last executing test programs: 6m42.300783211s ago: executing program 0 (id=4607): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$video(0x0, 0x100000000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0xcf, 0x7fff8000}]}) r3 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) r4 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r4, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r5, &(0x7f00000001c0)=ANY=[], 0x11) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x41, 0x0) close(r6) 6m40.462632103s ago: executing program 0 (id=4610): socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = epoll_create(0x7) r2 = epoll_create(0x7) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000140)={0x60000000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sendmsg(r0, 0x0, 0x20000014) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) ptrace$PTRACE_SETSIGMASK(0x420b, r5, 0x0, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x40980, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x4) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000019080)=0x30) 6m38.363160892s ago: executing program 0 (id=4612): r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x6, 0x0, &(0x7f0000000100)) socket$netlink(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x4000000000091}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) pipe(0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) socket$inet(0x2, 0x2, 0x1) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000080)) r5 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, 0x0) r6 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r6, 0x29, 0x3a, 0x0, 0x0) 6m37.132938277s ago: executing program 0 (id=4616): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x10040) syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x5, 0x0, 0x6}}}}}}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f000004d000/0x2000)=nil, 0x2000, 0xb) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x20044000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, r2, 0xec776000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x96, 0x0, 0x3}, 0x28) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r5, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000400)='./file0\x00', 0x402, &(0x7f0000001a40)=ANY=[@ANYBLOB='iocharset=macinuit,umask=00000000000000000000354,errors=continue,gid=', @ANYRESHEX=r7, @ANYBLOB=',iocharset=koi8-r,discard,allow_utime=00000000000000000000010,discard,allow_utime=00000000000000000000004,uid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYBLOB="3cfaf0c8b6eca02453decf4c663cdf6c8aca7084d9b4386866a21bb3ec26b6d50ae4ad3f87d725d8725712b8489024deafd6509f6c3c6fdc"], 0x1, 0x151f, &(0x7f0000000500)="$eJzs3AucT9XaOPDnWWvtMSbp1ySXYa31bH7JZZkkySVJLkmSJEluCUmTHElIDLklDUlILkNyGUJymZg07ve7JCRJkyQhuSXr/5nidTp1/uec9/Qe7+ed5/v5/D7WM3s/az97P7NnXzDfdh1Wq0nt6o2ICP4t+OsfyQAQCwCDAOAaAAgAoHx8+fjs5bklJv97G2F/rofSrnQF7Eri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxsy4xC1/In5374/X9Oxtf//xsunnzw5boy13cDiPln87j/ORv3//+s4J9Zifufs3H/c6rYK10A+1+Az/+cINffXcL9z9m4/4zlZFf6/fOV/kAkZx+DK/39xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsZzjjL1MAcGl8petijDHGGGOMMcbYn8fnutIVMMYYY4wxxhhj7H8eggAJCgKIgVwQC7khDgQAXA154RqIwLUQD9dBPrge8kMBKAiFIAEKQxHQYCAGCEIoCsUgCjdAcbgRSkBJKAWlwUEZSISboCzcDOXgFigPt0IFuA0qQiWoDFXgdqgKd0A1uBOqw11QA2pCLagNd0MduAfqwr1QD+6D+nA/NIAHoCE8CI3gIWgMD0MTeASawqPQDJpDC2gJrf5b+S9AT3gRekFvSIY+0Bdegn7QHwbAQBgEL8NgeAWGwKuQAkNhGLwGw+F1GAFvwEgYBaPhTRgDb8FYGAfjYQKkwkSYBG/DZHgHpsBUmAbTIQ1mwEx4F2bBbJgD78FceB/mwXxYAAshHT6ARbAYMuBDWAIfQSYshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFbbAddsDHsBM+gV3wKeyGPbAXPoN98Pm/mH/6b/K7ISCgQIEKFcZgDMZibozDOMyDeTAv5sUIRjAe4zEf5sP8mB8LYkFMwAQsgkXQoEFCwqJYFKMYxeJYHEtgCSyFpdChw0RMxLJ4M5bDclgey2MFrIAVsRJWwipYBatiVayG1bA6VscaWANrYS28G+/GPlgX62I9rIf1sf6l11PYCBthY2yMTbAJNsWm2AybYQtsga2wFbbG1tgG22A7bIftsT12wA6YhEnYETtiJ+yEnbEzdsEu2BW7Yjfsjt2zXsgF+CK+iL2xhuiDfbEv9sOUXANwIA7El3EwvoKv4KuYgkNxGL6Gr+HrOAJP4UgchaNxNFYVb+FYHIckJmAqpuIknISTcTJOwak4FadjGs7AmTgTZ+FsnI3v4Vx8H9/H+TgfF2I6puMiXIwZmIFL8DRm4lJchstxBa7EFbga1+BqXIfrcR1uxI24GTfjVtyK23E7fowf4yeoAPBT3IN7MAX34T7cj/vxAB7Ag3gQszALD+EhPIyH8QgewaN4FI/hcTyBx/EknsRTeBrP4Bk8h+fwPD6X8HXjT0quTQGRTQklYkSMiBWxIk7EiTwij8gr8oqIiIh4ES/yiXwiv8gvCoqCIkEkiCKiiDDCCBJhDACIqIiK4qK4KCFKiFKilHDCiUSRKMqKsqKcKCfKi1tFBXGbqCgqibauiqgiqop2rpq4U1QX1UUNUVPUErVFbVFH1BF1RV1RT9QT9UV90UA8IBqKPjgAHxLZnWkihmJTMQybieZCXvwJ1lqMwDairWgnnhCjcCR2EK1dknhadBRjsZP4ixiHz4ouYgJ2Fc+LbqK76CFeED1FG9dL9BZTsI/oK6ZjP9FfDBADxSysKd7DublriVdFihgqhonXxEJ8XYwQb4iRYpQYLd4UY8RbYqwYJ8aLCSJVTBSTxNtisnhHTBFTxTQxXaSJGWKmeFfMErPFHPGemCveF/PEfLFALBTp4gOxSCwWGeJDsUR8JDLFUrFMLBcrxEqxSqwWa8RasU6sFxvERrFJbBZbxFaxTWwXO8THYqf4ROwSn4rdYo/YKz4T+8TnYr/4QhwQX4qD4iuRJb4Wh8Q34rD4VhwR34mj4ntxTBwXJ8QP4qT4UZwSp8UZcVacEz+J8+JncUF4ARKlkFIqGcgYmUvGytwyTl4l88jg4tG9VsbL62Q+eb3MLwvIgrKQTJCFZRGppZFWkgxlUVlMRuUNsri8UZaQJWUpWVo6WUYmyptkWXmzLCdvkeXlrbKCvE1WlJVkZVlF3i6ryjskRH7dRg1ZU9aSteXdMhnukXXlvbKevE/Wl/fLBvIB2VA+KBvJh2Rj+bBsIh+RTeWjsplsLlvIlrKVfEy2lo/LNrKtbCefkO3lk7KDfEomyadlR+kvfos8K7vI52RX+bzsJrvLHvJneUF62Uv2ltAHZF/5kuwn+8sBcqAcJF+Wg+Urcoh8VabIoXKYfE0Ol6/LEfINOVKOkqPlm3KMfEuOlePkeDlBpsqJcpJ8W06W78gpcqqcJqfLNDlDDrg40xwp/2H+23+QP+SXrW+WW+RWuQ0vtkJ+InfJXXK33C33yr1yn9wn98v98oA8IA/KgzJLZslD8pA8LA/LI/KIPCqPymPyuDwrf5An5Y/ylDwtT8uz8pw8J89fPAagUAkllVKBilG5VKzKreLUVSqPulrlVdeoiLpWxavrVD51vcqvCqiCqpBKUIVVEaWVUVaRClVRVUxF1Q2XqlSlVGnlVBmVqG76V/JVcXWjKqFK/ib/Un3Jf6e+VqqVaq1aqzaqjWqn2qn2qr3qoDqoJJWkOqqOqpPqpDqrzqqL6qK6qq6qm+qmeqgeqqfqqXqpXipZJau+6iXVT/VXA9RANUi9rAarmIu7kqKGqWFquBquRqgRaqQaqUar0WqMGqPGqrFqvBqvUlWqmqQmqclqspqipqhpappKU2lqppqpZqlZao6ao+aquWqemqcWqAUqXaWrRWqRylAZaolaojLVUrVULVfL1Uq1Uq1Wq9VatVatV+vVRrVRZaotaovaprapHWqH2ql2ql1ql9qtdqu9aq/ap/ap/Wq/OqAOqIPqoMpSWeqQOqQOq8PqiDqijqqj6pg6pk6oE+qkOqlOqVPqjDqjzqlz6rw6ry6oC9m3fYEIRKCC7CttTBAbxAZxQVyQJ8gT5A3yBpEgEsQH8UG+4Pogf1AgKBgUChKCwkGRQAcmsIG4eKSiwQ1B8eDGoERQMigVlA5cUCZIDG4KygY3B+WCW4Lywa1BheC2oGJQKagcVAluD6oGdwTVgjuD6sFdQY2gZlArqB3cHdQJ7gnqBvcG9YL7gvrB/UGD4IGgYfBg0Ch4KGgcPBw0CR4JmgaPBs2C5kGLoGXQ6k+d3/tTBR53m3Vvnaz76L76Jd1P99cD9EA9SL+sB+tX9BD9qk7RQ/Uw/Zoerl/XI/QbeqQepUfrN/UY/ZYeq8fp8XqCTtUT9ST9tp6s39FT9FQ9TU/XaXqGnqnf1bP0bD1Hv6fn6vf1PD1fL9ALdbr+QC/Si3WG/lAv0R/pTL1UL9PL9Qq9Uq/Sq/UavVav0+v1Br1Rb9Kb9Ra9VW/T2/UO/bHeqT/Ru/Snerfeo/fqz/Q+/bner7/QB/SX+qD+Smfpr/Uh/Y0+rL/VR/R3+qj+Xh/Tx/UJ/YM+qX/Up/RpfUaf1ef0T/q8/llf0D775j778m6UUSbGxJhYE2viTJzJY/KYvCaviZiIiTfxJp/JZ/Kb/KagKWgSTIIpYoqYbGTIFDVFTdRETXFT3JQwJUwpU8o440yiSTRlTVlTzpQz5U15U8FUMBVNRVPZVDa3m9vNHeYOc6e509xl7jI1TU1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTDPTwrQwrUwr09q0Nm1MG9POtDPtTXvTwXQwSSbJdDQdTSfTyXQ2nU0X08V0NV1NN9PN9DA9TE/T0/QyvUyySTZ9TV/Tz/QzA8wAM8gMMoPNYDPEDDEpJsUMM8PMcDPcjDAjzEgzyozOPn3MW2asGWfGmwkm1aSaSWaSmWwmmylmiplmppk0k2Zmmplmlpll5pg5Zq6Za+aZeWaBWWDSTbpZZBaZDJNhlpglJtNkmmVmmVlhVphVZpVZY9aYdWad2QAbzCazyWwxW8w2s83sMDvMTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTZbJMofMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzhS4eL30JtbmtnH2KpvHXm3z2mvs38YFbSGbYAvbIlbb/LbAb2JjrS1hS9pStrR1toxNtDf9Lq5oK9nKtoq93Va1d9hqv4vr2HtsXXuvrWfvs7Xt3b+J69v7bQP7iG2ICGCb28a2pW1iH7FN7aO2mW1uW9iWtr190nawT9kk+7TtaJ/5XbzILrZr7Fq7zq63u+0ee8aetYftt/ac/cn2sr3tIPuyHWxfsUPsqzbFDv1dPNq+acfYt+xYO86OtxN+F0+z022anWFn2nftLDv7d3G6/cDOtRl2np1vF9iFv8TZNWXYD+0S+5HNtAEss8vtCrvSrrKr/6vW5Xaj3WQ32132U7vNbrc77Md256UbYbvH7rWf2X32c3vIfmMP2C/tQXvEZtmvf4mz9++I/c4etd/bY/a4PWF/sCftj+pSdva+/2B/thest0BIQJIUBRRDuSiWclMcXUV56GrKS9dQhK6leLqO8tH1lJ8KUEEqRAlUmIqQJkOWiEIqSsUoSjfQpfJKUWlyVIYS6SYqSzdTObqFytOtVIFuo4pUiSpTFbqdqtIdVI3upOp0F9WgmlSLatPdVIfuobp0L9WD+6g+3U8N6AFqSA9SI3qIGtPD1IQeoab0KDWj5tSCWlIreoxa0+PUhtpSO3qC2tOT1IGeoiR6mjrSM9SJ/kKd6VnqQs9RV3qeulF36kEvUE96kXpRb0qmPtSXXqJ+1J8G0EAaRC/TYHqFhtCrlEJDaRi9RsPpdRpBb9BIGkWj6U0aQ2/RWBpH42kCpdJEmkRv02R6h6bQVJpG0ymNZtBMepdm0WyaQ+/RXHqf5tF8WkALKZ0+oEW0mDLoQ1pCH1EmLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQx7STPqFd9Cntpj20lz6jffQ57acv6AB9SQfpK8qir+kQfUOH6Vs6Qt/53vQ9HaPjdIJ+oJP0I52i03SGztI5+onO0890gTxBiKEIZajCIIwJc4WxYe4wLrwqzBNeHeYNrwkj4bVhfHhdmC+8PswfFggLhoXChLBwWCTUoQltSGEYFg2LhdHwhrB4eGNYIiwZlgpLhy4sEyaGN4Vlw5vDcuEtYfnw1rBCeFtYMawUPnJflfD2sGp4R1gtvDOsHt4V1ghrhrXC2uHdYZ3wnrBueG9YL7wvLBfeHzYIHwgbhg+GjcKHwsbhw2GT8JGwafho2CxsHrYIW4atwsfC1uHjYZuwbdgufCJsHz4ZdgifCpPCp8OO4TO/LL9/8d9fnhz2CfuGL4Uvhd7fKxdEF0bTox9EF0UXRzOiH0aXRD+KZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r50LHDrhpFMucDEul4t1uV2cu8rlcVe7vO4aF3HXunh3ncvnrnf5XQFX0BVyCa6wK+K0M846cqEr6oq5qLvBFXc3uhKupCvlSjvnyrhE19K1cq1ca/e4a+PaunbuCfeEe9I96Z5yT7mnXUf3jOvk/uI6u2ddF/ece84977q57q6He8H1dBPz/npOJru+rq/r5/q5AW6AG+QGucFusBvihrgUl+KGuWFuuBvuRrgRbqQb6Ua70W6MG+PGurFuvBvvUl2qm+QmucluspviprhpbppLc2luppvpZrlZrursX7cyz81zC9wCl+7S3SKXfc+Y4Za4JS7TZbplbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vldrnd/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MjEyKvB2ZHHknMiUyNTItMj2SFpkRmRl5NzIrMjsyJ/JeZG7k/ci8yPzIgsjCSHrkg8iiyOJIRuTDyJLIR5HMyNLIssjyyIrIyoj3hbeFvqgv5qP+Bl/c3+hL+JK+lC/tnS/jE/1Nvqy/2Zfzt/jy/lZfwd/mK/pKvrJ/1DfzzX0L39K38o/51v5x38a39e38E769f9J38E/5JP+07+if8Z38X3xn/6zv4p/zXf3zvpvv7nv4F3xP/6Lv5Xv7ZN/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hXfYof6of51/xw/7of4d/wI/0oPzrmTT/m0iMyTPCpfqKf5N/2k/07cKef6qf56T7Nz/Az/bt+lp/t5/j3/Fz/vp/n5/sFfqFP9x/4RX6xz/Af+iX+I5/pl156qexX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h//Y7/Sf+F3+U7/b7/F7/Wd+n//c7/df+AP+S3/Qf+Wz/Nf+kP/GH/bf+iP+O3/Uf++P+eP+hP/Bn/Q/+lP+tD/jz/pz/id/3v/sL/D/WWOMMcYY+6dMvDwUv13y6+v8Pn+QI/5q5b4AcPX2Qll/vTz7jnJD/l/H/UVC+wgAPN2760OXPjVqJCcnX1w3U0JQbD7Apb8JyvbL2/eL8VJoB09CErSFsn9Yf3/R/Rz9g/mjtwLE/VVOLFyOL8//BQAm/8H8jz0xelGF8Ez8/2f++QAlil3OyQ2X46XQ7pf3K22h3N+pv0Drf1B/7i9TAdr8VU4euBxfrj8RHodnIOk3azLGGGOMMcYYY7/qLyp3vvT8eelffP7R83mCupyTq/Sn/xX/o+dzxhhjjDHGGGOMXXnPdu/x1GNJSW07/+uDav+trH960BT+p2bmwR8OvAe49BUFAP/mhADZA/mf3Iut/5FtpVw8df520YqzPoD/Ha38MwZX+AcTY4wxxhhj7E93+ab/t19XV6ogxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsB/pP/DqxK72PjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2JX2/wIAAP//EQ77jw==") r8 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8) 6m35.420332825s ago: executing program 0 (id=4619): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x1d, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000ae00000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in=@private=0xa010101, 0x4e20, 0x4, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x1d, 0x0, 0xffffffffffffffff}, {0x10000, 0x4, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) 6m34.120297641s ago: executing program 0 (id=4621): syz_clone(0x4a004000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x21, 0x0, 0x4) 6m18.467270652s ago: executing program 32 (id=4621): syz_clone(0x4a004000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x21, 0x0, 0x4) 15.19182753s ago: executing program 2 (id=5394): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x3}}) clock_gettime(0x2, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x80) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r4) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r6, 0x0, 0xfffffffd, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x880) close(0xffffffffffffffff) ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00') 12.561390082s ago: executing program 2 (id=5399): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x101581, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ptrace$peek(0x1, r0, &(0x7f0000000040)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4e20, 0x0, @mcast1}}}, 0x88) r4 = socket(0x10, 0x3, 0x0) syz_mount_image$erofs(&(0x7f00000008c0), &(0x7f0000000180)='./bus\x00', 0x0, &(0x7f0000000040)=ANY=[], 0xf5, 0x210, &(0x7f00000001c0)="$eJzsmc9rE0EUx78z2WySoqIXD4IoWLBCu9ndqPTiof4DCq0/erOYKNW1ke0e2oJo8OLFP8N/wUNPOXjz5lUPKggezFE8ycjMvOyO5gcJMV58H+jsd968mXnzuvMCCRiG+W/5/On7x5dXVzeWARwpL6JC9q+lwkc6/h+qJN6/erNz7MmhM6QE+Qrb704aQ3ethKy/iFLKHVuk5wZkrm9A4gLpWxAISN+BxE0Ax6m/edQ+H0Bgk2ztGomkFdxtJ81720kr1E2km1g3DXd/D0CvI9AEUKX4hDO+u3/wcCtJWqkRsrCUVX+f9Hef6cW43HmA11uTuOLkT0dx+8Xzju73cxM6+YsgEZFuQGCd9CoqCIJAvwI2Jc75T3nF+qWR589F8wcw/fmvlWdPlhY+rDixMs55eaa9JGaa7gP4CyedVOh7OZGzqpl/8dM/hjr/LtT5C+FYalroC51bTvYO3w7O+jLPwM7O98igmj0w9G6hsOT3deg6p5s/xeDKPs0ZuntRP3XJPe/UJw9eXj/q2aPH9d39g5VtHeT91k4cNy6HF8PwUlw3tdm2Y+pf1dSnBWf98ghfX/jY28qyNNoDsjTK+7FtnYq7/rr9zcyRpv5JLJ2za+hXxRy7MnwPQX/2c1CrpdLI4BmGYRiGYRiGYRiGYRiGYabiDIT5FpR+qFJK4ZkdUS7xdWP7FQAA///3bE2h") write(r4, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r4, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000011c0)}}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000001400)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}, {@redirect_dir_off}]}) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000001300e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0xfffffffd}}, {{0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x321}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000001200)=""/142, 0x8e}], 0x1, 0x111, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4ea4, 0xfffffffc, @local, 0x1}, 0x1c) 11.398213635s ago: executing program 2 (id=5403): r0 = syz_open_procfs(0x0, &(0x7f0000000380)='maps\x00') pread64(r0, 0x0, 0x0, 0x12c) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 10.265001716s ago: executing program 2 (id=5409): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) ioctl$TCFLSH(0xffffffffffffffff, 0x5608, 0x407) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) syz_clone(0x2100100, 0x0, 0x0, &(0x7f0000001680), 0x0, 0x0) syz_usb_connect(0x0, 0x1cb, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000122f0d40710404030300000000010902b901010000003f"], 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="34000000020301010000000000000000020000010900090000000007010000000800"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000020301010000000000000000020080010800"], 0x1c}, 0x1, 0x0, 0x0, 0x20000880}, 0x4000) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[], 0x20}, 0x1, 0x1000000, 0x0, 0x20000004}, 0x4000484) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x8, 0x6, {"00000000000000000000000000000001"}, 0x1119dff, 0xffffffff7fffffff, 0xcd41}}}, 0x90) sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r3, 0x0) 7.57354587s ago: executing program 4 (id=5413): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r0) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xa}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044080}, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000001240)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x34, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @dest_unreach={0x1, 0x1, 0x0, 0x2, '\x00', {0x5, 0x6, "6f21ef", 0x37ba, 0x2b, 0xff, @dev={0xfe, 0x80, '\x00', 0x32}, @rand_addr=' \x01\x00', [], "00040000"}}}}}}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000002b40), r2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x540, 0x0, 0x540, 0x540, 0x540, 0x1d0, 0x610, 0x610, 0x610, 0x610, 0x610, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [0xffffffff, 0xff000000], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xf0, 0x0, {0x7a00000010000000}}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa000000, @ipv4=@empty, 0xa, 0x30, 0x1}}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0x0, 0x0, 0xffffff00], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x2f, 0x9}, 0x0, 0xa8, 0xe0, 0x48000000}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x6, 0x5}, {0xffffffffffffffff, 0x6, 0x1}, {0x0, 0x4, 0x2}, 0xfffffffe}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback, 0x0, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48) r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r5, &(0x7f0000000480)=[{&(0x7f00000001c0)="e7", 0x1}], 0x1, 0x2, 0x80) pwrite64(r5, 0x0, 0x0, 0xda8) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000002c00)={&(0x7f0000000100)={0x3c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'net/l2cap\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010100}]}, 0x3c}, 0x1, 0x2000000, 0x0, 0x20000000}, 0x4000080) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGARP(r6, 0x8954, &(0x7f0000000080)={{0x2, 0x4e21, @empty}, {0x0, @random="4d8ab36b2919"}, 0x6, {0x2, 0x4e20, @remote}, 'lo\x00'}) sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x40, r3, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_MGMT_A_DOMAIN={0xf, 0x1, '&\xc7)\\-@#\x93}/\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020a0b02070000002dbd7000fcdbdf2505001a000381000000000000"], 0x38}}, 0x20008004) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000000040000100fcff0700040000000100000004004880300001802c00108014000d80100090800c00588008007300", @ANYRES32=0x0, @ANYBLOB="14000d00000093b0b9a0fab1946d000000000000080002"], 0x50}, 0x1, 0x0, 0x0, 0x4000805}, 0x2004c094) 6.422845522s ago: executing program 4 (id=5417): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$inet6(r0, 0x0, 0x0, 0x40c0, 0x0, 0x0) 6.223943948s ago: executing program 3 (id=5418): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000000c0)={0x806, 0x0, 0x4, 0x7}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r3, &(0x7f00000005c0)="f5", 0x1, 0x48800, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x9, 0xb}, 0x8) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000001c0)={0x5, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108) setsockopt$inet_mreqsrc(r5, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r4, 0xc08c5336, &(0x7f0000000100)={0xed, 0xffff8004, 0x0, 'queue1\x00', 0xfffffffc}) 3.820042525s ago: executing program 4 (id=5419): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x3}}) clock_gettime(0x2, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x80) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r4) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r6, 0x0, 0xfffffffd, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x880) close(0xffffffffffffffff) ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00') 3.818447024s ago: executing program 1 (id=5420): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x11, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r1}, 0xc) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4000050) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x6f6) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000700000014"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 