last executing test programs: 14m25.535941772s ago: executing program 1 (id=88): socket$kcm(0x10, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) r2 = socket(0x1e, 0x4, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x560f, &(0x7f0000000040)) recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$sock_int(r2, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4) recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x4a, 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r4, 0x9, 0x0) write$tun(r4, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x3) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000340)={0x7}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000040)=0x7) 14m23.408009907s ago: executing program 1 (id=92): connect$inet6(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) unshare(0x6a040000) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, &(0x7f0000001700)=0x8, 0x4) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)="800037bbfa9ba1ce", 0x8, 0x0, 0x0, 0x0) 14m22.513599389s ago: executing program 1 (id=97): r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 14m22.139915441s ago: executing program 1 (id=98): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x40) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000240)=0x1) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000280)=0xd9) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) fcntl$setpipe(r5, 0x407, 0x9) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x80) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000640)='./file0\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYBLOB="1018000007500500340012800b0001006272696467650000240015800500170000000000080004e0c171ae0005001600010000000500260001"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x4800) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r1], 0x38}, 0x1, 0x0, 0x0, 0x58840}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[], 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc0045520, &(0x7f0000000080)=0xffffbf7f) 14m17.270359625s ago: executing program 1 (id=107): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$llc(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xc0a40, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x80002, 0x0) openat$uinput(0xffffff9c, &(0x7f0000000240), 0x800, 0x0) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x80800) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) r3 = fsopen(&(0x7f00000003c0)='ocfs2\x00', 0x1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) close_range(r3, 0xffffffffffffffff, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) syz_open_dev$tty20(0xc, 0x4, 0x1) 14m13.194388084s ago: executing program 1 (id=109): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x15}, 0x8000000, 0x1, 0xff, 0x1, 0xffff}, 0x20) openat$nullb(0xffffffffffffff9c, 0x0, 0x400000000a882, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x8c, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x7, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60fe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) socket(0x10, 0x3, 0x4) r4 = socket$pppl2tp(0x18, 0x1, 0x1) close(r4) socket$pppl2tp(0x18, 0x1, 0x1) 13m56.601896754s ago: executing program 32 (id=109): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x15}, 0x8000000, 0x1, 0xff, 0x1, 0xffff}, 0x20) openat$nullb(0xffffffffffffff9c, 0x0, 0x400000000a882, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x28011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x8c, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x7, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60fe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) socket(0x10, 0x3, 0x4) r4 = socket$pppl2tp(0x18, 0x1, 0x1) close(r4) socket$pppl2tp(0x18, 0x1, 0x1) 24.125009349s ago: executing program 4 (id=2764): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14) syz_init_net_socket$netrom(0x6, 0x5, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000f40)="ad5bb6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) 22.983910755s ago: executing program 4 (id=2766): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0xc, 0x4, 0x4, 0x10000, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2}, 0x50) 22.768075998s ago: executing program 4 (id=2768): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a40)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x50}, 0x0) 22.37713236s ago: executing program 4 (id=2770): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40080) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_client}], [{@uid_lt}, {@obj_user={'obj_user', 0x3d, '9P2000.u'}}]}}) 22.068974328s ago: executing program 4 (id=2771): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000300)={0x2, 0x0, [{0x250, 0x0, 0x100000001}, {0x25d, 0x0, 0xf35}]}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0xa, 0x2) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000000)="2e000000010002", 0x7) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x0, @local}, 0x2}}, 0x26) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, 0x0, 0x1, 0x60bd27, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x1}]}, 0x34}}, 0x20) r7 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r7, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r7, 0x0) 20.227384065s ago: executing program 4 (id=2782): r0 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000001c0)={0xa, {{0xa, 0x4e20, 0x6, @local}}}, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec681177858", 0x3d}], 0x1) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000100)={0x3, 0x980900}) r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8}) ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f00000001c0)={0x980900, 0xfffffff2, @value=0x9}) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xc) r6 = syz_clone(0x840980, &(0x7f00000002c0)="e482173e05231ecb8fbd1c381aea92dc191c3904a0d2941b33b88368b300b38a931c0c5a30c45804e2be2171d5445952f1de15db4ec7ed3a26a451c50d39c02ba635b382bc596533d5e5b6dbc351629c6f8d2400b867335a42d9d39ee297d55561b84d12f8e61a8ea9dd9a26fd60376cab8af4caca5181b44030", 0x7a, &(0x7f0000000100), &(0x7f0000000380), &(0x7f00000005c0)="014b7669e25e3028d356cfc640adb7f2d0c40bab814675cd9079f5b298389652da8a706d2a568cd46a89d23f9cfb08ce303fe26e1512e06cac54b2f3e1d86a91f92047849549c49fb7cba18737184dc50489e461155a45a0be2d4bb22f7f9f077a9bf476a238a1414465b8fd8cd074a8c6a9d7f4824d102c23c6e85a90b8d32f23421b8c4cdb314a206dc2bccad0cac2d0de059b3bc770ac6991e9d271da969af9888535b788a917df41ef3ffe7b0fd6d616c766bc4e57c9699724ffaaf6284f8656dd8943899bfdb1d0f3f93a213163854af58f130b345b40bc96f97d6a5448f04317cf4f3e6ff0cbe624c922645e8deb2302c95e9ff1d6739c40a28dbeacaff57bceb250334cf85388da7bef29cd236e52372dbb38556bdcf2ffefde403b8ddbb467fe1ffda45a607dc2987e8fdf8b6c18037b4321cd9dc3377a7a24a8337adfb00a232aff31e18e9f6136c86dacaf835a06bcb956e514415e338b20c0d5d67117e4294bf9c3d96312f2e9d8aa9d154980c0c6adc136df45eb0b5510c4a6cfd2ad65e2cc07fdc641ca70c30463538fba95f1c57190f5a6ea155185f62448dc5a1b8875268a6aa6d5fd8e5bae55a2fbfaeec5060b0238fa0ddee4d4c116ba14faf4e15724d98671b3fc733e1be4fbc9211a721041c7f14ffe645b8715467b6227de4fd74e347d09a0990e87d79245a30fdd7e3e73a0037d298b11caffd5e61ae65057d7ae147bb427d638b02fb2bf641629d6108b23d12e9029dd3c333d3cc50989e1e10a565f53cc135fab79d20b06de5c68a82f9644a67330c4b41e845cae815bcdbb3e69ae3fc137c67ca3d846ecf7d72c28c652fbb37913565ea8f3f5adfbfac3e91be97eb96b10247439d7b3a69a7cc36570c1c7535359c58b226ffd78a0baeeeb1d3a95a168182ba8511993d70fb51c7af5ac74a91af4be529c6ff54cb0021a860f352fac728b9c889d44ea4d653f7d9dd06b2b29d421b0beda4e5d1d96ee64673fad447d5fc6db71a536bf80bdd2e963a43405a9379c5704f6ef141f0b3da6beec731112bcc0202558e0094c402d7a8b9ebee1e69b896b80616d2d3f2b951236c61db7e3be19cb10460eacbc30aeb6142506dee44c4bd5e3a6580145baf4b21a9a272182ff8422185e65a1c20ffe18f4ec3fb29f0f620cdc15ce1bfb4af62cb8e69e860f8d97fae6187c1147d184252c5a303f22db02da543b4f883b68c5897c5b134b4e3c548f4687751664ff33287f2171555aab6bff02b475658e5a027be263151b27d116f2441a02fa6a90a335310cead758d8e2924f51849472871ad9467a268d02497b2a87bf481e78a6b6bfd4dcf54a700aa517bc49731a5c644a69c89793458e3bc70a88687864a79e57b51229768c89686b1cec364b06912e23b4b56ba2fa4774a7605b67497eceb4fc03174ee119fc270e45174aa0bc6367c8a3a0160964b6e429e51ad50469282df19c1e38ff17c4c2a3ee8d260023a6b11205daedac7792e1bf8af0c7a22123602d04f4e18c761fe75b0b385edac7c9a05ed66629694853381eeae36f5b712bd8c9359f58ea1bb09b9e62f9bbfe96f798295bd441d6e566f814b20906fbb49e653ed515a02d41db771a90c384c43a1fede01433d680c4226d0a1679d5c07b43eac3abaa79a8bc8f5895ca10c877b07cc55e5f749bbb2a99909f5f362797718b4ab442a09975da06159fdad27ab5f619736a9fdabd5baeb5812f195194fc19b5d828afd98a5ee699e801522cf866f004618c42d24cbe17f4a294146d05c92315474b9ea961df4b153b33fafcca5d962fd0cf83134d7e8d8b88c496e35b35ed22a3e566730c413238d794e8c068332200169259dbcb7d7d778b9d1493c3e581e1789a75a90ff356af2e38c481dfdbc12d6106ecf168f39e32e007806418672608f71aea74250a4fe4dda49e4b519d9a9dc0ebfffbbd10cedac967afa80868bbc7a64f3d81da1fba31b2cdf7596207406f931858703dc2b0415f9a32ee282586491e06d501728920d4857ae72c48f1bcc63a167b9149ffb74927527ce28cd9bf8100ea8abaa5dadd069b6bf39b86afd2d950d4319eb3e4c4165aa5e561479019f64d9beac14b13b559208132cec6f98b73b8540b13eea586b7afda456d2ef2d081a897bd4fbd2417f0d735e365f29a3c") sendmsg$nl_generic(r3, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000015c0)={0x1004, 0x1e, 0x400, 0x70bd28, 0x25dfdbfb, {0xf}, [@generic="73a0e0c6d1134b0e5fbc4b42ffb173171c6dd90c73a0ec9d967c9c51dd267c6611c8548c3a4ddeb8a5e1a54afaf39db4dd154109a3eec959634d17e064e729e8da1a93d45820ea593eee10d2733dda1a43b4963892d6e62a32743d9aa34ed1f91a8d32b57abe1aabd880e239dea3d321516ed6b1b166681028093eb64097cae699d786086503767a9915451dfab816d0afe00587bff3e3a0033b1556bf1e9f56555160e9d3fd2a18b6890e16657dd0c534c1eb088c10b3f857b1adb8d7deab991d7fcb496657f87010076fa1b1db36320eeec498052646da135bf26158c72e66459b93c5cee41261694eae831bd4aefa90f4e873f595938037528ec54acad515c33aa5b5271d29ae0fd20db57f8a3b1feacdf5533f476259aeb8dec3edf2d35bcfbee27ac69587cf6e10dc61184c48f6b4820cb047a5fec39135f0045963b7fe74b7ca1917d39bec34f00031bfef8500572423b4354b0244837b368c828903f68517eb76ba6c42c422d0b95fafef4903919ba5465492ee262774c810876146aeceea855aa1bc6f2c5ae362c1e5cbf74b1c073384faf41f418182190f2dac4b7b61057088439fcc1c55bfb3ceae10eb1a4f5772bd790fedc45696fbad5941b284c499d4bf549c5c9d8c8a4141cc7068c0d9567d7b2347d7729e60ce1e1524fae8dcba3786db2ef2d09d18b0df4ec415f628f693af560baa6f996788eef781210a3a39d1c27c3e87d626caee0be2b09826b931f7f9b893a3bd1d2862f38d59a1f8b4450ba9c335d1c4a18f4412a2b7de061355b694308009af558f7de4c3be9223bf414568b9834abd4e82d8178c5cc8c20824ce35d495cda0196522db9a4325f9a138ebf4c781596200cfbd353df5a120635e245e16a70ad841bf2197862b565bcbe527e093324a9408cdbec303241624c30ff329486a16d37972c3c7a80eb3d166b0dc8ba5e44d5d2f91548d4d08c68f2ff83d035f29c9fe909259561d800a06a7810ded7c93bac64439cfda512c6204f39a4b8526bdac85a7ca4081d9965602985f5ee37f99c27188e47ec8d72cf5a9c8e242f77abfcff50bb26f6ffeed1a6b4888e066ad802360f9a87dee6bc84755cb25425dd22f37de87d383c5e98d4ab6a5847b5d51b003b4c58dc914cfc38cb0e678de11cf0a0fe51f94f09ddad11d23a2a71b847843e173fe031398b872b92218a7b53bfe4d038110dc4823e261728cfcaedaf653fd43dd73261ba165d6620fc7968c2b3c29da081adf92aa27115070de45d8eaf39d7679e91e203ae3ce220addd8966f8591f6dccaf8d11826ba228adb8e290bfce4574bc479a383b72e0e0af6896411d6a728d1d9651dd71651fe4ca71b6ef870a1eeecce4af2094666839ba14dc8617f6ab9e23a0c49573c98da31ee79f5ec4196ea07680a8b254dd0e27309cbe458d89edb43f4a2f3ab7523a757af386a859646db24b5be811e80e90869c2ba4559769b447af7f456d62f1e4c0bef9fe597f92fcdc369c9144f35524e240c23ff9fa52923a21593abdf38c9ac696a1effba3fc1daacfdd0743f61f0c7461a3656718f22b27bda87f10a1ad97cf35ce96a327985232a4cfee82ad37b882bbef3a89289f6bb6105d51aa8fb07ce1654d23f50600eed7c975ff13562061764c695da086afd4dcb086702e3f876f2e14c23414ff2d04f445fa2105e74ef7c2bafa9c3fda0ca8570b0e6553ec6dc27af43e27e2c93300929a0979b5bccb77162aacb7a859f7a7a2fabefe178359cc14f80c92e5c94cafec2aff9cf4c7b53bc9e41e2a23e57586963792cd1343400a24823e656893d25fc0ad5492f40b33bb2d74fed3ccaaf60446cb70f149e9e8aefb0ebd0a7c1ed316188b4c6cfa802922340a63b240b54a6b4748daa4beee68c54e7836b067e38679aab86935c820c2e73744bac1679790eb7e55f6d40722c7b5b0fcefa9d03f2b383ab2457755dd3612f48199f473d61b064abfdcfc3d1b81e312daf3950f9438dab80eecfe9e96c88b7b58f33e30f5a70f30d1188fdcc068029b90be119524b4c704ccf1c00ba56b2980a89025f3f9cf5526020a7c5f2c0e67b78d9899f16fbe4a7f897cb88bb1428ecee46cf0dbb556e3824083242c36c1d2850a783b66e2316f4634dcc29c54657a69f281738b4ee8aa7c8bb8111f6079edd982c6aee9e22aea32ddd1db08862420b99d288f72d3166f6d670f3204691b28859f2bee5ac6b9d4d12b6a9185a05212591feb431272ca7139c95fd1d0c40ddc311b99b2766a23ead1d7e19cf98bec8ff5eb268c3df1d14ab8f4d793fd1a5b38522adb632acbf54336ca3e08bc05c35e51dc91454139e372e7aa07a2ea57c206d1fe8fe36406c2e74cd74121ff92407423d51aed8f622662fc1139aae22b318f122d38eed23d1341df1dd85c75ebccdc643f06253a975fec84bd3c1271a94d2a6f5f4f434d8c5c0209e5e08d2996e4811396c811c290db645adcdb27384c3e23f40c1851f6ec943ead084fa68a4c98482efe5828c206c71e2fdcb4faf223b3839f3c369662a843dce066bcbdf86e583ca8d41ef688e69a71e5314325b76658af24e7b51b48b5e3a8f976d0b4eedfe031432256d438526e6ccf80298224ef6c671a65a2c10c5f12b69c295654a995ffd7b05f45bda7ebf0ba2274a4f4d04986111234408f201041a1f80d87cbaf30d588bd50fe980e10d03c1ea7cb87f294a4ce5d1ee71d6414500bfe241702231379f60135a0d0a8be621a30177bf00058679eec6a8572d115dbd11b5546f1dbb50268d3dcfe9086731881a7c5e1ef7f4da18dd953e8d66455cf9a9eca3491efa7cc31bc0943b3196892a6c1d6e22da8ab89f76c073bd7b5fb6b936347cb79be00c7a97cf74a4957adfbc51fb5881c66e25f23d8dd1ffd5d86dddbdb119cb0a06d5d443c3f522a90320d69defae31be9f6c61fca317e106637310a0b61e9cee6f9f5178381e890c09f9975f98caafcebb0a2653bcb5dbdb669b1a4a1ac42c5d69a59d6699bd93e0fe4f98f32444a75b51383c95a76fe2fafd2d62397f45fad8b046a4fae4ab3c362368fbf08f73f8c24ca595b27d93f596ec7e5a1677949412844b70dde3851f9802e9589c55e05f7c630efbb11aaf8273acca943e211a4757bfcd86d7a02f6c364a25084c5f2f9340c26fd6493bf40296c7bb64f5bd5ce9de5329bf36a7a993a0047c8a734a67d1ee9a1ae9e303beca7c9dc4fdf8e0308e1cff91fbdcc76f4cb39dc6e57a4ace2bd94ff9fd9d6b5e61c866aefcad2e801fdf833ceb362ef024a84ad63528917240e69ed87bc938b72afb6ec44075fcf780cb2ce77e9b6925330a131ab9be6d689220b152df9239be3df8d54de367e3923254973f8c16393e42fc47d77e171569744e98a2df91290324bd643c1e9f5ff0232d41d502cad796d87163a54bb54db2a0713e3b39f2763560c7945ef8935d9bc2e5c150b9c7d7ead67bbcd34b53180fb7e2094bbd16380f95e5892d521b32ba2af8db608900a675890133b86cbb8971684bf020dfa91ba9216e3b64458924dcea864e1bfaab592574e3a4cb7d4f7275dc13299f0e91241880d5e5053c6db4ba8902253a7afd3d10c95563be67ff6fa03093a27880c1851f9c5d105bd89acfbaebe62a75863a6d5566c8faefc8780b4d7814ba9b1a8075bb566a05448022cbda913a6262f43b5d74e9c08599305ee31ed20b84cb5e3f0e26a093c0cd50ed3a2503732d2ceaae06de53b7d7929edfbf6459a0798a7d1ae738131a6924953031e0737b246ce5a2874bac27dd3bda0d4d91aec39aa3d2a6e1b99c3be4744501d4eaa010118fb47110ff426ac02bbd905d0d697ef0e8a4757db2c63d16d71d6518456d2088a7b156d3cbf094352221775fd9167c3118f630708870862e95f1ec00844a1992941ac35557df45d63754d4fd1d9f362ce3cd773f4fbb6162fee1f4e40688605f997cf21644b083be3ea1914d1436ed1020eb94adbf847620f7fd891ab7f8f061284f20f1f256e68319a737c962fbae5500bfc22e6fec2e845ee586d5f52ccb3d7ad1c12a085b5be790b7ca899dc82c544c45f7fa28f086848391118e713bd19d7fa825af5ad93e59a6479bbc65fe536c2ac9550c68a7b966d33fcd60df44dcdd64c1ab0a0ce05ef09f4d26a271c61253a0361e5ab1461beb1eb0d605ce5cdaab193e3bcb14c4b0559e32b36a670b5263f022ee2f4ef717b7a492a1228f6101bd7cfeddb4bfae0d1595ef32cf8d9405c26738db5af78855d053c181678307575233e2cdc748fad32c794b3e9fa1f68855cb8790f8b51e74a3cecab26fc0026087e5aba46215ca7835ae52fa049be992ab1cafb502ab293ab1115ad34c780c114e9a21910a36c0b72e8cb387fb8303e81041d16bca1360914bc8a3cc13b3e949ca4fac18e7a35290f901ae57fcb108556b4c0bf5daaadd416024fd6c85139fed66cf498207c47e5445ec8201b1be05dd4a1d412d444bb8ea9932401655a84c29c8f26536aa7331a1a82f4b4b1ad8f3fe78f7e536666077e6a371c2180034ab297447dc94924371cbb41c7c93f5d7d9e0a609584c616ca8857da68b6cd86dda387e4d9f29cd8306cea9558352057b30da8c3b97e616c8da1832aac520134308b872a80abf26061f6690ab600f121546a1fb24d9c3866484df47717b202940b20718093d98903b1fdf9f615e28bfd93ef3482b5b29572853e05052136b3f71bb72395d738380f2405f5dd288b9ad62f43e2944ca911a7abdef4d1f78b40b459d967d2b0427c2aa5836c9a09da0e9b2ea152d97c7eb67a205b58fdbf6925e851268eee73e21398b2e9c8002b64a80bb01b00e5264f7428c3a9e4c43769db9aaaf6705993e321f9a323c0441690a795056a22988b493a596a1b5008db5214046a4317849b9103ec2bc5f765a3c4cb5c8610075b93fd6bc82caf64e462d0a0530a9775f4e2e08a73baa022bc54248d2d7c1466247a3ab91743c6da1e923e4324a580e3f4de7a1f2f727cbb87fd06892da555c58a8c664706d220b85418165dd6ff0f2ba3960a5d84a14d97d7a24e587349215f83af76de78753d783320281b821dafc6f460910e8053668763f85e3f8d3777eda7238cd7b094710b31e54ef3db4ba47710c1291da154ee968985e185601cef26204bcfddde11ffc0594530c61ec1371fbd83c2a01311b3a63e1d6fa2e4717be849e9d40cd63c6dfaddad502c28dcd4f4a30e46e2d0344682bffca7120bc93bfa8d7040945802c7e04a80e7dbd639a20f2d6a19c37f8279ab7aee5b2d2499c0f7d833f93bb1c041c8473c7c16055b6c7cfbf3c479a3bd710e3d147dec90a0df494a17c72535f2644346bdb97f01f008939c87d4e1ec215e59ced343ebd2548d00525834d026addca3c7a98d19c3d03caa4343d58a8e239d72701d5773db74f97fb1386c21180d0928009e7fc53626c10639764c4f0ed56fc2d078508fde9fb6637072d1fd8c31e68123b609926018ce927e4325ed39b6fd8bc132e66058455b56c4bcf99f65ef4965be4b987580808e6fb9f9c4c38fcc1be5e64bc13e69fdf5b9d5701935354126b8d774c156ceaba511bf7221d320dc323b135948264b7cbf79414c2fee9", @generic, @nested={0xc, 0x3b, 0x0, 0x1, [@typed={0x8, 0x1d, 0x0, 0x0, @pid=r6}]}, @nested={0x8, 0xb2, 0x0, 0x1, [@nested={0x4, 0x32}]}, @generic="d6955d5c331c9c131a3337f8ac0ab66ad8fc00e3dfbf30", @generic="ff493c5d30bc24ecaaf606d8801139ea44c6ce412d4c3705f4902b39361df57a5b79299b835b0225d923737b9a7b71535cc50c93e44a44a00bb49da1a5cb8cd01930faff"]}, 0x1004}, 0x1, 0x0, 0x0, 0x4810}, 0x4) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x8044) 9.061979024s ago: executing program 5 (id=2820): unshare(0x64000600) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000040)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68) 8.860570686s ago: executing program 0 (id=2821): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) fstat(0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x10, 0x803, 0x0) r4 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0xc) sendmmsg(r4, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRES64=r4], 