060.437011][T18704] __vfs_setxattr_noperm+0x120/0x564 [ 1060.437916][T18704] __vfs_setxattr_locked+0x1ec/0x218 [ 1060.438831][T18704] vfs_setxattr+0x158/0x2ac [ 1060.439537][T18704] setxattr+0x258/0x2d8 [ 1060.440183][T18704] path_setxattr+0x130/0x260 [ 1060.440852][T18704] __arm64_sys_lsetxattr+0xbc/0xd8 [ 1060.441610][T18704] invoke_syscall+0x98/0x2b4 [ 1060.442268][T18704] el0_svc_common+0x138/0x258 [ 1060.442958][T18704] do_el0_svc+0x58/0x130 [ 1060.443591][T18704] el0_svc+0x58/0x128 [ 1060.444212][T18704] el0t_64_sync_handler+0x84/0xf0 [ 1060.445044][T18704] el0t_64_sync+0x18c/0x190 [ 1060.445709][T18704] [ 1060.446082][T18704] The buggy address belongs to the object at ffff0000dd61d800 [ 1060.446082][T18704] which belongs to the cache kmalloc-1k of size 1024 [ 1060.448368][T18704] The buggy address is located 64 bytes inside of [ 1060.448368][T18704] 1024-byte region [ffff0000dd61d800, ffff0000dd61dc00) [ 1060.450497][T18704] [ 1060.450833][T18704] The buggy address belongs to the physical page: [ 1060.451807][T18704] page:00000000c4e14451 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000dd61c800 pfn:0x11d618 [ 1060.453594][T18704] head:00000000c4e14451 order:3 compound_mapcount:0 compound_pincount:0 [ 1060.454854][T18704] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 1060.456052][T18704] raw: 05ffc00000010200 fffffc0003753800 dead000000000003 ffff0000c0002780 [ 1060.457463][T18704] raw: ffff0000dd61c800 000000008010000f 00000001ffffffff 0000000000000000 [ 1060.458757][T18704] page dumped because: kasan: bad access detected [ 1060.459710][T18704] [ 1060.460076][T18704] Memory state around the buggy address: [ 1060.460993][T18704] ffff0000dd61d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1060.462361][T18704] ffff0000dd61d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1060.463639][T18704] >ffff0000dd61d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1060.464849][T18704] ^ [ 1060.465781][T18704] ffff0000dd61d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1060.467048][T18704] ffff0000dd61d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1060.468255][T18704] ================================================================== [ 1060.469487][ C0] vkms_vblank_simulate: vblank timer overrun [ 1060.481462][T18711] loop1: detected capacity change from 0 to 512 [ 1060.490016][T18704] Disabling lock debugging due to kernel taint [ 1060.525945][T14833] EXT4-fs (loop4): unmounting filesystem. [ 1060.529997][T18711] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1060.548576][T13699] EXT4-fs (loop1): unmounting filesystem.