3.791143215s ago: executing program 3 (id=5421): r0 = syz_pidfd_open(0x0, 0x0) waitid$P_PIDFD(0x3, r0, 0x0, 0x20000000, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x13, 0xffffffffffffffff, 0x0) 2.129545481s ago: executing program 2 (id=5422): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000fa0000000000000000010000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8}, 0x94) socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) 2.124678791s ago: executing program 4 (id=5423): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) 2.031707934s ago: executing program 1 (id=5424): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x3}) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r1 = dup3(r0, 0xffffffffffffffff, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000580)="b318"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000500)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.898932257s ago: executing program 4 (id=5425): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r0) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xa}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044080}, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000001240)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x34, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @dest_unreach={0x1, 0x1, 0x0, 0x2, '\x00', {0x5, 0x6, "6f21ef", 0x37ba, 0x2b, 0xff, @dev={0xfe, 0x80, '\x00', 0x32}, @rand_addr=' \x01\x00', [], "00040000"}}}}}}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000002b40), r2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x540, 0x0, 0x540, 0x540, 0x540, 0x1d0, 0x610, 0x610, 0x610, 0x610, 0x610, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [0xffffffff, 0xff000000], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xf0, 0x0, {0x7a00000010000000}}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa000000, @ipv4=@empty, 0xa, 0x30, 0x1}}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0x0, 0x0, 0x0, 0xffffff00], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x2f, 0x9}, 0x0, 0xa8, 0xe0, 0x48000000}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x6, 0x5}, {0xffffffffffffffff, 0x6, 0x1}, {0x0, 0x4, 0x2}, 0xfffffffe}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback, 0x0, 0xfe}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2, 0x31}, 0x48) r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) pwritev(r5, &(0x7f0000000480)=[{&(0x7f00000001c0)="e7", 0x1}], 0x1, 0x2, 0x80) pwrite64(r5, 0x0, 0x0, 0xda8) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000002c00)={&(0x7f0000000100)={0x3c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'net/l2cap\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010100}]}, 0x3c}, 0x1, 0x2000000, 0x0, 0x20000000}, 0x4000080) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGARP(r6, 0x8954, &(0x7f0000000080)={{0x2, 0x4e21, @empty}, {0x0, @random="4d8ab36b2919"}, 0x6, {0x2, 0x4e20, @remote}, 'lo\x00'}) sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x40, r3, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_MGMT_A_DOMAIN={0xf, 0x1, '&\xc7)\\-@#\x93}/\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020a0b02070000002dbd7000fcdbdf2505001a000381000000000000"], 0x38}}, 0x20008004) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000000040000100fcff0700040000000100000004004880300001802c00108014000d80100090800c00588008007300", @ANYRES32=0x0, @ANYBLOB="14000d00000093b0b9a0fab1946d000000000000080002"], 0x50}, 0x1, 0x0, 0x0, 0x4000805}, 0x2004c094) 1.81710964s ago: executing program 3 (id=5426): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0xa102, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, 0x0, 0x0) 1.744172542s ago: executing program 2 (id=5427): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x8) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_connect(0x0, 0x24, 0x0, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, &(0x7f0000000280)='\x02\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00\xfaC\x93\xc0S\xaf\f\x1a\fEik\x86\x15\xab\x909\xf8i\xc0\xa7\xa9\xb1\xbe\xc7\x1d\xe0\x18\xd2\xbaG|\xd5fC\x8d\t\x00/I\x8b\xbf\x94\xf4\x96[us\x96\x90\x8d\x9d\xfb\xdc\x7f0&\xab\x17@)\xf1\xc3Q\xb2M :\xaa\x99G\xdd\xa9E6A]@>\f\xb1n\x1a\x8c\xc6e7{@\x90\x8fz\xfcf\x88\x15A\x0e\xbf\xb8\xff\xa8\xb9\xab\x83>\xf9I0\xdd\x93#\x1e\x00\xed#\xc9\xd0Uk\xa6b\xa6/\x15\x92\xc6,p\xc9\xce\xe1\xc3\xd5\x89Lw\x17\x16\x18\xddh\xc8\x81w\x1e\x7f\xc7\x16\xe5\x96\x03\t\xc3\x94\xc7\xeb\xd6.\xfa\xb3\xe0\x1f\xa9\x19\xfaS\x1f[T\x1e\xc5nX\x84\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=0\xc3\xbc\xfd\xce~\xe3\xcaO\"\xbb\xd1\x15\xf2y\xb91\x1d\xab\xeaO\x19\rH4\xc2\xe4\x922~K^K`55\xb7\xd1\n\xba\xb7,\xdb\xc2\x86\xc30bnc\x06\x06q\xe9\x97\fHA<\x94`\xf7H?\x86\xb8C9\b\x18vFWRdNee\xf1A\x06\x8f\x97\x99\xa5A\xfa\x94IfB\xa9\xf5\xd8\x83\xc5\b\x0eL\\Z\x80](f6D\x1a\xf7si\xa4l\xa8\x0f\xcc\xa1\xef\x1bCq\x0e\xf87\xfc\xce\x96cm\x83\x05S\x01Zj`dP:d\xba\x02\x14\xaa\x051\xd7\x87\x1b\xcb\xa2.\x89\x16CRx\x9b\x04\x1f\x8fA\t<\x99/\'tk\xcb\xd7|\x0f\xc9m\x95\x9a\n\v&\xca\xcd\x11\xec\xfd\x17a$.\xe9\x14\x8f\n\x15\x8d\rJ\x99\x8a\x87\x81\xc4S\x85L\xe5w\xa1\xbf\x91Q&6\x8e\xd1\x02\x19K\xd3\xab\xe5\xdc\xac\x05\x8dQ\xf4\x1aa\x86\xbc6\\\x06\xdf\x84\x00+F|\xa6\xc4\xab\x00G\xd0\x14N+\xf9\x84i?C\x81\x8eu\xd3\xcbg\xb7\a\xd9\x9a*\x17>\xac\x9d\x9d\xf6\t\xd8b\x19\x8a\x1e&\xde\x87-%\xf3\x8a2L\x1cQ2\f\x94\xf7\xf9\xadI\xedU\xabr\xe2\xe1\xc2{\b\xa8\xc2\n4\x0f\'\xed\xcc\xd7qG\xa7p\x8ct\xe3/l\v\x93\x8a\x95R\xd6\x19L\x85\x80\x18\x15\xcezn\xa8,i\xf1\x91@\xc0\xb1\a\xfd\xec\x95>\b(\xfa~O\xfd\xe2\a6b\x97\xc6$?;\x8eJ/P\x9d\x17\xaaU\xc4\b') r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) readv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}, {0x0}], 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ipvlan1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bc26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffab}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x0, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6, 0x5, {0xfa, 0x3}}]}, 0x90}, 0x1, 0x0, 0x0, 0x2004c084}, 0x20000080) 1.515135878s ago: executing program 3 (id=5428): syz_open_dev$vim2m(&(0x7f0000000200), 0x7ff, 0x2) r0 = socket(0x840000000002, 0x3, 0xff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000940)="974501000000000001008cc5595c4a9b8f52ac8e5c7fe70a3326491f", 0x1c}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x81}}}}], 0x20}, 0x400c804) 1.385342351s ago: executing program 3 (id=5429): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000000c0)={0x806, 0x0, 0x4, 0x7}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) socket$rds(0x15, 0x5, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r3, &(0x7f00000005c0)="f5", 0x1, 0x48800, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x9, 0xb}, 0x8) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000001c0)={0x5, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108) setsockopt$inet_mreqsrc(r5, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r4, 0xc08c5336, &(0x7f0000000100)={0xed, 0xffff8004, 0x0, 'queue1\x00', 0xfffffffc}) 983.595233ms ago: executing program 1 (id=5430): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000840)="a6", 0x1, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) shutdown(r0, 0x1) 833.233537ms ago: executing program 1 (id=5431): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0xe, 0x10, 0x89, 0xffffffff}) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, 0x0, 0x0) 531.141815ms ago: executing program 1 (id=5432): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x11, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r1}, 0xc) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4000050) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x6f6) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000070000001400018005000200"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 281.784032ms ago: executing program 4 (id=5433): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000740)={0x20, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x3}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_TUPLE_ORIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x810) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8a02) ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x0, 0x1, 0x4000008, 0x1, 0x6}) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x10}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x158}}, 0x20000000) socket$unix(0x1, 0x1, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000181409"], 0x20}, 0x1, 0x0, 0x0, 0x4000009}, 0x8000) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) ioctl$KDMKTONE(r5, 0x4b30, 0x6) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800e9782bbd7000ffdbdf250a0000000000000008000500", @ANYRES32=r6], 0x20}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="380000006800010003001000fdffff7f00000000000000000c00020001000000150000000c000c8006000100d43f000006000300010000005e5214d7fdbf019b"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, [0x0], [0xffffffff]}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x400864d2, &(0x7f0000000080)={r8}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000400)={0x0, 0x0, 0x56c, 0xe0000000, 0x2, [], [0x80000000, 0x52b8, 0x4f, 0xffffffff], [0x9, 0x8, 0x81, 0xe13c], [0x6, 0x3, 0x2, 0x4be6]}) r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f00000004c0)={0x0, 0x0, 0x4, 0x0, 0x2, [0x0], [0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r9, 0xc00c64d2, &(0x7f0000000100)={r10, 0x80000}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x192}}, 0x20}}, 0x4008014) 281.091082ms ago: executing program 3 (id=5434): r0 = syz_pidfd_open(0x0, 0x0) waitid$P_PIDFD(0x3, r0, 0x0, 0x20000000, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x13, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=5435): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113380000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) kernel console output (not intermixed with test programs): werpath [ 1210.157826][T20461] overlayfs: failed to clone lowerpath [ 1210.726386][ T49] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 1210.736145][T20473] overlayfs: failed to clone upperpath [ 1212.174104][T20489] overlayfs: failed to clone lowerpath [ 1212.184223][T20489] overlayfs: failed to clone lowerpath [ 1212.776303][T19909] Bluetooth: hci3: command 0x1003 tx timeout [ 1212.784253][ T5781] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1213.838315][T20517] overlayfs: failed to clone lowerpath [ 1213.845856][T20517] overlayfs: failed to clone lowerpath [ 1214.308139][T20524] ./file0: Can't lookup blockdev [ 1216.129025][T20542] loop3: detected capacity change from 0 to 16 [ 1216.147342][T20542] erofs: (device loop3): mounted with root inode @ nid 36. [ 1216.157825][T20542] syz.3.4318: attempt to access beyond end of device [ 1216.157825][T20542] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1216.198306][T20542] syz.3.4318: attempt to access beyond end of device [ 1216.198306][T20542] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1216.212463][T20542] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1216.228467][ T28] audit: type=1800 audit(2000000186.900:277): pid=20542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4318" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 1216.257005][T20541] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1216.268256][T20541] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1216.604831][T20546] overlayfs: failed to clone lowerpath [ 1216.613253][T20546] overlayfs: failed to clone lowerpath [ 1219.883159][ T5781] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1220.994502][T20574] loop3: detected capacity change from 0 to 16 [ 1221.003657][T20574] erofs: (device loop3): mounted with root inode @ nid 36. [ 1221.020400][T20574] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1221.029517][T20574] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1221.038599][T20574] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1221.048049][T20574] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1222.079886][T20594] ./file0: Can't lookup blockdev [ 1222.104783][ T3046] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 1222.195130][ T49] Bluetooth: hci3: Frame reassembly failed (-84) [ 1224.136200][T19909] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1236.867334][T19909] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1236.877833][T19909] Bluetooth: hci0: Injecting HCI hardware error event [ 1236.888915][ T5781] Bluetooth: hci0: hardware error 0x00 [ 1238.202679][T20707] loop3: detected capacity change from 0 to 16 [ 1238.324269][T20707] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1238.886700][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.893315][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.026531][ T5781] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1245.065604][T20764] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1246.323975][T20773] fuse: Bad value for 'fd' [ 1246.348902][T19909] Bluetooth: hci3: command 0x1003 tx timeout [ 1246.355611][ T5781] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1255.617043][T20849] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4409'. [ 1256.119766][T20853] syz_tun: entered allmulticast mode [ 1257.336165][ T5781] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1257.344444][T19909] Bluetooth: hci3: command 0x1003 tx timeout [ 1258.433746][T20873] loop3: detected capacity change from 0 to 256 [ 1258.467776][T20873] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1261.543805][ T4502] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 1261.628017][ T67] Bluetooth: hci3: Frame reassembly failed (-84) [ 1261.864011][T20906] overlayfs: failed to clone lowerpath [ 1261.873192][T20906] overlayfs: failed to clone lowerpath [ 1261.911595][T20902] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4428'. [ 1262.078040][T20911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4432'. [ 1262.095219][T20911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1263.676660][ T5781] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1263.683802][T19909] Bluetooth: hci3: command 0x1003 tx timeout [ 1264.024758][T20929] loop3: detected capacity change from 0 to 16 [ 1264.043380][T20929] erofs: (device loop3): mounted with root inode @ nid 36. [ 1264.066378][T20929] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1264.075381][T20929] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1264.084436][T20929] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1264.097327][T20929] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1265.311179][T20933] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1268.184361][ T28] audit: type=1326 audit(2000000238.860:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20954 comm="syz.1.4446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f197179cdd9 code=0x0 [ 1268.295622][T20960] loop3: detected capacity change from 0 to 16 [ 1268.316112][T20960] erofs: (device loop3): mounted with root inode @ nid 36. [ 1268.409447][T20963] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1268.447810][T20963] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1268.480720][T20963] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1268.515572][T20960] erofs: (device loop3): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 1270.140772][T20983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4453'. [ 1271.499002][T20993] overlayfs: failed to clone lowerpath [ 1271.518390][T20993] overlayfs: failed to clone lowerpath [ 1272.901728][T21021] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4464'. [ 1273.843322][T21025] overlayfs: failed to clone lowerpath [ 1273.901918][T21026] overlayfs: failed to clone lowerpath [ 1276.306277][T21055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4475'. [ 1276.577561][T21058] overlayfs: failed to clone lowerpath [ 1276.629075][T21059] overlayfs: failed to clone lowerpath [ 1277.542908][T21066] binder: 21065:21066 ioctl 4068aea3 200000000240 returned -22 [ 1281.051761][T21105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4487'. [ 1282.296152][T21116] binder: 21115:21116 ioctl 4068aea3 200000000240 returned -22 [ 1282.386341][T20922] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1282.397000][T20922] Bluetooth: hci2: Injecting HCI hardware error event [ 1282.406634][T20922] Bluetooth: hci2: hardware error 0x00 [ 1282.656571][T21119] binder_alloc: 21115: binder_alloc_buf, no vma [ 1283.644627][T21131] loop3: detected capacity change from 0 to 256 [ 1283.675770][T21131] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1284.357813][T21112] overlayfs: failed to clone upperpath [ 1284.434984][T21139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4497'. [ 1284.456090][T20922] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1288.553779][T21176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4508'. [ 1288.737905][T21178] fuse: Bad value for 'fd' [ 1289.554165][T21184] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4512'. [ 1290.604593][T21196] loop3: detected capacity change from 0 to 8192 [ 1290.654488][T21197] ./file0: Can't lookup blockdev [ 1290.783709][T21196] loop3: p1 p2 p4[EZD] [ 1290.791158][T21196] loop3: p4 start 201326592 is beyond EOD, truncated [ 1291.304392][T21204] overlayfs: failed to clone upperpath [ 1293.937531][T20927] udevd[20927]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1293.966232][T20620] udevd[20620]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1294.651633][T21219] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4520'. [ 1296.109497][T21226] overlayfs: failed to clone upperpath [ 1300.027028][T21252] overlayfs: failed to clone upperpath [ 1300.311891][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.318505][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.662123][T21261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4531'. [ 1306.738125][T21301] ./file0: Can't lookup blockdev [ 1308.207344][T21303] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4544'. [ 