0x108}}], 0x2, 0xc040) 8.681327596s ago: executing program 2 (id=2822): r0 = socket(0x1e, 0x4, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x29, 0x2, 0xe, 0x16, 0x6c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, 0x7800, 0x8000, 0x1, 0x4}}) r1 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x1a00040, &(0x7f0000000540)={[{@utf8no}, {@rodir}, {@rodir}, {@shortname_mixed}, {@shortname_win95}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x148}}, {@shortname_mixed}, {@fat=@codepage={'codepage', 0x3d, '852'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@uni_xlateno}, {@fat=@usefree}, {@utf8no}, {@uni_xlate}, {@utf8}, {@utf8no}]}, 0x3, 0x354, &(0x7f0000020180)="$eJzs3U9oHNUfAPDvdja7aaG/5PCDoiCM3kQNbcSDnhJKCsVcVBb/HMTFpirZWMjiYnrINl7Eo+BRvXjzoMeeRVDEmwevVpCqeNDeChZHdnY2O5vdpKmwrcHP5zB8+973O++97pCdTLIvryzF+oWZuHjjxvWYna1EdensUtysxHwkMXAlxtUmtAEAR8PNLIs/sr5DllSmPCUAYMry9//XTpZa3vnqoPzMuz8AHHnF9//HD8qZ3a/j0lSmBABM2djz/4dGumujP+qvln4rAAA4qp578aWnl1cjnk3T2YiNdzuNTiOeGvYvX4w3ohVrcTrm4lZE/0ahd6jkx3PnV1dOp2najZ/no9Gr6DQiNrqdRv9OYTnJ6+txJuZiPq9/ZHDuLMuScx9HRJqLiCvdfPzYqHQaM3GiGP+HE7EWi5HG/4vxi7uV/HB+dWUxLU7Q2BjUdyN2hs8tevNfiLn47tW4FK24kI89uK1ZXdk+k6Zns9WR+k6jnuf17fsEBAAAAAAAAAAAAAAAAAAAAAAA/pGFdNf87v432XD/noWFCf35/jj9+mJ/oJ3+/kBZPYss+/3txxrvJTGyP9De/Xk6jWocu7dLBwAAAAAAAAAAAAAAAAAAgH+N9lYtmq3W2mZ76/J6OehutreORUSv5c1vPvvyeIzn3CaoFmOUutKi6fJ6M0sGyVkyklMESW/wQcunV3dnXM6p765i4jTq+3e1Wicf/OnDYcsDyeDMfw1zkpi8wGTPNMrBxv/6U7qT/6jdYPE2OdeyLNuvfPvl8aqoRFTv/IU7OMh6wdfXX7/v8fapJ/KWL7K+hx+de/7aB5/8ut5s9UaO/BWsbbZvZevN4t+TL7b9g6R0/VSiH1TKV0L1oPKd0ZZm8v1vL9z//reHGz0rt7w1ISfpL+fzvV21ftCb5p6u45PGmplw8U8hOPXRUvPq9o+/HLaq9EXCRh0AAAAAAAAAAAAAAAAAAHBXlD4rXig+7DtzUNWTz0x/ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw9wz//n8p2BlrOUzwZzfGu+prm+2I2r1eJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/3F/BwAA//9XymbU") openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000300)='sessionid\x00') bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000004c0)={r4, 0x3, 0x6}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r4, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 7.703919052s ago: executing program 0 (id=2824): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x4004) r2 = socket$key(0xf, 0x3, 0x2) socket(0x11, 0x2, 0x0) socket$inet(0x2, 0xa, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000840)='net/packet\x00') setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) pread64(r3, &(0x7f0000000100)=""/190, 0xbe, 0x8001) sendmsg$key(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 7.539039372s ago: executing program 5 (id=2825): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = epoll_create1(0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000100)="5802000000adbcb1d770dc898c190fb6dbeeee0c28205c43fb3a7cc6b334030000002f3cc8a68054e46c6d89680d23d8f6b2a3e94864e0", 0x37, 0x48000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x88, 0x1, 0x0, 0x3}, 0xe) shutdown(r3, 0x1) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x3, 0x8, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000080)={'ip6_vti0\x00', 0x0, 0x4, 0x30, 0x5, 0x2, 0x1, @dev={0xfe, 0x80, '\x00', 0x1e}, @empty, 0x8000, 0x781e, 0x1000, 0x5}}) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f00000003c0)) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') setresuid(0xffffffffffffffff, 0x0, 0xee00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) setreuid(0x0, 0xee00) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4) syz_io_uring_setup(0x5ae2, &(0x7f0000000700)={0x0, 0x6011, 0x4, 0x0, 0x3cc}, &(0x7f0000000180), &(0x7f0000000140)) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$SIOCAX25DELUID(r2, 0x89e2, &(0x7f0000000240)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) openat$cgroup_int(r5, &(0x7f0000000340)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) 7.06107085s ago: executing program 2 (id=2826): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200006, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) vmsplice(0xffffffffffffffff, &(0x7f0000000540), 0x41, 0x1) 6.262597937s ago: executing program 0 (id=2828): mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) rt_sigqueueinfo(0x0, 0x1f, &(0x7f00000003c0)={0x5, 0x3d36, 0x5}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x290, 0x0, 0xb, 0xd0e0011, 0x120, 0xc6, 0x1f8, 0x1d8, 0x190, 0x1f8, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'nr0\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x120, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'virt_wifi0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x20, 0x0, 0x0, 0x20000, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000104010100000000000000100100140005000100"], 0x1c}, 0x1, 0x0, 0x0, 0x60000081}, 0x800) sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[], 0xcc}, 0x1, 0x0, 0x0, 0x400c081}, 0x40004) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000080), 0x2000000, &(0x7f0000000440)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10) sendmsg$can_bcm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6bcd41fd8"}}, 0x48}}, 0x410) 4.925358734s ago: executing program 0 (id=2829): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000001180)=@ethtool_coalesce={0xf, 0x0, 0x9, 0x6, 0x5, 0xc, 0x0, 0xbffffffc, 0x3, 0x32, 0x7fff, 0x7, 0x3, 0xe, 0x5f, 0x4, 0xd88, 0x200002, 0x80000000, 0x5, 0x4001ff, 0xfffffff9, 0x6}}) flock(r0, 0x5) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=r4, @ANYBLOB="31000000bf3f9f8008000a00", @ANYRES32=0x0, @ANYBLOB="2c001280110001006272696467655f736c6176650000cd1a14000580080022008554b58fe386a1", @ANYRES32=0x0], 0x54}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b02300ffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r6, 0x702, 0xe, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fcntl$getownex(r6, 0x10, &(0x7f0000000300)={0x0, 0x0}) sched_setscheduler(r7, 0x2, &(0x7f0000000080)=0x8) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r11 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r11, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x368, 0x1d0, 0x11, 0x148, 0x0, 0x0, 0x2d0, 0x2a8, 0x2a8, 0x2d0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x188, 0x1d0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@remote, [0xffffff00, 0xff, 0xffffff00], @ipv6=@dev={0xfe, 0x80, '\x00', 0xe}, [0x0, 0xffffff00], @ipv4=@private=0xa010100, [0xffffff00, 0x0, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xff000000, 0xff000000, 0xff], 0x8, 0x6, 0x5e, 0x4e21, 0x4e23, 0x4e24, 0x4e21}, 0x40, 0x8e0}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0xffffffff, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x242, 0x75f65a4e97d6873f, 0x1}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x3, 0x6, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8) flock(r5, 0x2) 4.755754504s ago: executing program 5 (id=2830): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c8, 0x12) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0x2, 0x3, 0x8d) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x4, &(0x7f00000006c0)=ANY=[@ANYRESOCT=r0, @ANYRESOCT, @ANYRES8, @ANYRESHEX=r5, @ANYRES16, @ANYBLOB="98d6c8837ccbd4ecf2bc4874d8360a53f035187c0add6b7e55d81ccb053c4256c978f97cf2ef42cf4d42b1dbfeb1f5975a7807399afbfe1b98c0512a38c3510ca2f21effc0ac6dddb5f670d8c3b35f48c4bf8cff6e3a7da4029a1d85df57517a19e3a4bec7e8e16ec30c988447aa10138958cc9f488033fd2b4c0573877cd23826c0833374571f9ebb3f9e39ea04e0b31e33915f2e6a4579c9817dc99a4a"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200280, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r6}}, 0x58) sendmsg$NFT_BATCH(r0, 0x0, 0x40) 4.689723208s ago: executing program 3 (id=2831): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x58, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10000042}, 0x4090) 4.167289468s ago: executing program 3 (id=2832): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x83fb, 0x4, 0x29, 0x4, 0xfffffffd, 0xcc7, 0x8, 0x8d, 0x7fff, 0x0, 0x7, 0x1, 0x1, 0x1, 0x8026, 0x80, 0x6, 0x1a449, 0x9, 0x40000003, 0x89, 0xfffff443, 0x0, 0x20001e5c, 0x8, 0xffc00004, 0x3c, 0x8, 0x100016, 0xf7fffff7, 0xfffffff8]}) 3.879548565s ago: executing program 2 (id=2833): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x20004015) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.747971172s ago: executing program 3 (id=2834): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40080) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_client}], [{@uid_lt}, {@obj_user={'obj_user', 0x3d, '9P2000.u'}}]}}) 3.453549449s ago: executing program 0 (id=2835): r0 = socket(0x1e, 0x4, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x29, 0x2, 0xe, 0x16, 0x6c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, 0x7800, 0x8000, 0x1, 0x4}}) r1 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x1a00040, &(0x7f0000000540)={[{@utf8no}, {@rodir}, {@rodir}, {@shortname_mixed}, {@shortname_win95}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x148}}, {@shortname_mixed}, {@fat=@codepage={'codepage', 0x3d, '852'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@uni_xlateno}, {@fat=@usefree}, {@utf8no}, {@uni_xlate}, {@utf8}, {@utf8no}]}, 0x3, 0x354, &(0x7f0000020180)="$eJzs3U9oHNUfAPDvdja7aaG/5PCDoiCM3kQNbcSDnhJKCsVcVBb/HMTFpirZWMjiYnrINl7Eo+BRvXjzoMeeRVDEmwevVpCqeNDeChZHdnY2O5vdpKmwrcHP5zB8+973O++97pCdTLIvryzF+oWZuHjjxvWYna1EdensUtysxHwkMXAlxtUmtAEAR8PNLIs/sr5DllSmPCUAYMry9//XTpZa3vnqoPzMuz8AHHnF9//HD8qZ3a/j0lSmBABM2djz/4dGumujP+qvln4rAAA4qp578aWnl1cjnk3T2YiNdzuNTiOeGvYvX4w3ohVrcTrm4lZE/0ahd6jkx3PnV1dOp2najZ/no9Gr6DQiNrqdRv9OYTnJ6+txJuZiPq9/ZHDuLMuScx9HRJqLiCvdfPzYqHQaM3GiGP+HE7EWi5HG/4vxi7uV/HB+dWUxLU7Q2BjUdyN2hs8tevNfiLn47tW4FK24kI89uK1ZXdk+k6Zns9WR+k6jnuf17fsEBAAAAAAAAAAAAAAAAAAAAAAA/pGFdNf87v432XD/noWFCf35/jj9+mJ/oJ3+/kBZPYss+/3txxrvJTGyP9De/Xk6jWocu7dLBwAAAAAAAAAAAAAAAAAAgH+N9lYtmq3W2mZ76/J6OehutreORUSv5c1vPvvyeIzn3CaoFmOUutKi6fJ6M0sGyVkyklMESW/wQcunV3dnXM6p765i4jTq+3e1Wicf/OnDYcsDyeDMfw1zkpi8wGTPNMrBxv/6U7qT/6jdYPE2OdeyLNuvfPvl8aqoRFTv/IU7OMh6wdfXX7/v8fapJ/KWL7K+hx+de/7aB5/8ut5s9UaO/BWsbbZvZevN4t+TL7b9g6R0/VSiH1TKV0L1oPKd0ZZm8v1vL9z//reHGz0rt7w1ISfpL+fzvV21ftCb5p6u45PGmplw8U8hOPXRUvPq9o+/HLaq9EXCRh0AAAAAAAAAAAAAAAAAAHBXlD4rXig+7DtzUNWTz0x/ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw9wz//n8p2BlrOUzwZzfGu+prm+2I2r1eJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/3F/BwAA//9XymbU") openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000300)='sessionid\x00') bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000004c0)={r4, 0x3, 0x6}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r4, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 3.372634904s ago: executing program 2 (id=2836): r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x5000) fallocate(r0, 0x0, 0x0, 0x8800000) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580), 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r3, 0x8004af70, 0x0) fchown(r3, 0x0, 0xee01) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000080)={0x3, 0x9, 0x6, 0x3, 0x5}, 0xc) setreuid(0xffffffffffffffff, 0xee01) 3.355294275s ago: executing program 3 (id=2837): syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2) 2.271830878s ago: executing program 5 (id=2838): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffff", 0x9) setsockopt$inet6_opts(r1, 0x29, 0x37, 0x0, 0x18) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r0, &(0x7f0000000080)="240000001a007f0214f9f407000904080300000000000005000200", 0x1b) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f00000000c0)="f62dfbf08021e154706f4b9bf84114cbc0a537c94ce491d96d31e014b3c3e7a5a82b96fe7b5c3613f4002528a7bb692758c2ad94b5ff6c152238ac0a042aa9", 0x3f) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x10000008, 0x4, 0x0, 0xc, 0x0, 0xfffffe0000000001, 0xfa91, 0x7fffffff}, 0x0) socket$inet6(0xa, 0x3, 0x3c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49) unshare(0x6020400) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 2.157805624s ago: executing program 5 (id=2839): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = epoll_create1(0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000100)="5802000000adbcb1d770dc898c190fb6dbeeee0c28205c43fb3a7cc6b334030000002f3cc8a68054e46c6d89680d23d8f6b2a3e94864e0", 0x37, 0x48000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x88, 0x1, 0x0, 0x3}, 0xe) shutdown(r3, 0x1) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x3, 0x8, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000080)={'ip6_vti0\x00', 0x0, 0x4, 0x30, 0x5, 0x2, 0x1, @dev={0xfe, 0x80, '\x00', 0x1e}, @empty, 0x8000, 0x781e, 0x1000, 0x5}}) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f00000003c0)) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') setresuid(0xffffffffffffffff, 0x0, 0xee00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) setreuid(0x0, 0xee00) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4) syz_io_uring_setup(0x5ae2, &(0x7f0000000700)={0x0, 0x6011, 0x4, 0x0, 0x3cc}, &(0x7f0000000180), &(0x7f0000000140)) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$SIOCAX25DELUID(r2, 0x89e2, &(0x7f0000000240)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) openat$cgroup_int(r5, &(0x7f0000000340)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) 1.913763839s ago: executing program 2 (id=2840): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x3, {0x1, 0xf0, 0x3}, 0xfe}, 0x18) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r2, 0x0, 0x8040) connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x2, {0x2, 0xff, 0x3}, 0xfe}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r3, {0x8, 0xffe0}, {0xa, 0x9}, {0x2}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x9b288068ad5cca8}, 0x20000850) r4 = socket$xdp(0x2c, 0x3, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) bind$xdp(r4, &(0x7f0000000240)={0x2c, 0x1, r6, 0x0, r7}, 0x10) userfaultfd(0x80801) 329.987921ms ago: executing program 3 (id=2841): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x68, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x2d, 0x9, 0x0, 0xd29}}, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x15}]}]}, 0x68}}, 0x0) 195.672549ms ago: executing program 5 (id=2842): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x15c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in=@empty, @in6=@mcast1, 0x4, 0x0, 0x4e21, 0x1, 0x0, 0x0, 0x0, 0x2e, 0x0, 0xee00}, {@in=@remote, 0x4d6, 0x32}, @in=@multicast2, {0x2, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x3f, 0x543}, {0x4, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7}, {}, 0x70bd2c, 0x3500, 0x2, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x80, "210466d38547aa140db9a200000000c538c7cb7a"}}, @offload={0xc, 0x1c, {r3}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x890}, 0x2014) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) 91.380165ms ago: executing program 0 (id=2843): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) epoll_create1(0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, 0x0, 0x0, 0x48000, &(0x7f000005ffe4)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r4 = accept4(r3, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d", 0x8) sendto$inet6(r4, &(0x7f0000000080)='%[', 0x2, 0x800, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x88, 0x1, 0x0, 0x3}, 0xe) shutdown(r2, 0x1) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x3, 0x8, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000080)={'ip6_vti0\x00', 0x0, 0x4, 0x30, 0x5, 0x2, 0x1, @dev={0xfe, 0x80, '\x00', 0x1e}, @empty, 0x8000, 0x781e, 0x1000, 0x5}}) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000500)={{{@in=@rand_addr=0x64010100, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e24, 0x7, 0xa, 0x7, 0xa, 0x80, 0xa0, 0x88, r6, r7}, {0xc3b0, 0x4, 0x7, 0x200000000000000, 0x401, 0x635, 0x6, 0x7}, {0x79, 0x4, 0xffffffff, 0x5}, 0x614a, 0x6e6bb4, 0x2, 0x1, 0x2}, {{@in=@rand_addr=0x64010102, 0x4d5, 0x2b}, 0xa, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3505, 0x0, 0x2, 0x3, 0x10001, 0x7, 0x4}}, 0xe4) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') 67.097696ms ago: executing program 2 (id=2844): mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0]) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x1, 0x8, 0x0, 0x0, @remote}, 0x10) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@FILEID_NILFS_WITHOUT_PARENT={0x20, 0xf1, {0x101, 0x0, 0x105, 0xfffffff8, 0x3b}}, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f0000000280)={&(0x7f00000000c0), 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0x8000) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = getpid() chmod(&(0x7f0000000080)='./file0\x00', 0x8) r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) close_range(r3, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=2845): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0x9}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="4a000e00"], 0x84}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) kernel console output (not intermixed with test programs): dding interface: gretap1 [ 331.100301][ T6619] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.127555][ T6619] batman_adv: batadv0: Interface activated: gretap1 [ 332.091402][ T6622] Driver unsupported XDP return value 0 on prog (id 30) dev N/A, expect packet loss! [ 332.135917][ T1946] block nbd0: Attempted send on invalid socket [ 332.142412][ T1946] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 332.155156][ T6622] FAT-fs (nbd0): unable to read boot sector [ 332.171795][ T6622] netlink: 12 bytes leftover after parsing attributes in process `syz.0.518'. [ 336.894148][ T6644] 9pnet_virtio: no channels available for device syz [ 339.307773][ T6676] 9pnet_fd: Insufficient options for proto=fd [ 339.462932][ T4975] block nbd0: Attempted send on invalid socket [ 339.469408][ T4975] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 339.522224][ T6679] FAT-fs (nbd0): unable to read boot sector [ 339.624729][ T6682] netlink: 12 bytes leftover after parsing attributes in process `syz.0.533'. [ 341.600795][ T6709] 9pnet_virtio: no channels available for device syz [ 342.223121][ T6726] 9pnet_fd: Insufficient options for proto=fd [ 342.813747][ T6731] loop6: detected capacity change