last executing test programs: 2m5.76411668s ago: executing program 3 (id=391): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158b3"], 0x66) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400009"], 0x50) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000000000711132000000000085"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x6}, 0x94) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 2m5.712761603s ago: executing program 3 (id=394): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a", 0xd}], 0x1}, 0x20000840) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) 2m5.661759986s ago: executing program 3 (id=396): mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x79f, 0x1) 2m5.550454283s ago: executing program 3 (id=398): bpf$BPF_GET_PROG_INFO(0x15, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 2m5.461708727s ago: executing program 3 (id=400): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081084e81f782db44b904021d080006067c09e8fe55a10a0015400800142603600e120800160000001001a8001600a400014003", 0x39}], 0x1, 0x0, 0x0, 0x6000}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe5538250015000600149b0000001208000313eba96240a8002b", 0x33}], 0x1}, 0x80) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x10, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 2m5.372439673s ago: executing program 3 (id=405): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1a000, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$usbmon(0x0, 0xffff, 0x20000) 1m50.292360814s ago: executing program 32 (id=405): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1a000, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$usbmon(0x0, 0xffff, 0x20000) 1.812842144s ago: executing program 2 (id=1295): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=@newqdisc={0x8c, 0x24, 0x4ee4e6a52ff56541, 0xffffbffd, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x5c, 0x2, {{0x0, 0x3, 0x6361, 0x5, 0xa1, 0x800006}, [@TCA_NETEM_DELAY_DIST={0x8, 0x2, "7fe8ebd8"}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xffffffff, 0x76, 0x6, 0xe5, 0x8, 0x7}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}]}}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x71b923, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0x2, 0xb}, {0x4, 0xfff3}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x4010844) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.599792217s ago: executing program 2 (id=1301): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000b80)={@val={0x8, 0x800}, @val={0x0, 0x4, 0x0, 0x3, 0x14, 0xa08a}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0xb0, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e20, 0x4e23, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "31150048d5e06bdc339f0b82e56e05e9a3f461bf8f05c607f304e7fe0700221b", "b54970b8807c69e8aba2815e90ed451c3c1a9dff75f0f264e44cbb999c8f292e5aa143fd63ea1886e0cd425df0d8e5e7", "2bed86cd87cd326b66a3ca343e29e347dc61214ad793ad9f48b4d287", {"b15c14be998215153aaf76bbf0aead9a", "5cd7bcd4dc8e1acb0a78f4793cfd119c"}}}}}, 0xbe) 1.461782075s ago: executing program 5 (id=1306): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x28}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 1.441978886s ago: executing program 2 (id=1308): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0x0, 0x1, 0x0, {0x0, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef}, {0x4, 0x0, 0x7fe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0xfffffffc, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) 1.439841076s ago: executing program 5 (id=1310): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128028000180090001006c6173740000000004000280140001800c000120636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 1.374883049s ago: executing program 2 (id=1312): unshare(0x28000600) r0 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r0, 0x0, 0x0) 1.336656532s ago: executing program 2 (id=1314): syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x40000) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) 1.335091232s ago: executing program 5 (id=1315): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {&(0x7f0000000200)="b55accb3", 0x4}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='*'], 0x50) io_uring_enter(r0, 0x2219, 0x1adf, 0x16, 0x0, 0x0) 1.276945085s ago: executing program 2 (id=1316): getpeername(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) timer_settime(r0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r1, 0x40106f52, 0x0) 1.276692786s ago: executing program 5 (id=1317): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = syz_open_dev$sndctrl(&(0x7f0000001280), 0x0, 0x0) socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f00000001c0)={0xa1, 0x30, 0xfffe, 0x300, 0x0, 0x3, 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x20014880) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f00000101c0)={0x0, 0x49dc1e16, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x1000000, "b6855a32474ffa64f778ddcf29c94337"}) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) shutdown(r0, 0x1) 1.267163856s ago: executing program 4 (id=1318): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3c, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000500)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xa4, 0x0, &(0x7f0000001040)="d543f4d8ddbc3b5d8af16d4b7207543c1c6e3d2cd57f1ebd4721edf5eca8d5a0921488fe47f058ffa22cf27cb571e72e0cb9c525b6f19565d6c19fca35e3f69153daaf6ebb7814133522e0e6517b249233d92523277f84cd0fd338049c9faed2da33797446627aad81b6a9c78cdd7df447996b839c9673479b2d4098300ea2c980209a9ec06707d28a59ba4817f15ae17698116e511fb014585264cf3dd357a1567015cd"}) 1.20350696s ago: executing program 4 (id=1320): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6_vti0\x00', 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x44904}, 0x8005) 1.121496114s ago: executing program 4 (id=1321): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xa}, {0xffff}, {0x2, 0x7}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x44, [0xc, 0x9, 0x0, 0xf, 0x10, 0x2, 0x6, 0x2, 0xf, 0x6, 0x2, 0x1, 0x8, 0x1, 0x10, 0x4], 0x3, [0xb, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xffff, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x401, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 986.678372ms ago: executing program 0 (id=1325): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, &(0x7f0000000200)) 931.758226ms ago: executing program 0 (id=1327): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x48801, 0x8008}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x200}]}}}]}, 0x3c}}, 0x40004) 930.599766ms ago: executing program 4 (id=1328): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000311000400000000006eec00be10a42f01fe8000000000000000000000000000aaff020000000000000000000000000001330088be"], 0x10da) 865.145889ms ago: executing program 0 (id=1329): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 841.464061ms ago: executing program 0 (id=1331): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6_vti0\x00', 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x44904}, 0x8005) 763.822095ms ago: executing program 0 (id=1333): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=@newqdisc={0x8c, 0x24, 0x4ee4e6a52ff56541, 0xffffbffd, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x5c, 0x2, {{0x0, 0x3, 0x6361, 0x5, 0xa1, 0x800006}, [@TCA_NETEM_DELAY_DIST={0x8, 0x2, "7fe8ebd8"}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xffffffff, 0x76, 0x6, 0xe5, 0x8, 0x7}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}]}}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x71b923, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0x2, 0xb}, {0x4, 0xfff3}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x4010844) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 763.016795ms ago: executing program 4 (id=1334): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x28}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 659.495281ms ago: executing program 4 (id=1335): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x7, 0x0, 0xfffffdffffffffff, 0xfa11, 0xfffffffb}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000005100)={0x9, {"a2e339084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3263078b089b39333b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d316d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210483b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02ccf156f3da001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a5031e54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0db6e00cb11db4a5fade2a57c10238e204a67737c3bc2aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35818d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58ceecce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de357d7bfb4ae06d55a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ef9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766cf3817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec8982067a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b000000000000000000000000000000000000000000000000ac6b429961f8c30a00", 0x1000}}, 0x1006) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r4], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) uname(0xffffffffffffffff) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r8}) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r8], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r10, r9, r9], &(0x7f0000000340), 0x0, 0xffffffffffffffff}) 564.786957ms ago: executing program 1 (id=1336): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) 551.037468ms ago: executing program 0 (id=1337): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000840)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000380)={0x0, 0x22, 0x6a, 0x100010001, 0x0, 0xffffdffffffffffd, 0x7, 0xfffffffffffffffb, 0xc68, 0x9, 0x4, 0x1}) 492.345992ms ago: executing program 1 (id=1338): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000007c0)=ANY=[], 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x4084) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xe9e2, 0x800, 0x1, 0x40000330}, &(0x7f0000000dc0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x8}) io_uring_enter(r2, 0x2ffb, 0x0, 0x0, 0x0, 0x0) 296.814843ms ago: executing program 1 (id=1339): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x49, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xa}, {0xffff}, {0x2, 0x7}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x44, [0xc, 0x9, 0x0, 0xf, 0x10, 0x2, 0x6, 0x2, 0xf, 0x6, 0x2, 0x1, 0x8, 0x1, 0x10, 0x4], 0x3, [0xb, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xffff, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x401, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 154.350751ms ago: executing program 1 (id=1340): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000880)='*', 0x1}], 0x1}}], 0x2, 0x48000) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000002680)={r1, 0x2}, 0x8) 125.919153ms ago: executing program 5 (id=1341): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128028000180090001006c6173740000000004000280140001800c000120636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 40.807357ms ago: executing program 1 (id=1342): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x46, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000500)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xa4, 0x0, &(0x7f0000001040)="d543f4d8ddbc3b5d8af16d4b7207543c1c6e3d2cd57f1ebd4721edf5eca8d5a0921488fe47f058ffa22cf27cb571e72e0cb9c525b6f19565d6c19fca35e3f69153daaf6ebb7814133522e0e6517b249233d92523277f84cd0fd338049c9faed2da33797446627aad81b6a9c78cdd7df447996b839c9673479b2d4098300ea2c980209a9ec06707d28a59ba4817f15ae17698116e511fb014585264cf3dd357a1567015cd"}) 31.698488ms ago: executing program 1 (id=1343): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 0s ago: executing program 5 (id=1344): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6_vti0\x00', 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r2}, 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x44904}, 0x8005) kernel console output (not intermixed with test programs): 0020: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 04 ................ [ 32.381551][ T4552] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 32.382975][ T4552] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 32.383031][ T4552] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.404870][ T4552] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.408781][ T4552] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.412219][ T4562] syz.4.34: attempt to access beyond end of device [ 32.412219][ T4562] loop4: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 32.414705][ T4552] XFS (loop2): metadata I/O error in "xfs_read_agf+0x250/0x5fc" at daddr 0x1 len 1 error 74 [ 32.420283][ T4552] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x15c/0x234, xfs_agf block 0x1 [ 32.425386][ T4552] XFS (loop2): Unmount and run xfs_repair [ 32.426299][ T4552] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 32.431923][ T4552] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 32.436263][ T4552] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 32.440927][ T4552] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 04 ................ [ 32.442708][ T4552] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 32.466189][ T9] kworker/u4:0: attempt to access beyond end of device [ 32.466189][ T9] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 32.477479][ T4552] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 32.485464][ T4552] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.494985][ T4552] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.496403][ T4552] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 32.497992][ T4552] XFS (loop2): metadata I/O error in "xfs_read_agf+0x250/0x5fc" at daddr 0x1 len 1 error 74 [ 32.500086][ T4552] XFS (loop2): page discard on page 000000006408ac9e, inode 0x26, pos 21504. [ 32.569335][ T4576] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.570571][ T4576] bridge0: port 2(bridge_slave_1) entered listening state [ 32.571766][ T4576] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.572808][ T4576] bridge0: port 1(bridge_slave_0) entered listening state [ 32.577698][ T4576] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 32.652056][ T4576] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 32.815697][ T4326] XFS (loop2): Unmounting Filesystem [ 32.877894][ T4324] Bluetooth: hci0: command 0x040f tx timeout [ 32.878945][ T4333] Bluetooth: hci2: command 0x040f tx timeout [ 32.957663][ T4337] Bluetooth: hci1: command 0x040f tx timeout [ 32.958758][ T4337] Bluetooth: hci4: command 0x040f tx timeout [ 32.959726][ T4337] Bluetooth: hci3: command 0x040f tx timeout [ 33.098910][ T4581] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.38 (4581) [ 33.114306][ T4581] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 33.118826][ T4581] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 33.121999][ T4581] BTRFS info (device loop4): force zlib compression, level 3 [ 33.123347][ T4581] BTRFS info (device loop4): force clearing of disk cache [ 33.128142][ T4581] BTRFS info (device loop4): setting nodatasum [ 33.130238][ T4581] BTRFS info (device loop4): use zlib compression, level 3 [ 33.132721][ T4581] BTRFS info (device loop4): allowing degraded mounts [ 33.133873][ T4581] BTRFS info (device loop4): enabling disk space caching [ 33.138207][ T4581] BTRFS info (device loop4): disk space caching is enabled [ 33.168452][ T4589] device syzkaller0 entered promiscuous mode [ 33.189160][ T4581] BTRFS info (device loop4): enabling ssd optimizations [ 33.190846][ T4581] BTRFS info (device loop4): rebuilding free space tree [ 33.206959][ T4581] BTRFS info (device loop4): disabling free space tree [ 33.208435][ T4581] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 33.210578][ T4581] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 33.264876][ T4581] BTRFS info (device loop4): balance: start -f -susage=512..6 [ 33.266297][ T4581] BTRFS info (device loop4): balance: ended with status: 0 [ 33.273936][ T4604] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 33.317235][ T4332] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 33.493648][ T4332] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 33.494924][ T4332] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 33.584501][ T4627] SQUASHFS error: lzo decompression failed, data probably corrupt [ 33.585806][ T4627] SQUASHFS error: Failed to read block 0x91: -5 [ 33.586714][ T4627] SQUASHFS error: Unable to read metadata cache entry [8f] [ 33.590710][ T4627] SQUASHFS error: Unable to read inode 0x11f [ 33.618866][ T4310] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 33.697762][ T4614] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 33.747108][ T4377] kernel write