1312.893166][T21342] loop3: detected capacity change from 0 to 8192 [ 1312.910136][T21345] ./file0: Can't lookup blockdev [ 1313.420012][T21342] loop3: p1 p2 p4[EZD] [ 1313.427909][T21342] loop3: p4 start 201326592 is beyond EOD, truncated [ 1315.530909][T21318] udevd[21318]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1315.605638][T21352] udevd[21352]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1319.949297][T21388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4565'. [ 1323.995977][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 1326.969778][ T67] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 1327.000953][ T67] Bluetooth: hci3: Frame reassembly failed (-84) [ 1329.046168][T20922] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1329.053017][T12947] Bluetooth: hci3: command 0x1003 tx timeout [ 1335.631533][T21468] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4592'. [ 1343.217047][T21506] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4603'. [ 1351.287612][T21565] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4617'. [ 1352.853629][T21571] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1353.177367][T13596] syz_tun (unregistering): left allmulticast mode [ 1353.189526][T21573] loop3: detected capacity change from 0 to 512 [ 1353.287693][T21573] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1353.296116][T21573] System zones: 0-2, 18-18, 34-34 [ 1353.308864][T20922] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1353.321854][T20922] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1353.356268][T20922] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1353.391800][T20922] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1353.408066][T20922] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1353.415527][T20922] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1353.427655][T21573] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1353.497436][T21573] EXT4-fs (loop3): Remounting filesystem read-only [ 1353.532535][T21573] EXT4-fs (loop3): 1 truncate cleaned up [ 1353.546513][ T67] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1353.576286][ T67] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1353.595944][ T67] Quota error (device loop3): write_blk: dquota write failed [ 1353.603414][ T67] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1353.637359][T21573] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1353.649919][ T67] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1353.664698][ T67] Quota error (device loop3): write_blk: dquota write failed [ 1353.686062][T21573] ext4 filesystem being mounted at /441/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1353.739551][ T67] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1353.832225][ T67] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1353.898270][ T67] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1353.946008][ T67] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1353.984919][ T67] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1354.688481][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1354.802363][T21574] chnl_net:caif_netlink_parms(): no params data found [ 1355.707259][ T5781] Bluetooth: hci1: command tx timeout [ 1355.844124][T14622] tipc: Disabling bearer [ 1355.865624][T14622] tipc: Left network mode [ 1356.007893][T21574] bridge0: port 1(bridge_slave_0) entered blocking state [ 1356.363877][T21574] bridge0: port 1(bridge_slave_0) entered disabled state [ 1356.485333][T21574] bridge_slave_0: entered allmulticast mode [ 1356.752041][T21574] bridge_slave_0: entered promiscuous mode [ 1356.802897][T21574] bridge0: port 2(bridge_slave_1) entered blocking state [ 1356.816515][T21574] bridge0: port 2(bridge_slave_1) entered disabled state [ 1356.823816][T21574] bridge_slave_1: entered allmulticast mode [ 1357.075426][T21574] bridge_slave_1: entered promiscuous mode [ 1358.805987][ T5781] Bluetooth: hci1: command tx timeout [ 1359.289273][T21574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1359.317487][T21628] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4631'. [ 1359.330420][T21574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1359.515765][T21574] team0: Port device team_slave_0 added [ 1359.638369][T21574] team0: Port device team_slave_1 added [ 1359.879888][T21574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1359.916151][T21574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1359.957307][T21574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1360.017125][T21574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1360.025661][T21574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1360.066294][T21574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1360.291350][T21574] hsr_slave_0: entered promiscuous mode [ 1360.345378][T21574] hsr_slave_1: entered promiscuous mode [ 1360.373083][T21574] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1360.391404][T21574] Cannot create hsr debugfs directory [ 1360.895965][ T5781] Bluetooth: hci1: command tx timeout [ 1361.476570][T14622] hsr_slave_0: left promiscuous mode [ 1361.495036][T14622] hsr_slave_1: left promiscuous mode [ 1361.763354][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.770135][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.016087][ T5781] Bluetooth: hci1: command tx timeout [ 1364.599894][ T1193] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1364.806303][ T1193] usb 4-1: Using ep0 maxpacket: 32 [ 1364.841657][ T1193] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1364.850399][ T1193] usb 4-1: config 0 has no interface number 0 [ 1364.862595][ T1193] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1364.871923][ T1193] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1364.895677][ T1193] usb 4-1: Product: syz [ 1364.900052][ T1193] usb 4-1: Manufacturer: syz [ 1364.904700][ T1193] usb 4-1: SerialNumber: syz [ 1364.925198][ T1193] usb 4-1: config 0 descriptor?? [ 1364.942457][ T1193] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1365.312066][ T1193] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1365.425026][ T1193] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1365.689391][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1365.697576][T13672] usb 4-1: USB disconnect, device number 14 [ 1365.738774][T13672] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1365.760758][T13672] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1365.807245][T13672] quatech2 4-1:0.51: device disconnected [ 1368.448360][T14622] bond0 (unregistering): Released all slaves [ 1368.693056][T21681] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4641'. [ 1368.973775][T21691] loop3: detected capacity change from 0 to 256 [ 1369.005956][T21691] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1369.913073][T20922] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1369.925618][T20922] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1369.935394][T20922] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1369.957736][T20922] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1369.982850][T20922] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1369.993041][T20922] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1372.096304][ T5781] Bluetooth: hci3: command tx timeout [ 1373.214418][T21588] syz_tun (unregistering): left allmulticast mode [ 1373.634498][T21723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4650'. [ 1373.980150][T21695] chnl_net:caif_netlink_parms(): no params data found [ 1374.136232][ T5781] Bluetooth: hci3: command tx timeout [ 1374.153401][T21574] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1375.898827][T21574] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1375.976927][T21574] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1377.103066][T21574] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1377.125986][ T5781] Bluetooth: hci3: command tx timeout [ 1377.422398][T21695] bridge0: port 1(bridge_slave_0) entered blocking state [ 1377.436089][T21695] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.443497][T21695] bridge_slave_0: entered allmulticast mode [ 1377.476137][T21695] bridge_slave_0: entered promiscuous mode [ 1377.493254][T21749] loop3: detected capacity change from 0 to 512 [ 1377.571830][T21695] bridge0: port 2(bridge_slave_1) entered blocking state [ 1377.587380][T21695] bridge0: port 2(bridge_slave_1) entered disabled state [ 1377.594683][T21695] bridge_slave_1: entered allmulticast mode [ 1377.617739][T21749] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1377.635609][T21695] bridge_slave_1: entered promiscuous mode [ 1377.651425][T21749] System zones: 0-2, 18-18, 34-34 [ 1377.763390][T21749] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1377.805976][T21749] EXT4-fs (loop3): Remounting filesystem read-only [ 1377.829431][T21749] EXT4-fs (loop3): 1 truncate cleaned up [ 1377.835296][T21695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1377.847039][T21749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1377.887153][T14608] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1377.906107][T21749] ext4 filesystem being mounted at /455/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1377.945338][T21695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1377.968950][T14608] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1378.002350][T14608] Quota error (device loop3): write_blk: dquota write failed [ 1378.015893][T14608] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1378.046958][T14608] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1378.076528][T14622] tipc: Left network mode [ 1378.145405][T14608] Quota error (device loop3): write_blk: dquota write failed [ 1378.213469][T14608] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1378.276333][T14608] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1378.367286][T21695] team0: Port device team_slave_0 added [ 1378.397479][T14608] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1378.505925][T21695] team0: Port device team_slave_1 added [ 1378.525935][T14608] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1378.556738][T14608] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1378.923858][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1378.934982][T21695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1378.963999][T21695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1379.046863][T21695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1379.139992][T21695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1379.156637][T21695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1379.213969][ T5781] Bluetooth: hci3: command tx timeout [ 1379.387700][T21695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1379.495742][T21769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4657'. [ 1379.646082][T21574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1379.885190][T21695] hsr_slave_0: entered promiscuous mode [ 1379.900090][T21695] hsr_slave_1: entered promiscuous mode [ 1380.003737][T21574] 8021q: adding VLAN 0 to HW filter on device team0 [ 1380.033975][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 1380.041300][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1380.202973][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 1380.210269][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1381.909225][T14622] hsr_slave_0: left promiscuous mode [ 1381.925379][T14622] hsr_slave_1: left promiscuous mode [ 1381.933595][T14622] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1381.956431][T14622] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1381.975167][T14622] bridge_slave_1: left allmulticast mode [ 1381.986090][T14622] bridge_slave_1: left promiscuous mode [ 1382.003392][T14622] bridge0: port 2(bridge_slave_1) entered disabled state [ 1382.033602][T14622] bridge_slave_0: left allmulticast mode [ 1382.042866][T14622] bridge_slave_0: left promiscuous mode [ 1382.056959][T14622] bridge0: port 1(bridge_slave_0) entered disabled state [ 1382.790559][T21823] loop3: detected capacity change from 0 to 512 [ 1382.853800][T21823] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1382.864781][T21823] System zones: 0-2, 18-18, 34-34 [ 1382.945311][T21823] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1382.965899][T21823] EXT4-fs (loop3): Remounting filesystem read-only [ 1382.973416][T21823] EXT4-fs (loop3): 1 truncate cleaned up [ 1382.981560][T21823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1382.994383][ T49] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1383.001991][T21823] ext4 filesystem being mounted at /458/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1383.028676][ T49] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1383.068028][ T49] Quota error (device loop3): write_blk: dquota write failed [ 1383.075615][ T49] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1383.096455][ T49] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1383.132416][ T49] Quota error (device loop3): write_blk: dquota write failed [ 1383.146254][ T49] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1383.164419][ T49] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1383.183129][ T49] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1383.192483][ T49] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1383.212176][ T49] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1383.352981][T14622] team0 (unregistering): Port device team_slave_1 removed [ 1383.723598][T14622] team0 (unregistering): Port device team_slave_0 removed [ 1383.838164][T14622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1383.937208][T14622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1384.023222][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1385.306441][T14622] bond0 (unregistering): Released all slaves [ 1386.151466][T21836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4665'. [ 1386.234903][T21695] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1386.300772][T21695] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1386.369529][T21695] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1386.415713][T21695] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1386.656308][T13670] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1386.976459][T13670] usb 4-1: Using ep0 maxpacket: 32 [ 1387.094778][T13670] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1387.332937][T21574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1387.361131][T13670] usb 4-1: config 0 has no interface number 0 [ 1387.406063][T13670] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1387.415230][T13670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1387.433737][T13670] usb 4-1: Product: syz [ 1387.443499][T13670] usb 4-1: Manufacturer: syz [ 1387.471869][T13670] usb 4-1: SerialNumber: syz [ 1387.498399][T13670] usb 4-1: config 0 descriptor?? [ 1387.544091][T13670] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1387.625232][T21695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1387.651411][T21574] veth0_vlan: entered promiscuous mode [ 1387.713864][T13670] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1387.725101][T21695] 8021q: adding VLAN 0 to HW filter on device team0 [ 1387.755962][T21574] veth1_vlan: entered promiscuous mode [ 1387.787347][T13670] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1387.800044][ T3046] bridge0: port 1(bridge_slave_0) entered blocking state [ 1387.807334][ T3046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1387.854090][ T3046] bridge0: port 2(bridge_slave_1) entered blocking state [ 1387.861375][ T3046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1388.018045][T21574] veth0_macvtap: entered promiscuous mode [ 1388.074147][T21574] veth1_macvtap: entered promiscuous mode [ 1388.118240][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1388.122009][ T9] usb 4-1: USB disconnect, device number 15 [ 1388.169832][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1388.193043][T21574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.218343][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1388.234634][T21574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.260230][T21574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1388.268531][ T9] quatech2 4-1:0.51: device disconnected [ 1388.307328][T21574] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.337614][T21574] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.369690][T21574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1388.428296][T21574] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1388.456450][T21574] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1388.480995][T21574] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1388.496959][T21574] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1388.838873][T21695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1388.897501][T14608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1388.969106][T14608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1389.109997][T21872] loop3: detected capacity change from 0 to 512 [ 1389.183854][ T3046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1389.214656][T21872] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1389.224083][ T3046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1389.236321][T21872] System zones: 0-2, 18-18, 34-34 [ 1389.296464][T21872] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1389.352141][T21872] EXT4-fs (loop3): Remounting filesystem read-only [ 1389.388309][T21872] EXT4-fs (loop3): 1 truncate cleaned up [ 1389.395361][T21872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1389.417916][T14620] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1389.445527][T14620] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1389.472664][T21872] ext4 filesystem being mounted at /462/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1389.493004][T14620] Quota error (device loop3): write_blk: dquota write failed [ 1389.568799][T21889] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4672'. [ 