from 0 to 7 [ 342.823342][ T6731] Dev loop6: unable to read RDB block 7 [ 342.831666][ T6731] loop6: unable to read partition table [ 342.837995][ T6731] loop6: partition table beyond EOD, truncated [ 342.844364][ T6731] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 343.011577][ T6734] autofs4:pid:6734:autofs_fill_super: called with bogus options [ 346.867707][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 346.867732][ T26] audit: type=1326 audit(1769955256.877:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.3.551" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb65519aeb9 code=0x0 [ 348.059043][ T6761] 9pnet_virtio: no channels available for device syz [ 349.482345][ T6776] loop6: detected capacity change from 0 to 7 [ 349.494205][ T6776] Dev loop6: unable to read RDB block 7 [ 349.500096][ T6776] loop6: unable to read partition table [ 349.506508][ T6776] loop6: partition table beyond EOD, truncated [ 349.512992][ T6776] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 349.680320][ T6780] autofs4:pid:6780:autofs_fill_super: called with bogus options [ 350.314993][ T6783] 9pnet_fd: Insufficient options for proto=fd [ 353.683681][ T6809] kvm: pic: non byte write [ 354.339058][ T6816] 9pnet_virtio: no channels available for device syz [ 355.335831][ T6830] autofs4:pid:6830:autofs_fill_super: called with bogus options [ 356.983654][ T6853] 9pnet_virtio: no channels available for device syz [ 359.457835][ T6884] loop6: detected capacity change from 0 to 7 [ 359.754709][ T6888] autofs4:pid:6888:autofs_fill_super: called with bogus options [ 360.397889][ T6884] Dev loop6: unable to read RDB block 7 [ 360.403533][ T6884] loop6: unable to read partition table [ 360.427955][ T6884] loop6: partition table beyond EOD, truncated [ 360.444449][ T6884] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 361.828478][ T6904] netlink: 88 bytes leftover after parsing attributes in process `syz.3.591'. [ 362.326632][ T6912] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 362.358857][ T6913] 9pnet_virtio: no channels available for device syz [ 363.000303][ T6925] device syzkaller0 entered promiscuous mode [ 363.752320][ T6930] netlink: 'syz.4.598': attribute type 4 has an invalid length. [ 368.473676][ T6957] netlink: 88 bytes leftover after parsing attributes in process `syz.0.604'. [ 368.982904][ T6962] 9pnet_virtio: no channels available for device syz [ 370.313673][ T6972] device syzkaller0 entered promiscuous mode [ 371.808711][ T6994] netlink: 88 bytes leftover after parsing attributes in process `syz.2.616'. [ 372.240460][ T7002] netlink: 'syz.4.617': attribute type 4 has an invalid length. [ 372.352082][ T4641] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 372.548613][ T4641] usb 1-1: config 0 has no interfaces? [ 372.556840][ T4641] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 372.566654][ T4641] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 372.574867][ T4641] usb 1-1: Product: syz [ 372.579680][ T4641] usb 1-1: Manufacturer: syz [ 372.596568][ T4641] usb 1-1: config 0 descriptor?? [ 372.828679][ T4732] usb 1-1: USB disconnect, device number 21 [ 373.831357][ T7018] device syzkaller0 entered promiscuous mode [ 373.971702][ T7021] autofs4:pid:7021:autofs_fill_super: called with bogus options [ 376.455193][ T7034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.627'. [ 378.672965][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.679548][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.704433][ T7048] netlink: 16 bytes leftover after parsing attributes in process `syz.4.631'. [ 380.223191][ T26] audit: type=1804 audit(1769955291.487:111): pid=7058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.634" name="/newroot/132/file1" dev="fuse" ino=1 res=1 errno=0 [ 380.353255][ T7060] netlink: 'syz.3.632': attribute type 4 has an invalid length. [ 380.460276][ T26] audit: type=1804 audit(1769955291.527:112): pid=7058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.634" name="/newroot/132/file1" dev="fuse" ino=1 res=1 errno=0 [ 380.602018][ T7063] device syzkaller0 entered promiscuous mode [ 384.613252][ T7097] 9pnet_virtio: no channels available for device syz [ 385.247846][ T7109] device syzkaller0 entered promiscuous mode [ 387.690135][ T7131] netlink: 'syz.5.653': attribute type 4 has an invalid length. [ 389.376779][ T7143] 9pnet_virtio: no channels available for device syz [ 394.644235][ T7195] 9pnet_virtio: no channels available for device syz [ 395.417248][ T4732] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 395.550107][ T7207] device syzkaller0 entered promiscuous mode [ 395.617975][ T4732] usb 6-1: Using ep0 maxpacket: 8 [ 395.644311][ T4732] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 395.707914][ T4732] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 395.751165][ T4732] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.769598][ T4732] usb 6-1: Product: syz [ 395.774027][ T4732] usb 6-1: Manufacturer: syz [ 395.784544][ T4732] usb 6-1: SerialNumber: syz [ 395.807343][ T4732] usb 6-1: config 0 descriptor?? [ 395.839050][ T4732] streamzap 6-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 396.290693][ T7212] netlink: 'syz.3.677': attribute type 4 has an invalid length. [ 396.718383][ T7219] netlink: 3 bytes leftover after parsing attributes in process `syz.4.678'. [ 397.128622][ T7225] 9pnet_virtio: no channels available for device syz [ 398.027058][ T4641] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 398.230272][ T4641] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 398.250944][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 398.309402][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 398.366910][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 398.829958][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 398.872560][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.010485][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 399.088929][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.177054][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 399.222888][ T4257] usb 6-1: USB disconnect, device number 3 [ 399.230120][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.383192][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 399.425210][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.471687][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 400.196514][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.228053][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 400.291452][ T4641] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.320893][ T4641] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 400.355177][ T4641] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 400.412586][ T4641] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 400.437783][ T4641] usb 1-1: Product: syz [ 400.442036][ T4641] usb 1-1: Manufacturer: syz [ 400.456633][ T4641] usb 1-1: SerialNumber: syz [ 400.487382][ T4641] usb 1-1: config 0 descriptor?? [ 400.868283][ T7267] autofs4:pid:7267:autofs_fill_super: called with bogus options [ 401.763951][ T4641] usb 1-1: USB disconnect, device number 22 [ 401.812814][ T7273] netlink: 'syz.3.692': attribute type 4 has an invalid length. [ 402.044422][ T7280] 9pnet_virtio: no channels available for device syz [ 405.484983][ T7313] 9pnet_virtio: no channels available for device syz [ 407.707085][ T26] audit: type=1326 audit(1769955318.887:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 408.759857][ T26] audit: type=1326 audit(1769955318.887:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 408.811196][ T7348] tmpfs: Unknown parameter 'usrquota' [ 408.833611][ T7348] i2c i2c-0: Invalid block write size 37 [ 408.847320][ T26] audit: type=1326 audit(1769955319.047:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 408.903479][ T7350] batman_adv: batadv0: Adding interface: gretap1 [ 408.909975][ T7350] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.935391][ T7350] batman_adv: batadv0: Interface activated: gretap1 [ 409.065769][ T26] audit: type=1326 audit(1769955319.047:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.179152][ T26] audit: type=1326 audit(1769955319.047:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.264743][ T26] audit: type=1326 audit(1769955319.247:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.433355][ T26] audit: type=1326 audit(1769955319.247:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.466744][ T26] audit: type=1326 audit(1769955319.247:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.555528][ T26] audit: type=1326 audit(1769955319.407:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 409.635403][ T26] audit: type=1326 audit(1769955319.407:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7333 comm="syz.4.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 410.396610][ T7363] 9pnet_virtio: no channels available for device syz [ 412.079670][ T7387] autofs4:pid:7387:autofs_fill_super: called with bogus options [ 413.835657][ T7409] fuse: Unknown parameter 'group_id00000000000000000000' [ 414.598906][ T7425] autofs4:pid:7425:autofs_fill_super: called with bogus options [ 417.697091][ T26] kauditd_printk_skb: 28 callbacks suppressed [ 417.697114][ T26] audit: type=1326 audit(1769955328.937:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 418.731513][ T26] audit: type=1326 audit(1769955328.937:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 418.817600][ T26] audit: type=1326 audit(1769955329.077:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 418.957167][ T26] audit: type=1326 audit(1769955329.077:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.122576][ T26] audit: type=1326 audit(1769955329.077:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.203916][ T26] audit: type=1326 audit(1769955329.227:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.348618][ T26] audit: type=1326 audit(1769955329.227:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.423899][ T26] audit: type=1326 audit(1769955329.227:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.464975][ T26] audit: type=1326 audit(1769955329.377:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 419.496686][ T26] audit: type=1326 audit(1769955329.377:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7441 comm="syz.4.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 421.149966][ T7482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.750'. [ 422.987509][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 422.987523][ T26] audit: type=1326 audit(1769955333.937:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 423.242663][ T7496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.754'. [ 423.977138][ T26] audit: type=1326 audit(1769955333.937:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 424.000158][ T26] audit: type=1326 audit(1769955333.937:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 427.047863][ T7537] Set syz0 is full, maxelem 0 reached [ 428.005284][ T26] audit: type=1326 audit(1769955338.667:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.0.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 428.038403][ T125] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 428.110822][ T26] audit: type=1326 audit(1769955338.667:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.0.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 428.193413][ T26] audit: type=1326 audit(1769955338.817:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.0.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 428.245884][ T7543] device syzkaller0 entered promiscuous mode [ 428.280592][ T125] usb 6-1: config 0 has an invalid interface number: 217 but max is 0 [ 428.286125][ T26] audit: type=1326 audit(1769955338.817:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.0.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 428.301499][ T7543] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 428.320618][ T125] usb 6-1: config 0 has no interface number 0 [ 428.339687][ T125] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 428.346431][ T26] audit: type=1326 audit(1769955338.817:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7535 comm="syz.0.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 428.377013][ T125] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.398497][ T125] usb 6-1: Product: syz [ 428.412327][ T125] usb 6-1: Manufacturer: syz [ 428.417389][ T125] usb 6-1: SerialNumber: syz [ 428.424059][ T125] usb 6-1: config 0 descriptor?? [ 428.439538][ T7545] fuse: Bad value for 'fd' [ 428.445912][ T125] hub 6-1:0.217: bad descriptor, ignoring hub [ 428.464461][ T125] hub: probe of 6-1:0.217 failed with error -5 [ 428.647319][ T7537] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 428.691392][ T125] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 428.843636][ T125] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 428.906565][ T125] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 429.063596][ T125] usb 6-1: media controller created [ 429.080787][ T125] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 429.208434][ T125] DVB: Unable to find symbol dib7000p_attach() [ 429.215064][ T125] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 429.531937][ T7565] netlink: 'syz.3.773': attribute type 4 has an invalid length. [ 429.540330][ T125] rc_core: IR keymap rc-dib0700-rc5 not found [ 429.546619][ T125] Registered IR keymap rc-empty [ 429.563122][ T125] dvb-usb: could not initialize remote control. [ 429.569952][ T125] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 429.591612][ T125] usb 6-1: USB disconnect, device number 4 [ 429.654401][ T125] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 432.477583][ T26] audit: type=1326 audit(1769955343.057:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7582 comm="syz.3.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 432.570510][ T7590] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 432.637299][ T26] audit: type=1326 audit(1769955343.057:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7582 comm="syz.3.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 432.986400][ T7596] fuse: Bad value for 'fd' [ 433.026260][ T7590] process 'syz.2.775' launched '/dev/fd/12' with NULL argv: empty string added [ 438.917945][ T7628] netlink: 'syz.5.787': attribute type 4 has an invalid length. [ 440.299671][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.306046][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.512603][ T7644] fuse: Bad value for 'fd' [ 440.871719][ T7652] loop5: detected capacity change from 0 to 128 [ 440.910944][ T7652] ======================================================= [ 440.910944][ T7652] WARNING: The mand mount option has been deprecated and [ 440.910944][ T7652] and is ignored by this kernel. Remove the mand [ 440.910944][ T7652] option from the mount to silence this warning. [ 440.910944][ T7652] ======================================================= [ 441.095746][ T7652] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 441.108394][ T7652] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 441.517605][ T7669] loop3: detected capacity change from 0 to 8192 [ 443.167029][ T4257] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 443.530352][ T4968] EXT4-fs (loop5): unmounting filesystem. [ 443.597543][ T4257] usb 1-1: Using ep0 maxpacket: 16 [ 443.605325][ T4257] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.672227][ T4257] usb 1-1: config 0 interface 0 has no altsetting 0 [ 443.687075][ T4257] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 443.726679][ T4257] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.889461][ T4257] usb 1-1: config 0 descriptor?? [ 444.024766][ T7677] xt_CT: You must specify a L4 protocol and not use inversions on it [ 444.046620][ T7677] hub 6-0:1.0: USB hub found [ 444.053525][ T7677] hub 6-0:1.0: 1 port detected [ 446.420088][ T4257] usbhid 1-1:0.0: can't add hid device: -71 [ 446.436058][ T4257] usbhid: probe of 1-1:0.0 failed with error -71 [ 447.429616][ T4257] usb 1-1: USB disconnect, device number 23 [ 449.632920][ T7702] netlink: 'syz.4.805': attribute type 4 has an invalid length. [ 449.657122][ T4326] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 449.787588][ T4975] block nbd3: Attempted send on invalid socket [ 449.797291][ T4975] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 449.809333][ T7704] FAT-fs (nbd3): unable to read boot sector [ 449.849263][ T4326] usb 1-1: Using ep0 maxpacket: 16 [ 449.861784][ T4326] usb 1-1: config 0 interface 0 has no altsetting 0 [ 449.874725][ T4326] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 449.890770][ T4326] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.904300][ T4326] usb 1-1: config 0 descriptor?? [ 450.373164][ T4326] hid (null): invalid report_size 926495037 [ 450.421809][ T4326] hid (null): invalid report_size 926495037 [ 450.482592][ T4326] hid (null): invalid report_size 825438781 [ 450.515388][ T4326] hid (null): invalid report_size 825438781 [ 450.549527][ T4326] hid (null): invalid report_size 812672573 [ 450.561879][ T7722] loop2: detected capacity change from 0 to 512 [ 450.609181][ T4326] hid (null): invalid report_size 762340925 [ 450.658189][ T7722] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 450.706060][ T4326] usb 1-1: USB disconnect, device number 24 [ 452.076802][ T7722] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 452.298993][ T7735] loop0: detected capacity change from 0 to 256 [ 452.373829][ T7735] FAT-fs (loop0): Directory bread(block 64) failed [ 452.391309][ T7735] FAT-fs (loop0): Directory bread(block 65) failed [ 452.409169][ T7735] FAT-fs (loop0): Directory bread(block 66) failed [ 452.417256][ T7735] FAT-fs (loop0): Directory bread(block 67) failed [ 452.431807][ T7732] loop3: detected capacity change from 0 to 256 [ 452.440573][ T7722] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.813: path /162/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 452.513657][ T7732] exfat: Deprecated parameter 'utf8' [ 452.525241][ T7735] FAT-fs (loop0): Directory bread(block 68) failed [ 452.540886][ T7722] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 