last executing test programs: 18m34.904936967s ago: executing program 0 (id=490): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_access\x00', 0x0, 0x1c, 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x13, 0x80000001, 0x35b3, 0x2, 0x800, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x2}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001180)={r4, 0x58, &(0x7f0000001100)}, 0x10) socket$key(0xf, 0x3, 0x2) chown(&(0x7f0000000240)='./file1\x00', 0xee00, 0x0) 18m33.660280882s ago: executing program 0 (id=491): r0 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @empty}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES64=r0], 0x108}}], 0x1, 0xc040) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000000)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r4, &(0x7f0000000280), 0x9) r5 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r8 = openat$cgroup_ro(r6, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r9, 0x5) shutdown(r9, 0x0) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r11 = openat$cgroup_procs(r10, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r11, &(0x7f0000000080)=r7, 0x12) r12 = openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0) flock(r12, 0x5) 18m30.462703178s ago: executing program 0 (id=499): fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x6, 0x0, 0x0, "5debca561a5fbf61048955f6f876b2ff"}) r1 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) ptrace(0x10, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40005}, 0x4011) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001c00000018000180140002006e657464657673696d30000000000000f5a259fca4c17d8c4c"], 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x4) 18m28.11417946s ago: executing program 0 (id=503): creat(&(0x7f00000000c0)='./bus\x00', 0x182) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) ioctl$MEDIA_REQUEST_IOC_QUEUE(r3, 0x7c80, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c}}, 0x0) read(r4, &(0x7f0000000000)=""/28, 0x1c) 18m22.73683211s ago: executing program 0 (id=510): openat$userio(0xffffffffffffff9c, 0x0, 0x20242, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='smaps\x00') ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000100)={0x0, 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x4010) r3 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) memfd_secret(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4000000) pipe2$9p(&(0x7f00000000c0), 0x4000) socket$inet6_tcp(0xa, 0x1, 0x0) 18m19.940816885s ago: executing program 0 (id=513): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_access\x00', 0x0, 0x1c, 0x1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x13, 0x80000001, 0x35b3, 0x2, 0x800, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x2}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001180)={r3, 0x58, &(0x7f0000001100)}, 0x10) socket$key(0xf, 0x3, 0x2) chown(&(0x7f0000000240)='./file1\x00', 0xee00, 0x0) 18m4.298412208s ago: executing program 32 (id=513): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_access\x00', 0x0, 0x1c, 0x1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x13, 0x80000001, 0x35b3, 0x2, 0x800, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x2}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001180)={r3, 0x58, &(0x7f0000001100)}, 0x10) socket$key(0xf, 0x3, 0x2) chown(&(0x7f0000000240)='./file1\x00', 