not supported for file /35/clear_refs (pid: 4377 comm: kworker/1:5) [ 33.785204][ T4633] Trying to free block not in datazone [ 33.786262][ T4633] Trying to free block not in datazone [ 33.790340][ T4633] Trying to free block not in datazone [ 33.887753][ T4614] usb 1-1: Using ep0 maxpacket: 16 [ 33.890103][ T4614] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 33.891571][ T4614] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 33.894325][ T4614] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 33.895761][ T4614] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.896881][ T4614] usb 1-1: Product: syz [ 33.897475][ T4614] usb 1-1: Manufacturer: syz [ 33.898153][ T4614] usb 1-1: SerialNumber: syz [ 33.985886][ T27] audit: type=1326 audit(33.970:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4634 comm="syz.4.49" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7fc00000 [ 34.246797][ T4641] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.253907][ T4641] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 34.259697][ T4641] EXT4-fs (loop3): 1 truncate cleaned up [ 34.260602][ T4641] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 34.325340][ T4614] usb 1-1: USB disconnect, device number 3 [ 34.354553][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 34.411093][ T4645] EXT4-fs (loop2): Test dummy encryption mode enabled [ 34.412354][ T4645] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 34.414458][ T4645] EXT4-fs (loop2): SIPHASH is not a valid default hash value [ 34.415658][ T4648] FAT-fs (loop3): Directory bread(block 64) failed [ 34.417026][ T4648] FAT-fs (loop3): Directory bread(block 65) failed [ 34.421292][ T4648] FAT-fs (loop3): Directory bread(block 66) failed [ 34.422369][ T4648] FAT-fs (loop3): Directory bread(block 67) failed [ 34.423530][ T4648] FAT-fs (loop3): Directory bread(block 68) failed [ 34.424716][ T4648] FAT-fs (loop3): Directory bread(block 69) failed [ 34.425863][ T4648] FAT-fs (loop3): Directory bread(block 70) failed [ 34.427031][ T4648] FAT-fs (loop3): Directory bread(block 71) failed [ 34.428791][ T4648] FAT-fs (loop3): Directory bread(block 72) failed [ 34.430232][ T4648] FAT-fs (loop3): Directory bread(block 73) failed [ 34.589273][ T4657] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 34.655137][ T27] audit: type=1326 audit(34.640:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4634 comm="syz.4.49" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa4b77368 code=0x7fc00000 [ 34.958115][ T4324] Bluetooth: hci2: command 0x0419 tx timeout [ 34.977620][ T4324] Bluetooth: hci0: command 0x0419 tx timeout [ 34.993953][ T4662] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 34.997373][ T4662] EXT4-fs (loop4): orphan cleanup on readonly fs [ 35.000356][ T4662] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:511: comm syz.4.58: Block bitmap for bg 0 marked uninitialized [ 35.005638][ T4662] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 35.007987][ T4662] EXT4-fs (loop4): 1 orphan inode deleted [ 35.009019][ T4662] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 35.039164][ T4337] Bluetooth: hci3: command 0x0419 tx timeout [ 35.040206][ T4337] Bluetooth: hci4: command 0x0419 tx timeout [ 35.041113][ T4337] Bluetooth: hci1: command 0x0419 tx timeout [ 35.070796][ T4669] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 35.104662][ T4332] EXT4-fs (loop4): unmounting filesystem. [ 35.106792][ T4672] EXT4-fs: Ignoring removed nobh option [ 35.479339][ T4672] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 35.530729][ T4664] set_capacity_and_notify: 17 callbacks suppressed [ 35.530739][ T4664] loop3: detected capacity change from 0 to 32768 [ 35.542483][ T4682] Injecting memory failure for pfn 0x210df2 at process virtual address 0x20001000 [ 35.559215][ T4682] Memory failure: 0x210df2: recovery action for reserved kernel page: Ignored [ 35.698800][ T4324] Bluetooth: Frame is too long (len 5, expected len 4) [ 35.880160][ T4664] XFS (loop3): Mounting V5 Filesystem [ 35.924052][ T4664] XFS (loop3): Ending clean mount [ 35.981072][ T4325] EXT4-fs (loop0): unmounting filesystem. [ 36.064024][ T4320] XFS (loop3): Unmounting Filesystem [ 36.126231][ T4697] loop0: detected capacity change from 0 to 256 [ 36.163975][ T4697] FAT-fs (loop0): Directory bread(block 64) failed [ 36.171327][ T4697] FAT-fs (loop0): Directory bread(block 65) failed [ 36.174891][ T4697] FAT-fs (loop0): Directory bread(block 66) failed [ 36.180515][ T4697] FAT-fs (loop0): Directory bread(block 67) failed [ 36.183734][ T4697] FAT-fs (loop0): Directory bread(block 68) failed [ 36.190339][ T4697] FAT-fs (loop0): Directory bread(block 69) failed [ 36.194751][ T4697] FAT-fs (loop0): Directory bread(block 70) failed [ 36.201854][ T4697] FAT-fs (loop0): Directory bread(block 71) failed [ 36.206200][ T4697] FAT-fs (loop0): Directory bread(block 72) failed [ 36.210495][ T4697] FAT-fs (loop0): Directory bread(block 73) failed [ 36.425289][ T4695] loop2: detected capacity change from 0 to 32768 [ 36.993451][ T4725] loop2: detected capacity change from 0 to 256 [ 37.012828][ T4725] FAT-fs (loop2): Directory bread(block 64) failed [ 37.015020][ T4725] FAT-fs (loop2): Directory bread(block 65) failed [ 37.017281][ T4725] FAT-fs (loop2): Directory bread(block 66) failed [ 37.028730][ T4725] FAT-fs (loop2): Directory bread(block 67) failed [ 37.031096][ T4725] FAT-fs (loop2): Directory bread(block 68) failed [ 37.033957][ T4725] FAT-fs (loop2): Directory bread(block 69) failed [ 37.036157][ T4725] FAT-fs (loop2): Directory bread(block 70) failed [ 37.040224][ T4725] FAT-fs (loop2): Directory bread(block 71) failed [ 37.041621][ T4725] FAT-fs (loop2): Directory bread(block 72) failed [ 37.044870][ T4725] FAT-fs (loop2): Directory bread(block 73) failed [ 37.118700][ T4704] loop1: detected capacity change from 0 to 40427 [ 37.127546][ T4704] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff [ 37.137017][ T4704] F2FS-fs (loop1): invalid crc value [ 37.149109][ T4704] F2FS-fs (loop1): Found nat_bits in checkpoint [ 37.165228][ T4704] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 37.303967][ T4745] loop4: detected capacity change from 0 to 4096 [ 37.313733][ T4745] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 37.481562][ T4763] loop1: detected capacity change from 0 to 1024 [ 37.580248][ T4772] Injecting memory failure for pfn 0x210df2 at process virtual address 0x20001000 [ 37.584112][ T4772] Memory failure: 0x210df2: already hardware poisoned [ 37.614164][ T4754] loop2: detected capacity change from 0 to 32768 [ 37.674955][ T4778] loop4: detected capacity change from 0 to 128 [ 37.680832][ T4778] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 37.682884][ T4778] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 37.684115][ T4778] hpfs: You really don't want any checks? You are crazy... [ 37.685799][ T4778] hpfs: hpfs_map_sector(): read error [ 37.686638][ T4778] hpfs: code page support is disabled [ 37.688059][ T4778] hpfs: hpfs_map_4sectors(): unaligned read [ 37.689094][ T4778] hpfs: hpfs_map_4sectors(): unaligned read [ 37.690379][ T4778] hpfs: filesystem error: unable to find root dir [ 38.066858][ T4786] loop4: detected capacity change from 0 to 4096 [ 38.071446][ T4786] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 38.175950][ T4798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.184752][ T4798] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.203651][ T4798] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.204925][ T4798] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.293257][ T4788] XFS (loop2): Mounting V5 Filesystem [ 38.306394][ T4788] XFS (loop2): Ending clean mount [ 38.310736][ T4788] XFS (loop2): Quotacheck needed: Please wait. [ 38.331771][ T4788] XFS (loop2): Quotacheck: Done. [ 38.350657][ T4326] XFS (loop2): Unmounting Filesystem [ 38.427619][ T14] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 38.607701][ T14] usb 1-1: Using ep0 maxpacket: 8 [ 38.610876][ T14] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1 [ 38.613342][ T14] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 38.614994][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.616844][ T4831] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 38.621912][ T4831] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 38.623153][ T4831] hpfs: You really don't want any checks? You are crazy... [ 38.624782][ T4831] hpfs: hpfs_map_sector(): read error [ 38.625740][ T4831] hpfs: code page support is disabled [ 38.626641][ T4831] hpfs: hpfs_map_4sectors(): unaligned read [ 38.628632][ T4831] hpfs: hpfs_map_4sectors(): unaligned read [ 38.629716][ T4831] hpfs: filesystem error: unable to find root dir [ 38.684399][ T4833] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 38.891589][ T4839] F2FS-fs (loop2): invalid crc value [ 38.897254][ T4839] F2FS-fs (loop2): Found nat_bits in checkpoint [ 38.918842][ T4839] F2FS-fs (loop2): Start checkpoint disabled! [ 38.922935][ T4841] XFS (loop4): Mounting V5 Filesystem [ 38.924160][ T4839] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 38.942136][ T4841] XFS (loop4): Ending clean mount [ 38.947964][ T4841] XFS (loop4): Quotacheck needed: Please wait. [ 38.958172][ T4839] syz.2.119: attempt to access beyond end of device [ 38.958172][ T4839] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 38.975032][ T4841] XFS (loop4): Quotacheck: Done. [ 39.000039][ T4332] XFS (loop4): Unmounting Filesystem [ 39.004148][ T4577] kworker/u4:7: attempt to access beyond end of device [ 39.004148][ T4577] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 39.177370][ T4854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.107'. [ 39.186634][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 39.191380][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.192875][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.230752][ T4854] device syzkaller0 entered promiscuous mode [ 39.286194][ T4853] XFS (loop2): Mounting V5 Filesystem [ 39.315857][ T4853] XFS (loop2): Ending clean mount [ 39.321409][ T4853] XFS (loop2): Quotacheck needed: Please wait. [ 39.338439][ T4853] XFS (loop2): Quotacheck: Done. [ 39.359803][ T4326] XFS (loop2): Unmounting Filesystem [ 39.377144][ T4872] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 39.383071][ T4872] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 39.384429][ T4872] hpfs: You really don't want any checks? You are crazy... [ 39.385733][ T4872] hpfs: hpfs_map_sector(): read error [ 39.386567][ T4872] hpfs: code page support is disabled [ 39.388256][ T4872] hpfs: hpfs_map_4sectors(): unaligned read [ 39.389454][ T4872] hpfs: hpfs_map_4sectors(): unaligned read [ 39.390470][ T4872] hpfs: filesystem error: unable to find root dir [ 39.713097][ T4883] F2FS-fs (loop1): invalid crc value [ 39.723797][ T4883] F2FS-fs (loop1): Found nat_bits in checkpoint [ 39.734348][ T4883] F2FS-fs (loop1): Start checkpoint disabled! [ 39.741199][ T4883] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 39.752884][ T4883] syz.1.131: attempt to access beyond end of device [ 39.752884][ T4883] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 39.780075][ T4350] kworker/u4:5: attempt to access beyond end of device [ 39.780075][ T4350] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 39.903601][ T4891] XFS (loop4): Mounting V5 Filesystem [ 39.914179][ T4891] XFS (loop4): Ending clean mount [ 39.917053][ T4891] XFS (loop4): Quotacheck needed: Please wait. [ 39.931875][ T4891] XFS (loop4): Quotacheck: Done. [ 39.948306][ T4332] XFS (loop4): Unmounting Filesystem [ 40.057533][ T4920] binder: 4919:4920 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 40.059720][ T4920] binder: 4920 RLIMIT_NICE not set [ 40.060518][ T4920] binder: 4919:4920 ioctl c0306201 20000240 returned -11 [ 40.061986][ T4920] binder: 4919:4920 got reply transaction with no transaction stack [ 40.063452][ T4920] binder: 4919:4920 transaction reply to 0:0 failed 10/29201/-71, size 16384-0 line 2946 [ 40.074982][ T1514] binder: undelivered TRANSACTION_ERROR: 29201 [ 40.429077][ T4931] F2FS-fs (loop4): invalid crc value [ 40.430816][ T4931] F2FS-fs (loop4): Found nat_bits in checkpoint [ 40.440574][ T4931] F2FS-fs (loop4): Start checkpoint disabled! [ 40.442934][ T4931] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 40.448338][ T4931] syz.4.147: attempt to access beyond end of device [ 40.448338][ T4931] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 40.471712][ T11] kworker/u4:1: attempt to access beyond end of device [ 40.471712][ T11] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 40.538524][ T4949] binder: 4948:4949 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 40.540803][ T4949] binder: 4949 RLIMIT_NICE not set [ 40.541571][ T4949] binder: 4948:4949 ioctl c0306201 20000240 returned -11 [ 40.543034][ T4949] binder: 4948:4949 got reply transaction with no transaction stack [ 40.544550][ T4949] binder: 4948:4949 transaction reply to 0:0 failed 12/29201/-71, size 16384-0 line 2946 [ 40.552853][ T4376] binder: undelivered TRANSACTION_ERROR: 29201 [ 40.821269][ T4957] set_capacity_and_notify: 12 callbacks suppressed [ 40.821279][ T4957] loop1: detected capacity change from 0 to 32768 [ 40.964524][ T4968] loop4: detected capacity change from 0 to 40427 [ 40.966661][ T4968] F2FS-fs (loop4): invalid crc value [ 40.975722][ T4968] F2FS-fs (loop4): Found nat_bits in checkpoint [ 40.989995][ T4968] F2FS-fs (loop4): Start checkpoint disabled! [ 40.994813][ T4968] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 41.264022][ T7] usb 1-1: USB disconnect, device number 4 [ 41.288420][ T5003] netlink: 48 bytes leftover after parsing attributes in process `syz.0.175'. [ 41.293478][ T5003] netlink: 48 bytes leftover after parsing attributes in process `syz.0.175'. [ 41.335908][ T4994] loop4: detected capacity change from 0 to 65536 [ 41.348274][ T5001] loop2: detected capacity change from 0 to 32768 [ 41.359906][ T5005] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 41.367460][ T5005] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.374641][ T5005] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.383543][ T5005] device bridge_slave_0 left promiscuous mode [ 41.385040][ T5005] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.390773][ T4994] XFS (loop4): Mounting V5 Filesystem [ 41.401561][ T4994] XFS (loop4): Ending clean mount [ 41.431528][ T5005] device bridge_slave_1 left promiscuous mode [ 41.432617][ T5005] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.436784][ T4332] XFS (loop4): Unmounting Filesystem [ 41.479760][ T5005] bond0: (slave bond_slave_0): Releasing backup interface [ 41.502463][ T5005] bond0: (slave bond_slave_1): Releasing backup interface [ 41.544478][ T5005] team0: Port device team_slave_0 removed [ 41.551457][ T5005] team0: Port device team_slave_1 removed [ 41.552708][ T5005] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.553978][ T5005] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 41.555810][ T5005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.557052][ T5005] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 41.562046][ T5014] netlink: 'syz.0.176': attribute type 10 has an invalid length. [ 41.585961][ T5014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.590109][ T5014] team0: Port device bond0 added [ 41.637623][ T5020] loop3: detected capacity change from 0 to 4096 [ 41.694670][ T4320] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 41.695829][ T4320] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 41.738808][ T5024] device syzkaller0 entered promiscuous mode [ 41.772003][ T5022] loop2: detected capacity change from 0 to 40427 [ 41.785657][ T5022] F2FS-fs (loop2): invalid crc value [ 41.791455][ T5022] F2FS-fs (loop2): Found nat_bits in checkpoint [ 41.802090][ T5022] F2FS-fs (loop2): Start checkpoint disabled! [ 41.803961][ T5022] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 41.909943][ T5035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 41.911682][ T5035] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 41.931982][ T5035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.185'. [ 41.934993][ T5035] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 41.936910][ T5035] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.945117][ T5035] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.947156][ T5039] binder: 5038:5039 tried to acquire reference to desc 0, got 1 instead [ 41.955151][ T5039] binder: 5038:5039 got reply transaction with no transaction stack [ 41.957975][ T5039] binder: 5038:5039 transaction reply to 0:0 failed 18/29201/-71, size 16384-0 line 2946 [ 41.970337][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 41.971268][ T7] binder: send failed reply for transaction 17 to 5038:5039 [ 41.972631][ T7] binder: undelivered TRANSACTION_COMPLETE [ 41.973501][ T7] binder: undelivered