12: comm syz.2.813: path /162/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 452.542578][ T7732] exfat: Deprecated parameter 'namecase' [ 452.562714][ T7735] FAT-fs (loop0): Directory bread(block 69) failed [ 452.947828][ T7735] FAT-fs (loop0): Directory bread(block 70) failed [ 453.343842][ T7735] FAT-fs (loop0): Directory bread(block 71) failed [ 453.367803][ T7732] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 453.407201][ T7735] FAT-fs (loop0): Directory bread(block 72) failed [ 453.419792][ T7722] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 13: comm syz.2.813: path /162/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 453.489169][ T7735] FAT-fs (loop0): Directory bread(block 73) failed [ 453.907516][ T4280] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 454.030107][ T4280] EXT4-fs (loop2): unmounting filesystem. [ 454.409014][ T4975] block nbd2: Attempted send on invalid socket [ 454.415885][ T4975] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 454.436176][ T7754] FAT-fs (nbd2): unable to read boot sector [ 456.235326][ T7773] loop5: detected capacity change from 0 to 8192 [ 457.946738][ T7777] loop2: detected capacity change from 0 to 512 [ 458.348038][ T7777] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 458.367251][ T7777] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 459.409481][ T7791] EXT4-fs warning (device loop2): ext4_empty_dir:3156: inode #12: comm syz.2.828: directory missing '..' [ 461.062012][ T4280] EXT4-fs (loop2): unmounting filesystem. [ 464.015089][ T7814] loop2: detected capacity change from 0 to 8192 [ 465.457665][ T7838] 9pnet_fd: Insufficient options for proto=fd [ 466.763368][ T1946] block nbd3: Attempted send on invalid socket [ 466.769812][ T1946] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 466.797064][ T7845] FAT-fs (nbd3): unable to read boot sector [ 472.196143][ T7871] loop2: detected capacity change from 0 to 8192 [ 472.480979][ T7881] fuse: Bad value for 'rootmode' [ 473.273750][ T7864] loop3: detected capacity change from 0 to 40427 [ 473.429371][ T7864] F2FS-fs (loop3): Found nat_bits in checkpoint [ 473.673929][ T7864] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 473.738707][ T7894] 9pnet_fd: Insufficient options for proto=fd [ 473.908402][ T4275] syz-executor: attempt to access beyond end of device [ 473.908402][ T4275] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 474.131535][ T7903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.214419][ T7898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.235243][ T7898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.251587][ T7898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 475.230590][ T4975] block nbd3: Attempted send on invalid socket [ 475.237161][ T4975] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 475.287354][ T7917] FAT-fs (nbd3): unable to read boot sector [ 475.465228][ T7924] tmpfs: Unknown parameter 'usrquota' [ 475.521158][ T7924] i2c i2c-0: Invalid block write size 37 [ 476.240191][ T7930] loop3: detected capacity change from 0 to 512 [ 476.323315][ T7930] EXT4-fs: Ignoring removed nobh option [ 476.496773][ T7930] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c018, mo2=0002] [ 476.521388][ T7930] System zones: 1-12 [ 476.668669][ T7930] EXT4-fs error (device loop3): __ext4_iget:5095: inode #11: block 1: comm syz.3.867: invalid block [ 476.744116][ T7930] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.867: couldn't read orphan inode 11 (err -117) [ 476.828738][ T7930] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 477.045810][ T4275] EXT4-fs (loop3): unmounting filesystem. [ 480.072729][ T7942] loop2: detected capacity change from 0 to 32768 [ 480.220063][ T7948] loop0: detected capacity change from 0 to 32768 [ 480.286403][ T7948] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.871 (7948) [ 480.499726][ T7877] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (7877) [ 480.528644][ T7948] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 480.573030][ T7948] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 480.629020][ T7948] BTRFS info (device loop0): using free space tree [ 480.647606][ T7968] xt_hashlimit: size too large, truncated to 1048576 [ 481.572771][ T7948] BTRFS error (device loop0): open_ctree failed: -12 [ 482.697107][ T4360] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 482.887127][ T4360] usb 3-1: Using ep0 maxpacket: 8 [ 482.917977][ T4360] usb 3-1: unable to get BOS descriptor or descriptor too short [ 483.038711][ T4360] usb 3-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 483.097910][ T4360] usb 3-1: config 12 interface 0 altsetting 7 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 483.181864][ T4360] usb 3-1: config 12 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 483.375462][ T4360] usb 3-1: config 12 interface 0 has no altsetting 0 [ 483.397188][ T4360] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 483.530268][ T4360] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 483.596042][ T4360] usb 3-1: Product: syz [ 483.607252][ T4360] usb 3-1: SerialNumber: syz [ 485.809734][ T8020] loop3: detected capacity change from 0 to 32768 [ 485.886454][ T8020] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.881 (8020) [ 488.158828][ T8033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.886'. [ 488.667765][ T4360] usb 3-1: can't set config #12, error -110 [ 489.602460][ T8047] netlink: 16 bytes leftover after parsing attributes in process `syz.3.889'. [ 489.677445][ T8048] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4) [ 489.684495][ T8048] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 489.734415][ T8048] vhci_hcd vhci_hcd.0: Device attached [ 489.777363][ T8052] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(7) [ 489.783973][ T8052] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 489.808883][ T8052] vhci_hcd vhci_hcd.0: Device attached [ 489.859537][ T8048] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(6) [ 489.866222][ T8048] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 489.904256][ T8048] vhci_hcd vhci_hcd.0: Device attached [ 489.997146][ T4327] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 490.428469][ T8052] loop5: detected capacity change from 0 to 4096 [ 490.679143][ T8059] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 490.720639][ T8055] vhci_hcd: connection closed [ 490.722694][ T8053] vhci_hcd: connection closed [ 490.727867][ T8049] vhci_hcd: connection reset by peer [ 490.778259][ T4460] vhci_hcd: stop threads [ 491.118338][ T4460] vhci_hcd: release socket [ 491.215361][ T4460] vhci_hcd: disconnect device [ 491.377284][ T4460] vhci_hcd: stop threads [ 491.381669][ T4460] vhci_hcd: release socket [ 491.643283][ T4460] vhci_hcd: disconnect device [ 492.040059][ T4460] vhci_hcd: stop threads [ 492.044384][ T4460] vhci_hcd: release socket [ 492.107400][ T4460] vhci_hcd: disconnect device [ 492.286635][ T125] usb 3-1: USB disconnect, device number 8 [ 493.741564][ T8086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.387317][ T4327] vhci_hcd: vhci_device speed not set [ 498.866190][ T8099] loop2: detected capacity change from 0 to 40427 [ 498.913339][ T8099] F2FS-fs (loop2): build fault injection attr: rate: 174, type: 0x3ffff [ 499.001813][ T8118] Set syz0 is full, maxelem 0 reached [ 499.287984][ T4327] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 499.488823][ T4327] usb 1-1: config 0 has an invalid interface number: 217 but max is 0 [ 499.517170][ T4327] usb 1-1: config 0 has no interface number 0 [ 499.541861][ T4327] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 499.586996][ T4327] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.632663][ T4327] usb 1-1: Product: syz [ 499.657550][ T4327] usb 1-1: Manufacturer: syz [ 499.662230][ T4327] usb 1-1: SerialNumber: syz [ 499.700867][ T4327] usb 1-1: config 0 descriptor?? [ 499.725929][ T4327] hub 1-1:0.217: bad descriptor, ignoring hub [ 499.746098][ T4327] hub: probe of 1-1:0.217 failed with error -5 [ 499.800141][ T8110] loop5: detected capacity change from 0 to 32768 [ 499.909273][ T8117] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 499.958086][ T8110] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 499.971765][ T4327] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 500.000325][ T8110] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 500.014592][ T4327] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 500.045782][ T8110] BTRFS warning (device loop5): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 500.061066][ T4327] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 500.093537][ T4327] usb 1-1: media controller created [ 500.102651][ T8110] BTRFS info (device loop5): trying to use backup root at mount time [ 500.117185][ T8110] BTRFS info (device loop5): turning on flush-on-commit [ 500.129071][ T8110] BTRFS info (device loop5): enabling disk space caching [ 500.167039][ T8110] BTRFS info (device loop5): force zlib compression, level 3 [ 500.197171][ T8110] BTRFS error (device loop5): cannot disable free space tree [ 500.205706][ T4327] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 500.239987][ T8110] BTRFS error (device loop5): open_ctree failed: -22 [ 500.423021][ T8120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by udevd (8120) [ 500.604030][ T8123] loop2: detected capacity change from 0 to 32768 [ 500.661660][ T8123] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.907 (8123) [ 500.674118][ T4327] DVB: Unable to find symbol dib7000p_attach() [ 500.674166][ T4327] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 500.884587][ T8123] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 500.933065][ T8123] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 500.976140][ T8123] BTRFS info (device loop2): using free space tree [ 501.127301][ T4327] rc_core: IR keymap rc-dib0700-rc5 not found [ 501.133485][ T4327] Registered IR keymap rc-empty [ 501.208457][ T4327] dvb-usb: could not initialize remote control. [ 501.214897][ T4327] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 501.240971][ T4327] usb 1-1: USB disconnect, device number 25 [ 501.350037][ T4327] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 501.367519][ T8123] BTRFS info (device loop2): enabling ssd optimizations [ 501.549449][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.556598][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.726225][ T8158] netlink: 16 bytes leftover after parsing attributes in process `syz.4.911'. [ 501.880818][ T26] audit: type=1800 audit(1769955413.147:177): pid=8123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.907" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 502.131912][ T26] audit: type=1804 audit(1769955413.397:178): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.907" name="/newroot/180/file0/file1" dev="loop2" ino=261 res=1 errno=0 [ 502.604289][ T8151] loop3: detected capacity change from 0 to 32768 [ 502.714046][ T8151] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 502.757204][ T8151] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 502.812647][ T8151] BTRFS info (device loop3): using free space tree [ 502.945384][ T4280] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 503.167143][ T8151] BTRFS info (device loop3): enabling ssd optimizations [ 503.653258][ T8165] loop5: detected capacity change from 0 to 32768 [ 503.764220][ T8165] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 503.830765][ T4640] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 503.913081][ T8165] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 503.915193][ T4275] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 503.986396][ T8165] BTRFS warning (device loop5): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 504.024085][ T8165] BTRFS info (device loop5): trying to use backup root at mount time [ 504.067735][ T8165] BTRFS info (device loop5): setting nodatasum [ 504.121336][ T8165] BTRFS info (device loop5): force zlib compression, level 3 [ 504.167760][ T8165] BTRFS info (device loop5): setting nodatacow [ 504.174027][ T8165] BTRFS info (device loop5): turning on flush-on-commit [ 504.227099][ T8165] BTRFS info (device loop5): disabling tree log [ 504.233440][ T8165] BTRFS info (device loop5): using free space tree [ 504.639746][ T8165] BTRFS info (device loop5): enabling ssd optimizations [ 506.925774][ T26] audit: type=1800 audit(1769955418.187:179): pid=8165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.912" name="file2" dev="loop5" ino=261 res=0 errno=0 [ 507.488032][ T4968] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 507.788675][ T8120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop5 scanned by udevd (8120) [ 509.065820][ T8261] netlink: 'syz.2.924': attribute type 10 has an invalid length. [ 509.128929][ T8261] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 509.186817][ T8262] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 509.235965][ T8262] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 509.307290][ T8262] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 509.327796][ T8262] device bridge_slave_0 left promiscuous mode [ 509.344773][ T8262] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.426164][ T8266] netlink: 16 bytes leftover after parsing attributes in process `syz.5.925'. [ 509.453320][ T8262] device bridge_slave_1 left promiscuous mode [ 509.483878][ T8262] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.545131][ T8262] bond0: (slave bond_slave_0): Releasing backup interface [ 509.635776][ T8262] bond0: (slave bond_slave_1): Releasing backup interface [ 510.794588][ T8279] loop3: detected capacity change from 0 to 256 [ 510.857009][ T8262] team0: Port device team_slave_0 removed [ 510.914283][ T8279] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 511.047987][ T8262] team0: Port device team_slave_1 removed [ 511.093451][ T8262] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 511.119609][ T8279] syz.3.928: attempt to access beyond end of device [ 511.119609][ T8279] loop3: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 511.176453][ T8262] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 511.252017][ T8262] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 511.278725][ T8279] syz.3.928: attempt to access beyond end of device [ 511.278725][ T8279] loop3: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 511.303373][ T8262] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 511.372298][ T8279] syz.3.928: attempt to access beyond end of device [ 511.372298][ T8279] loop3: rw=0, sector=280, nr_sectors = 8 limit=256 [ 511.396025][ T8262] bond0: (slave netdevsim0): Releasing backup interface [ 511.428850][ T26] audit: type=1800 audit(1769955422.697:180): pid=8279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.928" name="file1" dev="loop3" ino=1048620 res=0 errno=0 [ 512.674065][ T8305] netlink: 20 bytes leftover after parsing attributes in process `syz.0.933'. [ 512.689016][ T8305] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 512.698378][ T8305] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 512.707543][ T8305] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 512.716522][ T8305] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 512.729576][ T8305] netlink: 20 bytes leftover after parsing attributes in process `syz.0.933'. [ 512.868146][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 512.910000][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 514.653480][ T8319] fuse: Bad value for 'fd' [ 516.736848][ T8336] fuse: Bad value for 'fd' [ 518.423618][ T8307] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.432827][ T8307] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.442383][ T8307] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.451955][ T8307] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 518.574570][ T46] bond0: (slave bond_slave_0): interface is now down [ 518.585676][ T8354] netlink: 'syz.3.947': attribute type 10 has an invalid length. [ 518.588675][ T46] bond0: (slave bond_slave_1): interface is now down [ 518.640369][ T8354] device syz_tun entered promiscuous mode [ 518.669902][ T8354] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 518.678825][ T46] bond0: (slave bond_slave_0): interface is now down [ 518.693768][ T46] bond0: (slave bond_slave_1): interface is now down [ 518.731247][ T46] bond0: (slave syz_tun): interface is now down [ 518.802913][ T46] bond0: now running without any active interface! [ 519.035684][ T8361] device syzkaller0 entered promiscuous mode [ 519.114920][ T8371] fuse: Bad value for 'fd' [ 521.715164][ T8413] Set syz0 is full, maxelem 0 reached [ 522.037244][ T8225] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 522.383241][ T8225] usb 3-1: config 0 has an invalid interface number: 217 but max is 0 [ 522.854772][ T8225] usb 3-1: config 0 has no interface number 0 [ 523.190349][ T8225] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 523.264090][ T8225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.305938][ T8225] usb 3-1: Product: syz [ 523.314047][ T8225] usb 3-1: Manufacturer: syz [ 523.320106][ T8225] usb 3-1: SerialNumber: syz [ 523.491898][ T8225] usb 3-1: config 0 descriptor?? [ 523.503906][ T8225] hub 3-1:0.217: bad descriptor, ignoring hub [ 523.510465][ T8225] hub: probe of 3-1:0.217 failed with error -5 [ 523.543047][ T8432] netlink: 28 bytes leftover after parsing attributes in process `syz.4.974'. [ 523.717543][ T8413] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 524.609887][ T8444] loop6: detected capacity change from 0 to 7 [ 524.730664][ T8444] Dev loop6: unable to read RDB block 7 [ 524.737918][ T8444] loop6: unable to read partition table [ 524.744410][ T8444] loop6: partition table beyond EOD, truncated [ 524.751088][ T8444] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 524.889401][ T8446] autofs4:pid:8446:autofs_fill_super: called with bogus options [ 524.971558][ T8225] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 525.452925][ T8225] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 525.477001][ T8225] dib0700: firmware download failed at 7 