0xee00, 0x0) 15m9.995198981s ago: executing program 4 (id=780): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000003900), 0x34aa945a513d639, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000140)='./bus\x00', 0x2000014, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESOCT=0x0, @ANYRESDEC, @ANYRESDEC, @ANYRESDEC, @ANYBLOB="0ea1a3ed758749a35b0cf19e7301710a8a7c5e7fe9b7c49589266bd5045f15f1817fcc4ea04eeac3f0df37b8beaeafc22a5a08a1a70024", @ANYBLOB="97b61e88553572fd2efdef5bcdc603f5cf17a49bf1d8457078ace3df30c7c941b1103b86953f4b1b43816a58622af5d511ff04c37a8893dc5ea494888e218c88326783f69ee710da511f74fe812d33a93825fb7eb8eca7196d483f5689286f28bf447eca9c6676aad40948ce1a2154e82ce6ecb85f76965d75d05e46"], 0xfe, 0x2ce, &(0x7f00000008c0)="$eJzs3UFrE1sUwPHTpq9JU9rkwePBe6AedKOb0MYPoEFaEANKbURdCFM70ZAxKTOhEhGTjbj1cxSX7gT1C3Qjbty7K4LgpgtxpDOTdtImTdqmSWr/Pyhz7px7uLdNWk4GZrpx9/WTYt5J5Y2KjMZURkXqsimS3IoCI8Fx1IvHJawulyZ/fDlz+979G5lsdm5BdT6zeDmtqtPn3j99/ub8x8rknbfT76Kynnyw8T39dX18/b+NX4uPC44WHC2VK2roUrlcMZYsU5cLTjGlessyDcfUQskx7aZ83iqvrFTVKC1PxVds03HUKFW1aFa1UtaKXVXjkVEoaSqV0qm4nG5jXczJrS0sGJm2aTfS0x3h2E20OmnbmXrrZG6tD3sCAABDZv/+3+/12/X/O93hQfr/fzv3/yLh/j8WLEL/3wP1plGH/h8nU615aNsZIx78/jaj/wcAAAAAAAAAAAAAAAAAAAAA4CTYdN2E67qJrWNwyhtHRSTm3wLujQe8TRyT8Ovvhr62X/9gvKvsyoC2ix4L3bgXE7FereZWc/7Rz2fyUhBLTJmRhPz03g8BP56/np2bUU9SPli1oL62motItFHfkGxVf/bvWb9em+v/knh4/bQk5J/W66db1o/LxQuh+pQk5NNDKYsly977eqf+xazqtZvZXfUT3jwAAAAAAP4EKd225/O7l/cmxGRv3q8PXR9wXbe23/WBXZ+vx+T/bh5RCQAAAAAAjsypPisalmXahwiiItJ5sjtyhCUOFriuSL/Wah9EZJCrtwuuisgQbKNfQUxE/DN6mPJv2+VdVbldzBkL/gPHcPx8OgeD/ssEAAAAoNd2mv4DFH1+eYw7AgAAAAAAAAAAAAAAAAAAAAAAAAAAAADg9On2eWCN+XtSjcQ+5aHlIn3/BgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAh8jsAAP//QNEWCQ==") r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4040000) openat(0xffffffffffffff9c, 0x0, 0x4c142, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) write$UHID_INPUT(r6, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r4, 0x0, 0x0) socket$inet6(0xa, 0x80000, 0xfc) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r7, 0x29, 0x2b, 0x0, 0x0) socket$inet6(0xa, 0x1, 0xfff) socket$inet_udp(0x2, 0x2, 0x0) truncate(0x0, 0x2fffffd) bpf$PROG_LOAD(0x5, 0x0, 0x0) waitid(0x1, r0, &(0x7f00000006c0), 0x20000000, &(0x7f0000000600)) 15m6.231940197s ago: executing program 4 (id=784): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRESHEX=r0, @ANYBLOB="3f0800000000fedbdf25170000003ff81960e21d1946b9d1d39a18c46392ff9afe4ded89e58496b604007a370d13c3cc8e2d199ce7ef2e84de942a20246cf1d75e59e58761a5bba305ba1ef2042e95ecf5cb293a1ecf30793e8294aa0606b5bb7dcfb657d99c6ac8a043b39f6b7604a1d4640e2955cdb2c333d2180421cbbd9ab428044f7c306f0000000000"], 0x14}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$audion(&(0x7f0000000140), 0x4, 0x400) openat$cgroup_procs(r1, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1000000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$kcm(0x10, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000040)={0xfffffffb, 0x80, 0x1, 'queue1\x00', 0x85}) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000002c80)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[]) mknodat$loop(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x8, 0x1) openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x4000, 0x2dd8806920477201, &(0x7f00000003c0)) 15m3.605387783s ago: executing program 4 (id=794): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r4, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r2) 14m57.651450073s ago: executing program 4 (id=797): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_open_dev$I2C(&(0x7f0000000280), 0x0, 0x149000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x3f, 0x4, 0x70bd28, 0x25dfdbff, {0x16}}, 0x14}, 0x1, 0x0, 0x0, 0x2002c841}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x80}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60a24b9f00182b00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000"], 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r1, 0x0, 0x20000004) setpgid(r3, 0x0) setpgid(0x0, r3) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) copy_file_range(r4, &(0x7f0000000000)=0x9, r1, 0x0, 0x10001, 0x0) ptrace$ARCH_MAP_VDSO_32(0x1e, r3, 0x1, 0x2002) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x800000000000001) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000440)={0x1, 0x9, 0x1, 0x0}) sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0) 14m56.16481004s ago: executing program 4 (id=800): r0 = socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x5, 0x84) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x2, 0x400, 0x0, 0x37d}, &(0x7f00000001c0), 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) io_uring_setup(0x30aa, &(0x7f0000000440)={0x0, 0x764, 0x80, 0x1, 0x14c}) recvfrom$l2tp6(0xffffffffffffffff, &(0x7f00000005c0), 0x0, 0xb36e97febec85614, &(0x7f0000000600)={0xa, 0x0, 0x0, @initdev}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)=@ipv4_newroute={0x34, 0x18, 0x0, 0x70bd28, 0x25dfdbfe, {0x2, 0x80, 0x20, 0xe6, 0x2, 0x0, 0xc8, 0x0, 0x2800}, [@RTA_PRIORITY={0x8, 0x6, 0x80000000}, @RTA_PREFSRC={0x8, 0x7, @loopback}, @RTA_SPORT={0x6, 0x1c, 0x4e20}]}, 0x34}, 0x1, 0x0, 0x0, 0x4e028399676c1975}, 0x11) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) timerfd_create(0x9, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0) r2 = syz_io_uring_setup(0x496, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000000)) syz_io_uring_setup(0x641a, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x0, 0x400002d8, 0x0, r2}, 0x0, &(0x7f0000000100), &(0x7f0000000000)) r3 = socket(0x10, 0x803, 0x0) quotactl_fd$Q_GETQUOTA(r2, 0xffffffff80000700, 0xffffffffffffffff, &(0x7f0000000140)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000140)={[{@grpquota}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x33]}}]}) chdir(&(0x7f0000000100)='./file0\x00') symlink(&(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c000000100003050000", @ANYBLOB="0000000006100000140012800b00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 14m55.248781598s ago: executing program 4 (id=804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x80) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r4, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="e9794cc63c2aaea7efe15f6c656e9cd9d95b8832a5c2e9ab992161b35e9ac9c7b67b531b69d6ff3e5a5594cbf85edfe80ffced88c072171f65a66719235177ecb867402e13a24356a7a433e2246c8fa573e746d11392d59c2e6055e05e085988914b6c8cd72ecac1fc006776d7ebc69ea6021add617ac73627b383bb7e750c170fe761dd2e4b46bf74e02a8c0803549031", 