TRANSACTION_ERROR: 29189 [ 42.002682][ T5035] device syzkaller0 entered promiscuous mode [ 42.073057][ T5049] loop2: detected capacity change from 0 to 4096 [ 42.095282][ T5037] loop3: detected capacity change from 0 to 32768 [ 42.102313][ T5037] ERROR: (device loop3): dbAllocBits: leaf page corrupt [ 42.102313][ T5037] [ 42.104050][ T5037] ERROR: (device loop3): remounting filesystem as read-only [ 42.105272][ T5037] ERROR: (device loop3): dbAllocBits: leaf page corrupt [ 42.105272][ T5037] [ 42.109488][ T5037] ERROR: (device loop3): dbAllocBits: leaf page corrupt [ 42.109488][ T5037] [ 42.110779][ T5037] ERROR: (device loop3): dbAllocBits: leaf page corrupt [ 42.110779][ T5037] [ 42.136736][ T5037] blkno = b00, nblocks = 400 [ 42.137584][ T5037] ERROR: (device loop3): dbFree: block to be freed is outside the map [ 42.137584][ T5037] [ 42.145109][ T5037] blkno = b00, nblocks = 400 [ 42.145876][ T5037] ERROR: (device loop3): dbFree: block to be freed is outside the map [ 42.145876][ T5037] [ 42.148463][ T5037] blkno = b00, nblocks = 400 [ 42.152036][ T5037] ERROR: (device loop3): dbFree: block to be freed is outside the map [ 42.152036][ T5037] [ 42.154682][ T4326] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 42.156040][ T4326] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 42.203263][ T5053] device syzkaller0 entered promiscuous mode [ 42.305997][ T5051] loop0: detected capacity change from 0 to 40427 [ 42.310196][ T5051] F2FS-fs (loop0): invalid crc value [ 42.313044][ T5051] F2FS-fs (loop0): Found nat_bits in checkpoint [ 42.336973][ T5051] F2FS-fs (loop0): Start checkpoint disabled! [ 42.347040][ T5051] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 42.414924][ T5068] loop2: detected capacity change from 0 to 512 [ 42.421336][ T5068] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 42.446544][ T5068] EXT4-fs (loop2): 1 truncate cleaned up [ 42.447463][ T5068] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 42.484788][ T4326] EXT4-fs (loop2): unmounting filesystem. [ 42.499195][ T5063] netlink: 4 bytes leftover after parsing attributes in process `syz.3.195'. [ 42.622688][ T5080] FAT-fs (loop2): Directory bread(block 64) failed [ 42.623801][ T5080] FAT-fs (loop2): Directory bread(block 65) failed [ 42.624900][ T5080] FAT-fs (loop2): Directory bread(block 66) failed [ 42.625974][ T5080] FAT-fs (loop2): Directory bread(block 67) failed [ 42.627096][ T5080] FAT-fs (loop2): Directory bread(block 68) failed [ 42.639058][ T5080] FAT-fs (loop2): Directory bread(block 69) failed [ 42.640227][ T5080] FAT-fs (loop2): Directory bread(block 70) failed [ 42.641271][ T5080] FAT-fs (loop2): Directory bread(block 71) failed [ 42.646071][ T5080] FAT-fs (loop2): Directory bread(block 72) failed [ 42.647043][ T5080] FAT-fs (loop2): Directory bread(block 73) failed [ 42.707640][ T14] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 42.743824][ T4321] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 42.746323][ T4321] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 42.890969][ T14] usb 1-1: Using ep0 maxpacket: 32 [ 42.894078][ T14] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 42.895420][ T14] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 42.896698][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 42.899013][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 42.901785][ T14] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 42.905377][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 42.907339][ T14] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 42.914628][ T14] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 42.918949][ T14] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 42.924813][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.931793][ T14] usb 1-1: config 0 descriptor?? [ 42.934617][ T5071] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 43.029442][ T5084] ERROR: (device loop2): dbAllocBits: leaf page corrupt [ 43.029442][ T5084] [ 43.034145][ T5084] ERROR: (device loop2): remounting filesystem as read-only [ 43.035216][ T5084] ERROR: (device loop2): dbAllocBits: leaf page corrupt [ 43.035216][ T5084] [ 43.036568][ T5084] ERROR: (device loop2): dbAllocBits: leaf page corrupt [ 43.036568][ T5084] [ 43.046604][ T5084] ERROR: (device loop2): dbAllocBits: leaf page corrupt [ 43.046604][ T5084] [ 43.069055][ T5084] blkno = b00, nblocks = 400 [ 43.069846][ T5084] ERROR: (device loop2): dbFree: block to be freed is outside the map [ 43.069846][ T5084] [ 43.079490][ T5084] blkno = b00, nblocks = 400 [ 43.080278][ T5084] ERROR: (device loop2): dbFree: block to be freed is outside the map [ 43.080278][ T5084] [ 43.082289][ T5084] blkno = b00, nblocks = 400 [ 43.082985][ T5084] ERROR: (device loop2): dbFree: block to be freed is outside the map [ 43.082985][ T5084] [ 43.113694][ T5100] Zero length message leads to an empty skb [ 43.140705][ T14] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 43.341404][ C0] usblp0: nonzero read bulk status received: -71 [ 43.449713][ T5128] device syzkaller0 entered promiscuous mode [ 43.492187][ T4326] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 43.493356][ T4326] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 43.544948][ T5124] ERROR: (device loop4): dbAllocBits: leaf page corrupt [ 43.544948][ T5124] [ 43.550318][ T5124] ERROR: (device loop4): remounting filesystem as read-only [ 43.552373][ T5130] tunl0: Master is either lo or non-ether device [ 43.559914][ T5124] ERROR: (device loop4): dbAllocBits: leaf page corrupt [ 43.559914][ T5124] [ 43.561537][ T5124] ERROR: (device loop4): dbAllocBits: leaf page corrupt [ 43.561537][ T5124] [ 43.565308][ T5124] ERROR: (device loop4): dbAllocBits: leaf page corrupt [ 43.565308][ T5124] [ 43.582756][ T5124] blkno = b00, nblocks = 400 [ 43.583490][ T5124] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 43.583490][ T5124] [ 43.590198][ T5124] blkno = b00, nblocks = 400 [ 43.590929][ T5124] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 43.590929][ T5124] [ 43.594198][ T5124] blkno = b00, nblocks = 400 [ 43.594990][ T5124] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 43.594990][ T5124] [ 43.722565][ T5149] binder: 5148:5149 got transaction to invalid handle, 1 [ 43.722610][ T5117] XFS (loop1): Mounting V5 Filesystem [ 43.723950][ T5149] binder: 5149:5148 cannot find target node [ 43.724218][ T5149] binder: 5148:5149 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 43.729183][ T5149] binder: 5148:5149 ioctl c0306201 20000240 returned -11 [ 43.757089][ T5117] XFS (loop1): Ending clean mount [ 43.795739][ T4321] XFS (loop1): Unmounting Filesystem [ 43.855007][ T4614] usb 1-1: USB disconnect, device number 5 [ 43.861657][ T5159] netlink: 'syz.2.239': attribute type 10 has an invalid length. [ 43.862245][ T4614] usblp0: removed [ 43.895866][ T5159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.899128][ T5159] team0: Port device bond0 added [ 43.919262][ T5163] device syzkaller0 entered promiscuous mode [ 44.190917][ T5169] F2FS-fs (loop4): invalid crc value [ 44.196738][ T5169] F2FS-fs (loop4): Found nat_bits in checkpoint [ 44.212315][ T5169] F2FS-fs (loop4): Start checkpoint disabled! [ 44.218274][ T5169] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 44.241186][ T5193] device batadv_slave_0 entered promiscuous mode [ 44.242870][ T5193] device veth0_to_bond entered promiscuous mode [ 44.244132][ T5193] netlink: 4 bytes leftover after parsing attributes in process `syz.2.252'. [ 44.245898][ T5193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.292870][ T4321] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 44.294022][ T4321] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 44.349097][ T5193] device batadv_slave_0 left promiscuous mode [ 44.350276][ T5193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.422342][ T5199] netlink: 'syz.1.254': attribute type 10 has an invalid length. [ 44.434465][ T5199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.443118][ T5199] team0: Port device bond0 added [ 44.447895][ T5191] device veth0_to_bond left promiscuous mode [ 44.522194][ T5210] device syzkaller0 entered promiscuous mode [ 44.581367][ T5179] XFS (loop3): Mounting V5 Filesystem [ 44.625671][ T5179] XFS (loop3): Ending clean mount [ 44.656205][ T4320] XFS (loop3): Unmounting Filesystem [ 44.738524][ T5225] F2FS-fs (loop0): invalid crc value [ 44.743008][ T5225] F2FS-fs (loop0): Found nat_bits in checkpoint [ 44.771586][ T5225] F2FS-fs (loop0): Start checkpoint disabled! [ 44.781152][ T5225] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 44.868643][ T5237] syz.0.267 uses obsolete (PF_INET,SOCK_PACKET) [ 45.083363][ T5249] binder_user_error: 1 callbacks suppressed [ 45.083372][ T5249] binder: 5247:5249 tried to acquire reference to desc 0, got 1 instead [ 45.091606][ T5249] binder: 5247:5249 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 45.099799][ T5249] binder: 5249 RLIMIT_NICE not set [ 45.100759][ T5249] binder: 5249 RLIMIT_NICE not set [ 45.101801][ T5249] binder: 5249 RLIMIT_NICE not set [ 45.106628][ T5249] binder_alloc: 5247: binder_alloc_buf, no vma [ 45.110904][ T5249] binder_debug: 2 callbacks suppressed [ 45.110918][ T5249] binder: cannot allocate buffer: vma cleared, target dead or dying [ 45.111758][ T5249] binder: 5247:5249 transaction reply to 5247:5249 failed 28/29189/-3, size 16384-0 line 3230 [ 45.117783][ T5249] binder: send failed reply for transaction 27 to 5247:5249 [ 45.119258][ T4376] binder: undelivered TRANSACTION_COMPLETE [ 45.120176][ T4376] binder: undelivered TRANSACTION_ERROR: 29189 [ 45.143626][ T4376] binder: undelivered TRANSACTION_ERROR: 29190 [ 45.404452][ T5259] device syzkaller0 entered promiscuous mode [ 45.516444][ T5257] XFS (loop0): Mounting V5 Filesystem [ 45.529625][ T5257] XFS (loop0): Ending clean mount [ 45.604571][ T4325] XFS (loop0): Unmounting Filesystem [ 45.741724][ T5281] binder: 5280:5281 tried to acquire reference to desc 0, got 1 instead [ 45.743771][ T5281] binder: 5280:5281 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 45.745978][ T5281] binder: 5281 RLIMIT_NICE not set [ 45.746898][ T5281] binder: 5281 RLIMIT_NICE not set [ 45.755638][ T5281] binder: 5281 RLIMIT_NICE not set [ 45.756589][ T5281] binder_alloc: 5280: binder_alloc_buf, no vma [ 45.758096][ T5281] binder: cannot allocate buffer: vma cleared, target dead or dying [ 45.758131][ T5281] binder: 5280:5281 transaction reply to 5280:5281 failed 34/29189/-3, size 16384-0 line 3230 [ 45.760988][ T5281] binder: send failed reply for transaction 33 to 5280:5281 [ 45.762673][ T4614] binder: undelivered TRANSACTION_COMPLETE [ 45.916634][ T5279] set_capacity_and_notify: 14 callbacks suppressed [ 45.916643][ T5279] loop4: detected capacity change from 0 to 32768 [ 45.969121][ T5290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.281'. [ 45.972600][ T5279] XFS (loop4): Mounting V5 Filesystem [ 46.011070][ T5279] XFS (loop4): Ending clean mount [ 46.012782][ T5279] XFS (loop4): Quotacheck needed: Please wait. [ 46.032526][ T5279] XFS (loop4): Quotacheck: Done. [ 46.076328][ T4332] XFS (loop4): Unmounting Filesystem [ 46.100932][ T5300] loop3: detected capacity change from 0 to 1024 [ 46.228559][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 46.235462][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 46.252863][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 46.270979][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 46.285535][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 46.295679][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 46.301201][ T5306] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 46.382391][ T5315] binder_alloc: 5314: binder_alloc_buf, no vma [ 46.387736][ T5317] device syzkaller0 entered promiscuous mode [ 46.403760][ T5319] device syzkaller1 entered promiscuous mode [ 46.460277][ T5323] loop0: detected capacity change from 0 to 512 [ 46.475372][ T5323] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 46.502964][ T5323] EXT4-fs (loop0): 1 truncate cleaned up [ 46.503922][ T5323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 46.538620][ T4325] EXT4-fs (loop0): unmounting filesystem. [ 46.582794][ T5331] loop0: detected capacity change from 0 to 1024 [ 46.688792][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 46.702847][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 46.712611][ T5344] binder: 5342:5344 ioctl c0306201 20000240 returned -11 [ 46.716026][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 46.728195][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 46.731137][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 46.750212][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 46.759529][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 46.779290][ T5352] loop4: detected capacity change from 0 to 512 [ 46.781796][ T5352] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 46.807233][ T5352] EXT4-fs (loop4): 1 truncate cleaned up [ 46.809137][ T5352] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 46.874136][ T5360] loop1: detected capacity change from 0 to 1024 [ 46.894907][ T4332] EXT4-fs (loop4): unmounting filesystem. [ 46.972007][ T5364] loop1: detected capacity change from 0 to 4096 [ 46.994484][ T5367] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 47.080905][ T5371] binder: 5370:5371 ioctl c0306201 20000240 returned -11 [ 47.139959][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 47.152579][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 47.156740][ T5385] loop3: detected capacity change from 0 to 1024 [ 47.164393][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 47.181583][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 47.184512][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 47.186512][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 47.189476][ T5384] loop1: detected capacity change from 0 to 512 [ 47.198332][ T5384] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 47.202360][ T5379] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 47.233918][ T5384] EXT4-fs (loop1): 1 truncate cleaned up [ 47.234874][ T5384] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 47.273880][ T5350] loop0: detected capacity change from 0 to 65536 [ 47.289358][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 47.339830][ T5350] XFS (loop0): Mounting V5 Filesystem [ 47.380661][ T5404] netlink: 'syz.1.330': attribute type 1 has an invalid length. [ 47.420667][ T5350] XFS (loop0): Ending clean mount [ 47.465656][ T5419] binder: 5415:5419 ioctl c0306201 20000240 returned -11 [ 47.469828][ T4325] XFS (loop0): Unmounting Filesystem [ 47.561259][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 47.582984][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 47.593851][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 47.624597][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 47.627154][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 47.642464][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 47.659602][ T5425] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 47.691071][ T5437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.347'. [ 47.701900][ T5420] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.338 (5420) [ 47.720953][ T5439] netlink: 'syz.2.348': attribute type 1 has an invalid length. [ 47.720978][ T5437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.723913][ T5437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.724896][ T5420] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 47.726222][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 47.727288][ T5420] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 47.729507][ T5420] BTRFS info (device loop3): using free space tree [ 47.733995][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 47.735364][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 47.736631][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 47.740617][ T5437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.742378][ T5420] BTRFS info (device loop3): enabling ssd optimizations [ 47.742917][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 47.749025][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 47.750238][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 47.752113][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 47.753362][ T5437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.795040][ T5442] team0: Port device bond0 removed [ 47.808554][ T4320] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 47.811502][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.812820][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.814557][ T5442] device bridge_slave_0 left promiscuous mode [ 47.815575][ T5442] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.865174][ T5442] device bridge_slave_1 left promiscuous mode [ 47.866331][ T5442] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.902524][ T5442] bond0: (slave bond_slave_0): Releasing backup interface [ 47.911675][ T5464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 47.914765][ T5464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 47.961812][ T5442] bond0: (slave bond_slave_1): Releasing backup interface [ 47.992002][ T5442] team0: Port device team_slave_0 removed [ 48.000511][ T5442] team0: Port device team_slave_1 removed [ 48.001835][ T5442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.003003][ T5442] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.004681][ T5442] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.005924][ T5442] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.243474][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 48.247405][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 48.248790][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 48.249941][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 48.251133][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 48.252404][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 48.253685][ T5492] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 48.305776][ T5490] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.360 (5490) [ 48.311396][ T5490] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 48.313205][ T5490] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 48.314626][ T5490] BTRFS info (device loop3): using free space tree [ 48.379452][ T5490] BTRFS info (device loop3): enabling ssd optimizations [ 48.424902][ T4320] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 48.450133][ T5520] netlink: 'syz.4.364': attribute type 1 has an invalid length. [ 48.484763][ T4310] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop3 scanned by udevd (4310) [ 48.686120][ T5539] fuse: Unknown parameter 'ædŸç&}·‘JgéÏ—éų˜¿5ùSQçcf£20xffffffffffffffff' [ 48.719403][ T5540] x_tables: duplicate underflow at hook 1 [ 48.774594][ T5543] input: syz1 as /devices/virtual/input/input2 [ 49.058625][ T5550] netlink: 'syz.0.376': attribute type 1 has an invalid length. [ 49.145835][ T5548] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 49.158490][ T5548] overlayfs: missing 'lowerdir' [ 49.199236][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 49.210792][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 49.212048][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 49.216457][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 49.218281][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 49.219524][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 49.220668][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 49.222732][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 49.237348][ T5556] team0: Port device bond0 removed [ 49.242122][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.242407][ T4310] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 49.243289][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.466423][ T5552] F2FS-fs (loop2): invalid crc value [ 49.470426][ T5569] tipc: Started in network mode [ 49.471868][ T5569] tipc: Node identity 3a9135595135, cluster identity 4711 [ 49.474487][ T5552] F2FS-fs (loop2): Found nat_bits in checkpoint [ 49.481737][ T5569] tipc: Enabled bearer , priority 0 [ 49.483728][ T5569] device syzkaller0 entered promiscuous mode [ 49.490453][ T5552] F2FS-fs (loop2): Start checkpoint disabled! [ 49.496971][ T5569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.502180][ T5569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.504763][ T5552] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 49.507116][ T5569] tipc: Resetting bearer [ 49.514907][ T5552] syz.2.377: attempt to access beyond end of device [ 49.514907][ T5552] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 49.549634][ T4676] kworker/u4:9: attempt to access beyond end of device [ 49.549634][ T4676] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 49.550029][ T5573] netlink: 24 bytes leftover after parsing attributes in process `syz.0.384'. [ 49.566245][ T5573] libceph: resolve '0..' (ret=-3): failed [ 49.569949][ T5573] usb usb8: usbfs: process 5573 (syz.0.384) did not claim interface 0 before use [ 49.579751][ T5569] tipc: Disabling bearer [ 49.702245][ T5577] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 49.704014][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 49.724824][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 49.752921][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 49.771190][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 49.785260][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 49.787330][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 49.809774][ T5576] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 49.814157][ T5581] netlink: 'syz.4.388': attribute type 1 has an invalid length. [ 49.821488][ T5575] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 49.827126][ T5583] binder_alloc: 5582: binder_alloc_buf, no vma [ 49.828839][ T5583] binder: 5582:5583 ioctl c0306201 20000240 returned -11 [ 50.070628][ T5587] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 50.078869][ T5587] overlayfs: missing 'lowerdir' [ 50.122763][ T5603] netlink: 4 bytes leftover after parsing attributes in process `syz.4.399'. [ 50.128929][ T5603] netlink: 4 bytes leftover after parsing attributes in process `syz.4.399'. [ 50.153925][ T4310] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 50.171217][ T5605] binder_user_error: 39 callbacks suppressed [ 50.171226][ T5605] binder: 5604:5605 tried to acquire reference to desc 0, got 1 instead [ 50.175289][ T5605] binder_alloc: 5604: binder_alloc_buf, no vma [ 50.176315][ T5605] binder_debug: 43 callbacks suppressed [ 50.176326][ T5605] binder: cannot allocate buffer: vma cleared, target dead or dying [ 50.177265][ T5605] binder: 5604:5605 transaction call to 5604:0 failed 78/29189/-3, size 0-0 line 3230 [ 50.184834][ T5607] netlink: 'syz.3.400': attribute type 1 has an invalid length. [ 50.208569][ T5605] binder: 5604:5605 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 50.210688][ T5605] binder: 5605 RLIMIT_NICE not set [ 50.211444][ T5605] binder: 5604:5605 ioctl c0306201 20000240 returned -11 [ 50.220310][ T5605] binder: 5604:5605 got reply transaction with no transaction stack [ 50.221946][ T5605] binder: 5604:5605 transaction reply to 0:0 failed 79/29201/-71, size 16384-0 line 2946 [ 50.225174][ T4506] binder: undelivered TRANSACTION_ERROR: 29201 [ 50.232425][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 50.236235][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 50.241300][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 50.242480][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 50.243696][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 50.244713][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 50.245865][ T5613] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 50.248145][ T4506] binder: undelivered TRANSACTION_ERROR: 29189 [ 50.528141][ T5625] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 50.534388][ T5625] overlayfs: missing 'lowerdir' [ 50.564532][ T5640] binder: 5639:5640 tried to acquire reference to desc 0, got 1 instead [ 50.570824][ T5638] netlink: 'syz.0.415': attribute type 1 has an invalid length. [ 50.570943][ T5640] binder_alloc: 5639: binder_alloc_buf, no vma [ 50.575388][ T5640] binder: cannot allocate buffer: vma cleared, target dead or dying [ 50.575421][ T5640] binder: 5639:5640 transaction call to 5639:0 failed 84/29189/-3, size 0-0 line 3230 [ 50.581157][ T4310] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 50.581442][ T5640] binder: 5639:5640 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 50.584859][ T5640] binder: 5640 RLIMIT_NICE not set [ 50.585632][ T5640] binder: 5639:5640 ioctl c0306201 20000240 returned -11 [ 50.587778][ T5640] binder: 5639:5640 got reply transaction with no transaction stack [ 50.589173][ T5640] binder: 5639:5640 transaction reply to 0:0 failed 85/29201/-71, size 16384-0 line 2946 [ 50.591297][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 50.599635][ T14] binder: undelivered TRANSACTION_ERROR: 29189 [ 50.765523][ T5656] binder: BINDER_SET_CONTEXT_MGR already set [ 50.766912][ T5656] binder: 5655:5656 ioctl 4018620d 20000040 returned -16 [ 50.773758][ T5656] binder: 5655:5656 got transaction to invalid handle, 1 [ 50.778807][ T5656] binder: 5655:5656 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 50.783129][ T5656] binder: 5655:5656 ioctl c0306201 20000240 returned -11 [ 50.898012][ T5666] netlink: 'syz.1.428': attribute type 1 has an invalid length. [ 50.925478][ T5662] set_capacity_and_notify: 8 callbacks suppressed [ 50.925487][ T5662] loop0: detected capacity change from 0 to 32768 [ 50.934139][ T5662] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 50.939082][ T5662] overlayfs: unrecognized mount option "/" or missing value [ 51.026900][ T4310] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 51.209050][ T5660] loop2: detected capacity change from 0 to 65536 [ 51.229531][ T5692] netlink: 'syz.0.439': attribute type 1 has an invalid length. [ 51.245547][ T5660] XFS (loop2): Mounting V5 Filesystem [ 51.294156][ T5660] XFS (loop2): Ending clean mount [ 51.330947][ T4326] XFS (loop2): Unmounting Filesystem [ 51.375856][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 51.382821][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 51.384043][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 51.395011][ T5695] loop4: detected capacity change from 0 to 32768 [ 51.396699][ T5695] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 51.396845][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 51.404751][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 51.407856][ T5695] overlayfs: unrecognized mount option "/" or missing value [ 51.413161][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 51.414383][ T5712] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 51.473196][ T4313] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 51.528298][ T5720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.529894][ T5720] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.672015][ T5724] device syzkaller0 entered promiscuous mode [ 51.922013][ T5729] netlink: 'syz.2.452': attribute type 1 has an invalid length. [ 52.121798][ T5742] libceph: resolve '0..' (ret=-3): failed [ 52.516592][ T5755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.461'. [ 52.975753][ T5768] netlink: 'syz.0.466': attribute type 1 has an invalid length. [ 53.162371][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 53.167462][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 53.168834][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 53.170054][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 53.171234][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 53.172519][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 53.173750][ T5775] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 53.286515][ T5779] netlink: 24 bytes leftover after parsing attributes in process `syz.2.469'. [ 53.311320][ T5779] libceph: resolve '0..' (ret=-3): failed [ 53.321948][ T5779] usb usb8: usbfs: process 5779 (syz.2.469) did not claim interface 0 before use [ 53.354698][ T5783] netlink: 60 bytes leftover after parsing attributes in process `syz.1.472'. [ 53.405094][ T5787] loop1: detected capacity change from 0 to 1024 [ 53.491497][ T5793] netlink: 'syz.1.477': attribute type 1 has an invalid length. [ 53.516478][ T5795] binder: BINDER_SET_CONTEXT_MGR already set [ 53.517453][ T5795] binder: 5794:5795 ioctl 4018620d 20000040 returned -16 [ 53.528073][ T5795] binder: 5794:5795 ioctl c0306201 20000240 returned -11 [ 53.573639][ T5799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.581077][ T5799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 54.043804][ T5815] loop0: detected capacity change from 0 to 1024 [ 54.098998][ T5822] netlink: 'syz.2.489': attribute type 1 has an invalid length. [ 54.102465][ T5823] binder: BINDER_SET_CONTEXT_MGR already set [ 54.103480][ T5823] binder: 5821:5823 ioctl 4018620d 20000040 returned -16 [ 54.106328][ T5823] binder: 5821:5823 ioctl c0306201 20000240 returned -11 [ 54.313450][ T5844] x_tables: duplicate underflow at hook 1 [ 54.367321][ T5845] input: syz1 as /devices/virtual/input/input3 [ 54.509735][ T5851] loop2: detected capacity change from 0 to 1024 [ 54.517802][ T4506] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 54.548909][ T5853] binder: BINDER_SET_CONTEXT_MGR already set [ 54.549917][ T5853] binder: 5852:5853 ioctl 4018620d 20000040 returned -16 [ 54.551568][ T5853] binder: 5852:5853 ioctl c0306201 20000240 returned -11 [ 54.707653][ T4506] usb 1-1: Using ep0 maxpacket: 16 [ 54.709909][ T4506] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 54.711706][ T4506] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 32 [ 54.713201][ T4506] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 54.714679][ T4506] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 54.716200][ T4506] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 54.718263][ T4506] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 54.721526][ T4506] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 54.722985][ T4506] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 54.724289][ T4506] usb 1-1: SerialNumber: syz [ 54.727676][ T5837] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 54.728949][ T5837] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 54.934954][ T4609] usb 1-1: USB disconnect, device number 6 [ 55.020590][ T5858] netlink: 'syz.4.505': attribute type 1 has an invalid length. [ 55.250085][ T5876] loop1: detected capacity change from 0 to 1024 [ 55.299420][ T5878] binder_user_error: 31 callbacks suppressed [ 55.299429][ T5878] binder: 5877:5878 got transaction to invalid handle, 1 [ 55.301792][ T5878] binder_debug: 39 callbacks suppressed [ 55.301802][ T5878] binder: 5878:5877 cannot find target node [ 55.304216][ T5878] binder: 5877:5878 transaction call to 0:0 failed 129/29201/-22, size 0-0 line 3045 [ 55.306247][ T5878] binder: 5877:5878 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 55.308537][ T5878] binder: 5878 RLIMIT_NICE not set [ 55.309403][ T5878] binder: 5877:5878 ioctl c0306201 20000240 returned -11 [ 55.310705][ T5878] binder: 5877:5878 got reply transaction with no transaction stack [ 55.311947][ T5878] binder: 5877:5878 transaction reply to 0:0 failed 130/29201/-71, size 16384-0 line 2946 [ 55.323469][ T4506] binder: undelivered TRANSACTION_ERROR: 29201 [ 55.324641][ T4506] binder: undelivered TRANSACTION_ERROR: 29201 [ 55.340473][ T5882] netlink: 'syz.1.516': attribute type 1 has an invalid length. [ 55.360854][ T5884] binder: tried to use weak ref as strong ref [ 55.361824][ T5884] binder: 5883:5884 Acquire 1 refcount change on invalid ref 0 ret -22 [ 55.363396][ T5884] binder: 5883:5884 got transaction to invalid handle, 1 [ 55.364451][ T5884] binder: 5884:5883 cannot find target node [ 55.365348][ T5884] binder: 5883:5884 transaction call to 0:0 failed 133/29201/-22, size 72-24 line 3045 [ 55.403909][ T5888] input: syz1 as /devices/virtual/input/input4 [ 55.532791][ T5902] loop0: detected capacity change from 0 to 1024 [ 55.650763][ T5913] binder: tried to use weak ref as strong ref [ 55.651859][ T5913] binder: 5912:5913 Acquire 1 refcount change on invalid ref 0 ret -22 [ 55.653331][ T5913] binder: 5912:5913 got transaction to invalid handle, 1 [ 55.654446][ T5913] binder: 5913:5912 cannot find target node [ 55.655327][ T5913] binder: 5912:5913 transaction call to 0:0 failed 136/29201/-22, size 72-24 line 3045 [ 55.702560][ T5915] netlink: 'syz.0.529': attribute type 1 has an invalid length. [ 55.891146][ T5926] input: syz1 as /devices/virtual/input/input5 [ 56.014124][ T5928] netlink: 'syz.0.533': attribute type 11 has an invalid length. [ 56.475860][ T5944] binder: 5944:5943 cannot find target node [ 56.604146][ T5954] input: syz1 as /devices/virtual/input/input6 [ 56.618227][ T5950] netlink: 'syz.1.541': attribute type 1 has an invalid length. [ 56.763960][ T5965] netlink: 'syz.1.548': attribute type 10 has an invalid length. [ 56.765740][ T5965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.767287][ T5965] team0: Port device bond0 added [ 56.887247][ T5975] binder: 5974:5975 ioctl c0306201 20000240 returned -11 [ 57.062889][ T5973] netlink: 20 bytes leftover after parsing attributes in process `syz.2.547'. [ 57.075594][ T5973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.547'. [ 57.145276][ C1] vxcan1: j1939_tp_rxtimer: 0x00000000b8c86c18: rx timeout, send abort [ 57.645310][ C1] vxcan1: j1939_tp_rxtimer: 0x000000007b06eeae: rx timeout, send abort [ 57.647418][ C1] vxcan1: j1939_tp_rxtimer: 0x00000000b8c86c18: abort rx timeout. Force session deactivation [ 