with -22 [ 525.507972][ T8225] usb 3-1: USB disconnect, device number 9 [ 525.654337][ T8459] netlink: 36 bytes leftover after parsing attributes in process `syz.4.976'. [ 525.817419][ T8462] tmpfs: Unknown parameter 'usrquota' [ 525.871787][ T8462] i2c i2c-0: Invalid block write size 37 [ 528.771312][ T8489] netlink: 28 bytes leftover after parsing attributes in process `syz.0.986'. [ 529.879620][ T8513] autofs4:pid:8513:autofs_fill_super: called with bogus options [ 530.122485][ T8515] netlink: 20 bytes leftover after parsing attributes in process `syz.2.993'. [ 530.147638][ T8515] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 530.156489][ T8515] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 530.165642][ T8515] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 530.174421][ T8515] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 530.189950][ T8519] Set syz0 is full, maxelem 0 reached [ 530.257365][ T8515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'. [ 530.476999][ T8249] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 530.691845][ T8249] usb 6-1: config 0 has an invalid interface number: 217 but max is 0 [ 530.867071][ T8249] usb 6-1: config 0 has no interface number 0 [ 530.888791][ T8249] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 530.921037][ T8249] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.567022][ T8249] usb 6-1: Product: syz [ 531.571312][ T8249] usb 6-1: Manufacturer: syz [ 531.576115][ T8249] usb 6-1: SerialNumber: syz [ 531.584589][ T8249] usb 6-1: config 0 descriptor?? [ 531.600897][ T8249] hub 6-1:0.217: bad descriptor, ignoring hub [ 531.610386][ T8249] hub: probe of 6-1:0.217 failed with error -5 [ 531.776775][ T8535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1000'. [ 531.799047][ T8518] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 531.837828][ T8249] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 531.888118][ T8249] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 531.927454][ T8249] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 531.977198][ T8249] usb 6-1: media controller created [ 532.002798][ T8249] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 532.101760][ T8539] device syzkaller0 entered promiscuous mode [ 532.286758][ T8249] DVB: Unable to find symbol dib7000p_attach() [ 532.293226][ T8249] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 532.332685][ T8543] 9pnet_virtio: no channels available for device syz [ 532.667529][ T8249] rc_core: IR keymap rc-dib0700-rc5 not found [ 532.678548][ T8249] Registered IR keymap rc-empty [ 532.693818][ T8249] dvb-usb: could not initialize remote control. [ 532.711538][ T8249] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 532.792101][ T8249] usb 6-1: USB disconnect, device number 5 [ 532.885612][ T8553] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1006'. [ 532.925228][ T8554] binder: BINDER_SET_CONTEXT_MGR already set [ 532.938169][ T8249] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 532.948424][ T8553] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1006'. [ 532.959240][ T8554] binder: 8552:8554 ioctl 4018620d 200000000040 returned -16 [ 533.170822][ T8561] autofs4:pid:8561:autofs_fill_super: called with bogus options [ 533.311167][ T8562] loop3: detected capacity change from 0 to 4096 [ 535.291981][ T8591] netlink: 'syz.5.1016': attribute type 4 has an invalid length. [ 536.345040][ T8606] overlayfs: failed to resolve './file1': -2 [ 536.863674][ T26] audit: type=1800 audit(1769955448.127:181): pid=8582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1009" name="file1" dev="loop3" ino=33 res=0 errno=0 [ 539.032789][ T8637] netlink: 'syz.3.1031': attribute type 4 has an invalid length. [ 539.070719][ T8637] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1031'. [ 539.095670][ T8621] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.103406][ T8621] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.309574][ T8644] 9pnet_fd: Insufficient options for proto=fd [ 539.604559][ T8649] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1036'. [ 539.647684][ T8624] loop5: detected capacity change from 0 to 32768 [ 539.697801][ T8455] I/O error, dev loop5, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 541.222954][ T8660] 9pnet_virtio: no channels available for device syz [ 541.579602][ T8621] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 541.725603][ T8621] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 544.833217][ T8621] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.842671][ T8621] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.851778][ T8621] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.860759][ T8621] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.045049][ T8621] batman_adv: batadv0: Interface deactivated: gretap1 [ 545.087578][ T8671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1041'. [ 545.207288][ T8692] tmpfs: Unknown parameter 'usrquota' [ 545.501733][ T8698] loop6: detected capacity change from 0 to 7 [ 545.513101][ T8698] Dev loop6: unable to read RDB block 7 [ 545.518996][ T8698] loop6: unable to read partition table [ 545.525370][ T8698] loop6: partition table beyond EOD, truncated [ 545.531910][ T8698] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 545.693936][ T8701] autofs4:pid:8701:autofs_fill_super: called with bogus options [ 546.408533][ T8705] 9pnet_virtio: no channels available for device syz [ 546.610235][ T8708] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1051'. [ 548.104621][ T8738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1058'. [ 548.957776][ T8724] loop3: detected capacity change from 0 to 32768 [ 548.996123][ T8724] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1057 (8724) [ 549.041593][ T8724] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 549.075884][ T8724] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 549.105155][ T8724] BTRFS info (device loop3): using free space tree [ 549.387173][ T8724] BTRFS info (device loop3): enabling ssd optimizations [ 549.617597][ T8768] 9pnet_virtio: no channels available for device syz [ 549.699248][ T4275] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 549.789952][ T4432] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 550.399108][ T26] audit: type=1326 audit(1769955461.587:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.2.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 550.610288][ T26] audit: type=1326 audit(1769955461.587:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.2.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 550.633385][ T26] audit: type=1326 audit(1769955461.587:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.2.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 550.795592][ T26] audit: type=1326 audit(1769955461.587:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.2.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 551.136370][ T8793] fuse: Bad value for 'fd' [ 551.172885][ T26] audit: type=1326 audit(1769955461.587:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8775 comm="syz.2.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 552.755032][ T8808] loop6: detected capacity change from 0 to 7 [ 552.787557][ T8455] Dev loop6: unable to read RDB block 7 [ 552.890403][ T8455] loop6: unable to read partition table [ 553.657241][ T8455] loop6: partition table beyond EOD, truncated [ 554.108045][ T26] audit: type=1326 audit(1769955465.377:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d63d9aeb9 code=0x7ffc0000 [ 554.288532][ T26] audit: type=1326 audit(1769955465.377:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d63d9aeb9 code=0x7ffc0000 [ 554.320262][ T26] audit: type=1326 audit(1769955465.377:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8d63d9aeb9 code=0x7ffc0000 [ 554.347658][ T8826] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1083'. [ 554.357338][ T26] audit: type=1326 audit(1769955465.377:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d63d9aeb9 code=0x7ffc0000 [ 554.383066][ T26] audit: type=1326 audit(1769955465.377:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d63d9aeb9 code=0x7ffc0000 [ 555.668894][ T8838] netlink: 'syz.0.1082': attribute type 4 has an invalid length. [ 556.620372][ T8848] fuse: Bad value for 'fd' [ 560.458090][ T8867] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1094'. [ 560.472689][ T8867] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 560.481702][ T8867] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 560.490627][ T8867] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 560.499835][ T8867] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 560.518449][ T8868] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1094'. [ 560.581754][ T8867] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1094'. [ 560.624644][ T8868] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1094'. [ 561.131697][ T8878] netlink: 'syz.3.1098': attribute type 29 has an invalid length. [ 561.155927][ T8878] netlink: 'syz.3.1098': attribute type 29 has an invalid length. [ 561.169705][ T8878] netlink: 'syz.3.1098': attribute type 29 has an invalid length. [ 561.183249][ T8878] netlink: 'syz.3.1098': attribute type 29 has an invalid length. [ 561.203441][ T8878] netlink: 'syz.3.1098': attribute type 29 has an invalid length. [ 563.387397][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.393899][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.507902][ T8896] tmpfs: Unknown parameter 'usrquota' [ 563.607878][ T8898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1104'. [ 564.604070][ T8909] netlink: 'syz.0.1105': attribute type 4 has an invalid length. [ 565.581874][ T8918] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1110'. [ 565.595168][ T8918] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1110'. [ 569.229580][ T8936] netlink: 'syz.2.1114': attribute type 10 has an invalid length. [ 569.283182][ T8936] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1114'. [ 569.310498][ T8936] netlink: 'syz.2.1114': attribute type 10 has an invalid length. [ 569.325918][ T8940] tmpfs: Unknown parameter 'usrquota' [ 569.334480][ T8936] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1114'. [ 569.405496][ T26] audit: type=1326 audit(1769955480.667:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8931 comm="syz.4.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 569.545926][ T26] audit: type=1326 audit(1769955480.697:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8931 comm="syz.4.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 569.625121][ T26] audit: type=1326 audit(1769955480.697:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8931 comm="syz.4.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 569.722834][ T26] audit: type=1326 audit(1769955480.697:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8931 comm="syz.4.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 573.473280][ T8978] autofs4:pid:8978:autofs_fill_super: called with bogus options [ 574.093122][ T8985] fuse: Bad value for 'fd' [ 574.748419][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1135'. [ 574.781718][ T9002] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 574.790651][ T9002] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 574.799481][ T9002] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 574.808385][ T9002] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 574.889192][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1135'. [ 575.475907][ T9024] netlink: 'syz.4.1144': attribute type 11 has an invalid length. [ 576.037165][ T26] audit: type=1326 audit(1769955487.307:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.3.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 576.061365][ T26] audit: type=1326 audit(1769955487.327:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.3.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 576.124125][ T26] audit: type=1326 audit(1769955487.327:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.3.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 576.230708][ T26] audit: type=1326 audit(1769955487.327:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.3.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 576.489737][ T9044] netlink: 'syz.0.1150': attribute type 29 has an invalid length. [ 576.517743][ T9044] netlink: 'syz.0.1150': attribute type 29 has an invalid length. [ 576.527461][ T9044] netlink: 'syz.0.1150': attribute type 29 has an invalid length. [ 576.570738][ T9044] netlink: 'syz.0.1150': attribute type 29 has an invalid length. [ 576.589529][ T9044] netlink: 'syz.0.1150': attribute type 29 has an invalid length. [ 576.927194][ T9056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1154'. [ 576.954853][ T9056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1154'. [ 578.336405][ T9075] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1160'. [ 578.448697][ T9075] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1160'. [ 580.287532][ T9090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1165'. [ 581.428991][ T9103] loop6: detected capacity change from 0 to 7 [ 581.439160][ T9103] Dev loop6: unable to read RDB block 7 [ 581.444944][ T9103] loop6: unable to read partition table [ 581.451498][ T9103] loop6: partition table beyond EOD, truncated [ 581.457931][ T9103] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü¾SêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 581.626237][ T9106] autofs4:pid:9106:autofs_fill_super: called with bogus options [ 582.760100][ T26] audit: type=1326 audit(1769955494.027:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.2.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 582.984375][ T26] audit: type=1326 audit(1769955494.047:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.2.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 583.102643][ T26] audit: type=1326 audit(1769955494.047:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.2.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 583.137109][ T26] audit: type=1326 audit(1769955494.047:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9108 comm="syz.2.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x7ffc0000 [ 584.693953][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1178'. [ 586.229886][ T9146] 9pnet_virtio: no channels available for device syz [ 587.481688][ T9169] Set syz0 is full, maxelem 0 reached [ 587.631290][ T9169] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 588.628359][ T9194] netlink: 'syz.2.1192': attribute type 29 has an invalid length. [ 588.743634][ T9194] netlink: 'syz.2.1192': attribute type 29 has an invalid length. [ 588.801086][ T9195] netlink: 'syz.2.1192': attribute type 29 has an invalid length. [ 588.854322][ T9200] netlink: 'syz.2.1192': attribute type 29 has an invalid length. [ 588.876027][ T9196] netlink: 'syz.2.1192': attribute type 29 has an invalid length. [ 589.483563][ T9209] 9pnet_virtio: no channels available for device syz [ 591.769245][ T26] audit: type=1326 audit(1769955503.037:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.0.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 591.966566][ T26] audit: type=1326 audit(1769955503.037:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9239 comm="syz.0.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 592.500499][ T9247] netlink: 'syz.3.1207': attribute type 10 has an invalid length. [ 593.119654][ T9247] team0: Device ipvlan1 failed to register rx_handler [ 594.355486][ T9257] 9pnet_virtio: no channels available for device syz [ 594.497715][ T9247] syz.3.1207 (9247) used greatest stack depth: 20432 bytes left [ 595.631943][ T9274] 9pnet_fd: Insufficient options for proto=fd [ 596.345132][ T26] audit: type=1326 audit(1769955507.607:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9282 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 597.237002][ T26] audit: type=1326 audit(1769955507.607:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9282 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 597.431665][ T26] audit: type=1326 audit(1769955507.607:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9282 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 597.530129][ T26] audit: type=1326 audit(1769955507.607:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9282 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 597.601533][ T9301] 9pnet_virtio: no channels available for device syz [ 597.612086][ T26] audit: type=1326 audit(1769955507.607:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9282 comm="syz.3.