1389.677518][T14620] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1389.910641][T14620] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1391.050725][T14620] Quota error (device loop3): write_blk: dquota write failed [ 1391.063475][T14620] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1391.096419][T14620] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1391.156380][T14620] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1391.165246][T14620] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1391.194646][T14620] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1393.425590][T21695] veth0_vlan: entered promiscuous mode [ 1393.571954][T21695] veth1_vlan: entered promiscuous mode [ 1393.674045][T21695] veth0_macvtap: entered promiscuous mode [ 1393.741034][T21695] veth1_macvtap: entered promiscuous mode [ 1393.839019][T21695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1393.851281][T21695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.864114][T21695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1393.895861][T21695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1393.927688][T21695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1393.958540][T21695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1393.977872][ T5923] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1393.985783][T21695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1394.009171][T21695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1394.020093][T21695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1394.038794][T21695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1394.063508][T21695] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.082756][T21695] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.114123][T21695] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.133840][T21695] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1394.240726][ T5923] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1394.257083][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1394.266875][ T5923] usb 2-1: Product: syz [ 1394.271194][ T5923] usb 2-1: Manufacturer: syz [ 1394.273352][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1394.287895][ T5923] usb 2-1: SerialNumber: syz [ 1394.453338][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1394.482924][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1394.573082][T14622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1394.588344][T21920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1394.596924][ T5923] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1394.598999][T14622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1394.627731][T21920] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1394.682423][ T5923] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1394.708552][ T5923] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1394.746978][ T5923] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1394.783012][ T5923] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1394.795976][T11137] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1394.861249][ T5923] lan78xx: probe of 2-1:1.0 failed with error -71 [ 1394.876290][ T5923] usb 2-1: USB disconnect, device number 8 [ 1394.995924][T11137] usb 4-1: Using ep0 maxpacket: 32 [ 1395.008209][T11137] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1395.036132][T11137] usb 4-1: config 0 has no interface number 0 [ 1395.059118][T11137] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1395.089151][T11137] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1395.109458][T11137] usb 4-1: Product: syz [ 1395.113705][T11137] usb 4-1: Manufacturer: syz [ 1395.135895][T11137] usb 4-1: SerialNumber: syz [ 1395.150918][T11137] usb 4-1: config 0 descriptor?? [ 1395.165601][T11137] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1395.381980][T11137] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1395.456936][T11137] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1395.574999][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1395.587114][T11137] usb 4-1: USB disconnect, device number 16 [ 1395.659566][T11137] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1396.361885][T21950] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4681'. [ 1396.921641][T11137] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1396.935103][T11137] quatech2 4-1:0.51: device disconnected [ 1397.980263][T21966] loop4: detected capacity change from 0 to 512 [ 1398.134067][T21966] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1398.184792][T21966] System zones: 0-2, 18-18, 34-34 [ 1398.284872][T21966] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1398.405287][T21966] EXT4-fs (loop4): Remounting filesystem read-only [ 1398.413786][T21966] EXT4-fs (loop4): 1 truncate cleaned up [ 1398.430122][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1398.448215][T21966] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1398.476226][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1398.490526][T21966] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1398.502158][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1398.535958][ T4230] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1398.566811][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1398.630399][T21977] loop3: detected capacity change from 0 to 8192 [ 1398.735893][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1398.786437][ T4230] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1398.804193][T21978] ./file0: Can't lookup blockdev [ 1399.397323][T21977] loop3: p1 p2 p4[EZD] [ 1399.431151][ T4230] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1399.446696][T21977] loop3: p4 start 201326592 is beyond EOD, truncated [ 1399.609073][ T4230] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1399.626642][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1399.656170][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1399.686092][ T4230] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1400.029491][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1400.055061][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1400.379882][T20922] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1400.391485][T20922] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1400.400816][T20922] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1400.410240][T20922] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1400.420293][T20922] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1400.427765][T20922] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1401.396128][T13670] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1401.610923][T13670] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1401.624015][T13670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1401.641596][T13670] usb 4-1: Product: syz [ 1401.650978][T13670] usb 4-1: Manufacturer: syz [ 1401.658592][T13670] usb 4-1: SerialNumber: syz [ 1401.739352][ T28] audit: type=1326 audit(2000000372.410:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22010 comm="syz.1.4692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1401.792467][T22009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4691'. [ 1401.821278][ T28] audit: type=1326 audit(2000000372.410:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22010 comm="syz.1.4692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1401.956608][T21993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1401.970741][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1401.996880][T21993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1402.050789][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1402.100575][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1402.127721][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1402.157536][T21994] chnl_net:caif_netlink_parms(): no params data found [ 1402.175311][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1402.208537][T13670] lan78xx: probe of 4-1:1.0 failed with error -71 [ 1402.245616][T13670] usb 4-1: USB disconnect, device number 17 [ 1402.346774][T13672] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1402.400741][T14622] tipc: Left network mode [ 1402.536115][ T5781] Bluetooth: hci2: command tx timeout [ 1402.558287][T13672] usb 2-1: Using ep0 maxpacket: 32 [ 1402.585962][T13672] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1402.623793][T13672] usb 2-1: config 0 has no interface number 0 [ 1402.634219][T13672] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1402.665945][T13672] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1402.693894][T13672] usb 2-1: Product: syz [ 1402.707872][T13672] usb 2-1: Manufacturer: syz [ 1402.722994][T13672] usb 2-1: SerialNumber: syz [ 1402.747321][T13672] usb 2-1: config 0 descriptor?? [ 1402.768468][T21994] bridge0: port 1(bridge_slave_0) entered blocking state [ 1402.777486][T13672] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1402.793107][T21994] bridge0: port 1(bridge_slave_0) entered disabled state [ 1402.811399][T21994] bridge_slave_0: entered allmulticast mode [ 1402.831521][T21994] bridge_slave_0: entered promiscuous mode [ 1402.983676][T13672] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1403.046605][T13672] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1403.189279][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1403.199809][T13672] usb 2-1: USB disconnect, device number 9 [ 1403.242782][T13672] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1403.277069][T13672] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1403.306468][T13672] quatech2 2-1:0.51: device disconnected [ 1403.337726][T21994] bridge0: port 2(bridge_slave_1) entered blocking state [ 1403.344997][T21994] bridge0: port 2(bridge_slave_1) entered disabled state [ 1403.369705][T21994] bridge_slave_1: entered allmulticast mode [ 1403.394836][T21994] bridge_slave_1: entered promiscuous mode [ 1403.587289][T22039] loop4: detected capacity change from 0 to 512 [ 1403.599368][T21994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1403.647160][T21994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1403.778754][T22039] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1403.821576][T22039] System zones: 0-2, 18-18, 34-34 [ 1403.900116][T22039] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1404.094023][T22039] EXT4-fs (loop4): Remounting filesystem read-only [ 1404.148983][T22039] EXT4-fs (loop4): 1 truncate cleaned up [ 1404.173004][ T4230] __quota_error: 12 callbacks suppressed [ 1404.173047][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1404.259527][T22039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1404.352980][T22049] loop1: detected capacity change from 0 to 8192 [ 1404.397411][T22049] loop1: p1 p2 p4[EZD] [ 1404.415542][T22049] loop1: p4 start 201326592 is beyond EOD, truncated [ 1404.490279][T22049] ./file0: Can't lookup blockdev [ 1404.503579][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1404.514273][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1404.521918][ T4230] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1404.559602][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1404.571835][ T5138] loop1: p1 p2 p4[EZD] [ 1404.586026][T22039] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1404.605489][ T5138] loop1: p4 start 201326592 is beyond EOD, truncated [ 1404.619452][T21994] team0: Port device team_slave_0 added [ 1404.625784][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1404.637186][ T5781] Bluetooth: hci2: command tx timeout [ 1404.679436][ T4230] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1405.320815][ T4230] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1405.363909][ T4230] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1405.413950][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1405.506093][ T4230] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1405.763040][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1406.349913][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1406.369969][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1406.550849][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1406.567306][T21994] team0: Port device team_slave_1 added [ 1406.612058][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1406.680704][T21994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1406.696189][ T5781] Bluetooth: hci2: command tx timeout [ 1406.702900][T21994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1406.732587][T21994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1406.824479][T21994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1406.848070][T21994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1406.890805][T21994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1406.955900][T21873] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1407.143103][T21873] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1407.164048][T21873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1407.185029][T21873] usb 4-1: Product: syz [ 1407.215877][T21873] usb 4-1: Manufacturer: syz [ 1407.220592][T21873] usb 4-1: SerialNumber: syz [ 1407.303245][T22071] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4702'. [ 1407.348124][T21994] hsr_slave_0: entered promiscuous mode [ 1407.356541][T21994] hsr_slave_1: entered promiscuous mode [ 1407.362998][T21994] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1407.371872][T21994] Cannot create hsr debugfs directory [ 1407.477445][T21873] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1407.480070][T22063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1407.540223][T22063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1407.589043][T21873] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1407.615203][T22075] comedi comedi0: Minor 9 could not be opened [ 1407.625486][T21873] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1407.674875][T21873] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1407.707688][T21873] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1407.757252][T21873] lan78xx: probe of 4-1:1.0 failed with error -71 [ 1407.826512][T21873] usb 4-1: USB disconnect, device number 18 [ 1408.193757][T14622] hsr_slave_0: left promiscuous mode [ 1408.216662][T14622] hsr_slave_1: left promiscuous mode [ 1408.228200][T14622] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1408.237746][T14622] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1408.266869][T14622] bridge_slave_1: left allmulticast mode [ 1408.272617][T14622] bridge_slave_1: left promiscuous mode [ 1408.317925][T14622] bridge0: port 2(bridge_slave_1) entered disabled state [ 1408.347753][T14622] bridge_slave_0: left allmulticast mode [ 1408.353472][T14622] bridge_slave_0: left promiscuous mode [ 1408.375695][T14622] bridge0: port 1(bridge_slave_0) entered disabled state [ 1408.444958][T22085] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4706'. [ 1408.786141][ T5781] Bluetooth: hci2: command tx timeout [ 1408.808741][T22078] loop1: detected capacity change from 0 to 40427 [ 1408.823375][T22078] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1408.831636][T22078] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1408.864855][T22078] F2FS-fs (loop1): invalid crc value [ 1408.912064][T22078] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1409.142907][T22100] loop4: detected capacity change from 0 to 8192 [ 1409.293903][T22100] loop4: p1 p2 p4[EZD] [ 1409.301648][T22100] loop4: p4 start 201326592 is beyond EOD, truncated [ 1409.313759][T22100] ./file0: Can't lookup blockdev [ 1409.907828][T22078] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1409.976491][T22078] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1411.119539][T22105] overlayfs: failed to resolve './bus': -2 [ 1411.300634][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 1411.319700][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1412.420235][T14622] team0 (unregistering): Port device team_slave_1 removed [ 1412.861739][T14622] team0 (unregistering): Port device team_slave_0 removed [ 1412.975433][T14622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1413.088594][T14622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1413.424823][T22115] IPv6: addrconf: prefix option has invalid lifetime [ 1414.448853][T14622] bond0 (unregistering): Released all slaves [ 1414.540420][T22090] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1414.551321][T22090] batadv_slave_0: entered promiscuous mode [ 1415.076802][T13670] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1415.153028][T22134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4714'. [ 1415.303050][T13670] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1415.322334][T13670] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1415.358514][T13670] usb 5-1: Product: syz [ 1415.373164][T13670] usb 5-1: Manufacturer: syz [ 1415.384145][T13670] usb 5-1: SerialNumber: syz [ 1415.643363][T21994] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1415.672232][T13670] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1415.682947][T21994] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1415.694967][T22126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1415.728948][T22126] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1415.743299][T21994] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1415.769351][T13670] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1415.789964][T21994] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1415.803473][T13670] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1415.826231][T13670] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1415.846886][T13670] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1415.883605][T13670] lan78xx: probe of 5-1:1.0 failed with error -71 [ 1415.922746][T13670] usb 5-1: USB disconnect, device number 2 [ 1416.101477][T21994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1416.165075][T21994] 8021q: adding VLAN 0 to HW filter on device team0 [ 1416.202160][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1416.209494][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1416.259616][ T3046] bridge0: port 2(bridge_slave_1) entered blocking state [ 1416.267007][ T3046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1416.268525][T22131] loop3: detected capacity change from 0 to 40427 [ 1416.322449][T22131] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1416.381664][T22131] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1416.410711][T22131] F2FS-fs (loop3): invalid crc value [ 1416.459029][T22131] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1416.633399][T22131] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1416.652073][T22131] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1417.428616][T22162] overlayfs: failed to resolve './bus': -2 [ 1417.873446][T21994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1418.890958][T21994] veth0_vlan: entered promiscuous mode [ 1418.944288][T21994] veth1_vlan: entered promiscuous mode [ 1419.744289][T21994] veth0_macvtap: entered promiscuous mode [ 1419.788919][T21994] veth1_macvtap: entered promiscuous mode [ 1419.858387][T21994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1419.897317][T21994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1419.936000][T21994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1419.965992][T21994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.008982][T21994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1420.032793][T21994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1420.062198][T21994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.081008][T21994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1420.092033][T21994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.110597][T21994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1420.135157][T21994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1420.180422][T21994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1420.233060][T21994] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1420.261881][T21994] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1420.282882][T21994] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1420.292066][T21994] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1420.415912][T22194] loop4: detected capacity change from 0 to 256 [ 1420.426982][T22194] exfat: Bad value for 'gid' [ 1421.324439][ T4230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1421.345140][ T4230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1421.407290][T22183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1421.437364][T22183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1423.096419][T17986] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1423.134685][T22210] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4726'. [ 1423.183414][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.196027][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.303618][T17986] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1423.334249][T17986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1423.361952][T17986] usb 5-1: Product: syz [ 1423.377254][T17986] usb 5-1: Manufacturer: syz [ 1423.381944][T17986] usb 5-1: SerialNumber: syz [ 1423.630592][T22201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1423.640138][T17986] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1423.703310][T22201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1424.198333][T17986] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1424.278795][T17986] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1424.343836][T17986] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1424.413795][T17986] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1424.669741][T22232] loop2: detected capacity change from 0 to 256 [ 1424.681428][T22232] exfat: Bad value for 'gid' [ 1425.457091][T22208] loop3: detected capacity change from 0 to 40427 [ 1425.465261][T22208] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1425.475392][T17986] lan78xx: probe of 5-1:1.0 failed with error -71 [ 1425.528754][T21928] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1425.539337][T17986] usb 5-1: USB disconnect, device number 3 [ 1425.547923][T22208] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1425.583671][T22208] F2FS-fs (loop3): invalid crc value [ 1425.705945][T22208] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1426.021141][T22208] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1426.058808][T22208] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1429.552297][T22274] loop3: detected capacity change from 0 to 256 [ 1429.563391][T22274] exfat: Bad value for 'gid' [ 1430.810158][T21459] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1434.143453][T22330] loop3: detected capacity change from 0 to 256 [ 1434.155168][T22330] exfat: Bad value for 'gid' [ 1435.083781][T21459] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1438.566059][T22371] ./file0: Can't lookup blockdev [ 1438.579802][T22366] loop4: detected capacity change from 0 to 8192 [ 1438.716281][T22366] loop4: p1 p2 p4[EZD] [ 1438.728305][T22366] loop4: p4 start 201326592 is beyond EOD, truncated [ 1440.200609][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 1440.213948][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1443.648994][T22426] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4776'. [ 1443.838008][T22433] loop3: detected capacity change from 0 to 8192 [ 1443.928915][T22433] loop3: p1 p2 p4[EZD] [ 1443.942580][T22433] loop3: p4 start 201326592 is beyond EOD, truncated [ 1443.953651][T22433] ./file0: Can't lookup blockdev [ 1445.135985][T22442] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4780'. [ 1445.290702][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1445.315365][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1447.096213][T22467] dns_resolver: Unsupported server list version (6) [ 1448.142855][T22484] loop3: detected capacity change from 0 to 256 [ 1448.203683][T22484] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1449.086038][ T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1449.306164][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1450.151934][ T8] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1450.205461][ T8] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 1450.298617][ T8] usb 5-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 1450.346434][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1450.385841][ T8] usb 5-1: Product: syz [ 1450.417755][ T8] usb 5-1: Manufacturer: syz [ 1450.433138][ T8] usb 5-1: SerialNumber: syz [ 1451.270638][ T8] usb 5-1: can't set config #1, error -71 [ 1451.286169][ T8] usb 5-1: USB disconnect, device number 4 [ 1452.748752][T22513] syz.4.4796 (22513): drop_caches: 2 [ 1453.477888][T22536] loop3: detected capacity change from 0 to 256 [ 1453.644306][T22536] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1454.525230][ T28] audit: type=1326 audit(2000000425.190:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1454.622391][ T28] audit: type=1326 audit(2000000425.200:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1454.766116][ T28] audit: type=1326 audit(2000000425.200:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1454.797293][ T28] audit: type=1326 audit(2000000425.230:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1456.778621][ T28] audit: type=1326 audit(2000000425.230:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1456.963438][ T28] audit: type=1326 audit(2000000425.230:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1457.134743][T22567] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1457.286078][ T28] audit: type=1326 audit(2000000425.230:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1457.337158][ T28] audit: type=1326 audit(2000000425.230:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1457.367717][ T28] audit: type=1326 audit(2000000425.240:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1458.451844][T22577] loop2: detected capacity change from 0 to 256 [ 1458.556180][T22577] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1459.068651][ T28] audit: type=1326 audit(2000000425.250:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22544 comm="syz.1.4804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc079cdd9 code=0x7ffc0000 [ 1462.417823][T22633] loop1: detected capacity change from 0 to 256 [ 1462.583603][T22633] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1463.788659][T21873] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 1464.796043][T21873] usb 5-1: Using ep0 maxpacket: 32 [ 1464.807803][T21873] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1464.837228][T21873] usb 5-1: config 0 has an invalid interface number: 18 but max is 0 [ 1464.857204][T21873] usb 5-1: config 0 has no interface number 0 [ 1464.863462][T21873] usb 5-1: config 0 interface 18 has no altsetting 0 [ 1464.883549][T21873] usb 5-1: New USB device found, idVendor=0df6, idProduct=061c, bcdDevice=58.21 [ 1464.897292][T21873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1464.961475][T21873] usb 5-1: Product: syz [ 1464.983542][T21873] usb 5-1: Manufacturer: syz [ 1465.003319][T21873] usb 5-1: SerialNumber: syz [ 1465.030613][T21873] usb 5-1: config 0 descriptor?? [ 1465.292011][T22670] loop2: detected capacity change from 0 to 16 [ 1466.357136][T22670] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1466.488638][T21873] asix: probe of 5-1:0.18 failed with error -22 [ 1466.546518][T21873] usb 5-1: USB disconnect, device number 5 [ 1466.649700][T22647] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1468.364622][T22697] loop3: detected capacity change from 0 to 256 [ 1469.988993][T22697] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1474.548394][T22753] loop1: detected capacity change from 0 to 16 [ 1475.094863][T22754] loop3: detected capacity change from 0 to 256 [ 1475.258738][T22751] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1475.309058][T22754] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 1476.488923][T20922] Bluetooth: hci1: command 0x0406 tx timeout [ 1476.610524][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 1476.610541][ T28] audit: type=1326 audit(2000000447.260:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22765 comm="syz.2.4852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1476.703062][ T28] audit: type=1326 audit(2000000447.260:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22765 comm="syz.2.4852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1476.807068][ T28] audit: type=1326 audit(2000000447.270:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22765 comm="syz.2.4852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1476.829442][ C0] vkms_vblank_simulate: vblank timer overrun [ 1476.940314][ T28] audit: type=1326 audit(2000000447.270:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22765 comm="syz.2.4852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1476.962916][ C0] vkms_vblank_simulate: vblank timer overrun [ 1477.123784][ T28] audit: type=1326 audit(2000000447.270:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22765 comm="syz.2.4852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1480.022270][T22809] loop2: detected capacity change from 0 to 16 [ 1480.065456][T22809] erofs: (device loop2): mounted with root inode @ nid 36. [ 1481.192493][T22808] syz.2.4860: attempt to access beyond end of device [ 1481.192493][T22808] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1481.227995][T22808] syz.2.4860: attempt to access beyond end of device [ 1481.227995][T22808] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1481.247395][T22808] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1481.268245][ T28] audit: type=1800 audit(2000000451.940:336): pid=22808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4860" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 1481.303532][T22808] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1481.314986][T22808] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1483.246180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 1483.901122][T22852] random: crng reseeded on system resumption [ 1484.636553][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.642927][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.078566][T22891] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1487.368614][T21873] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1487.388961][T22867] loop1: detected capacity change from 0 to 40427 [ 1487.442015][T22867] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1487.474461][T22867] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1487.520955][T22867] F2FS-fs (loop1): invalid crc value [ 1487.551077][T22867] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-4) [ 1487.584586][T21873] usb 5-1: Using ep0 maxpacket: 32 [ 1487.613901][T21873] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1487.642348][T21873] usb 5-1: config 0 has no interface number 0 [ 1487.673220][T21873] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1487.707137][T21873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1487.745960][T21873] usb 5-1: Product: syz [ 1487.750578][T21873] usb 5-1: Manufacturer: syz [ 1487.777248][T21873] usb 5-1: SerialNumber: syz [ 1487.788463][T21873] usb 5-1: config 0 descriptor?? [ 1487.827761][T21873] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1488.026318][T21873] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1488.079021][T21873] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1488.420684][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1488.422443][T11137] usb 5-1: USB disconnect, device number 6 [ 1488.446211][T11137] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1488.481779][T11137] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1488.519056][T11137] quatech2 5-1:0.51: device disconnected [ 1489.105030][T22926] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4884'. [ 1490.321453][T22945] loop4: detected capacity change from 0 to 8192 [ 1490.330073][T22948] ./file0: Can't lookup blockdev [ 1493.756224][ T5138] loop4: p1 p2 p4[EZD] [ 1493.794521][ T5138] loop4: p4 start 201326592 is beyond EOD, truncated [ 1493.876483][T22966] binder: 22965:22966 ioctl 4068aea3 200000000240 returned -22 [ 1494.067187][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 1494.080863][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1497.216039][T12947] Bluetooth: hci3: command 0x0406 tx timeout [ 1497.810153][T23002] loop4: detected capacity change from 0 to 16 [ 1499.067765][T23005] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1501.047600][T23014] loop1: detected capacity change from 0 to 8192 [ 1501.063807][T23017] ./file0: Can't lookup blockdev [ 1502.493041][T23014] loop1: p1 p2 p4[EZD] [ 1502.525154][T23014] loop1: p4 start 201326592 is beyond EOD, truncated [ 1504.562847][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1504.640131][T23030] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4907'. [ 1504.909586][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1506.207088][T23023] loop4: detected capacity change from 0 to 40427 [ 1506.221556][T23027] loop3: detected capacity change from 0 to 40427 [ 1506.245834][T23023] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1506.257325][T23027] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1506.362953][T23023] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1506.445955][T23027] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1506.498760][T23023] F2FS-fs (loop4): invalid crc value [ 1506.692911][T23027] F2FS-fs (loop3): invalid crc value [ 1506.710224][T23023] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4) [ 1506.964484][T23027] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1507.365942][T23027] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1507.395717][T23027] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1509.367676][T23065] loop1: detected capacity change from 0 to 8192 [ 1509.379861][T23066] ./file0: Can't lookup blockdev [ 1509.826073][T23065] loop1: p1 p2 p4[EZD] [ 1509.842896][T23065] loop1: p4 start 201326592 is beyond EOD, truncated [ 1511.320238][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1511.349238][T21579] udevd[21579]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1512.397214][T23078] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4918'. [ 1516.354390][T23105] loop4: detected capacity change from 0 to 16 [ 1516.698151][T23106] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1517.073811][T23090] loop1: detected capacity change from 0 to 40427 [ 1517.184174][T23090] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1517.235882][T23090] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1517.314573][T23090] F2FS-fs (loop1): invalid crc value [ 1518.702635][T23090] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-4) [ 1523.037558][T23158] loop2: detected capacity change from 0 to 16 [ 1523.056479][T12947] Bluetooth: hci2: command 0x0406 tx timeout [ 1523.507184][T23160] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1526.505620][T23181] loop2: detected capacity change from 0 to 8192 [ 1526.513178][T23182] ./file0: Can't lookup blockdev [ 1527.968750][T23181] loop2: p1 p2 p4[EZD] [ 1527.986082][T23181] loop2: p4 start 201326592 is beyond EOD, truncated [ 1529.835548][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 1529.871266][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 1534.165392][T23209] loop1: detected capacity change from 0 to 16 [ 1535.335849][T21928] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1535.405696][T23209] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1535.946623][T23222] loop3: detected capacity change from 0 to 512 [ 1536.018269][T23222] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1536.088940][T23222] System zones: 0-2, 18-18, 34-34 [ 1536.155580][T23222] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1536.181025][T23222] EXT4-fs (loop3): Remounting filesystem read-only [ 1536.196954][T23222] EXT4-fs (loop3): 1 truncate cleaned up [ 1536.204977][T23222] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1536.218355][ T4502] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1536.241006][T23222] ext4 filesystem being mounted at /533/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1536.252898][ T4502] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1536.274146][ T4502] Quota error (device loop3): write_blk: dquota write failed [ 1536.284413][ T4502] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1536.300423][ T4502] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1536.352287][ T4502] Quota error (device loop3): write_blk: dquota write failed [ 1536.371214][ T4502] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1536.392780][ T4502] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1536.408834][ T4502] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1536.420782][ T4502] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1536.436579][ T4502] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1538.698450][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1541.732265][T23262] loop3: detected capacity change from 0 to 16 [ 1543.064148][T23265] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1543.357766][T23269] loop2: detected capacity change from 0 to 512 [ 1543.413008][T23269] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1543.434419][T23269] System zones: 0-2, 18-18, 34-34 [ 1543.548794][T23269] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1543.627923][T23269] EXT4-fs (loop2): Remounting filesystem read-only [ 1543.643359][T23269] EXT4-fs (loop2): 1 truncate cleaned up [ 1543.650653][T23255] loop4: detected capacity change from 0 to 40427 [ 1543.683064][T23255] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1543.695202][ T3046] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1543.713914][T23269] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1543.744873][T23255] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1543.753324][ T3046] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1543.753402][ T3046] Quota error (device loop2): write_blk: dquota write failed [ 1543.753419][ T3046] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 1543.753437][ T3046] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1543.753457][ T3046] Quota error (device loop2): write_blk: dquota write failed [ 1543.753473][ T3046] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 1543.753575][ T3046] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 1543.753594][ T3046] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 1543.753649][ T3046] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1543.754024][ T3046] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1543.832016][T23269] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1543.909999][T23255] F2FS-fs (loop4): invalid crc value [ 1544.145916][T23255] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4) [ 1546.064683][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.071243][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.134850][T21994] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1550.931094][T23321] loop1: detected capacity change from 0 to 16 [ 1551.171947][T23322] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1551.698464][T23327] loop3: detected capacity change from 0 to 512 [ 1551.950436][T23327] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1551.987439][T23327] System zones: 0-2, 18-18, 34-34 [ 1552.050026][T23327] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1552.226405][T23327] EXT4-fs (loop3): Remounting filesystem read-only [ 1552.338455][T23327] EXT4-fs (loop3): 1 truncate cleaned up [ 1552.547973][T23327] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1552.666606][T23327] ext4 filesystem being mounted at /541/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1555.335786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 1555.875742][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1555.932967][ T4230] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1555.958911][ T4230] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1555.971605][ T4230] Quota error (device loop3): write_blk: dquota write failed [ 1555.979151][ T4230] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1555.989388][ T4230] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1556.000058][ T4230] Quota error (device loop3): write_blk: dquota write failed [ 1556.007572][ T4230] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1556.017967][ T4230] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1556.031880][ T4230] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1556.049090][ T4230] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1556.108856][ T4230] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1559.347671][T23372] loop3: detected capacity change from 0 to 512 [ 1559.490338][T23374] loop1: detected capacity change from 0 to 16 [ 1559.511577][T23374] erofs: (device loop1): mounted with root inode @ nid 36. [ 1559.529330][T23374] syz.1.4996: attempt to access beyond end of device [ 1559.529330][T23374] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1559.557653][T23374] syz.1.4996: attempt to access beyond end of device [ 1559.557653][T23374] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1559.572413][T23374] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1559.613433][ T28] audit: type=1800 audit(2000000530.270:337): pid=23374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4996" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 1559.649386][T23375] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1559.661111][T23375] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1559.940328][T23372] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1560.111824][T23372] System zones: 0-2, 18-18, 34-34 [ 1560.344922][T23372] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1560.431432][T23372] EXT4-fs (loop3): Remounting filesystem read-only [ 1560.624361][T23372] EXT4-fs (loop3): 1 truncate cleaned up [ 1560.658369][T22700] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1560.666333][T23372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1560.685869][T23372] ext4 filesystem being mounted at /544/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1561.660168][T22700] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1561.671012][T22700] Quota error (device loop3): write_blk: dquota write failed [ 1561.678487][T22700] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1561.695807][T22700] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1561.715865][T22700] Quota error (device loop3): write_blk: dquota write failed [ 1561.965933][T22700] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1562.226001][T22700] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1562.254966][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1562.305815][T22700] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1562.314673][T22700] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1562.375115][T22700] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1563.591489][T23384] loop1: detected capacity change from 0 to 40427 [ 1564.724558][T23418] loop3: detected capacity change from 0 to 16 [ 1564.849184][T23418] erofs: (device loop3): mounted with root inode @ nid 36. [ 1564.959893][T23418] syz.3.5007: attempt to access beyond end of device [ 1564.959893][T23418] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1565.795927][ T28] audit: type=1800 audit(2000000536.410:338): pid=23418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5007" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 1567.093919][T23424] loop3: detected capacity change from 0 to 512 [ 1567.319302][T23424] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1567.376750][T23424] System zones: 0-2, 18-18, 34-34 [ 1567.428749][T23424] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1567.522185][T23424] EXT4-fs (loop3): Remounting filesystem read-only [ 1567.555381][T23424] EXT4-fs (loop3): 1 truncate cleaned up [ 1567.603799][ T4502] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1567.701166][T23424] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1567.757656][ T4502] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1567.871494][T23424] ext4 filesystem being mounted at /548/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1567.897574][ T4502] Quota error (device loop3): write_blk: dquota write failed [ 1567.978657][ T4502] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 1568.130669][ T4502] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1568.403005][ T4502] Quota error (device loop3): write_blk: dquota write failed [ 1568.413496][ T4502] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 1568.434940][ T4502] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 1568.512247][ T4502] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1568.523495][ T4502] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1568.956374][ T4502] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1568.971314][T14219] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1571.636708][T23458] loop4: detected capacity change from 0 to 16 [ 1571.894846][T23459] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1572.596847][T23445] loop3: detected capacity change from 0 to 40427 [ 1572.635372][T23445] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1572.648044][T23445] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1572.678992][T23445] F2FS-fs (loop3): invalid crc value [ 1573.017824][T23445] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1574.338563][T23469] loop4: detected capacity change from 0 to 16 [ 1575.244915][T23469] erofs: (device loop4): mounted with root inode @ nid 36. [ 1575.261295][T23468] syz.4.5017: attempt to access beyond end of device [ 1575.261295][T23468] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1575.282955][T23468] syz.4.5017: attempt to access beyond end of device [ 1575.282955][T23468] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1575.297039][T23468] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1575.310689][ T28] audit: type=1800 audit(2000000545.990:339): pid=23468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5017" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 1575.367289][T23468] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1575.380475][T23468] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1575.685787][T23475] loop4: detected capacity change from 0 to 512 [ 1575.737617][T23475] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1575.776042][T23475] System zones: 0-2, 18-18, 34-34 [ 1575.860845][T23475] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1575.922289][T23475] EXT4-fs (loop4): Remounting filesystem read-only [ 1575.939972][T23475] EXT4-fs (loop4): 1 truncate cleaned up [ 1575.976469][ T4502] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1575.978674][T23475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1576.002820][ T4502] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1576.019479][ T4502] Quota error (device loop4): write_blk: dquota write failed [ 1576.029114][ T4502] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1576.043551][ T4502] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1576.058941][T23475] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1576.065291][ T4502] Quota error (device loop4): write_blk: dquota write failed [ 1576.114360][ T4502] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1577.878126][ T4502] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1577.911251][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1577.949633][ T4502] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1577.996016][ T4502] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1578.046112][ T4502] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1579.640946][T23506] loop3: detected capacity change from 0 to 16 [ 1579.787040][T23506] erofs: (device loop3): mounted with root inode @ nid 36. [ 1579.812053][T23506] syz.3.5027: attempt to access beyond end of device [ 1579.812053][T23506] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1579.838882][T23506] syz.3.5027: attempt to access beyond end of device [ 1579.838882][T23506] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1579.855027][T23506] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1579.889632][ T28] audit: type=1800 audit(2000000550.550:340): pid=23506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5027" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 1579.947863][T23507] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1579.959607][T23507] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1581.212042][T23520] loop4: detected capacity change from 0 to 512 [ 1581.308183][T23520] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1582.216122][T23520] System zones: 0-2, 18-18, 34-34 [ 1582.284914][T23520] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1582.359071][T23520] EXT4-fs (loop4): Remounting filesystem read-only [ 1582.396030][T23520] EXT4-fs (loop4): 1 truncate cleaned up [ 1582.416216][T14622] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1582.439029][T23520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1582.451319][T14622] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1582.475954][T23520] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1582.491085][T14622] Quota error (device loop4): write_blk: dquota write failed [ 1582.511038][T14622] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1582.537960][T14622] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1582.568729][T14622] Quota error (device loop4): write_blk: dquota write failed [ 1582.603038][T14622] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1582.642286][T14622] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1582.671799][T14622] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1582.713483][T14622] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1582.780156][T14622] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1583.124265][T23516] loop2: detected capacity change from 0 to 40427 [ 1583.165947][T23516] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1583.243047][T23516] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1583.295690][T23516] F2FS-fs (loop2): invalid crc value [ 1583.453649][T23516] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1583.515842][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1583.696053][T23516] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1583.733395][T23516] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1584.746958][T23544] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 1584.756168][T23544] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1586.076797][T23553] loop1: detected capacity change from 0 to 16 [ 1586.234223][T23553] erofs: (device loop1): mounted with root inode @ nid 36. [ 1586.253969][T23553] syz.1.5037: attempt to access beyond end of device [ 1586.253969][T23553] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 1586.281911][T23553] syz.1.5037: attempt to access beyond end of device [ 1586.281911][T23553] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 1586.297303][T23553] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1586.329720][T23553] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1586.341389][T23553] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 1586.357337][ T28] audit: type=1800 audit(2000000556.990:341): pid=23553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5037" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 1587.239445][T23562] loop4: detected capacity change from 0 to 512 [ 1587.298540][T23562] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1587.609299][T23562] System zones: 0-2, 18-18, 34-34 [ 1588.213821][T23562] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1588.275485][T23562] EXT4-fs (loop4): Remounting filesystem read-only [ 1588.312222][T23562] EXT4-fs (loop4): 1 truncate cleaned up [ 1588.345979][T22700] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1588.349636][T23562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1588.415219][T23562] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1588.426038][T22700] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1588.655899][T22700] Quota error (device loop4): write_blk: dquota write failed [ 1588.693427][T22700] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1589.175974][T22700] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1589.218045][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1589.238067][T22700] Quota error (device loop4): write_blk: dquota write failed [ 1589.247649][T23575] binder: 23574:23575 ioctl 4068aea3 200000000240 returned -22 [ 1589.265599][T22700] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1589.483294][T22700] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1589.988356][T22700] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1590.015453][T22700] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1590.124865][T22700] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1592.904742][T23607] loop4: detected capacity change from 0 to 512 [ 1593.032954][T23607] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 1593.078178][T23607] System zones: 0-2, 18-18, 34-34 [ 1593.165958][T23607] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 1593.241571][T23607] EXT4-fs (loop4): Remounting filesystem read-only [ 1593.258536][T23607] EXT4-fs (loop4): 1 truncate cleaned up [ 1593.265551][T23607] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1593.286315][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1593.287601][T23607] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1593.347884][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1593.379250][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1593.395854][ T4230] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 1593.415997][ T4230] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1593.445805][ T4230] Quota error (device loop4): write_blk: dquota write failed [ 1593.453403][ T4230] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 1593.491944][ T4230] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 1593.553132][T23612] binder: 23611:23612 ioctl 4068aea3 200000000240 returned -22 [ 1593.565972][ T4230] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1594.655780][ T4230] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 1594.716021][ T4230] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1594.748598][T21695] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1598.532641][T23643] binder: 23642:23643 ioctl 4068aea3 200000000240 returned -22 [ 1603.831904][T23688] binder: BINDER_SET_CONTEXT_MGR already set [ 1603.838635][T23688] binder: 23683:23688 ioctl 4018620d 200000004a80 returned -16 [ 1606.509146][ T28] audit: type=1326 audit(2000000577.190:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1606.595797][ T28] audit: type=1326 audit(2000000577.190:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1606.685592][ T28] audit: type=1326 audit(2000000577.220:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1606.738734][ T28] audit: type=1326 audit(2000000577.220:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1606.943203][T23723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5081'. [ 1607.487115][ T28] audit: type=1326 audit(2000000577.220:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa65495d60e code=0x7ffc0000 [ 1607.624772][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.636466][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.732866][ T28] audit: type=1326 audit(2000000577.220:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa65495d60e code=0x7ffc0000 [ 1607.849005][ T28] audit: type=1326 audit(2000000577.220:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1607.895855][ T28] audit: type=1326 audit(2000000577.220:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1607.969101][ T28] audit: type=1326 audit(2000000577.220:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1608.066897][ T28] audit: type=1326 audit(2000000577.220:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23714 comm="syz.2.5080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65499cdd9 code=0x7ffc0000 [ 1611.435963][ T5923] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1611.656093][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 1611.685197][ T5923] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1611.718597][ T5923] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1612.864890][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1612.893535][ T5923] usb 3-1: Product: syz [ 1612.910153][ T5923] usb 3-1: Manufacturer: syz [ 1612.926605][ T5923] usb 3-1: SerialNumber: syz [ 1612.937897][ T5923] usb 3-1: config 0 descriptor?? [ 1612.943943][T23754] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1612.976917][ T5923] hub 3-1:0.0: bad descriptor, ignoring hub [ 1612.993290][ T5923] hub: probe of 3-1:0.0 failed with error -5 [ 1615.038106][T23754] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 1618.855744][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 1618.925923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 1619.015758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 1619.145775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 1619.332649][T23819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5114'. [ 1620.455921][T23754] usb 3-1: device descriptor read/64, error -110 [ 1620.777292][T23834] overlayfs: failed to resolve './bus': -2 [ 1621.637696][T23754] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 1621.835957][T23754] usb 3-1: device descriptor read/64, error -32 [ 1622.115913][T23754] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 1622.185840][T23754] usb 3-1: device descriptor read/8, error -32 [ 1622.466078][T23754] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 1622.540614][T23754] usb 3-1: device descriptor read/8, error -32 [ 1622.649565][T23853] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5123'. [ 1624.646837][T23856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5125'. [ 1625.314318][ T5923] usb 3-1: USB disconnect, device number 14 [ 1625.645997][T23861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5126'. [ 1625.699358][T23862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5126'. [ 1626.014371][T23870] overlayfs: failed to resolve './bus': -2 [ 1628.576048][T13670] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1628.872197][T13670] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1628.902298][T13670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1629.080116][T13670] usb 4-1: Product: syz [ 1629.084581][T13670] usb 4-1: Manufacturer: syz [ 1629.104056][T13670] usb 4-1: SerialNumber: syz [ 1629.170859][T23901] overlayfs: failed to resolve './bus': -2 [ 1630.286346][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1630.327279][T23908] binder: BINDER_SET_CONTEXT_MGR already set [ 1630.333328][T23908] binder: 23907:23908 ioctl 4018620d 200000004a80 returned -16 [ 1632.268620][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000400. ret = -71 [ 1632.419724][T23921] ceph: No mds server is up or the cluster is laggy [ 1632.435821][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1632.474117][T13670] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1632.512209][T13670] lan78xx: probe of 4-1:1.0 failed with error -71 [ 1632.547353][T13670] usb 4-1: USB disconnect, device number 19 [ 1636.245679][T23967] netlink: 'syz.3.5163': attribute type 29 has an invalid length. [ 1636.254240][T23967] netlink: 'syz.3.5163': attribute type 29 has an invalid length. [ 1639.997668][T23994] trusted_key: syz.4.5172 sent an empty control message without MSG_MORE. [ 1640.046029][T23267] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1640.695912][T23267] usb 4-1: Using ep0 maxpacket: 32 [ 1640.715909][T23267] usb 4-1: device descriptor read/all, error -71 [ 1645.552922][T24045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5188'. [ 1653.118293][T24105] syz.1.5206 (24105): drop_caches: 2 [ 1656.795780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 1660.235988][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1660.438086][ T9] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1660.465443][ T9] usb 3-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 1660.491883][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1660.523591][ T9] usb 3-1: config 0 descriptor?? [ 1660.548026][ T9] usb 3-1: bad CDC descriptors [ 1660.604816][ T9] usb 3-1: bad CDC descriptors [ 1661.850138][T12947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1661.860293][T12947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1661.868745][T12947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1661.880375][T12947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1661.889324][T12947] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1661.897203][T12947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1662.107927][T14608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1662.268361][T14608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1662.509090][T14608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1662.985998][ T9] usb 3-1: USB disconnect, device number 16 [ 1663.084226][T14608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1664.043805][ T5781] Bluetooth: hci0: command tx timeout [ 1664.544811][T24161] chnl_net:caif_netlink_parms(): no params data found [ 1664.907108][T14608] tipc: Left network mode [ 1665.420318][T24161] bridge0: port 1(bridge_slave_0) entered blocking state [ 1665.433346][T24161] bridge0: port 1(bridge_slave_0) entered disabled state [ 1665.513521][T24161] bridge_slave_0: entered allmulticast mode [ 1665.538206][T24161] bridge_slave_0: entered promiscuous mode [ 1665.579633][T24161] bridge0: port 2(bridge_slave_1) entered blocking state [ 1665.592220][T24161] bridge0: port 2(bridge_slave_1) entered disabled state [ 1665.608911][T24161] bridge_slave_1: entered allmulticast mode [ 1665.638569][T24161] bridge_slave_1: entered promiscuous mode [ 1665.926583][T24161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1666.020862][T24161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1666.069101][ T5781] Bluetooth: hci0: command tx timeout [ 1667.362227][T24161] team0: Port device team_slave_0 added [ 1667.467687][T24161] team0: Port device team_slave_1 added [ 1668.185681][ T5781] Bluetooth: hci0: command tx timeout [ 1668.234194][T24161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1668.243781][T24161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1668.270171][T24161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1668.508498][T24161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1668.515511][T24161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1668.598337][T24222] netlink: 'syz.4.5234': attribute type 25 has an invalid length. [ 1668.607869][T24161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1668.941268][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.947853][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.139870][T24161] hsr_slave_0: entered promiscuous mode [ 1669.157608][T24161] hsr_slave_1: entered promiscuous mode [ 1669.165158][T24161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1669.183823][T24161] Cannot create hsr debugfs directory [ 1670.126094][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 1670.759090][ T5781] Bluetooth: hci0: command tx timeout [ 1670.886975][T14608] hsr_slave_0: left promiscuous mode [ 1670.946382][T14608] hsr_slave_1: left promiscuous mode [ 1670.959968][T14608] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1670.996994][T14608] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1671.004608][T14608] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1671.048768][T14608] bridge_slave_1: left promiscuous mode [ 1671.054647][T14608] bridge0: port 2(bridge_slave_1) entered disabled state [ 1671.087840][T14608] bridge_slave_0: left allmulticast mode [ 1671.093549][T14608] bridge_slave_0: left promiscuous mode [ 1671.106706][T24254] binder: 24253:24254 ioctl 4018620d 0 returned -22 [ 1671.127089][T14608] bridge0: port 1(bridge_slave_0) entered disabled state [ 1671.150546][T24254] binder: 24253:24254 ioctl 4068aea3 200000000240 returned -22 [ 1671.328962][T14608] veth1_macvtap: left promiscuous mode [ 1671.335298][T14608] veth0_macvtap: left promiscuous mode [ 1671.364520][T14608] veth1_vlan: left promiscuous mode [ 1671.386615][T14608] veth0_vlan: left promiscuous mode [ 1673.374045][T24270] netlink: 'syz.1.5245': attribute type 25 has an invalid length. [ 1673.852011][T14608] team0 (unregistering): Port device team_slave_1 removed [ 1673.966858][T14608] team0 (unregistering): Port device team_slave_0 removed [ 1674.084004][T14608] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1675.139668][T14608] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1675.818480][T14608] bond0 (unregistering): Released all slaves [ 1676.846470][T24288] binder: 24285:24288 ioctl 4018620d 0 returned -22 [ 1676.897537][T24288] binder: 24285:24288 ioctl 4068aea3 200000000240 returned -22 [ 1678.232214][T24314] netlink: 'syz.1.5256': attribute type 25 has an invalid length. [ 1679.538371][T24161] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1679.599061][T24161] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1679.634327][T24161] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1679.675512][T24161] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1680.217847][T24161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1680.252310][T24336] binder: 24334:24336 ioctl 4018620d 0 returned -22 [ 1680.289281][T24161] 8021q: adding VLAN 0 to HW filter on device team0 [ 1680.311378][T24336] binder: 24334:24336 ioctl 4068aea3 200000000240 returned -22 [ 1680.347527][T14622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1680.354720][T14622] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1680.522859][T14622] bridge0: port 2(bridge_slave_1) entered blocking state [ 1680.530158][T14622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1682.228181][T24161] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1682.342935][T24161] veth0_vlan: entered promiscuous mode [ 1682.391377][T24161] veth1_vlan: entered promiscuous mode [ 1683.161819][T24161] veth0_macvtap: entered promiscuous mode [ 1683.207831][T24161] veth1_macvtap: entered promiscuous mode [ 1683.317289][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1683.328024][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.338905][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1683.350267][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.360596][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1683.371706][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.401365][T24161] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1683.433855][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1683.463002][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.480750][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1683.506561][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.524746][T24161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1683.665726][T24161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1683.739765][T24161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1683.790726][T24161] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.086915][T24161] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.242984][T24161] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.392342][T24161] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1684.591988][T24374] binder: BINDER_SET_CONTEXT_MGR already set [ 1684.600160][T24374] binder: 24373:24374 ioctl 4018620d 200000004a80 returned -16 [ 1684.798861][T14622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1684.830956][T14622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1684.910633][ T4502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1684.939396][ T4502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1685.438318][T24394] loop3: detected capacity change from 0 to 16 [ 1685.617277][T24394] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1689.186851][T17986] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1690.535901][T17986] usb 2-1: Using ep0 maxpacket: 32 [ 1690.544410][T17986] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1690.561360][T17986] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1690.582939][T17986] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1690.885804][T17986] usb 2-1: Product: syz [ 1690.890048][T17986] usb 2-1: Manufacturer: syz [ 1690.894689][T17986] usb 2-1: SerialNumber: syz [ 1690.903898][T17986] usb 2-1: config 0 descriptor?? [ 1690.910070][T24428] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1690.935416][T17986] hub 2-1:0.0: bad descriptor, ignoring hub [ 1690.942836][T17986] hub: probe of 2-1:0.0 failed with error -5 [ 1691.028608][T24444] binder: BINDER_SET_CONTEXT_MGR already set [ 1691.068429][T24444] binder: 24443:24444 ioctl 4018620d 200000004a80 returned -16 [ 1691.459756][T24452] loop4: detected capacity change from 0 to 16 [ 1691.649312][T24452] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1692.085853][T22195] usb 2-1: USB disconnect, device number 10 [ 1693.605949][T17986] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1694.596850][T24485] binder: BINDER_SET_CONTEXT_MGR already set [ 1694.611148][T17986] usb 5-1: device descriptor read/64, error -71 [ 1694.647750][T24485] binder: 24484:24485 ioctl 4018620d 200000004a80 returned -16 [ 1694.886258][T17986] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1695.045835][T17986] usb 5-1: device descriptor read/64, error -71 [ 1695.167206][T17986] usb usb5-port1: attempt power cycle [ 1695.539604][T24509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5291'. [ 1695.580791][T24509] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5291'. [ 1695.586032][T17986] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1695.928762][T17986] usb 5-1: device not accepting address 9, error -71 [ 1696.137868][T24519] loop4: detected capacity change from 0 to 16 [ 1699.108874][T24518] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1701.646413][T24550] loop3: detected capacity change from 0 to 8192 [ 1701.658281][T24551] ./file0: Can't lookup blockdev [ 1702.020770][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1702.133220][T24550] loop3: p1 p2 p4[EZD] [ 1702.150774][T24550] loop3: p4 start 201326592 is beyond EOD, truncated [ 1702.966521][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1703.016616][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1703.180685][ T9] usb 2-1: config 0 has no interfaces? [ 1703.215865][ T9] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1703.225027][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1703.265605][ T9] usb 2-1: Product: syz [ 1703.323155][ T9] usb 2-1: Manufacturer: syz [ 1703.410327][ T9] usb 2-1: SerialNumber: syz [ 1703.506755][ T9] usb 2-1: config 0 descriptor?? [ 1703.984285][T21928] udevd[21928]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1704.011050][T21459] udevd[21459]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1705.744471][T24562] loop2: detected capacity change from 0 to 16 [ 1705.812763][T24560] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1705.891387][T17986] usb 2-1: USB disconnect, device number 11 [ 1708.493906][T24593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5314'. [ 1708.696855][ T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1708.916003][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1708.954253][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1708.982390][ T9] usb 4-1: config 0 has no interfaces? [ 1709.001615][ T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1709.020751][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1709.034723][ T9] usb 4-1: Product: syz [ 1709.046064][ T9] usb 4-1: Manufacturer: syz [ 1709.050747][ T9] usb 4-1: SerialNumber: syz [ 1709.086413][ T9] usb 4-1: config 0 descriptor?? [ 1710.057763][T24611] binder: BINDER_SET_CONTEXT_MGR already set [ 1710.065033][T24611] binder: 