57.770730][ T5989] netlink: 'syz.2.554': attribute type 1 has an invalid length. [ 57.847111][ T5993] binder: 5992:5993 ioctl c0306201 20000240 returned -11 [ 57.920060][ T6003] binder: 6002:6003 ioctl 4018620d 0 returned -22 [ 58.004364][ T6009] binder: BINDER_SET_CONTEXT_MGR already set [ 58.005536][ T6009] binder: 6008:6009 ioctl 4018620d 20000040 returned -16 [ 58.011689][ T6009] binder: 6008:6009 ioctl c0306201 20000240 returned -11 [ 58.062441][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 58.066851][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 58.071408][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 58.072528][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 58.073623][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 58.074708][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 58.074916][ T6005] loop2: detected capacity change from 0 to 32768 [ 58.075841][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 58.083069][ T6005] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 58.086961][ T6005] overlayfs: overlapping lowerdir path [ 58.091434][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.093355][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.094623][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.113142][ T6017] netlink: 'syz.2.566': attribute type 1 has an invalid length. [ 58.124458][ T4310] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 58.138103][ T6015] netlink: 'syz.0.564': attribute type 10 has an invalid length. [ 58.140499][ T6015] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.142326][ T6015] team0: Port device bond0 added [ 58.146816][ C1] vxcan1: j1939_tp_rxtimer: 0x000000007b06eeae: abort rx timeout. Force session deactivation [ 58.194580][ T6021] binder: 6020:6021 ioctl c0306201 20000240 returned -11 [ 58.551350][ T6044] netlink: 'syz.4.577': attribute type 1 has an invalid length. [ 58.593094][ T6047] binder: BINDER_SET_CONTEXT_MGR already set [ 58.594260][ T6047] binder: 6046:6047 ioctl 4018620d 20000040 returned -16 [ 58.600819][ T6047] binder: 6046:6047 ioctl c0306201 20000240 returned -11 [ 58.632460][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 58.636629][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 58.637300][ T6042] loop2: detected capacity change from 0 to 32768 [ 58.638382][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 58.640527][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 58.641899][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 58.643325][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 58.644690][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 58.646791][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.648059][ T6042] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 58.650607][ T6042] overlayfs: overlapping lowerdir path [ 58.654115][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.655543][ T6049] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.658278][ T6049] device bridge_slave_0 left promiscuous mode [ 58.659431][ T6049] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.683323][ T4310] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 58.692454][ T6052] binder: 6050:6052 ioctl c0306201 20000240 returned -11 [ 58.698560][ T6049] device bridge_slave_1 left promiscuous mode [ 58.699723][ T6049] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.730462][ T6049] bond0: (slave bond_slave_0): Releasing backup interface [ 58.792139][ T6049] bond0: (slave bond_slave_1): Releasing backup interface [ 58.835093][ T6049] team0: Port device team_slave_0 removed [ 58.845961][ T6049] team0: Port device team_slave_1 removed [ 58.849729][ T6049] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.851034][ T6049] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.852897][ T6049] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.854303][ T6049] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.860334][ T6051] netlink: 'syz.4.579': attribute type 10 has an invalid length. [ 58.871262][ T6051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.874258][ T6051] team0: Port device bond0 added [ 58.944518][ T6062] netlink: 'syz.1.583': attribute type 1 has an invalid length. [ 59.004063][ T6062] bond1: (slave gretap1): making interface the new active one [ 59.008992][ T6062] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 59.025265][ T6062] device gretap2 entered promiscuous mode [ 59.028351][ T6062] bond1: (slave gretap2): Enslaving as an active interface with an up link [ 59.072059][ T6062] device macvlan2 entered promiscuous mode [ 59.075622][ T6062] device bond1 entered promiscuous mode [ 59.085329][ T6062] device gretap1 entered promiscuous mode [ 59.088316][ T6062] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 59.090133][ T6062] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 59.094446][ T6062] device bond1 left promiscuous mode [ 59.095385][ T6062] device gretap1 left promiscuous mode [ 59.295218][ T6079] netlink: 164 bytes leftover after parsing attributes in process `syz.1.588'. [ 59.331680][ T6081] binder: BINDER_SET_CONTEXT_MGR already set [ 59.332674][ T6081] binder: 6080:6081 ioctl 4018620d 20000040 returned -16 [ 59.334203][ T6081] binder: 6080:6081 ioctl c0306201 20000240 returned -11 [ 59.394843][ T6084] binder: 6083:6084 ioctl c0306201 20000240 returned -11 [ 59.516370][ T6085] loop0: detected capacity change from 0 to 32768 [ 59.526744][ T6085] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 59.537776][ T6092] x_tables: duplicate underflow at hook 1 [ 59.545062][ T6085] overlayfs: overlapping lowerdir path [ 59.613349][ T4310] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 60.005138][ T6106] netlink: 'syz.0.598': attribute type 12 has an invalid length. [ 60.346686][ T6120] loop2: detected capacity change from 0 to 1024 [ 60.362254][ T6121] binder_user_error: 33 callbacks suppressed [ 60.362263][ T6121] binder: 6118:6121 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 60.365652][ T6121] binder: 6118:6121 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 60.371429][ T6121] binder: 6121 RLIMIT_NICE not set [ 60.372225][ T6121] binder: 6118:6121 ioctl c0306201 20000240 returned -11 [ 60.615131][ T6139] binder: 6134:6139 tried to acquire reference to desc 0, got 1 instead [ 60.617013][ T6139] binder: 6134:6139 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 60.627648][ T6139] binder: 6139 RLIMIT_NICE not set [ 60.628599][ T6139] binder: 6139 RLIMIT_NICE not set [ 60.629634][ T6139] binder_alloc: 6134: binder_alloc_buf, no vma [ 60.631986][ T6139] binder_debug: 27 callbacks suppressed [ 60.631993][ T6139] binder: cannot allocate buffer: vma cleared, target dead or dying [ 60.633013][ T6139] binder: 6134:6139 transaction call to 6134:6139 failed 174/29189/-3, size 0-0 line 3230 [ 60.644648][ T6139] binder: 6134:6139 got transaction to invalid handle, 2 [ 60.645839][ T6139] binder: 6139:6134 cannot find target node [ 60.646717][ T6139] binder: 6134:6139 transaction call to 0:0 failed 175/29201/-22, size 0-0 line 3045 [ 60.658298][ T4390] binder: release 6134:6139 transaction 167 out, still active [ 60.663364][ T6141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.665264][ T6141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.668844][ T4390] binder: release 6134:6139 transaction 167 in, still active [ 60.670048][ T4390] binder: send failed reply for transaction 167, target dead [ 60.671208][ T4390] binder: undelivered TRANSACTION_ERROR: 29189 [ 60.711587][ T6145] binder: 6144:6145 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 60.714713][ T6145] binder: 6144:6145 got transaction to invalid handle, 1 [ 60.715809][ T6145] binder: 6145:6144 cannot find target node [ 60.716721][ T6145] binder: 6144:6145 transaction call to 0:0 failed 178/29201/-22, size 0-0 line 3045 [ 60.721707][ T6145] binder: 6144:6145 ioctl c0306201 20000240 returned -11 [ 60.763869][ T6149] binder: 6148:6149 ioctl c0306201 20000240 returned -11 [ 60.788589][ T6151] loop2: detected capacity change from 0 to 1024 [ 60.920119][ T6160] x_tables: duplicate underflow at hook 1 [ 60.955320][ T6164] binder_alloc: 6163: binder_alloc_buf, no vma [ 60.977658][ T4390] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 61.086152][ T6173] binder: 6172:6173 ioctl c0306201 20000240 returned -11 [ 61.130106][ T6177] binder: 6176:6177 ioctl c0306201 20000240 returned -11 [ 61.159362][ T6179] loop4: detected capacity change from 0 to 1024 [ 61.187836][ T4390] usb 1-1: Using ep0 maxpacket: 8 [ 61.193651][ T4390] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1 [ 61.195316][ T4390] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 61.196765][ T4390] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.451750][ T6199] binder: 6198:6199 ioctl c0306201 20000240 returned -11 [ 61.480488][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 61.484345][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 61.485571][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 61.486782][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 61.488414][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 61.489651][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 61.490900][ T6201] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 61.512740][ T6203] binder: 6202:6203 ioctl c0306201 20000240 returned -11 [ 61.757347][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.612'. [ 61.759090][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 61.764978][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 61.767321][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 61.769765][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 61.773460][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 61.777121][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 61.779762][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 61.785568][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 61.788490][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.790007][ T6221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.795032][ T6224] binder: 6223:6224 ioctl c0306201 20000240 returned -11 [ 61.832420][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 61.836617][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 61.839650][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 61.840880][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 61.842102][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 61.843412][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 61.844624][ T6229] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 61.888922][ T6231] netlink: 164 bytes leftover after parsing attributes in process `syz.2.648'. [ 61.889899][ T6233] binder: 6232:6233 ioctl 4018620d 0 returned -22 [ 61.893360][ T6233] binder: 6232:6233 ioctl c0306201 20000240 returned -11 [ 62.002391][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'. [ 62.004425][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'. [ 62.147432][ T6249] binder: 6248:6249 ioctl c0306201 20000240 returned -11 [ 62.170718][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 62.174574][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 62.175867][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 62.177178][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 62.179590][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 62.180925][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 62.182334][ T6251] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 62.222693][ T6257] binder: 6255:6257 ioctl 4018620d 0 returned -22 [ 62.225540][ T6257] binder: 6255:6257 ioctl c0306201 20000240 returned -11 [ 62.254696][ T6260] netlink: 164 bytes leftover after parsing attributes in process `syz.2.661'. [ 62.325951][ T6263] device syzkaller1 entered promiscuous mode [ 63.429718][ T6279] binder: 6278:6279 ioctl c0306201 20000240 returned -11 [ 63.499131][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 63.503142][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 63.504307][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 63.505499][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 63.506736][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 63.508257][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 63.509464][ T6283] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 63.536609][ T6285] binder: 6284:6285 ioctl 4018620d 0 returned -22 [ 63.540352][ T6285] binder: 6284:6285 ioctl c0306201 20000240 returned -11 [ 63.673595][ T6288] netlink: 164 bytes leftover after parsing attributes in process `syz.4.672'. [ 63.746169][ T6295] device syzkaller1 entered promiscuous mode [ 63.772684][ T4506] usb 1-1: USB disconnect, device number 7 [ 63.943020][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 63.947283][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 63.951409][ T6315] binder: 6314:6315 ioctl c0306201 20000240 returned -11 [ 63.953005][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 63.954224][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 63.955494][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 63.956791][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 63.961624][ T6313] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 64.017313][ T6326] input: syz1 as /devices/virtual/input/input9 [ 64.123095][ T6331] random: crng reseeded on system resumption [ 64.228591][ T6331] netlink: 'syz.4.683': attribute type 21 has an invalid length. [ 64.255687][ T6331] ALSA: seq fatal error: cannot create timer (-22) [ 64.480191][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.481494][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.481523][ T112] cfg80211: failed to load regulatory.db [ 64.823884][ T6345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.827761][ T6345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.841710][ T6345] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.692'. [ 64.899080][ T6349] binder: 6348:6349 ioctl c0306201 20000240 returned -11 [ 64.932358][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 64.936553][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 64.938376][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 64.939636][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 64.940820][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 64.941969][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 64.943179][ T6351] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 65.077538][ T6355] tipc: Started in network mode [ 65.078675][ T6355] tipc: Node identity aeec21ab78e8, cluster identity 4711 [ 65.079822][ T6355] tipc: Enabled bearer , priority 0 [ 65.084195][ T6355] device syzkaller0 entered promiscuous mode [ 65.144185][ T6355] tipc: Resetting bearer [ 65.179536][ T6354] tipc: Resetting bearer [ 65.258190][ T6354] tipc: Disabling bearer [ 65.403545][ T4337] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.405827][ T4337] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.407402][ T4337] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.409609][ T4337] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.411076][ T4337] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 65.412921][ T4337] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.569591][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 65.573854][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 65.575209][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 65.576553][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 65.580889][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 65.582343][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 65.583692][ T6382] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 65.586260][ T6366] chnl_net:caif_netlink_parms(): no params data found [ 65.649741][ T6366] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.651106][ T6366] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.656067][ T6366] device bridge_slave_0 entered promiscuous mode [ 65.663084][ T6366] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.664413][ T6366] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.666239][ T6366] device bridge_slave_1 entered promiscuous mode [ 65.668694][ T6388] device syzkaller1 entered promiscuous mode [ 65.687532][ T6366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.690466][ T6366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.698784][ T6366] team0: Port device team_slave_0 added [ 65.701785][ T6366] team0: Port device team_slave_1 added [ 65.707973][ T6366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.709172][ T6366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.713030][ T6366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.773453][ T6366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.774624][ T6366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.778691][ T6366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.819001][ T6366] device hsr_slave_0 entered promiscuous mode [ 65.857881][ T6366] device hsr_slave_1 entered promiscuous mode [ 65.885279][ T6396] binder_user_error: 58 callbacks suppressed [ 65.885290][ T6396] binder: 6395:6396 got transaction to invalid handle, 1 [ 65.887919][ T6396] binder_debug: 37 callbacks suppressed [ 65.887932][ T6396] binder: 6396:6395 cannot find target node [ 65.889763][ T6396] binder: 6395:6396 transaction call to 0:0 failed 224/29201/-22, size 72-24 line 3045 [ 65.892464][ T6396] binder: 6395:6396 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 65.894566][ T6396] binder: 6396 RLIMIT_NICE not set [ 65.900339][ T6366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.901586][ T6366] Cannot create hsr debugfs directory [ 65.943585][ T6397] binder: 6395:6397 got transaction to invalid handle, 3 [ 65.944716][ T6397] binder: 6397:6395 cannot find target node [ 65.945680][ T6397] binder: 6395:6397 transaction call to 0:0 failed 225/29201/-22, size 0-0 line 3045 [ 65.947736][ T6397] binder: 6395:6397 got transaction to invalid handle, 2 [ 65.949164][ T6397] binder: 6397:6395 cannot find target node [ 65.950030][ T6397] binder: 6395:6397 transaction call to 0:0 failed 226/29201/-22, size 0-0 line 3045 [ 65.964841][ T6366] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 66.001522][ T6366] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 66.041417][ T6366] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 66.089481][ T6366] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 66.186038][ T6366] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.187297][ T6366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.188567][ T6366] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.189700][ T6366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.245589][ T6366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.256053][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.258522][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.260684][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.273400][ T6366] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.276832][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.279046][ T4577] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.280897][ T4577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.286354][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.289307][ T4577] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.290487][ T4577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.302031][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.303820][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.314403][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.319740][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.324842][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.328534][ T6366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.447749][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.449175][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.456532][ T6366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.600426][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.602400][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.631384][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.632968][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.634694][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.636098][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.648411][ T6366] device veth0_vlan entered promiscuous mode [ 66.651832][ T6366] device veth1_vlan entered promiscuous mode [ 66.673549][ T6366] device veth0_macvtap entered promiscuous mode [ 66.675889][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.677381][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.686406][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.688181][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.695066][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.698014][ T6366] device veth1_macvtap entered promiscuous mode [ 66.703270][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.704906][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.706952][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.720826][ T4390] binder: undelivered TRANSACTION_ERROR: 29201 [ 66.721913][ T4390] binder: undelivered TRANSACTION_ERROR: 29201 [ 66.735920][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.737483][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.739102][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.744999][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.751672][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.753347][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.754950][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.757379][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.766267][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.769141][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.772216][ T6366] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.782197][ T6366] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.786316][ T6366] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.789048][ T6366] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.818468][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 66.822193][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 66.823706][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 66.825184][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 66.827024][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 66.828532][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 66.829972][ T6430] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 66.872082][ T6432] device syzkaller1 entered promiscuous mode [ 66.883235][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.884514][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.885795][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.930230][ T4577] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.931558][ T4577] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.932878][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.024479][ T6442] netlink: 'syz.5.700': attribute type 10 has an invalid length. [ 67.089999][ T6442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.102965][ T6442] team0: Port device bond0 added [ 67.146153][ T6449] binder: 6448:6449 got transaction to invalid handle, 1 [ 67.147457][ T6449] binder: 6449:6448 cannot find target node [ 67.149874][ T6449] binder: 6448:6449 transaction call to 0:0 failed 230/29201/-22, size 0-0 line 3045 [ 67.152749][ T6449] binder: 6448:6449 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 67.155479][ T6449] binder: 6449 RLIMIT_NICE not set [ 67.164724][ T6449] binder: 6448:6449 ioctl c0306201 20000240 returned -11 [ 67.211469][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 67.217285][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 67.226991][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 67.234923][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 67.237133][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 67.254710][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 67.260839][ T6455] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 67.301358][ T6464] device syzkaller1 entered promiscuous mode [ 67.438689][ T4337] Bluetooth: hci5: command 0x0409 tx timeout [ 67.528692][ T6479] netlink: 'syz.1.736': attribute type 10 has an invalid length. [ 67.547304][ T6482] binder: 6481:6482 got transaction to invalid handle, 1 [ 67.552255][ T6482] binder: 6481:6482 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 67.556746][ T6482] binder: 6481:6482 ioctl c0306201 20000240 returned -11 [ 67.693306][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 67.697430][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 67.699153][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 67.700485][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 67.701909][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 67.703266][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 67.705394][ T6488] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 67.762296][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.771428][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.901475][ T6507] device syzkaller1 entered promiscuous mode [ 67.966526][ T6511] binder: 6510:6511 ioctl c0306201 20000240 returned -11 [ 67.996358][ T6513] netlink: 'syz.0.751': attribute type 10 has an invalid length. [ 68.060925][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 68.067052][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 68.072555][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 68.073966][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 68.075322][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 68.076678][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 68.078451][ T6515] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 68.286674][ T6536] binder: 6535:6536 ioctl c0306201 20000240 returned -11 [ 68.625128][ T6541] tipc: Started in network mode [ 68.626216][ T6541] tipc: Node identity 9e7c5dd31898, cluster identity 4711 [ 68.628285][ T6541] tipc: Enabled bearer , priority 0 [ 68.630029][ T6541] device syzkaller0 entered promiscuous mode [ 68.692585][ T6541] tipc: Resetting bearer [ 68.695161][ T6540] tipc: Resetting bearer [ 68.788413][ T6540] tipc: Disabling bearer [ 68.852205][ T6544] netlink: 'syz.4.764': attribute type 10 has an invalid length. [ 68.892992][ T6546] device syzkaller1 entered promiscuous mode [ 68.970075][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 68.972276][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 68.973559][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 68.974751][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 68.975913][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 68.977217][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 68.987826][ T6548] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 69.255438][ T6575] netlink: 'syz.0.775': attribute type 10 has an invalid length. [ 69.303281][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 69.317602][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 69.318992][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 69.320179][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 69.321303][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 69.322642][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 69.334655][ T6582] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 69.342153][ T6585] device syzkaller1 entered promiscuous mode [ 69.517639][ T4324] Bluetooth: hci5: command 0x041b tx timeout [ 70.248332][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 70.259876][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 70.261140][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 70.262302][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 70.263503][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 70.279100][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 70.280635][ T6616] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 70.282759][ T6620] netlink: 'syz.4.791': attribute type 10 has an invalid length. [ 70.294755][ T6622] device syzkaller1 entered promiscuous mode [ 70.536423][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 70.546701][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 70.548691][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 70.550029][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 70.551433][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 70.552746][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 70.554111][ T6652] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 70.556068][ T6656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.805'. [ 70.558076][ T6656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.805'. [ 70.675299][ T6667] device syzkaller1 entered promiscuous mode [ 70.776915][ T6675] binder: 6673:6675 ioctl 4018620d 0 returned -22 [ 70.781187][ T6675] binder: 6673:6675 ioctl c0306201 20000240 returned -11 [ 70.788563][ T4610] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 70.811899][ T6677] trusted_key: encrypted_key: keylen parameter is missing [ 70.967599][ T4610] usb 1-1: Using ep0 maxpacket: 8 [ 70.969664][ T4610] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1 [ 70.971458][ T4610] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 70.972883][ T4610] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.403689][ T6683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.816'. [ 71.405466][ T6683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.816'. [ 71.431770][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 71.436847][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 71.438406][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 71.439622][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 71.441491][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 71.442810][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 71.444081][ T6685] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 71.519451][ T6687] device syzkaller0 entered promiscuous mode [ 71.534522][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.0.802'. [ 71.536017][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 71.541678][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 71.542902][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 71.543979][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 71.545016][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 71.546364][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 71.547784][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 71.549883][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 71.551845][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.553021][ T6688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.597806][ T4337] Bluetooth: hci5: command 0x040f tx timeout [ 71.692297][ T6700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.694782][ T6700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.732759][ T6703] binder: 6702:6703 ioctl 4018620d 0 returned -22 [ 71.735299][ T6703] binder_user_error: 21 callbacks suppressed [ 71.735305][ T6703] binder: tried to use weak ref as strong ref [ 71.743235][ T6703] binder: 6702:6703 Acquire 1 refcount change on invalid ref 0 ret -22 [ 71.744863][ T6703] binder: 6702:6703 got transaction to invalid handle, 1 [ 71.747742][ T6703] binder_debug: 22 callbacks suppressed [ 71.747755][ T6703] binder: 6703:6702 cannot find target node [ 71.752072][ T6703] binder: 6702:6703 transaction call to 0:0 failed 257/29201/-22, size 0-0 line 3045 [ 71.754261][ T6703] binder: 6702:6703 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 71.756510][ T6703] binder: 6703 RLIMIT_NICE not set [ 71.757314][ T6703] binder: 6702:6703 ioctl c0306201 20000240 returned -11 [ 71.762842][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 71.801479][ T6714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.827'. [ 71.803297][ T6714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.827'. [ 71.846471][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 71.850898][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 71.852197][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 71.853510][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 71.854792][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 71.856223][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 71.857519][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 72.631911][ T6726] loop2: detected capacity change from 0 to 7 [ 72.634572][ T4310] loop2: [ 72.635078][ T4310] loop2: partition table partially beyond EOD, truncated [ 72.650074][ T6726] loop2: [ 72.650623][ T6726] loop2: partition table partially beyond EOD, truncated [ 72.868594][ T6733] device syzkaller0 entered promiscuous mode [ 72.937064][ T6739] binder: 6738:6739 ioctl 4018620d 0 returned -22 [ 72.938566][ T6739] binder: tried to use weak ref as strong ref [ 72.939534][ T6739] binder: 6738:6739 Acquire 1 refcount change on invalid ref 0 ret -22 [ 72.941059][ T6739] binder: 6738:6739 got transaction to invalid handle, 1 [ 72.942179][ T6739] binder: 6739:6738 cannot find target node [ 72.943154][ T6739] binder: 6738:6739 transaction call to 0:0 failed 260/29201/-22, size 0-0 line 3045 [ 72.944736][ T6739] binder: 6738:6739 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 72.946830][ T6739] binder: 6739 RLIMIT_NICE not set [ 72.948624][ T6739] binder: 6738:6739 ioctl c0306201 20000240 returned -11 [ 72.950115][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 72.982480][ T6741] netlink: 4 bytes leftover after parsing attributes in process `syz.5.838'. [ 72.993574][ T6741] netlink: 4 bytes leftover after