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 598.094529][ T9310] 9pnet_fd: Insufficient options for proto=fd [ 599.254730][ T1946] block nbd5: Attempted send on invalid socket [ 599.262458][ T1946] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 599.287098][ T9322] FAT-fs (nbd5): unable to read boot sector [ 599.599795][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 599.621841][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 600.173594][ T9343] 9pnet_virtio: no channels available for device syz [ 600.385898][ T9349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1240'. [ 601.323946][ T9367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1247'. [ 601.340322][ T9367] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.349168][ T9367] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.357981][ T9367] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.366817][ T9367] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 601.498629][ T9367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1247'. [ 603.063567][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1259'. [ 603.111559][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1263'. [ 603.133201][ T9409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1263'. [ 603.167711][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1263'. [ 603.177883][ T9409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1263'. [ 604.951241][ T9433] __nla_validate_parse: 1 callbacks suppressed [ 604.951262][ T9433] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1271'. [ 605.701365][ T9451] netlink: 'syz.2.1276': attribute type 10 has an invalid length. [ 606.015913][ T9451] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 606.196302][ T9455] bond0: (slave netdevsim0): Releasing backup interface [ 606.545124][ T9456] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 607.051038][ T9475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1281'. [ 607.458073][ T9478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1282'. [ 607.548783][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1282'. [ 607.622569][ T9478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1282'. [ 607.717093][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1282'. [ 608.965300][ T9507] autofs4:pid:9507:autofs_fill_super: called with bogus options [ 610.287634][ T9517] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1294'. [ 610.330733][ T9519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1293'. [ 610.684194][ T9527] fuse: Bad value for 'group_id' [ 611.660164][ T9536] netlink: 'syz.4.1296': attribute type 4 has an invalid length. [ 615.376479][ T9567] 9pnet: Could not find request transport: virt [ 617.473663][ T9616] 9pnet: Could not find request transport: virt [ 621.355486][ T9669] 9pnet_virtio: no channels available for device syz [ 622.009868][ T9694] autofs4:pid:9694:autofs_fill_super: called with bogus options [ 623.323823][ T9714] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 623.766717][ T9707] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.774085][ T9707] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.431467][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.437953][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.811893][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 624.867973][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 625.468905][ T9707] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.479374][ T9707] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.488447][ T9707] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.497829][ T9707] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.619676][ T9707] batman_adv: batadv0: Interface deactivated: gretap1 [ 625.657662][ T9707] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 625.666796][ T9707] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 625.675871][ T9707] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 625.685252][ T9707] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 625.704432][ T9709] netlink: 'syz.0.1345': attribute type 10 has an invalid length. [ 625.738427][ T9709] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 625.824290][ T9712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 625.832561][ T9712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 625.849955][ T9712] device bridge_slave_0 left promiscuous mode [ 625.856382][ T9712] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.867689][ T9712] device bridge_slave_1 left promiscuous mode [ 625.873984][ T9712] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.886479][ T9712] bond0: (slave bond_slave_0): Releasing backup interface [ 625.926383][ T9712] bond0: (slave bond_slave_1): Releasing backup interface [ 625.986289][ T9712] team0: Port device team_slave_0 removed [ 626.057226][ T9712] team0: Port device team_slave_1 removed [ 626.080540][ T9712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.092505][ T9712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.102153][ T9712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.109816][ T9712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.123147][ T9712] bond0: (slave netdevsim0): Releasing backup interface [ 626.138410][ T9712] batman_adv: batadv0: Interface deactivated: gretap1 [ 626.153178][ T9712] batman_adv: batadv0: Removing interface: gretap1 [ 626.207176][ T9753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1354'. [ 626.364202][ T9758] netlink: 'syz.0.1355': attribute type 5 has an invalid length. [ 626.391304][ T9758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1355'. [ 626.414541][ T9758] netlink: 'syz.0.1355': attribute type 5 has an invalid length. [ 626.453662][ T9758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1355'. [ 628.201445][ T9804] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1368'. [ 628.514205][ T9819] autofs4:pid:9819:autofs_fill_super: called with bogus options [ 630.491204][ T9875] autofs4:pid:9875:autofs_fill_super: called with bogus options [ 630.744550][ T9880] Set syz0 is full, maxelem 0 reached [ 630.768291][ T9880] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 632.542970][ T26] audit: type=1326 audit(1769955543.807:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9898 comm="syz.3.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 632.636030][ T26] audit: type=1326 audit(1769955543.837:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9898 comm="syz.3.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 632.744118][ T26] audit: type=1326 audit(1769955543.837:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9898 comm="syz.3.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 632.817310][ T26] audit: type=1326 audit(1769955543.847:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9898 comm="syz.3.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 633.356068][ T9926] overlayfs: failed to clone upperpath [ 634.904650][ T9937] 9pnet_virtio: no channels available for device syz [ 636.219103][ T9975] 9pnet_virtio: no channels available for device syz [ 636.706892][ T9988] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1428'. [ 637.842590][T10003] netlink: 'syz.5.1434': attribute type 10 has an invalid length. [ 637.861337][ T26] audit: type=1326 audit(1769955549.127:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 637.914462][T10003] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1434'. [ 637.944950][T10003] netlink: 'syz.5.1434': attribute type 10 has an invalid length. [ 637.970932][ T26] audit: type=1326 audit(1769955549.127:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 637.993811][T10003] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1434'. [ 638.024354][T10001] netlink: 'syz.5.1434': attribute type 10 has an invalid length. [ 638.042686][ T26] audit: type=1326 audit(1769955549.127:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 638.057624][T10001] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1434'. [ 638.125706][ T26] audit: type=1326 audit(1769955549.127:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 638.236981][ T26] audit: type=1326 audit(1769955549.127:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9981 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ac0d9aeb9 code=0x7ffc0000 [ 638.382801][T10013] fuse: Bad value for 'group_id' [ 638.407510][T10017] 9pnet_virtio: no channels available for device syz [ 638.836984][ T26] audit: type=1326 audit(1769955550.097:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.5.1443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d63d9aeb9 code=0x0 [ 639.047304][T10033] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1445'. [ 639.076600][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1445'. [ 639.124278][T10033] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1445'. [ 639.156458][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1445'. [ 639.358657][T10039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1447'. [ 639.791755][T10051] fuse: Unknown parameter 'grou00000000000000000000' [ 640.296422][T10060] fuse: Bad value for 'group_id' [ 641.013539][T10069] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1457'. [ 641.313762][T10074] netlink: 'syz.5.1460': attribute type 10 has an invalid length. [ 641.333518][T10074] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 641.367056][T10074] device bridge_slave_0 left promiscuous mode [ 641.392183][T10074] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.439503][T10078] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 641.484250][T10074] device bridge_slave_1 left promiscuous mode [ 641.507091][T10074] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.545213][T10074] bond0: (slave bond_slave_0): Releasing backup interface [ 641.576991][T10074] bond0: (slave bond_slave_1): Releasing backup interface [ 641.618315][T10074] team0: Port device team_slave_0 removed [ 641.645523][T10074] team0: Port device team_slave_1 removed [ 641.661989][T10074] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.676760][T10074] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 641.700896][T10074] bond0: (slave netdevsim0): Releasing backup interface [ 641.777201][T10074] batman_adv: batadv0: Removing interface: gretap1 [ 642.091570][T10090] __nla_validate_parse: 4 callbacks suppressed [ 642.091586][T10090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1464'. [ 642.164227][ T26] audit: type=1326 audit(1769955553.427:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 642.368505][ T26] audit: type=1326 audit(1769955553.427:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 642.452410][ T26] audit: type=1326 audit(1769955553.427:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 642.639352][ T26] audit: type=1326 audit(1769955553.427:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 642.650015][T10085] netlink: 'syz.3.1463': attribute type 4 has an invalid length. [ 645.197322][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1471'. [ 646.596075][T10132] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1478'. [ 646.619471][T10132] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1478'. [ 647.038667][T10138] Set syz0 is full, maxelem 0 reached [ 647.063381][T10138] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 647.405011][T10149] 9pnet_virtio: no channels available for device syz [ 648.063480][T10160] netlink: 'syz.2.1488': attribute type 10 has an invalid length. [ 648.089302][T10160] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 648.140370][T10160] bond0: (slave netdevsim0): Releasing backup interface [ 648.458441][T10166] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1491'. [ 648.479566][T10166] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1491'. [ 649.332117][T10178] 9pnet_virtio: no channels available for device syz [ 649.408946][T10158] overlayfs: failed to clone upperpath [ 649.618022][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1497'. [ 649.636281][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1497'. [ 649.663899][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1497'. [ 649.693021][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1497'. [ 649.722165][T10184] Set syz0 is full, maxelem 0 reached [ 649.750545][T10184] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 649.877779][T10188] netlink: 'syz.4.1501': attribute type 10 has an invalid length. [ 649.894711][T10188] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 649.917850][T10188] device bridge_slave_0 left promiscuous mode [ 649.932579][T10188] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.953035][T10188] device bridge_slave_1 left promiscuous mode [ 649.963293][T10188] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.005384][T10188] bond0: (slave bond_slave_0): Releasing backup interface [ 650.015510][T10188] bond0: (slave bond_slave_1): Releasing backup interface [ 650.049415][T10188] team0: Port device team_slave_0 removed [ 650.085224][T10188] team0: Port device team_slave_1 removed [ 650.101729][T10188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.128788][T10188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.153810][T10188] bond0: (slave netdevsim0): Releasing backup interface [ 650.175845][T10188] batman_adv: batadv0: Removing interface: gretap1 [ 650.201932][T10192] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1502'. [ 650.222201][T10193] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1502'. [ 650.735883][T10204] 9pnet_virtio: no channels available for device syz [ 652.158195][T10224] netlink: 'syz.5.1514': attribute type 10 has an invalid length. [ 652.179641][T10224] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 652.234047][T10224] bond0: (slave netdevsim0): Releasing backup interface [ 652.333060][T10228] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1515'. [ 652.347483][T10230] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1515'. [ 652.517706][T10202] overlayfs: failed to clone upperpath [ 652.675134][T10239] 9pnet_virtio: no channels available for device syz [ 654.475665][T10271] __nla_validate_parse: 1 callbacks suppressed [ 654.475681][T10271] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1528'. [ 654.667575][T10271] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1528'. [ 655.201359][T10281] netlink: 'syz.3.1530': attribute type 10 has an invalid length. [ 655.383863][T10281] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 655.393100][ T9] bond0: (slave netdevsim0): interface is now down [ 655.418483][ T9] bond0: (slave netdevsim0): interface is now down [ 655.497088][T10282] bond0: (slave syz_tun): Releasing backup interface [ 655.504176][ T9] bond0: (slave netdevsim0): interface is now down [ 655.557091][ T30] bond0: (slave netdevsim0): interface is now down [ 655.594959][T10282] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 655.620618][ T4640] bond0: (slave netdevsim0): interface is now down [ 655.647088][ T4640] bond0: (slave netdevsim0): interface is now down [ 655.676334][T10282] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 655.686268][T10286] 9pnet_virtio: no channels available for device syz [ 655.687303][ T30] bond0: (slave netdevsim0): interface is now down [ 655.708025][T10282] device bridge_slave_0 left promiscuous mode [ 655.743356][T10282] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.772302][T10282] device bridge_slave_1 left promiscuous mode [ 655.778537][ T9] bond0: (slave netdevsim0): interface is now down [ 655.817285][T10282] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.837038][ T30] bond0: (slave netdevsim0): interface is now down [ 655.856986][ T4640] bond0: (slave netdevsim0): interface is now down [ 655.877658][ T4640] bond0: (slave netdevsim0): interface is now down [ 655.897912][T10282] bond0: (slave bond_slave_0): Releasing backup interface [ 655.907033][ T9] bond0: (slave netdevsim0): interface is now down [ 655.937087][ T30] bond0: (slave netdevsim0): interface is now down [ 655.974624][ T30] bond0: (slave netdevsim0): interface is now down [ 655.997793][T10282] bond0: (slave bond_slave_1): Releasing backup interface [ 656.007026][ T30] bond0: (slave netdevsim0): interface is now down [ 656.057035][ T30] bond0: (slave netdevsim0): interface is now down [ 656.098085][ T30] bond0: (slave netdevsim0): interface is now down [ 656.197142][ T30] bond0: (slave netdevsim0): interface is now down [ 656.239391][ T30] bond0: (slave netdevsim0): interface is now down [ 656.308333][T10282] team0: Port device team_slave_0 removed [ 656.350281][ T9] bond0: (slave netdevsim0): interface is now down [ 656.373738][T10282] team0: Port device team_slave_1 removed [ 656.405660][ T4640] bond0: (slave netdevsim0): interface is now down [ 656.423218][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 656.467050][ T4640] bond0: (slave netdevsim0): interface is now down [ 656.487224][T10282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 656.517165][ T4640] bond0: (slave netdevsim0): interface is now down [ 656.528390][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 656.537695][ T30] bond0: (slave netdevsim0): interface is now down [ 656.568573][ T9] bond0: (slave netdevsim0): interface is now down [ 656.588388][ T30] bond0: (slave netdevsim0): interface is now down [ 656.597235][T10282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 656.607398][ T30] bond0: (slave netdevsim0): interface is now down [ 656.627155][ T4640] bond0: (slave netdevsim0): interface is now down [ 656.643191][T10282] bond0: (slave netdevsim0): Releasing backup interface [ 656.683396][T10282] batman_adv: batadv0: Interface deactivated: gretap1 [ 656.813341][T10282] batman_adv: batadv0: Removing interface: gretap1 [ 657.737568][T10300] 9pnet_fd: Insufficient options for proto=fd [ 657.775098][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1537'. [ 657.806375][T10302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1537'. [ 657.826604][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1537'. [ 657.846028][T10302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1537'. [ 660.478121][T10345] netlink: 'syz.5.1550': attribute type 10 has an invalid length. [ 660.559024][T10345] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 660.578994][T10346] bond0: (slave netdevsim0): Releasing backup interface [ 660.694241][T10348] overlayfs: failed to clone upperpath [ 661.796719][T10356] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1554'. [ 661.818984][T10356] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1554'. [ 661.959608][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1557'. [ 661.985021][T10360] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1557'. [ 662.030986][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1557'. [ 662.045287][T10360] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1557'. [ 663.825452][T10394] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1567'. [ 663.858132][T10394] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1567'. [ 666.770210][T10438] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1582'. [ 666.803998][T10438] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1582'. [ 670.847332][T10471] syz.2.1590 (10471) used greatest stack depth: 17976 bytes left [ 671.072682][T10475] capability: warning: `syz.5.1591' uses 32-bit capabilities (legacy support in use) [ 673.248879][T10506] Set syz0 is full, maxelem 0 reached [ 673.260099][T10506] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 675.847060][T10554] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1621'. [ 676.527239][T10560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'. [ 676.575869][T10560] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1623'. [ 