0x91}, {&(0x7f0000001340)="22bac22767973b072b2bdbb563fe72cb7ce75c7dd7cc56df974063e8a33b192ce7753b4b70b6ce41e6d47424b33bee35bc535dcbf9a1bfcad976e44528aeb0a0b5ae8d3e6d1ce0ee11a523d515c15c2d1aac3ce57d28d25625f1574c74859b89b764c5043025d024624d9a952e51962e05ce2562084fecee4cb8489ed9e68f3be30d0ab6ae2e1f37c169652a7e13879ef6846c5683d3cd1da0f3d48e8e327f72b9ff91ff6c31fd155d38b9192be8371f7b44f52ab08460586fb6c84b0d7225ce923bdd2231a3611fd976316aaac72e38fd5a6d275cd7af8ede1009b67a52c2a4dcf373fde38beaf958acef0004a0ac404d9fd10369bed01b2fdea9bd0edff395baf83fd352b140ca8162c3f625d4ffad17ce7b15bedd269a185c6350ccac7ce5f1d7f63327b135d06a1e7dc2dbd3b3c77a3505af6f2dabd1e46ec448a72fcc4497d76c8ccad98ac444b489b79d3f696317dc74cc6f4689478a2d82fd114cdc60b2daad00825b5af54a0f6aa313b0b04a30a646257196946cfd3ca823c7d4147fd99ef0871666e9b6b603349bb943bc8f793e629f81a68dff1fd16652b23e859fbd5b2ad470a624450a585b14bca1d4c2c860a3c5e1919d8cbad11f00ea3e7b0cbba9a44a0a0e8db9e1010134d8e5a0ef908e3c4598088e27be80794b480c41f56f250ef0e2db4dbba5eef86b94a89d086450d39e89ec8f3e8a8926a0c0998c7cf4e9bfa19494a740319766901ea235c114b70abd7682c0ebb074bb57e6a169ca99842a7b3e12221ff277f98f7c8387df846ecf2b89a56c36a4cc91143c03a5ece80dc53c6f36244fdf66e561fc36d690ce71d53fe7e84d184bab8fac3667758c1ed904db64aa4db47266e2e5fc831758470e5885cdd93af236adf70edf2ddd97c06cf2b6db40d87b4072605c5fb609d0d3366ae929d530c32c9b485c4a6ae4723d067dd0bb62959ea442a67c140f6c9f4cfa41a7fc42fd4a3761a5cf99582a8b278e65d4ebb1b500da55664e51806d80dbe10cac99f6fdd972299fdb1b672083fd9a44ea74b73f509123aaf75fd0ab3779db7c91c4b0f9edaf797c869d131b5607f55040cf8601ed7644a25289f8b808c0ea136f25f4ed17f6fae373024370c8fdf2d93c60d7a29a62e1df661e14da662506ac8653eda10130fc2e73e23e2763d3f86bb2b7739fc4e294cd95b5e844f38bb9102ffb3f52542d8924f341f0cc91890e4427f028b3cf7b0ea1b48135158d5a99eec3b98a456611d6b7af92786908303d41803603aaa511b470d2e192f458cdc51b62e48611bce905bb088c2bfba1a83fc335c3b49a7577b552e59cb3cefb4fb1d3ec1645a91fcb2740b8c8f06f1e7af9fbc30357384759a205b8804aa35b326db4d66a7f1eb33d83782e226500461ecb68221283adb4dca6c5591fd7f699c16039c69102b65f21f7765d35e4706993a4afec37e9f603460b8d392871d6e4b7abba31d16d13bbbe96448d91040574b265351e7eb2aecf18f82fbc58a333005639387244effe601adb2d27725f0a498c33f78e62a0a947ef2868c21b80478bb4a796f59e46b2294d09358e2e426439dc4b5aa5c4a38084ec9419429677b1e04894cbbbaab113634337668756ea00ae1184152dd6dbaa38dd0a6633321957ee76ff69ca25a33a4e71a2c9acd6877edc6592028a9808d6f022ce67b83f63bbca127e7eaa1d10cde5200761894d113fecd4548c389764f91c86ae0c3c3cdf49b72cd27fc89c3d496ef450b0e4e55de163c724238f1643fb5f259edfd7e52c35d37d89b592f84346d94f25020fc3034a33a03f31f52826a05ba1c8738a6ca184bc63d44cac2e35332d65ebda279153fdfd721c80a5e3876eee1024e5950efe84e156be12ce157b8b20f8b7d44a237826319b9b23ac2a843f8f84c4d28cf71e97842508c4bb3f5b8e59c06baf06d636d74f8104e7667c9f33286ef05bbe86e74a2523f0bb809ab1ba767fd0071c86063fafd322d02c924c4c7545229d849b305125b5bd0b691a78ddda350c7d48725a7d2be7e1b2213ec4671ce33f377f951a7b0a9676c2fecaeb5d047947c2a8a90bf445d857a66fd2d1df48f3c1bbe2bf629e9a86c31846c2dcca0bf23d5d9fb4a5e779f56e53b6cc47e25a2365239277d9b5af28e386071628ffe464e1a66c02e0cdde1340be784692b8be8ea20b9ec391fe99e5742b473ad1466c82e2803b7adbbfffb65e984f03667c8ccf6ba35b7134af2f6b26f3ea25013aab71895207fa0e44a3adbee12552c22f68c6be10f3221a12e891d561b5aee1e36187fa21087167872a29d5f4fca5365fd4644ea5d878ac1a8efa3c36b9d38f5bf1bfb27eecc28c5cfc8b580e39324881d36faf8c60bfba0796e80b95151b91ad6651724a10e4a679dd59ac4c6e0ac4bfcc039ece99c8b9e632d27dd75068f0eeb52518cd66c1fa535855f01b86a14a7049989389591f5bec3dd9a4125021e634227f5a4812ccbf11b01f9bf0ee226d15a815587190b90c945e795e397959069