24610:24611 ioctl 4018620d 200000004a80 returned -16 [ 1710.103686][T24615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5323'. [ 1712.431138][T11137] usb 4-1: USB disconnect, device number 22 [ 1713.893702][T24640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5332'. [ 1714.453718][T24659] binder: BINDER_SET_CONTEXT_MGR already set [ 1714.472267][T24659] binder: 24658:24659 ioctl 4018620d 200000004a80 returned -16 [ 1714.705938][T13670] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1714.906152][T13670] usb 4-1: Using ep0 maxpacket: 32 [ 1714.990496][T13670] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1715.108982][T13670] usb 4-1: config 0 has no interfaces? [ 1715.235363][T13670] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1715.380954][T13670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1715.408478][T13670] usb 4-1: Product: syz [ 1715.435237][T13670] usb 4-1: Manufacturer: syz [ 1715.479888][T13670] usb 4-1: SerialNumber: syz [ 1715.536233][T13670] usb 4-1: config 0 descriptor?? [ 1716.247811][T24680] Bluetooth: MGMT ver 1.22 [ 1716.252398][T24680] Bluetooth: hci0: invalid len left 7, exp >= 43 [ 1716.510214][T24686] binder: BINDER_SET_CONTEXT_MGR already set [ 1716.544207][T24686] binder: 24685:24686 ioctl 4018620d 200000004a80 returned -16 [ 1717.496148][ T5923] usb 4-1: USB disconnect, device number 23 [ 1719.846922][T24716] binder: 24715:24716 ioctl 4068aea3 200000000240 returned -22 [ 1721.713175][T24742] binder: BINDER_SET_CONTEXT_MGR already set [ 1721.719378][T24742] binder: 24733:24742 ioctl 4018620d 200000004a80 returned -16 [ 1722.215806][T11137] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1722.465815][T11137] usb 3-1: Using ep0 maxpacket: 32 [ 1722.522511][T11137] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1722.532154][T24752] binder: 24751:24752 ioctl 4068aea3 200000000240 returned -22 [ 1722.566434][T11137] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1722.832986][T11137] usb 3-1: config 0 has no interface number 0 [ 1723.426333][T11137] usb 3-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1723.459368][T11137] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1723.475791][T11137] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1723.485059][T11137] usb 3-1: Product: syz [ 1723.499919][T11137] usb 3-1: Manufacturer: syz [ 1723.504584][T11137] usb 3-1: SerialNumber: syz [ 1723.529657][T11137] usb 3-1: config 0 descriptor?? [ 1723.556623][T11137] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1723.773673][T11137] usb 3-1: qt2_setup_urbs - submit read urb failed -8 [ 1723.781297][T11137] quatech2: probe of 3-1:0.51 failed with error -8 [ 1724.020985][ T5923] usb 3-1: USB disconnect, device number 17 [ 1726.073206][T24794] binder: 24793:24794 ioctl c0306201 0 returned -14 [ 1729.787481][T24829] loop2: detected capacity change from 0 to 16 [ 1730.381976][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.388365][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.543511][T21459] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1730.694444][T24834] binder: 24833:24834 ioctl c0306201 0 returned -14 [ 1734.732337][T24870] loop2: detected capacity change from 0 to 16 [ 1735.591383][T24877] binder: 24876:24877 ioctl c0306201 0 returned -14 [ 1738.513756][T22195] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1738.823831][T22195] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1738.961192][T22195] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1739.167069][T22195] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice= 0.03 [ 1739.225773][T22195] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1739.311491][T22195] usb 3-1: config 0 descriptor?? [ 1739.736873][T24919] loop3: detected capacity change from 0 to 16 [ 1740.408898][T21459] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1740.521256][T22195] usb 3-1: USB disconnect, device number 18 [ 1744.199826][T24943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5421'. [ 1745.268557][T24962] nvme_fabrics: missing parameter 'transport=%s' [ 1745.276008][T24962] nvme_fabrics: missing parameter 'nqn=%s' [ 1746.623952][T24987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5432'. [ 1746.690494][T24990] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5433'. [ 1747.438818][ C1] ------------[ cut here ]------------ [ 1747.444396][ C1] WARNING: CPU: 1 PID: 24993 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600 [ 1747.454691][ C1] Modules linked in: [ 1747.458705][ C1] CPU: 1 PID: 24993 Comm: syz.3.5434 Not tainted syzkaller #0 [ 1747.466282][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1747.476500][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 1747.482946][ C1] Code: 24 4c 89 e7 e8 fe 69 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 f9 a7 82 f7 0f 0b e9 f6 f7 ff ff e8 ed a7 82 f7 <0f> 0b e9 48 fb ff ff e8 e1 a7 82 f7 48 c7 c7 60 89 64 8e 4c 89 e6 [ 1747.502774][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 1747.509003][ C1] RAX: ffffffff8a047a13 RBX: ffffffff8a046816 RCX: ffff888066441e00 [ 1747.517120][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1747.525188][ C1] RBP: 0000000000000000 R08: ffff888066441e00 R09: 0000000000000003 [ 1747.533296][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888069df23c0 [ 1747.541391][ C1] R13: dffffc0000000000 R14: ffff888069df28b0 R15: ffff88805c4c6024 [ 1747.549473][ C1] FS: 00007f0b911e46c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1747.558531][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1747.565213][ C1] CR2: 00007f0b91180ff8 CR3: 000000006292a000 CR4: 00000000003506e0 [ 1747.573286][ C1] Call Trace: [ 1747.576660][ C1] [ 1747.579546][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 1747.585188][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 1747.590748][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 1747.597630][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 1747.603237][ C1] __iterate_interfaces+0x243/0x500 [ 1747.608568][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 1747.614895][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 1747.622198][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 1747.628540][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 1747.635728][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 1747.641034][ C1] __hrtimer_run_queues+0x520/0xc40 [ 1747.646314][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 1747.652462][ C1] ? hw_scan_work+0xf60/0xf60 [ 1747.657227][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1747.662404][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1747.668588][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 1747.673778][ C1] handle_softirqs+0x280/0x820 [ 1747.678646][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 1747.683468][ C1] ? do_softirq+0x1a0/0x1a0 [ 1747.688055][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 1747.693323][ C1] __irq_exit_rcu+0xd3/0x190 [ 1747.697987][ C1] ? irq_exit_rcu+0x20/0x20 [ 1747.702582][ C1] irq_exit_rcu+0x9/0x20 [ 1747.706894][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1747.712609][ C1] [ 1747.715584][ C1] [ 1747.718595][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1747.724653][ C1] RIP: 0010:finish_task_switch+0x26a/0x8f0 [ 1747.730549][ C1] Code: 0f 84 33 01 00 00 48 85 db 0f 85 52 01 00 00 e9 de 04 00 00 4c 8b 75 d0 4c 89 e7 e8 00 b9 32 09 e8 9b 29 30 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 1747.750378][ C1] RSP: 0018:ffffc9000f19f1f8 EFLAGS: 00000282 [ 1747.756544][ C1] RAX: 17df4c3fdf35ee00 RBX: 0000000000000000 RCX: 17df4c3fdf35ee00 [ 1747.764626][ C1] RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8fe0 [ 1747.772716][ C1] RBP: ffffc9000f19f250 R08: ffffffff911c65af R09: 1ffffffff2238cb5 [ 1747.780805][ C1] R10: dffffc0000000000 R11: fffffbfff2238cb6 R12: ffff888066441e00 [ 1747.788887][ C1] R13: dffffc0000000000 R14: ffff888066440000 R15: ffff8880b8f3cac8 [ 1747.797007][ C1] ? finish_task_switch+0x265/0x8f0 [ 1747.802276][ C1] __schedule+0x155b/0x45a0 [ 1747.806880][ C1] ? asan.module_dtor+0x20/0x20 [ 1747.811823][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 1747.817107][ C1] ? preempt_schedule+0xc0/0xd0 [ 1747.822079][ C1] preempt_schedule_common+0x82/0xc0 [ 1747.827445][ C1] preempt_schedule+0xc0/0xd0 [ 1747.832197][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 1747.837942][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1747.844033][ C1] ? lock_chain_count+0x20/0x20 [ 1747.848996][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1747.854269][ C1] _raw_spin_unlock_irqrestore+0x111/0x120 [ 1747.860169][ C1] ? _raw_spin_unlock+0x40/0x40 [ 1747.865086][ C1] ? __wake_up_common+0x2a4/0x4e0 [ 1747.870200][ C1] __wake_up_sync_key+0x12c/0x1a0 [ 1747.875308][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 1747.881469][ C1] ? sock_load_diag_module+0x140/0x140 [ 1747.887053][ C1] __unix_dgram_recvmsg+0x4b8/0xd80 [ 1747.892328][ C1] ? unix_unhash+0x10/0x10 [ 1747.896832][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1747.903058][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1747.908341][ C1] ? mark_lock+0x94/0x320 [ 1747.912728][ C1] ? unix_dgram_recvmsg+0xad/0xd0 [ 1747.917858][ C1] ? unix_dgram_sendmsg+0x16d0/0x16d0 [ 1747.923300][ C1] sock_recvmsg_nosec+0x82/0xd0 [ 1747.928364][ C1] ____sys_recvmsg+0x4e8/0x5e0 [ 1747.933216][ C1] ? __sys_recvmsg_sock+0x50/0x50 [ 1747.938345][ C1] ? import_iovec+0x73/0xa0 [ 1747.942918][ C1] ___sys_recvmsg+0x216/0x590 [ 1747.947690][ C1] ? __sys_recvmsg+0x2a0/0x2a0 [ 1747.952544][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 1747.957804][ C1] ? __might_fault+0xc6/0x120 [ 1747.962535][ C1] ? __might_fault+0xaa/0x120 [ 1747.967315][ C1] do_recvmmsg+0x39a/0x870 [ 1747.971818][ C1] ? __sys_recvmmsg+0x290/0x290 [ 1747.976750][ C1] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1747.982732][ C1] __x64_sys_recvmmsg+0x199/0x250 [ 1747.987858][ C1] ? do_recvmmsg+0x870/0x870 [ 1747.992547][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1747.997869][ C1] do_syscall_64+0x55/0xa0 [ 1748.002341][ C1] ? clear_bhb_loop+0x40/0x90 [ 1748.007105][ C1] ? clear_bhb_loop+0x40/0x90 [ 1748.011850][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1748.017824][ C1] RIP: 0033:0x7f0b9039cdd9 [ 1748.022321][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1748.042135][ C1] RSP: 002b:00007f0b911e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1748.050686][ C1] RAX: ffffffffffffffda RBX: 00007f0b90616090 RCX: 00007f0b9039cdd9 [ 1748.058809][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1748.066888][ C1] RBP: 00007f0b90432d69 R08: 0000000000000000 R09: 0000000000000000 [ 1748.074956][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1748.083040][ C1] R13: 00007f0b90616128 R14: 00007f0b90616090 R15: 00007ffe782b73a8 [ 1748.091150][ C1] [ 1748.094214][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1748.101508][ C1] CPU: 1 PID: 24993 Comm: syz.3.5434 Not tainted syzkaller #0 [ 1748.108972][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1748.119033][ C1] Call Trace: [ 1748.122315][ C1] [ 1748.125186][ C1] dump_stack_lvl+0x18c/0x250 [ 1748.129901][ C1] ? show_regs_print_info+0x20/0x20 [ 1748.135132][ C1] ? load_image+0x420/0x420 [ 1748.139659][ C1] panic+0x2dc/0x730 [ 1748.143569][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 1748.148102][ C1] __warn+0x2e0/0x470 [ 1748.152094][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.157827][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.163556][ C1] report_bug+0x2be/0x4f0 [ 1748.167895][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.173625][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.179350][ C1] ? __ieee80211_beacon_get+0x1235/0x1600 [ 1748.185076][ C1] handle_bug+0xcf/0x120 [ 1748.189327][ C1] exc_invalid_op+0x1a/0x50 [ 1748.193850][ C1] asm_exc_invalid_op+0x1a/0x20 [ 1748.198721][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 1748.205067][ C1] Code: 24 4c 89 e7 e8 fe 69 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 f9 a7 82 f7 0f 0b e9 f6 f7 ff ff e8 ed a7 82 f7 <0f> 0b e9 48 fb ff ff e8 e1 a7 82 f7 48 c7 c7 60 89 64 8e 4c 89 e6 [ 1748.224685][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 1748.230785][ C1] RAX: ffffffff8a047a13 RBX: ffffffff8a046816 RCX: ffff888066441e00 [ 1748.238957][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1748.246938][ C1] RBP: 0000000000000000 R08: ffff888066441e00 R09: 0000000000000003 [ 1748.254918][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888069df23c0 [ 1748.262918][ C1] R13: dffffc0000000000 R14: ffff888069df28b0 R15: ffff88805c4c6024 [ 1748.270901][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 1748.276484][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.282236][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 1748.287973][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 1748.293537][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 1748.299031][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 1748.305822][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 1748.311394][ C1] __iterate_interfaces+0x243/0x500 [ 1748.316602][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 1748.322846][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 1748.330055][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 1748.336303][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 1748.343338][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 1748.348558][ C1] __hrtimer_run_queues+0x520/0xc40 [ 1748.353774][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 1748.359782][ C1] ? hw_scan_work+0xf60/0xf60 [ 1748.364520][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1748.369652][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1748.375758][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 1748.380884][ C1] handle_softirqs+0x280/0x820 [ 1748.385679][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 1748.390481][ C1] ? do_softirq+0x1a0/0x1a0 [ 1748.395010][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 1748.400225][ C1] __irq_exit_rcu+0xd3/0x190 [ 1748.404835][ C1] ? irq_exit_rcu+0x20/0x20 [ 1748.409353][ C1] irq_exit_rcu+0x9/0x20 [ 1748.413598][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1748.419235][ C1] [ 1748.422173][ C1] [ 1748.425136][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1748.431150][ C1] RIP: 0010:finish_task_switch+0x26a/0x8f0 [ 1748.436956][ C1] Code: 0f 84 33 01 00 00 48 85 db 0f 85 52 01 00 00 e9 de 04 00 00 4c 8b 75 d0 4c 89 e7 e8 00 b9 32 09 e8 9b 29 30 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 1748.456567][ C1] RSP: 0018:ffffc9000f19f1f8 EFLAGS: 00000282 [ 1748.462641][ C1] RAX: 17df4c3fdf35ee00 RBX: 0000000000000000 RCX: 17df4c3fdf35ee00 [ 1748.470628][ C1] RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8fe0 [ 1748.478609][ C1] RBP: ffffc9000f19f250 R08: ffffffff911c65af R09: 1ffffffff2238cb5 [ 1748.486590][ C1] R10: dffffc0000000000 R11: fffffbfff2238cb6 R12: ffff888066441e00 [ 1748.494578][ C1] R13: dffffc0000000000 R14: ffff888066440000 R15: ffff8880b8f3cac8 [ 1748.502575][ C1] ? finish_task_switch+0x265/0x8f0 [ 1748.507809][ C1] __schedule+0x155b/0x45a0 [ 1748.512344][ C1] ? asan.module_dtor+0x20/0x20 [ 1748.517392][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 1748.522607][ C1] ? preempt_schedule+0xc0/0xd0 [ 1748.527508][ C1] preempt_schedule_common+0x82/0xc0 [ 1748.532847][ C1] preempt_schedule+0xc0/0xd0 [ 1748.537548][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 1748.543224][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1748.549233][ C1] ? lock_chain_count+0x20/0x20 [ 1748.554098][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1748.559321][ C1] _raw_spin_unlock_irqrestore+0x111/0x120 [ 1748.565158][ C1] ? _raw_spin_unlock+0x40/0x40 [ 1748.570038][ C1] ? __wake_up_common+0x2a4/0x4e0 [ 1748.575079][ C1] __wake_up_sync_key+0x12c/0x1a0 [ 1748.580114][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 1748.586134][ C1] ? sock_load_diag_module+0x140/0x140 [ 1748.591615][ C1] __unix_dgram_recvmsg+0x4b8/0xd80 [ 1748.596838][ C1] ? unix_unhash+0x10/0x10 [ 1748.601303][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1748.607467][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1748.612679][ C1] ? mark_lock+0x94/0x320 [ 1748.617043][ C1] ? unix_dgram_recvmsg+0xad/0xd0 [ 1748.622076][ C1] ? unix_dgram_sendmsg+0x16d0/0x16d0 [ 1748.627457][ C1] sock_recvmsg_nosec+0x82/0xd0 [ 1748.632328][ C1] ____sys_recvmsg+0x4e8/0x5e0 [ 1748.637123][ C1] ? __sys_recvmsg_sock+0x50/0x50 [ 1748.642163][ C1] ? import_iovec+0x73/0xa0 [ 1748.646719][ C1] ___sys_recvmsg+0x216/0x590 [ 1748.651419][ C1] ? __sys_recvmsg+0x2a0/0x2a0 [ 1748.656207][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 1748.661267][ C1] ? __might_fault+0xc6/0x120 [ 1748.665950][ C1] ? __might_fault+0xaa/0x120 [ 1748.670638][ C1] do_recvmmsg+0x39a/0x870 [ 1748.675075][ C1] ? __sys_recvmmsg+0x290/0x290 [ 1748.679944][ C1] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1748.685859][ C1] __x64_sys_recvmmsg+0x199/0x250 [ 1748.690895][ C1] ? do_recvmmsg+0x870/0x870 [ 1748.695498][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1748.700713][ C1] do_syscall_64+0x55/0xa0 [ 1748.705151][ C1] ? clear_bhb_loop+0x40/0x90 [ 1748.709857][ C1] ? clear_bhb_loop+0x40/0x90 [ 1748.714547][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1748.720453][ C1] RIP: 0033:0x7f0b9039cdd9 [ 1748.724885][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1748.744503][ C1] RSP: 002b:00007f0b911e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1748.752926][ C1] RAX: ffffffffffffffda RBX: 00007f0b90616090 RCX: 00007f0b9039cdd9 [ 1748.760928][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1748.768928][ C1] RBP: 00007f0b90432d69 R08: 0000000000000000 R09: 0000000000000000 [ 1748.776936][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1748.784913][ C1] R13: 00007f0b90616128 R14: 00007f0b90616090 R15: 00007ffe782b73a8 [ 1748.792903][ C1] [ 1748.796526][ C1] Kernel Offset: disabled [ 1748.800867][ C1] Rebooting in 86400 seconds..