parsing attributes in process `syz.5.838'. [ 73.020650][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 73.024884][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 73.026100][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 73.027249][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 73.029474][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 73.030733][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 73.031946][ T6743] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 73.071426][ T6745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.840'. [ 73.279670][ T6762] binder: 6761:6762 ioctl c0306201 0 returned -14 [ 73.281136][ T6762] binder: 6762:6761 cannot find target node [ 73.282194][ T6762] binder: 6761:6762 transaction call to 0:0 failed 264/29201/-22, size 0-0 line 3045 [ 73.283916][ T6762] binder: 6761:6762 ioctl c0306201 20000240 returned -11 [ 73.285392][ T4610] binder: undelivered TRANSACTION_ERROR: 29201 [ 73.359819][ T6766] device syzkaller0 entered promiscuous mode [ 73.578910][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 73.582801][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 73.584097][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 73.585306][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 73.586547][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 73.587802][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 73.589577][ T6768] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 73.604701][ T112] usb 1-1: USB disconnect, device number 8 [ 73.677706][ T4324] Bluetooth: hci5: command 0x0419 tx timeout [ 73.842303][ T6786] binder: 6785:6786 ioctl c0306201 0 returned -14 [ 73.844389][ T6786] binder: 6786:6785 cannot find target node [ 73.846665][ T6786] binder: 6785:6786 ioctl c0306201 20000240 returned -11 [ 73.890297][ T6790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.894420][ T6790] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.905972][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 73.911776][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 73.913568][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 73.915501][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 73.925443][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 73.929334][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 73.932039][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 73.942996][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 73.949311][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.952007][ T6790] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.005505][ T6792] device syzkaller0 entered promiscuous mode [ 74.045821][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.047349][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.186093][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 74.192664][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 74.193877][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 74.195386][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 74.196626][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 74.197918][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 74.199119][ T6799] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 74.717423][ T6819] binder: 6818:6819 ioctl c0306201 0 returned -14 [ 74.719385][ T6819] binder: 6818:6819 ioctl c0306201 20000240 returned -11 [ 74.752650][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 74.756848][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 74.758319][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 74.759777][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 74.760959][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 74.762276][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 74.763604][ T6823] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 74.765547][ T6821] device syzkaller0 entered promiscuous mode [ 75.165666][ T6856] device syzkaller0 entered promiscuous mode [ 75.277643][ T4390] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 75.467688][ T4390] usb 1-1: Using ep0 maxpacket: 32 [ 75.476115][ T4390] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 75.477628][ T4390] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 75.478949][ T4390] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 75.486046][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 75.490004][ T4390] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 75.492703][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 75.496851][ T4390] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 75.499754][ T4390] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 75.504195][ T4390] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 75.507036][ T4390] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.512890][ T4390] usb 1-1: config 0 descriptor?? [ 75.515389][ T6839] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 75.721906][ T4390] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 75.994161][ T6878] __nla_validate_parse: 18 callbacks suppressed [ 75.994172][ T6878] netlink: 16 bytes leftover after parsing attributes in process `syz.4.899'. [ 76.703978][ T6890] device syzkaller0 entered promiscuous mode [ 76.774541][ T6892] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 76.776514][ T6892] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 76.812633][ T6894] netlink: 16 bytes leftover after parsing attributes in process `syz.4.906'. [ 77.747032][ T6903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.751317][ T6903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.753926][ T6903] input: syz1 as /devices/virtual/input/input10 [ 77.999830][ T112] usb 1-1: USB disconnect, device number 9 [ 78.004018][ T112] usblp0: removed [ 87.626335][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.916'. [ 87.629958][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.916'. [ 87.691581][ T6935] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 87.740459][ T6941] tipc: Enabled bearer , priority 0 [ 87.747496][ T6941] device syzkaller0 entered promiscuous mode [ 87.750856][ T6943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.752482][ T6943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.780568][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 87.785296][ T6943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.924'. [ 87.785331][ T6941] tipc: Resetting bearer [ 87.804125][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 87.807872][ T6939] tipc: Resetting bearer [ 87.888942][ T6939] tipc: Disabling bearer [ 87.901879][ T6958] device syzkaller0 entered promiscuous mode [ 87.926740][ T6960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.930278][ T6960] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.950725][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.4.932'. [ 87.952697][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.4.932'. [ 87.990393][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 87.992043][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 87.996327][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 87.998698][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 87.999981][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 88.001323][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 88.002545][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 88.004493][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 88.006779][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 88.009747][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 88.011089][ T6960] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 88.052466][ T6964] device syzkaller0 entered promiscuous mode [ 90.365499][ T7010] input: syz1 as /devices/virtual/input/input11 [ 98.839078][ T7019] tipc: Enabling of bearer rejected, failed to enable media [ 99.126888][ T7063] device syzkaller0 entered promiscuous mode [ 99.129181][ T7065] device syzkaller0 entered promiscuous mode [ 99.347656][ T4610] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 99.537673][ T4610] usb 1-1: Using ep0 maxpacket: 8 [ 99.539821][ T4610] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1 [ 99.541490][ T4610] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 99.542849][ T4610] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.823462][ T7078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.964'. [ 109.825021][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 109.828852][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 109.830015][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 109.831133][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 109.832187][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 109.833331][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 109.834474][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 109.841933][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 109.843987][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 109.845189][ T7078] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 109.866674][ T7088] tipc: Enabled bearer , priority 0 [ 109.874478][ T7088] device syzkaller0 entered promiscuous mode [ 109.890078][ T7093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.891593][ T7093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.925201][ T7088] tipc: Resetting bearer [ 109.933114][ T7087] tipc: Resetting bearer [ 109.968593][ T4610] usb 1-1: USB disconnect, device number 10 [ 109.978737][ T7087] tipc: Disabling bearer [ 109.986100][ T7100] netlink: 'syz.2.980': attribute type 21 has an invalid length. [ 110.128884][ T7111] device syzkaller0 entered promiscuous mode [ 110.152733][ T7116] device syzkaller0 entered promiscuous mode [ 112.904333][ T7125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.905887][ T7125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.119106][ T7127] device syzkaller0 entered promiscuous mode [ 121.134684][ T7135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.994'. [ 121.263064][ T7145] netlink: 'syz.5.993': attribute type 21 has an invalid length. [ 121.356176][ T7160] device syzkaller0 entered promiscuous mode [ 121.413162][ T7170] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1006'. [ 121.519395][ T7175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.521081][ T7175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.917957][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.919076][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.362710][ T7181] device syzkaller0 entered promiscuous mode [ 132.368628][ T7194] netlink: 'syz.1.1010': attribute type 21 has an invalid length. [ 132.479268][ T7213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1017'. [ 132.490037][ T7201] device macvlan0 entered promiscuous mode [ 132.508950][ T7201] device batadv0 entered promiscuous mode [ 132.570215][ T1576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 132.571838][ T7204] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1013'. [ 132.574639][ T7211] netlink: 'syz.2.1013': attribute type 10 has an invalid length. [ 132.656446][ T7231] input: syz1 as /devices/virtual/input/input13 [ 132.657874][ T7231] input: failed to attach handler leds to device input13, error: -6 [ 132.665641][ T7229] device syzkaller0 entered promiscuous mode [ 132.705679][ T7235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.711698][ T7235] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 132.712542][ T7234] device syzkaller0 entered promiscuous mode [ 132.721979][ T7235] device syzkaller0 entered promiscuous mode [ 143.457412][ T7241] netlink: 'syz.2.1026': attribute type 21 has an invalid length. [ 143.565080][ T7263] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1033'. [ 143.568956][ T7263] netlink: 'syz.5.1033': attribute type 10 has an invalid length. [ 143.639370][ T7266] tipc: Enabled bearer , priority 0 [ 143.640911][ T7266] device syzkaller0 entered promiscuous mode [ 143.680129][ T7266] tipc: Resetting bearer [ 143.691253][ T7265] tipc: Resetting bearer [ 143.768142][ T7265] tipc: Disabling bearer [ 143.804320][ T7297] netlink: 'syz.2.1047': attribute type 21 has an invalid length. [ 143.870965][ T7295] device syzkaller1 entered promiscuous mode [ 143.945701][ T7307] device syzkaller0 entered promiscuous mode [ 153.598311][ T4333] Bluetooth: hci2: command 0x0406 tx timeout [ 153.599336][ T4333] Bluetooth: hci0: command 0x0406 tx timeout [ 153.600263][ T4333] Bluetooth: hci3: command 0x0406 tx timeout [ 153.601127][ T4333] Bluetooth: hci4: command 0x0406 tx timeout [ 153.602040][ T4333] Bluetooth: hci1: command 0x0406 tx timeout [ 154.825015][ T7335] netlink: 'syz.1.1058': attribute type 21 has an invalid length. [ 155.010294][ T7347] device syzkaller1 entered promiscuous mode [ 155.133804][ T7367] device syzkaller0 entered promiscuous mode [ 155.155017][ T7371] device syzkaller0 entered promiscuous mode [ 165.941878][ T7390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.943374][ T7390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.984822][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1077'. [ 165.988545][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 165.997129][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 166.003203][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 166.007987][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 166.010333][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 166.013309][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 166.018153][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 166.026288][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 166.049543][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 166.051046][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 166.169931][ T7415] device syzkaller1 entered promiscuous mode [ 166.381958][ T7433] device syzkaller0 entered promiscuous mode [ 166.533146][ T7446] netlink: 'syz.0.1090': attribute type 10 has an invalid length. [ 166.544471][ T7446] team0: Port device netdevsim0 added [ 166.563047][ T7446] netlink: 'syz.0.1090': attribute type 10 has an invalid length. [ 166.601921][ T7446] team0: Port device netdevsim0 removed [ 166.605155][ T7446] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 166.986837][ T7485] device syzkaller0 entered promiscuous mode [ 167.055288][ T7489] binder_user_error: 9 callbacks suppressed [ 167.055298][ T7489] binder: 7488:7489 tried to acquire reference to desc 0, got 1 instead [ 167.068069][ T7489] binder: 7488:7489 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 167.071216][ T7489] binder: 7489 RLIMIT_NICE not set [ 167.073397][ T7489] binder: 7489 RLIMIT_NICE not set [ 167.074931][ T7489] binder: 7488:7489 got transaction to invalid handle, 3 [ 167.077080][ T7489] binder_debug: 5 callbacks suppressed [ 167.077090][ T7489] binder: 7489:7488 cannot find target node [ 167.086610][ T7489] binder: 7488:7489 transaction call to 0:0 failed 278/29201/-22, size 0-0 line 3045 [ 167.089221][ T7489] binder: 7488:7489 got transaction to invalid handle, 2 [ 167.092521][ T7489] binder: 7489:7488 cannot find target node [ 167.093472][ T7489] binder: 7488:7489 transaction call to 0:0 failed 279/29201/-22, size 0-0 line 3045 [ 167.114877][ T14] binder: release 7488:7489 transaction 277 out, still active [ 167.116215][ T14] binder: release 7488:7489 transaction 277 in, still active [ 167.117371][ T14] binder: send failed reply for transaction 277, target dead [ 167.121822][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 167.451414][ T7517] binder: 7515:7517 tried to acquire reference to desc 0, got 1 instead [ 167.460056][ T7517] binder: 7515:7517 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 167.465654][ T7517] binder: 7517 RLIMIT_NICE not set [ 167.466508][ T7517] binder: 7517 RLIMIT_NICE not set [ 167.474996][ T7517] binder: 7517:7515 cannot find target node [ 167.477109][ T7517] binder: 7515:7517 transaction call to 0:0 failed 285/29201/-22, size 0-0 line 3045 [ 167.495637][ T7519] device syzkaller0 entered promiscuous mode [ 167.866695][ T7550] binder: 7549:7550 ioctl c0306201 0 returned -14 [ 168.012364][ T7555] device syzkaller0 entered promiscuous mode [ 168.096438][ T7558] netlink: 'syz.1.1138': attribute type 10 has an invalid length. [ 168.129662][ T7558] team0: Port device netdevsim0 added [ 168.134212][ T7565] netlink: 'syz.1.1138': attribute type 10 has an invalid length. [ 168.178315][ T7565] team0: Port device netdevsim0 removed [ 168.180888][ T7565] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 168.342955][ T7584] binder: 7583:7584 ioctl c0306201 0 returned -14 [ 168.672632][ T7612] device syzkaller0 entered promiscuous mode [ 168.728988][ T7618] binder: 7617:7618 ioctl c0306201 0 returned -14 [ 169.113798][ T7652] device syzkaller0 entered promiscuous mode [ 169.368534][ T7666] netlink: 'syz.2.1183': attribute type 10 has an invalid