554fded12f91af6b61a422b6e1f10ed1822b3cb99e5cfbeaae05c92ebdc891378d9c5f02b58b0037dd2ed71acc2ac34edcc1a8f1ebd1bc392ecd23527358d4cd571dc804f88b8539876548eb6092d206060495161373330e2c12c6251d968989b7f8ec9ced4f66c4eb228c2ca8adc4f3d8529fb858ea9f524eaff75812331d863c5bf3f76362b75aa8dab7ae21941417e6c16a4478cea466db2bb9d2723b4be68798b43f9b0d9e6eba3310cb7bf995a21312b23ff412e7b2a9fe61d688cc9981d7f38b2a4a5cf9f096737bae353f09c195ca681d6544e0b1f77491170b5385cc1f01aa0af10605f0abf60aad0a59c6d5c7a451ddee4421ee5c66e2a040a66ff484bb592a0e3eb36377b3f2b80773dc0237993346ca71496004c900429380b6ef29269767442f1c30483370302bead685c6c9a81d3ebbb4f9e039505b86f9f773fdf0a782ed362033d875a25ebf47c6fa7f8d6ff13c7616e02c05adb96cd312d05c541f0bd6418010ef502ebdb976c21562a2199689165f5053326530a055b22bbc067aa36ff6969f5da4997c58489ae643330639be76bdba515b49e65071b7bedeff669ac429b2eea1a719cc279e5e3272f389c361ccaebcf7c7893c166a17cbba82c4d2c70a9b5a65374db1a0dc2296c82cedd8b1c51ea2e03a36d74b7e24c8dd80e246d99e0aa08aad0584aa3fdb930309fa6016fca67f5f2caf5bfec364ad4aded8f2dc28abcfb3e72ba980ece25cb4be9832b699dd1690af9177ce8672c754992619b2da168ef563dac8acb827cb88b26f3cf949ddd01de274a5323a5e28bdbc6e393a0aaccffbd9f85f4dadcb42055387b09e7dff761b7e6939e45fa12c3a4e6e8f92ebd188944ecc8fba7bb4a50b891", 0x969}], 0x2}}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0xa3}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000100000000000000220004000000140000000000"], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x7, 0x7, 0x6, 0x20, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x20, 0xfffffff9, 0x20006}}) r6 = syz_open_dev$loop(0x0, 0x6, 0x5c4131a7c90e292b) fcntl$lock(r6, 0x24, &(0x7f0000000140)={0x0, 0x2, 0xab, 0x3}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x14000800) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000100)={0x1, @pix_mp={0x0, 0x0, 0x38415261}}) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="02000000040000000400"/21], 0x50) 14m53.978618384s ago: executing program 33 (id=804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x80) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r4, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="e9794cc63c2aaea7efe15f6c656e9cd9d95b8832a5c2e9ab992161b35e9ac9c7b67b531b69d6ff3e5a5594cbf85edfe80ffced88c072171f65a66719235177ecb867402e13a24356a7a433e2246c8fa573e746d11392d59c2e6055e05e085988914b6c8cd72ecac1fc006776d7ebc69ea6021add617ac73627b383bb7e750c170fe761dd2e4b46bf74e02a8c0803549031", 0x91}, {&(0x7f0000001340)="22bac22767973b072b2bdbb563fe72cb7ce75c7dd7cc56df974063e8a33b192ce7753b4b70b6ce41e6d47424b33bee35bc535dcbf9a1bfcad976e44528aeb0a0b5ae8d3e6d1ce0ee11a523d515c15c2d1aac3ce57d28d25625f1574c74859b89b764c5043025d024624d9a952e51962e05ce2562084fecee4cb8489ed9e68f3be30d0ab6ae2e1f37c169652a7e13879ef6846c5683d3cd1da0f3d48e8e327f72b9ff91ff6c31fd155d38b9192be8371f7b44f52ab08460586fb6c84b0d7225ce923bdd2231a3611fd976316aaac72e38fd5a6d275cd7af8ede1009b67a52c2a4dcf373fde38beaf958acef0004a0ac404d9fd10369bed01b2fdea9bd0edff395baf83fd352b140ca8162c3f625d4ffad17ce7b15bedd269a185c6350ccac7ce5f1d7f63327b135d06a1e7dc2dbd3b3c77a3505af6f2dabd1e46ec448a72fcc4497d76c8ccad98ac444b489b79d3f696317dc74cc6f4689478a2d82fd114cdc60b2daad00825b5af54a0f6aa313b0b04a30a646257196946cfd3ca823c7d4147fd99ef0871666e9b6b603349bb943bc8f793e629f81a68dff1fd16652b23e859fbd5b2ad470a624450a585b14bca1d4c2c860a3c5e1919d8cbad11f00ea3e7b0cbba9a44a0a0