676.658237][T10560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'. [ 676.690855][T10560] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1623'. [ 676.801348][T10565] batman_adv: batadv0: Adding interface: gretap1 [ 676.807840][T10565] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.834237][T10565] batman_adv: batadv0: Interface activated: gretap1 [ 676.999236][T10570] 9pnet_virtio: no channels available for device syz [ 677.632868][T10579] fuse: Unknown parameter 'group_id00000000000000000000' [ 679.005778][T10608] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1638'. [ 679.015318][T10608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1638'. [ 679.025285][T10608] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1638'. [ 679.034660][T10608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1638'. [ 679.261323][T10613] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1639'. [ 679.600290][T10620] xt_hashlimit: size too large, truncated to 1048576 [ 680.597403][T10626] Set syz0 is full, maxelem 0 reached [ 680.654031][T10626] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 680.682203][T10630] fuse: Unknown parameter 'group_id00000000000000000000' [ 681.297007][T10642] bridge_slave_0: default FDB implementation only supports local addresses [ 685.871819][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.878927][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.576016][T10688] autofs4:pid:10688:autofs_fill_super: called with bogus options [ 687.490194][T10696] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1667'. [ 689.855947][T10734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1677'. [ 692.495491][T10767] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1690'. [ 692.615262][T10775] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1692'. [ 692.977934][T10776] netlink: 'syz.5.1691': attribute type 4 has an invalid length. [ 696.106765][T10809] 9pnet_fd: Insufficient options for proto=fd [ 696.185302][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 696.185318][ T26] audit: type=1326 audit(1769955607.447:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10806 comm="syz.2.1700" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f575cf9aeb9 code=0x0 [ 696.287942][T10816] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1700'. [ 699.740378][T10846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1711'. [ 703.192944][T10893] netlink: 'syz.3.1728': attribute type 4 has an invalid length. [ 703.361282][T10898] Set syz0 is full, maxelem 0 reached [ 703.383039][T10898] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 703.673713][T10905] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1732'. [ 705.912493][T10918] 9pnet_virtio: no channels available for device syz [ 707.091017][T10932] fuse: Bad value for 'fd' [ 707.842490][T10941] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 712.431057][T10976] fuse: Bad value for 'fd' [ 714.363789][T11003] autofs4:pid:11003:autofs_fill_super: called with bogus options [ 715.118295][T10989] overlayfs: failed to clone upperpath [ 715.387815][T11024] fuse: Invalid rootmode [ 717.125107][ T26] audit: type=1326 audit(1769955628.387:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 717.126154][T11035] netlink: 'syz.0.1782': attribute type 27 has an invalid length. [ 717.222521][ T26] audit: type=1326 audit(1769955628.387:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 717.319353][ T26] audit: type=1326 audit(1769955628.387:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 717.365380][ T26] audit: type=1326 audit(1769955628.387:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 717.470826][ T26] audit: type=1326 audit(1769955628.387:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 717.676734][ T26] audit: type=1326 audit(1769955628.387:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 718.505875][ T26] audit: type=1326 audit(1769955628.387:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 718.538166][ T26] audit: type=1326 audit(1769955628.387:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 718.658836][ T26] audit: type=1326 audit(1769955628.387:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 718.687621][ T26] audit: type=1326 audit(1769955628.387:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11034 comm="syz.0.1782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6190f9aeb9 code=0x7ffc0000 [ 720.404909][T11060] autofs4:pid:11060:autofs_fill_super: called with bogus options [ 722.509118][T11076] 9pnet_virtio: no channels available for device syz [ 725.981524][T11035] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.991425][T11035] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.000827][T11035] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.010322][T11035] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.229773][T11035] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 726.238834][T11035] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 726.248045][T11035] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 726.257199][T11035] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 726.287820][T11041] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 726.376533][T11041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 726.400422][T11041] 8021q: adding VLAN 0 to HW filter on device team0 [ 726.422623][T11041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 726.440717][T11080] netlink: 'syz.5.1785': attribute type 4 has an invalid length. [ 728.590663][T11136] fuse: Bad value for 'rootmode' [ 730.515567][T11155] netlink: 'syz.5.1812': attribute type 4 has an invalid length. [ 734.717933][T11185] fuse: Bad value for 'rootmode' [ 734.893712][T11188] netlink: 'syz.5.1823': attribute type 32 has an invalid length. [ 742.941974][T11239] fuse: Bad value for 'rootmode' [ 744.007181][T11246] Set syz0 is full, maxelem 0 reached [ 744.019557][T11246] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 744.087235][T11250] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1842'. [ 744.694709][T11267] autofs4:pid:11267:autofs_fill_super: called with bogus options [ 747.310236][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.437936][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.084032][T11313] autofs4:pid:11313:autofs_fill_super: called with bogus options [ 748.140288][T11315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1863'. [ 748.184955][T11315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1863'. [ 748.672543][T11328] 9pnet_fd: Insufficient options for proto=fd [ 748.720200][T11330] Set syz0 is full, maxelem 0 reached [ 748.739366][T11330] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 749.432627][T11342] netlink: 'syz.5.1872': attribute type 4 has an invalid length. [ 750.517086][T11353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1877'. [ 750.572434][T11353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1877'. [ 751.298678][T11379] 9pnet_fd: Insufficient options for proto=fd [ 752.840857][T11395] netlink: 'syz.2.1890': attribute type 4 has an invalid length. [ 754.618386][T11420] Set syz0 is full, maxelem 0 reached [ 754.629285][T11420] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 754.784389][T11423] 9pnet_fd: Insufficient options for proto=fd [ 756.369891][T11440] autofs4:pid:11440:autofs_fill_super: called with bogus options [ 756.732796][T11452] fuse: Unknown parameter 'use00000000000000000000' [ 758.872933][T11473] Set syz0 is full, maxelem 0 reached [ 758.884410][T11473] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 760.798081][T11482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1915'. [ 761.315701][T11489] 9pnet_fd: Insufficient options for proto=fd [ 762.187776][T11504] fuse: Unknown parameter 'user_i00000000000000000000' [ 763.523918][T11512] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1926'. [ 766.281866][T11526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1927'. [ 767.760405][T11530] Set syz0 is full, maxelem 0 reached [ 767.779836][T11530] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 768.263513][T11542] 9pnet_fd: Insufficient options for proto=fd [ 768.737353][T11550] fuse: Unknown parameter 'user_i00000000000000000000' [ 770.202793][T11575] Set syz0 is full, maxelem 0 reached [ 770.272325][T11575] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 771.170862][T11592] 9pnet_fd: Insufficient options for proto=fd [ 772.161897][T11600] overlayfs: failed to clone upperpath [ 772.702115][T11613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1963'. [ 772.732136][T11613] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1963'. [ 772.768624][T11613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1963'. [ 772.778081][T11613] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1963'. [ 774.036199][T11619] netlink: 124 bytes leftover after parsing attributes in process `syz.5.1964'. [ 774.046179][T11619] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1964'. [ 774.595269][T11629] 9pnet_fd: Insufficient options for proto=fd [ 779.442960][T11671] 9pnet_fd: Insufficient options for proto=fd [ 779.770974][T11674] xt_hashlimit: size too large, truncated to 1048576 [ 781.576062][T11696] autofs4:pid:11696:autofs_fill_super: called with bogus options [ 785.803617][T11730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1995'. [ 786.279017][T11742] xt_hashlimit: size too large, truncated to 1048576 [ 788.281632][T11759] fuse: Unknown parameter 'user_id00000000000000000000' [ 789.476847][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 789.476867][ T26] audit: type=1326 audit(1769955700.677:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.145423][ T26] audit: type=1326 audit(1769955700.687:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb65515b78e code=0x7ffc0000 [ 790.168149][ T26] audit: type=1326 audit(1769955700.687:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb65515b78e code=0x7ffc0000 [ 790.190976][ T26] audit: type=1326 audit(1769955700.687:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.215504][ T26] audit: type=1326 audit(1769955700.687:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.280454][ T26] audit: type=1326 audit(1769955700.697:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.311381][T11779] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2012'. [ 790.407063][ T26] audit: type=1326 audit(1769955700.707:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.470614][ T26] audit: type=1326 audit(1769955700.707:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.573587][ T26] audit: type=1326 audit(1769955700.707:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 790.803478][ T26] audit: type=1326 audit(1769955700.707:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11771 comm="syz.3.2011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65519aeb9 code=0x7ffc0000 [ 793.002211][T11807] tipc: Started in network mode [ 793.007646][T11807] tipc: Node identity 84e, cluster identity 4711 [ 793.014086][T11807] tipc: Node number set to 2126 [ 794.704533][T11831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2028'. [ 797.674604][T11852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2036'. [ 797.724534][T11852] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2036'. [ 797.782400][T11852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2036'. [ 797.815739][T11852] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2036'. [ 798.773003][T11870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2042'. [ 798.944267][T11879] autofs4:pid:11879:autofs_fill_super: called with bogus options [ 799.746361][T11858] overlayfs: failed to clone upperpath [ 799.854107][T11887] device erspan0 entered promiscuous mode [ 799.874195][T11887] device vlan2 entered promiscuous mode [ 800.255872][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2049'. [ 800.272555][T11894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2049'. [ 801.155516][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2049'. [ 801.238277][T11894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2049'. [ 802.500574][T11912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2055'. [ 803.262880][T11930] Set syz0 is full, maxelem 0 reached [ 803.283793][T11930] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 804.659239][T11946] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2068'. [ 804.841931][T11950] overlayfs: failed to resolve './file0': -2 [ 806.201887][T11962] autofs4:pid:11962:autofs_fill_super: called with bogus options [ 806.596051][T11970] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2076'. [ 808.908586][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.915047][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.599376][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2089'. [ 812.681647][T12017] fuse: Unknown parameter '0x0000000000000004' [ 813.595156][T12042] autofs4:pid:12042:autofs_fill_super: called with bogus options [ 817.267785][T12080] autofs4:pid:12080:autofs_fill_super: called with bogus options [ 819.515827][T12105] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 822.380038][T12138] autofs4:pid:12138:autofs_fill_super: called with bogus options [ 824.652649][T12161] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2136'. [ 827.311431][T12179] autofs4:pid:12179:autofs_fill_super: called with bogus options [ 828.978580][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2152'. [ 829.030655][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2152'. [ 829.089728][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2152'. [ 829.146867][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2152'. [ 832.675245][T12220] 9pnet_fd: Insufficient options for proto=fd [ 834.647494][T12230] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2161'. [ 835.564015][T12243] netlink: 'syz.3.2164': attribute type 4 has an invalid length. [ 839.676618][T12270] 9pnet_fd: Insufficient options for proto=fd [ 840.177741][T12280] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2176'. [ 840.254215][T12282] autofs4:pid:12282:autofs_fill_super: called with bogus options [ 840.974996][T12294] xt_hashlimit: size too large, truncated to 1048576 [ 841.045058][T12297] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2180'. [ 842.782421][T12319] 9pnet_fd: Insufficient options for proto=fd [ 842.875200][T12324] Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 842.925953][T12327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2190'. [ 844.398397][T12355] overlayfs: failed to clone upperpath [ 844.753608][T12368] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2193'. [ 845.257761][T12369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2204'. [ 845.461202][T12378] 9pnet_fd: Insufficient options for proto=fd [ 845.783485][T12384] Set syz0 is full, maxelem 0 reached [ 845.801251][T12384] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 847.685963][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2219'. [ 848.240066][T12425] tipc: Started in network mode [ 848.245118][T12425] tipc: Node identity 84e, cluster identity 4711 [ 848.251832][T12425] tipc: Node number set to 2126 [ 849.138798][T12433] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2225'. [ 849.182908][T12433] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2225'. [ 849.426885][T12439] 9pnet_fd: Insufficient options for proto=fd [ 850.904308][T12464] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 851.297516][T12471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2236'. [ 851.698448][T12477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2238'. [ 851.716415][T12477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2238'. [ 852.909290][T12497] 9pnet_fd: Insufficient options for proto=fd [ 853.335190][T12512] xt_hashlimit: size too large, truncated to 1048576 [ 853.931823][T12522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2251'. [ 853.952045][T12523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2250'. [ 853.971608][T12522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2251'. [ 854.835303][ T8225] kworker/dying (8225) used greatest stack depth: 15128 bytes left [ 854.984975][T12551] 9pnet_fd: Insufficient options for proto=fd [ 858.808006][T12621] autofs4:pid:12621:autofs_fill_super: called with bogus options [ 859.927803][T12636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2289'. [ 859.988625][T12638] Set syz0 is full, maxelem 0 reached [ 859.996056][T12638] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 861.991786][T12650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2294'. [ 862.011709][T12650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2294'. [ 862.264571][T12664] autofs4:pid:12664:autofs_fill_super: called with bogus options [ 863.735612][T12682] xt_hashlimit: size too large, truncated to 1048576 [ 863.763960][T12683] Set syz0 is full, maxelem 0 reached [ 863.776100][T12683] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 863.799908][T12686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2304'. [ 865.828747][T12694] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2309'. [ 865.853424][T12694] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2309'. [ 865.873060][T12703] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2311'. [ 866.194810][T12720] autofs4:pid:12720:autofs_fill_super: called with bogus options [ 868.100626][T12744] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2324'. [ 868.124037][T12744] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2324'. [ 868.146086][T12744] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2324'. [ 868.164409][T12744] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2324'. [ 869.013352][T12752] device syz_tun entered promiscuous mode [ 869.052652][T12752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2327'. [ 869.464085][T12760] netlink: 'syz.4.2330': attribute type 15 has an invalid length. [ 870.299110][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.306852][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.402406][T12762] autofs4:pid:12762:autofs_fill_super: called with bogus options [ 873.210441][T12807] autofs4:pid:12807:autofs_fill_super: called with bogus options [ 873.908532][T12819] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2351'. [ 873.919242][T12819] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2351'. [ 873.940352][T12819] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2351'. [ 873.950075][T12819] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2351'. [ 873.959344][T12819] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2351'. [ 873.968406][T12819] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2351'. [ 875.840911][T12844] overlayfs: failed to clone upperpath [ 877.045333][T12861] autofs4:pid:12861:autofs_fill_super: called with bogus options [ 878.507272][T12872] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2369'. [ 878.516346][T12872] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2369'. [ 878.526118][T12872] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2369'. [ 878.535440][T12872] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2369'. [ 879.030627][T12892] Set syz0 is full, maxelem 0 reached [ 879.176858][T12895] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 880.699206][T12916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2384'. [ 880.718386][T12917] autofs4:pid:12917:autofs_fill_super: called with bogus options [ 880.858342][T12916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2384'. [ 881.010556][T12916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2384'. [ 881.040470][T12916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2384'. [ 882.111407][T12948] xt_hashlimit: max too large, truncated to 1048576 [ 884.799145][T12979] autofs4:pid:12979:autofs_fill_super: called with bogus options [ 889.064121][T13031] autofs4:pid:13031:autofs_fill_super: called with bogus options [ 890.568022][T13051] overlayfs: failed to clone upperpath [ 892.517983][T13064] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 892.656987][T13064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 893.988454][T13084] netlink: 'syz.5.2437': attribute type 4 has an invalid length. [ 897.885775][T13121] overlayfs: missing 'lowerdir' [ 898.749165][T13125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2451'. [ 898.958754][T13137] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2455'. [ 901.028060][T13162] netlink: 'syz.5.2460': attribute type 4 has an invalid length. [ 901.455494][T13180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2468'. [ 902.862766][T13206] Set syz0 is full, maxelem 0 reached [ 902.880788][T13206] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 903.568073][T13223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2482'. [ 904.529541][T13239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2487'. [ 905.529799][T13255] Set syz0 is full, maxelem 0 reached [ 905.546703][T13255] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 905.745178][T13258] xt_hashlimit: max too large, truncated to 1048576 [ 905.761697][T13260] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2495'. [ 908.766324][T13305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2509'. [ 909.462621][T13322] Set syz0 is full, maxelem 0 reached [ 909.525313][T13322] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 909.590304][T13324] netlink: 'syz.3.2514': attribute type 1 has an invalid length. [ 909.749325][T13330] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2517'. [ 909.774745][T13330] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2517'. [ 910.434817][T13354] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2524'. [ 913.856293][T13382] 9pnet_fd: Insufficient options for proto=fd [ 915.176951][T13399] Set syz0 is full, maxelem 0 reached [ 915.185977][T13399] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 917.075527][T13426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2542'. [ 917.388062][T13427] 9pnet_fd: Insufficient options for proto=fd [ 918.360496][T13447] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2552'. [ 918.381818][T13447] Set syz0 is full, maxelem 0 reached [ 918.392339][T13447] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 918.763070][T13458] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2556'. [ 920.490839][T13474] 9pnet_fd: Insufficient options for proto=fd [ 921.621339][T13503] overlayfs: missing 'lowerdir' [ 923.160630][T13524] overlayfs: failed to clone lowerpath [ 924.705900][T13536] 9pnet_fd: Insufficient options for proto=fd [ 925.141719][T13555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2587'. [ 927.018899][T13587] 9pnet_fd: Insufficient options for proto=fd [ 930.163810][T13633] 9pnet_fd: Insufficient options for proto=fd [ 932.077213][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.083598][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.744096][T13684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2626'. [ 935.329035][T13690] 9pnet_fd: Insufficient options for proto=fd [ 936.474522][T13703] 9pnet_fd: Insufficient options for proto=fd [ 937.515820][T13731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2643'. [ 937.909715][T13737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2645'. [ 938.135118][T13741] 9pnet_fd: Insufficient options for proto=fd [ 939.922107][T13769] xt_policy: neither incoming nor outgoing policy selected [ 941.074779][T13772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2658'. [ 941.270446][T13782] netlink: 'syz.4.2661': attribute type 1 has an invalid length. [ 941.436333][T13785] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 941.515000][T13787] device veth3 entered promiscuous mode [ 941.526793][T13787] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 941.539022][T13790] 9pnet_fd: Insufficient options for proto=fd [ 941.806887][T13770] futex_wake_op: syz.5.2653 tries to shift op by 144; fix this program [ 943.628109][T13811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2671'. [ 943.718939][T13814] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 946.121121][T13833] 9pnet_fd: Insufficient options for proto=fd [ 948.721746][T13857] device sit1 entered promiscuous mode [ 949.096311][T13861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2686'. [ 949.117722][T13861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2686'. [ 949.754480][T13876] 9pnet_fd: Insufficient options for proto=fd [ 950.157290][T13883] overlayfs: failed to clone lowerpath [ 950.261534][T13884] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2692'. [ 950.270775][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2692'. [ 950.279756][T13884] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2692'. [ 950.288990][T13884] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2692'. [ 951.052767][T13887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2694'. [ 952.228967][T13904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2699'. [ 952.322926][T13904] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 952.331897][T13904] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 952.340832][T13904] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 952.349630][T13904] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 952.528693][T13904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2699'. [ 954.891358][T13942] 9pnet_fd: Insufficient options for proto=fd [ 954.912698][T13939] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2708'. [ 956.379058][T13964] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2715'. [ 956.512806][ T4432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 956.526864][ T4432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 956.688271][ T4822] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 958.561536][T13991] 9pnet_fd: Insufficient options for proto=fd [ 959.326000][T14006] 9pnet_fd: Insufficient options for proto=fd [ 960.269247][T14015] overlayfs: failed to clone upperpath [ 960.401861][T14020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2732'. [ 960.635964][T14027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2736'. [ 963.125412][T14055] 9pnet_fd: Insufficient options for proto=fd [ 963.514320][T14060] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2744'. [ 963.925421][T14067] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2747'. [ 963.959792][T14067] 8021q: VLANs not supported on gre0 [ 964.327254][T14073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2751'. [ 965.129290][T14073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2751'. [ 965.445624][T14093] 9pnet_fd: Insufficient options for proto=fd [ 965.886581][T14099] 9pnet_fd: Insufficient options for proto=fd [ 969.177564][T14130] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2768'. [ 970.047359][T14147] 9pnet_fd: Insufficient options for proto=fd [ 972.219707][T14157] ceph: No mds server is up or the cluster is laggy [ 972.987123][T14194] 9pnet_fd: Insufficient options for proto=fd [ 976.314002][T14236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2800'. [ 976.897367][T14245] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2803'. [ 977.375845][T14256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2806'. [ 979.935588][ T4276] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 980.031566][ T4276] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 980.042860][ T4276] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 980.054791][ T4276] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 980.065338][ T4276] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 980.074581][ T4276] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 981.221941][T14296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2815'. [ 981.625305][ T4640] bond1: (slave ip6gretap1): Releasing backup interface [ 981.653630][ T4640] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 0e:a4:ba:fa:df:5e - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 981.759543][T14308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2817'. [ 981.781550][T14272] chnl_net:caif_netlink_parms(): no params data found [ 982.187008][ T4276] Bluetooth: hci0: command 0x0409 tx timeout [ 982.804122][T14326] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2819'. [ 982.853907][T14272] bridge0: port 1(bridge_slave_0) entered blocking state [ 982.863705][T14272] bridge0: port 1(bridge_slave_0) entered disabled state [ 982.877628][T14272] device bridge_slave_0 entered promiscuous mode [ 983.109377][T14326] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2819'. [ 983.128312][T14272] bridge0: port 2(bridge_slave_1) entered blocking state [ 983.137655][T14272] bridge0: port 2(bridge_slave_1) entered disabled state [ 983.216033][T14272] device bridge_slave_1 entered promiscuous mode [ 983.995329][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2822'. [ 984.268319][ T4276] Bluetooth: hci0: command 0x041b tx timeout [ 984.961219][T14272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 985.145649][T14272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 985.530715][T14362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2827'. [ 986.627421][ T4276] Bluetooth: hci0: command 0x040f tx timeout [ 986.654248][T14272] team0: Port device team_slave_0 added [ 986.739739][T14272] team0: Port device team_slave_1 added [ 987.014400][T14272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 987.057558][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.363325][T14272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 987.399740][T14379] xt_hashlimit: max too large, truncated to 1048576 [ 987.666255][T14272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.704293][T14272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.947353][T14272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 988.090547][T14400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2833'. [ 988.127352][T14400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2833'. [ 988.420805][T14272] device hsr_slave_0 entered promiscuous mode [ 988.457075][T14272] device hsr_slave_1 entered promiscuous mode [ 988.485754][T14272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 988.516880][T14272] Cannot create hsr debugfs directory [ 988.602563][ T4640] device hsr_slave_0 left promiscuous mode [ 988.622169][ T4640] device hsr_slave_1 left promiscuous mode [ 988.666894][ T4276] Bluetooth: hci0: command 0x0419 tx timeout [ 988.902386][ T4640] bond1 (unregistering): (slave veth3): Releasing backup interface [ 988.953714][ T4640] bond1 (unregistering): Released all slaves [ 991.244405][ T4640] bond0 (unregistering): Released all slaves [ 991.353649][T14404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2835'. [ 991.425690][T14425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2840'. [ 991.660862][T14436] netlink: 'syz.5.2842': attribute type 10 has an invalid length. [ 991.707420][T14436] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 991.718773][T14443] fuse: Unknown parameter 'group_id00000000000000000000' [ 1096.826691][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1096.833839][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P46/1:b..l [ 1096.842258][ C0] (detected by 0, t=10502 jiffies, g=98905, q=18 ncpus=2) [ 1096.849467][ C0] task:kworker/u4:3 state:R running task stack:23152 pid:46 ppid:2 flags:0x00004000 [ 1096.861382][ C0] Workqueue: bat_events batadv_nc_worker [ 1096.867168][ C0] Call Trace: [ 1096.870469][ C0] [ 1096.873439][ C0] __schedule+0x11d1/0x40e0 [ 1096.878112][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1096.884172][ C0] ? __sched_text_start+0x8/0x8 [ 1096.889082][ C0] ? lock_chain_count+0x20/0x20 [ 1096.893990][ C0] ? preempt_schedule_irq+0xb0/0x160 [ 1096.899356][ C0] preempt_schedule_irq+0xbb/0x160 [ 1096.904513][ C0] ? preempt_schedule_notrace+0x120/0x120 [ 1096.910267][ C0] ? rcu_is_watching+0x11/0xa0 [ 1096.915195][ C0] ? rcu_irq_exit_check_preempt+0xdb/0x210 [ 1096.921043][ C0] irqentry_exit+0x63/0x70 [ 1096.925497][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1096.931602][ C0] RIP: 0010:batadv_nc_worker+0x175/0x600 [ 1096.937266][ C0] Code: 05 94 c1 15 04 01 48 c7 c7 60 d8 ad 8b be 19 03 00 00 48 c7 c2 a0 d8 ad 8b e8 17 5b 6f f7 48 89 e8 48 c1 e8 03 42 80 3c 20 00 <74> 08 48 89 ef e8 f1 c6 dd f7 48 8b 6d 00 48 85 ed 0f 94 c0 48 81 [ 1096.956887][ C0] RSP: 0018:ffffc90000b77be0 EFLAGS: 00000246 [ 1096.963058][ C0] RAX: 1ffff1100af32340 RBX: 0000000000000001 RCX: ffff888019e73b80 [ 1096.971049][ C0] RDX: 0000000000000000 RSI: ffffffff8adf0c00 RDI: ffffffff8adf0bc0 [ 1096.979218][ C0] RBP: ffff888057991a00 R08: dffffc0000000000 R09: 1ffffffff215e648 [ 1096.987200][ C0] R10: dffffc0000000000 R11: fffffbfff215e649 R12: dffffc0000000000 [ 1096.995285][ C0] R13: ffffffff89f595be R14: ffff888057988c80 R15: 0000000000000340 [ 1097.003283][ C0] ? batadv_nc_worker+0xce/0x600 [ 1097.008259][ C0] ? process_one_work+0x7b0/0x1160 [ 1097.013494][ C0] process_one_work+0x8a2/0x1160 [ 1097.018469][ C0] ? worker_detach_from_pool+0x240/0x240 [ 1097.024120][ C0] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1097.029162][ C0] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1097.034748][ C0] ? kthread_data+0x4b/0xc0 [ 1097.039306][ C0] worker_thread+0xaa2/0x1270 [ 1097.044135][ C0] kthread+0x29d/0x330 [ 1097.048228][ C0] ? worker_clr_flags+0x1a0/0x1a0 [ 1097.053283][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1097.057983][ C0] ret_from_fork+0x1f/0x30 [ 1097.062495][ C0] [ 1097.065526][ C0] rcu: rcu_preempt kthread starved for 10522 jiffies! g98905 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1097.076741][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1097.086748][ C0] rcu: RCU grace-period kthread stack dump: [ 1097.092641][ C0] task:rcu_preempt state:R running task stack:26864 pid:16 ppid:2 flags:0x00004000 [ 1097.103429][ C0] Call Trace: [ 1097.106736][ C0] [ 1097.109692][ C0] __schedule+0x11d1/0x40e0 [ 1097.114236][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 1097.120169][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 1097.126077][ C0] ? __sched_text_start+0x8/0x8 [ 1097.130956][ C0] ? __mod_timer+0x91e/0xd00 [ 1097.135699][ C0] schedule+0xb9/0x180 [ 1097.139798][ C0] schedule_timeout+0x184/0x2d0 [ 1097.144672][ C0] ? console_conditional_schedule+0x40/0x40 [ 1097.150587][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1097.156585][ C0] ? update_process_times+0x1b0/0x1b0 [ 1097.161976][ C0] ? prepare_to_swait_event+0x335/0x350 [ 1097.167587][ C0] rcu_gp_fqs_loop+0x303/0x1340 [ 1097.172466][ C0] ? rcu_gp_kthread+0x3b0/0x3b0 [ 1097.177332][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1097.183343][ C0] ? rcu_gp_init+0x14e0/0x14e0 [ 1097.188144][ C0] ? rcu_gp_cleanup+0xb41/0xc90 [ 1097.193027][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1097.198256][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 1097.203557][ C0] rcu_gp_kthread+0x99/0x3b0 [ 1097.208172][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1097.213302][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 1097.219237][ C0] ? __kthread_parkme+0x162/0x1c0 [ 1097.224334][ C0] kthread+0x29d/0x330 [ 1097.228426][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1097.233562][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1097.238176][ C0] ret_from_fork+0x1f/0x30 [ 1097.242622][ C0] [ 1097.245649][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1097.252012][ C0] CPU: 0 PID: 14442 Comm: syz.3.2845 Not tainted syzkaller #0 [ 1097.259583][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1097.269659][ C0] RIP: 0033:0x7fb6551ba450 [ 1097.274195][ C0] Code: 83 c0 16 83 e0 f7 74 12 50 48 8d 3d 22 1f 09 00 e8 e5 65 f9 ff 0f 1f 44 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <83> ff 21 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 55 53 48 89 f3 48 [ 1097.293823][ C0] RSP: 002b:00007fb65602da78 EFLAGS: 00000246 [ 1097.299907][ C0] RAX: 0000000000000000 RBX: 00007fb655415fa0 RCX: 00007fb65519aeb9 [ 1097.308006][ C0] RDX: 00007fb65602da80 RSI: 00007fb65602dbb0 RDI: 0000000000000021 [ 1097.315987][ C0] RBP: 00007fb655208c1f R08: 0000000000000000 R09: 0000000000000000 [ 1097.323988][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1097.331972][ C0] R13: 00007fb655416038 R14: 00007fb655415fa0 R15: 00007ffc7ec0d8d8 [ 1097.339989][ C0] FS: 00007fb65602e6c0 GS: 0000000000000000