length. [ 169.445455][ T7666] team0: Port device netdevsim0 added [ 169.452809][ T7679] netlink: 'syz.2.1183': attribute type 10 has an invalid length. [ 169.528470][ T7679] team0: Port device netdevsim0 removed [ 169.530668][ T7679] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 169.603231][ T7695] device syzkaller0 entered promiscuous mode [ 170.039588][ T27] audit: type=1326 audit(170.030:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.044357][ T27] audit: type=1326 audit(170.030:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.047256][ T7729] device syzkaller0 entered promiscuous mode [ 170.047665][ T27] audit: type=1326 audit(170.030:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.059567][ T27] audit: type=1326 audit(170.030:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.069482][ T27] audit: type=1326 audit(170.040:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.077361][ T27] audit: type=1326 audit(170.040:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.083054][ T27] audit: type=1326 audit(170.040:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.089457][ T27] audit: type=1326 audit(170.040:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.095246][ T27] audit: type=1326 audit(170.040:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.103118][ T27] audit: type=1326 audit(170.040:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7727 comm="syz.4.1210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=446 compat=0 ip=0xffffa4b77368 code=0x7ffc0000 [ 170.386858][ T7734] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1210'. [ 170.658441][ T7764] device syzkaller0 entered promiscuous mode [ 171.200624][ T7799] device syzkaller0 entered promiscuous mode [ 171.202920][ T7790] netlink: 'syz.5.1224': attribute type 10 has an invalid length. [ 171.210871][ T7790] team0: Port device netdevsim0 added [ 171.256245][ T7790] netlink: 'syz.5.1224': attribute type 10 has an invalid length. [ 171.272317][ T7790] team0: Port device netdevsim0 removed [ 171.274835][ T7790] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 171.890061][ T7830] device syzkaller0 entered promiscuous mode [ 172.113911][ T7838] binder_user_error: 20 callbacks suppressed [ 172.113923][ T7838] binder: 7837:7838 tried to acquire reference to desc 0, got 1 instead [ 172.126016][ T7838] binder: 7837:7838 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 172.137925][ T7838] binder: 7838 RLIMIT_NICE not set [ 172.138972][ T7838] binder: 7837:7838 got transaction to invalid handle, 2 [ 172.140116][ T7838] binder_debug: 69 callbacks suppressed [ 172.140128][ T7838] binder: 7838:7837 cannot find target node [ 172.141938][ T7838] binder: 7837:7838 transaction call to 0:0 failed 416/29201/-22, size 0-0 line 3045 [ 172.182988][ T4610] binder: release 7837:7838 transaction 408 out, still active [ 172.184241][ T4610] binder: send failed reply for transaction 415 to 7837:7838 [ 172.185579][ T4610] binder: undelivered TRANSACTION_COMPLETE [ 172.186453][ T4610] binder: undelivered TRANSACTION_ERROR: 29189 [ 172.187396][ T4610] binder: send failed reply for transaction 408, target dead [ 172.415900][ T7861] device syzkaller0 entered promiscuous mode [ 172.496157][ T7869] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 172.535232][ T7871] binder: 7870:7871 tried to acquire reference to desc 0, got 1 instead [ 172.541998][ T7871] binder: 7870:7871 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 172.543960][ T7871] binder: 7871 RLIMIT_NICE not set [ 172.544976][ T7871] binder: 7870:7871 got transaction to invalid handle, 2 [ 172.546095][ T7871] binder: 7871:7870 cannot find target node [ 172.547033][ T7871] binder: 7870:7871 transaction call to 0:0 failed 429/29201/-22, size 0-0 line 3045 [ 172.563229][ T4506] binder: release 7870:7871 transaction 421 out, still active [ 172.925745][ T7896] netlink: 'syz.4.1271': attribute type 10 has an invalid length. [ 172.962757][ T7896] team0: Port device netdevsim0 added [ 172.982386][ T7901] netlink: 'syz.4.1271': attribute type 10 has an invalid length. [ 172.998557][ T7900] binder: 7899:7900 tried to acquire reference to desc 0, got 1 instead [ 173.005081][ T7900] binder: 7899:7900 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 173.005918][ T7901] team0: Port device netdevsim0 removed [ 173.022231][ T7901] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 173.081856][ T7907] device syzkaller0 entered promiscuous mode [ 173.804207][ T7939] device syzkaller0 entered promiscuous mode [ 173.982681][ T7949] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1299'. [ 174.214355][ T7973] netlink: 'syz.1.1309': attribute type 10 has an invalid length. [ 174.226697][ T7973] bond0: (slave netdevsim0): Releasing backup interface [ 174.280211][ T7973] team0: Port device netdevsim0 added [ 174.302555][ T7981] netlink: 'syz.1.1309': attribute type 10 has an invalid length. [ 174.317206][ T7981] team0: Port device netdevsim0 removed [ 174.331270][ T7981] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 174.339297][ T7976] tipc: Enabling of bearer rejected, failed to enable media [ 174.351093][ T7976] device syzkaller0 entered promiscuous mode [ 174.750488][ T8020] netlink: 'syz.0.1329': attribute type 10 has an invalid length. [ 174.870377][ T8031] tipc: Enabling of bearer rejected, failed to enable media [ 174.875352][ T8031] device syzkaller0 entered promiscuous mode [ 175.633727][ T8062] netlink: 'syz.1.1343': attribute type 10 has an invalid length. [ 175.643798][ T8061] ================================================================== [ 175.645038][ T8061] BUG: KASAN: use-after-free in dvb_device_open+0xd4/0x388 [ 175.646140][ T8061] Read of size 8 at addr ffff0000d325d018 by task syz.2.1316/8061 [ 175.647209][ T8061] [ 175.647541][ T8061] CPU: 0 PID: 8061 Comm: syz.2.1316 Not tainted syzkaller #0 [ 175.648586][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 175.649957][ T8061] Call trace: [ 175.650417][ T8061] dump_backtrace+0x1c0/0x1ec [ 175.651057][ T8061] show_stack+0x2c/0x3c [ 175.651632][ T8061] __dump_stack+0x30/0x40 [ 175.652250][ T8061] dump_stack_lvl+0xf4/0x15c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 175.652888][ T8061] print_address_description+0x88/0x218 [ 175.653661][ T8061] print_report+0x50/0x68 [ 175.654299][ T8061] kasan_report+0xa8/0xfc [ 175.654894][ T8061] __asan_report_load8_noabort+0x2c/0x38 [ 175.655703][ T8061] dvb_device_open+0xd4/0x388 [ 175.656376][ T8061] chrdev_open+0x3d4/0x518 [ 175.657014][ T8061] do_dentry_open+0x72c/0xf98 [ 175.657670][ T8061] vfs_open+0x7c/0x90 [ 175.658230][ T8061] path_openat+0x1f8c/0x26bc [ 175.658879][ T8061] do_filp_open+0x194/0x384 [ 175.659511][ T8061] do_sys_openat2+0x134/0x3f4 [ 175.660191][ T8061] __arm64_sys_openat+0x118/0x14c [ 175.660889][ T8061] invoke_syscall+0x98/0x2b4 [ 175.661535][ T8061] el0_svc_common+0x138/0x258 [ 175.662196][ T8061] do_el0_svc+0x58/0x130 [ 175.662795][ T8061] el0_svc+0x58/0x128 [ 175.663364][ T8061] el0t_64_sync_handler+0x84/0xf0 [ 175.664047][ T8061] el0t_64_sync+0x18c/0x190 [ 175.664668][ T8061] [ 175.664994][ T8061] Allocated by task 1: [ 175.665558][ T8061] kasan_set_track+0x4c/0x80 [ 175.666229][ T8061] kasan_save_alloc_info+0x24/0x30 [ 175.666941][ T8061] __kasan_kmalloc+0xa0/0xb8 [ 175.667582][ T8061] kmalloc_trace+0x7c/0x94 [ 175.668179][ T8061] dvb_register_device+0x1a0/0x17a8 [ 175.668893][ T8061] dvb_register_frontend+0x4c0/0x720 [ 175.669618][ T8061] vidtv_bridge_probe+0x9ac/0xe34 [ 175.670303][ T8061] platform_probe+0x13c/0x1b4 [ 175.670939][ T8061] really_probe+0x39c/0xacc [ 175.671571][ T8061] __driver_probe_device+0x180/0x310 [ 175.672291][ T8061] driver_probe_device+0x78/0x324 [ 175.672976][ T8061] __driver_attach+0x3bc/0x60c [ 175.673636][ T8061] bus_for_each_dev+0x148/0x1d0 [ 175.674306][ T8061] driver_attach+0x4c/0x5c [ 175.674913][ T8061] bus_add_driver+0x2d8/0x554 [ 175.675560][ T8061] driver_register+0x200/0x378 [ 175.676227][ T8061] __platform_driver_register+0x6c/0x80 [ 175.676973][ T8061] vidtv_bridge_init+0x4c/0x8c [ 175.677633][ T8061] do_one_initcall+0x278/0x9e0 [ 175.678289][ T8061] do_initcall_level+0x154/0x214 [ 175.678971][ T8061] do_initcalls+0x58/0xac [ 175.679577][ T8061] do_basic_setup+0x8c/0xa0 [ 175.680198][ T8061] kernel_init_freeable+0x35c/0x4f0 [ 175.680926][ T8061] kernel_init+0x24/0x1d8 [ 175.681511][ T8061] ret_from_fork+0x10/0x20 [ 175.682118][ T8061] [ 175.682429][ T8061] The buggy address belongs to the object at ffff0000d325d000 [ 175.682429][ T8061] which belongs to the cache kmalloc-256 of size 256 [ 175.684252][ T8061] The buggy address is located 24 bytes inside of [ 175.684252][ T8061] 256-byte region [ffff0000d325d000, ffff0000d325d100) [ 175.685980][ T8061] [ 175.686303][ T8061] The buggy address belongs to the physical page: [ 175.687154][ T8061] page:000000009c407f06 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000d325d000 pfn:0x11325c [ 175.688742][ T8061] head:000000009c407f06 order:1 compound_mapcount:0 compound_pincount:0 [ 175.689873][ T8061] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 175.690954][ T8061] raw: 05ffc00000010200 fffffc0003395388 fffffc00032d1e08 ffff0000c0002480 [ 175.692119][ T8061] raw: ffff0000d325d000 000000000010000e 00000001ffffffff 0000000000000000 [ 175.693256][ T8061] page dumped because: kasan: bad access detected [ 175.694104][ T8061] [ 175.694440][ T8061] Memory state around the buggy address: [ 175.695209][ T8061] ffff0000d325cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 175.696281][ T8061] ffff0000d325cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 175.697328][ T8061] >ffff0000d325d000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.698366][ T8061] ^ [ 175.699020][ T8061] ffff0000d325d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.700106][ T8061] ffff0000d325d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 175.701172][ T8061] ================================================================== [ 175.736064][ T8061] Disabling lock debugging due to kernel taint [ 175.737094][ T8061] ------------[ cut here ]------------ [ 175.737960][ T8061] refcount_t: addition on 0; use-after-free. [ 175.769192][ T8061] WARNING: CPU: 1 PID: 8061 at lib/refcount.c:25 refcount_warn_saturate+0x134/0x1f8 [ 175.770718][ T8061] Modules linked in: [ 175.771358][ T8061] CPU: 1 PID: 8061 Comm: syz.2.1316 Tainted: G B syzkaller #0 [ 175.772750][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 175.774296][ T8061] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 175.775502][ T8061] pc : refcount_warn_saturate+0x134/0x1f8 [ 175.776405][ T8061] lr : refcount_warn_saturate+0x134/0x1f8 [ 175.777283][ T8061] sp : ffff8000228775c0 [ 175.777920][ T8061] x29: ffff8000228775c0 x28: ffff0000d48516a8 x27: dfff800000000000 [ 175.779186][ T8061] x26: ffff0000d35e8000 x25: dfff800000000000 x24: 1fffe0001a64ba03 [ 175.780429][ T8061] x23: 0000000000000000 x22: ffff0000d325d010 x21: ffff0000d2e14060 [ 175.781667][ T8061] x20: ffff0000d325d010 x19: ffff800017bd9000 x18: ffff800011b8bf60 [ 175.782908][ T8061] x17: 1fffe00033eac97e x16: ffff80000804309c x15: ffff80001520d000 [ 175.784165][ T8061] x14: 0000000000000001 x13: 1fffe0001b2bb490 x12: 0000000000000000 [ 175.785414][ T8061] x11: 0000000000000000 x10: ffff60001b2bb491 x9 : f131c4ea532c8900 [ 175.786645][ T8061] x8 : f131c4ea532c8900 x7 : 0000000000000004 x6 : ffff80000825796c [ 175.787817][ T8061] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800008246798 [ 175.789073][ T8061] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001 [ 175.790289][ T8061] Call trace: [ 175.790787][ T8061] refcount_warn_saturate+0x134/0x1f8 [ 175.791578][ T8061] dvb_device_open+0x328/0x388 [ 175.792283][ T8061] chrdev_open+0x3d4/0x518 [ 175.792955][ T8061] do_dentry_open+0x72c/0xf98 [ 175.793623][ T8061] vfs_open+0x7c/0x90 [ 175.794215][ T8061] path_openat+0x1f8c/0x26bc [ 175.794874][ T8061] do_filp_open+0x194/0x384 [ 175.795535][ T8061] do_sys_openat2+0x134/0x3f4 [ 175.796207][ T8061] __arm64_sys_openat+0x118/0x14c [ 175.796941][ T8061] invoke_syscall+0x98/0x2b4 [ 175.797627][ T8061] el0_svc_common+0x138/0x258 [ 175.798320][ T8061] do_el0_svc+0x58/0x130 [ 175.798951][ T8061] el0_svc+0x58/0x128 [ 175.799533][ T8061] el0t_64_sync_handler+0x84/0xf0 [ 175.800246][ T8061] el0t_64_sync+0x18c/0x190 [ 175.800897][ T8061] irq event stamp: 1079 [ 175.801501][ T8061] hardirqs last enabled at (1079): [] finish_lock_switch+0xb0/0x1c4 [ 175.802865][ T8061] hardirqs last disabled at (1078): [] __schedule+0x298/0x1b0c [ 175.804102][ T8061] softirqs last enabled at (948): [] local_bh_enable+0x10/0x34 [ 175.805356][ T8061] softirqs last disabled at (946): [] local_bh_disable+0x10/0x34 [ 175.806628][ T8061] ---[ end trace 0000000000000000 ]--- [ 175.847152][ T8061] ------------[ cut here ]------------ [ 175.848152][ T8061] refcount_t: underflow; use-after-free. [ 175.850914][ T8061] WARNING: CPU: 1 PID: 8061 at lib/refcount.c:28 refcount_warn_saturate+0x154/0x1f8 [ 175.852339][ T8061] Modules linked in: [ 175.852943][ T8061] CPU: 1 PID: 8061 Comm: syz.2.1316 Tainted: G B W syzkaller #0 [ 175.854234][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 175.855779][ T8061] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 175.856977][ T8061] pc : refcount_warn_saturate+0x154/0x1f8 [ 175.857887][ T8061] lr : refcount_warn_saturate+0x154/0x1f8 [ 175.858783][ T8061] sp : ffff8000228774a0 [ 175.859439][ T8061] x29: ffff8000228774a0 x28: 1fffe0001a64ba07 x27: 00000000fffffffc [ 175.860659][ T8061] x26: 1fffe0001a20c80c x25: 1fffe0001a3efa61 x24: ffff0000d1064010 [ 175.861907][ T8061] x23: ffff0000d1f7d000 x22: ffff0000d4851680 x21: 00000000c0000000 [ 175.863209][ T8061] x20: ffff0000d325d010 x19: ffff800017bd9000 x18: ffff800011b8bf60 [ 175.864428][ T8061] x17: 1fffe00033eac97e x16: ffff80000804309c x15: ffff8000089a0aa8 [ 175.865629][ T8061] x14: 0000000000000001 x13: 1ffff00002b4c752 x12: 0000000000080000 [ 175.866794][ T8061] x11: 00000000000433dc x10: ffff800028d95000 x9 : f131c4ea532c8900 [ 175.867928][ T8061] x8 : f131c4ea532c8900 x7 : ffff80000805983c x6 : ffff800008059a4c [ 175.869089][ T8061] x5 : ffff0000c9fbcc58 x4 : ffff800022876ef0 x3 : 0000000000000000 [ 175.870351][ T8061] x2 : ffff800022876fe0 x1 : 0000000000000000 x0 : ffff80000835d0d4 [ 175.871597][ T8061] Call trace: [ 175.872107][ T8061] refcount_warn_saturate+0x154/0x1f8 [ 175.872945][ T8061] dvb_generic_release+0x16c/0x1e0 [ 175.873784][ T8061] dvb_frontend_open+0x948/0xfa4 [ 175.874529][ T8061] dvb_device_open+0x1fc/0x388 [ 175.875360][ T8061] chrdev_open+0x3d4/0x518 [ 175.876083][ T8061] do_dentry_open+0x72c/0xf98 [ 175.876847][ T8061] vfs_open+0x7c/0x90 [ 175.877463][ T8061] path_openat+0x1f8c/0x26bc [ 175.878186][ T8061] do_filp_open+0x194/0x384 [ 175.878865][ T8061] do_sys_openat2+0x134/0x3f4 [ 175.879570][ T8061] __arm64_sys_openat+0x118/0x14c [ 175.880378][ T8061] invoke_syscall+0x98/0x2b4 [ 175.881127][ T8061] el0_svc_common+0x138/0x258 [ 175.881800][ T8061] do_el0_svc+0x58/0x130 [ 175.882441][ T8061] el0_svc+0x58/0x128 [ 175.883071][ T8061] el0t_64_sync_handler+0x84/0xf0 [ 175.883802][ T8061] el0t_64_sync+0x18c/0x190 [ 175.884464][ T8061] irq event stamp: 1079 [ 175.885095][ T8061] hardirqs last enabled at (1079): [] finish_lock_switch+0xb0/0x1c4 [ 175.886628][ T8061] hardirqs last disabled at (1078): [] __schedule+0x298/0x1b0c [ 175.888050][ T8061] softirqs last enabled at (948): [] local_bh_enable+0x10/0x34 [ 175.889308][ T8061] softirqs last disabled at (946): [] local_bh_disable+0x10/0x34 [ 175.890679][ T8061] ---[ end trace 0000000000000000 ]--- [ 176.658604][ T4350] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.749207][ T4350] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.869598][ T4350] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.978301][ T4350] bond0: (slave netdevsim0): Releasing backup interface [ 177.018765][ T4350] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.248627][ T4350] tipc: Left network mode [ 178.099904][ T4350] bond1: (slave gretap1): Releasing active interface [ 178.101003][ T4350] bond1: (slave gretap1): the permanent HWaddr of slave - de:7b:f1:3d:44:46 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 178.103683][ T4350] bond1: (slave gretap2): making interface the new active one [ 178.188027][ T4350] bond1: (slave gretap2): Releasing active interface [ 179.374278][ T4350] device hsr_slave_0 left promiscuous mode [ 179.407761][ T4350] device hsr_slave_1 left promiscuous mode [ 179.567655][ T4350] device veth1_macvtap left promiscuous mode [ 179.568709][ T4350] device veth0_macvtap left promiscuous mode [ 179.569732][ T4350] device veth1_vlan left promiscuous mode [ 179.570650][ T4350] device veth0_vlan left promiscuous mode [ 179.680185][ T4350] bond1 (unregistering): Released all slaves [ 183.658835][ T4350] team0 (unregistering): Port device bond0 removed [ 183.778577][ T4350] bond0 (unregistering): Released all slaves