e8db9e1010134d8e5a0ef908e3c4598088e27be80794b480c41f56f250ef0e2db4dbba5eef86b94a89d086450d39e89ec8f3e8a8926a0c0998c7cf4e9bfa19494a740319766901ea235c114b70abd7682c0ebb074bb57e6a169ca99842a7b3e12221ff277f98f7c8387df846ecf2b89a56c36a4cc91143c03a5ece80dc53c6f36244fdf66e561fc36d690ce71d53fe7e84d184bab8fac3667758c1ed904db64aa4db47266e2e5fc831758470e5885cdd93af236adf70edf2ddd97c06cf2b6db40d87b4072605c5fb609d0d3366ae929d530c32c9b485c4a6ae4723d067dd0bb62959ea442a67c140f6c9f4cfa41a7fc42fd4a3761a5cf99582a8b278e65d4ebb1b500da55664e51806d80dbe10cac99f6fdd972299fdb1b672083fd9a44ea74b73f509123aaf75fd0ab3779db7c91c4b0f9edaf797c869d131b5607f55040cf8601ed7644a25289f8b808c0ea136f25f4ed17f6fae373024370c8fdf2d93c60d7a29a62e1df661e14da662506ac8653eda10130fc2e73e23e2763d3f86bb2b7739fc4e294cd95b5e844f38bb9102ffb3f52542d8924f341f0cc91890e4427f028b3cf7b0ea1b48135158d5a99eec3b98a456611d6b7af92786908303d41803603aaa511b470d2e192f458cdc51b62e48611bce905bb088c2bfba1a83fc335c3b49a7577b552e59cb3cefb4fb1d3ec1645a91fcb2740b8c8f06f1e7af9fbc30357384759a205b8804aa35b326db4d66a7f1eb33d83782e226500461ecb68221283adb4dca6c5591fd7f699c16039c69102b65f21f7765d35e4706993a4afec37e9f603460b8d392871d6e4b7abba31d16d13bbbe96448d91040574b265351e7eb2aecf18f82fbc58a333005639387244effe601adb2d27725f0a498c33f78e62a0a947ef2868c21b80478bb4a796f59e46b2294d09358e2e426439dc4b5aa5c4a38084ec9419429677b1e04894cbbbaab113634337668756ea00ae1184152dd6dbaa38dd0a6633321957ee76ff69ca25a33a4e71a2c9acd6877edc6592028a9808d6f022ce67b83f63bbca127e7eaa1d10cde5200761894d113fecd4548c389764f91c86ae0c3c3cdf49b72cd27fc89c3d496ef450b0e4e55de163c724238f1643fb5f259edfd7e52c35d37d89b592f84346d94f25020fc3034a33a03f31f52826a05ba1c8738a6ca184bc63d44cac2e35332d65ebda279153fdfd721c80a5e3876eee1024e5950efe84e156be12ce157b8b20f8b7d44a237826319b9b23ac2a843f8f84c4d28cf71e97842508c4bb3f5b8e59c06baf06d636d74f8104e7667c9f33286ef05bbe86e74a2523f0bb809ab1ba767fd0071c86063fafd322d02c924c4c7545229d849b305125b5bd0b691a78ddda350c7d48725a7d2be7e1b2213ec4671ce33f377f951a7b0a9676c2fecaeb5d047947c2a8a90bf445d857a66fd2d1df48f3c1bbe2bf629e9a86c31846c2dcca0bf23d5d9fb4a5e779f56e53b6cc47e25a2365239277d9b5af28e386071628ffe464e1a66c02e0cdde1340be784692b8be8ea20b9ec391fe99e5742b473ad1466c82e2803b7adbbfffb65e984f03667c8ccf6ba35b7134af2f6b26f3ea25013aab71895207fa0e44a3adbee12552c22f68c6be10f3221a12e891d561b5aee1e36187fa21087167872a29d5f4fca5365fd4644ea5d878ac1a8efa3c36b9d38f5bf1bfb27eecc28c5cfc8b580e39324881d36faf8c60bfba0796e80b95151b91ad6651724a10e4a679dd59ac4c6e0ac4bfcc039ece99c8b9e632d27dd75068f0eeb52518cd66c1fa535855f01b86a14a7049989389591f5bec3dd9a4125021e634227f5a4812ccbf11b01f9bf0ee226d15a815587190b90c945e795e397959069554fded12f91af6b61a422b6e1f10ed1822b3cb99e5cfbeaae05c92ebdc891378d9c5f02b58b0037dd2ed71acc2ac34edcc1a8f1ebd1bc392ecd23527358d4cd571dc804f88b8539876548eb6092d206060495161373330e2c12c6251d968989b7f8ec9ced4f66c4eb228c2ca8adc4f3d8529fb858ea9f524eaff75812331d863c5bf3f76362b75aa8dab7ae21941417e6c16a4478cea466db2bb9d2723b4be68798b43f9b0d9e6eba3310cb7bf995a21312b23ff412e7b2a9fe61d688cc9981d7f38b2a4a5cf9f096737bae353f09c195ca681d6544e0b1f77491170b5385cc1f01aa0af10605f0abf60aad0a59c6d5c7a451ddee4421ee5c66e2a040a66ff484bb592a0e3eb36377b3f2b80773dc0237993346ca71496004c900429380b6ef29269767442f1c30483370302bead685c6c9a81d3ebbb4f9e039505b86f9f773fdf0a782ed362033d875a25ebf47c6fa7f8d6ff13c7616e02c05adb96cd312d05c541f0bd6418010ef502ebdb976c21562a2199689165f5053326530a055b22bbc067aa36ff6969f5da4997c58489ae643330639be76bdba515b49e65071b7bedeff669ac429b2eea1a719cc279e5e3272f389c361ccaebcf7c7893c166a17cbba82c4d2c70a9b5a65374db1a0dc2296c82cedd8b1c51ea2e03a36d74b7e24c8dd80e246d99e0aa08aad0584aa3fdb930309fa6016fca67f5f2caf5bfec364ad4aded8f2dc28abcfb3e72ba980ece25cb4be9832b699dd1690af9177ce8672c754992619b2da168ef563dac8acb827cb88b26f3cf949ddd01de274a5323a5e28bdbc6e393a0aaccffbd9f85f4dadcb42055387b09e7dff761b7e6939e45fa12c3a4e6e8f92ebd188944ecc8fba7bb4a50b891", 0x969}], 0x2}}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0xa3}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000100000000000000220004000000140000000000"], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x7, 0x7, 0x6, 0x20, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x20, 0xfffffff9, 0x20006}}) r6 = syz_open_dev$loop(0x0, 0x6, 0x5c4131a7c90e292b) fcntl$lock(r6, 0x24, &(0x7f0000000140)={0x0, 0x2, 0xab, 0x3}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x14000800) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000100)={0x1, @pix_mp={0x0, 0x0, 0x38415261}}) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="02000000040000000400"/21], 0x50) 17.553777272s ago: executing program 1 (id=2131): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r3) socket$inet(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711814"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 13.841192407s ago: executing program 1 (id=2126): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r4, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r3) socket$inet(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711814000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r5) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 13.056901017s ago: executing program 2 (id=2128): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r3 = fanotify_init(0xf00, 0x1000) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r3, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @private2, 0xb}, 0x1c) listen(r4, 0x6) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_OPEN(r5, &(0x7f0000000080)={0x20, 0x8000000000000009, 0x0, {0x0, 0x8}}, 0x20) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r6, &(0x7f0000000680)={0x1f, 0x1, @none}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000004e40), 0x4) socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000001000/0x4000)=nil, 0x3) 11.646786291s ago: executing program 2 (id=2133): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x30}, 0x4c050) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$audio1(0xffffffffffffff9c, 0x0, 0x200, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) sched_setscheduler(0xffffffffffffffff, 0x5, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xd) ioctl$TIOCVHANGUP(r4, 0x5437, 0x200000000000000) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000007c0), 0x1, 0x73a, &(0x7f0000000800)="$eJzs3E9rXOUaAPDnnCZtb5t7Jxfu4uJKqFih9iRN1a6EiOtCoR+ghslJCDnJhMykNjFg68KFIKgI/ulGv4EbRXBT+h0UwZ2CC0FrGheCi8iZzEx1OpOObdKR+vvBmfO875kzz/vMHF7mwLwTwD/W4+VDEjEWERciotLqTyPicDM6GnF193m3tzar21ub1SR2di7eSsrTmn3t10pa++PRPCX+HxE3RyNOvXZ33vr6xuJMUeSrrfZEY2llor6+cXphaWY+n8+XpyYnz559burZZyb3rdY3X/nkpzc+f/HLD88t/fb8radnk5hu1h1ddeyn3fdkNKa7+pcPItkQJcMeAAAAAym/5x+KiJHmt9RKHGpGAAAAwKNk58gOAAAA8MhLYtgjAAAAAA5W+3cAt7c2q+3tYf7+4McXImL8ztri7U7+keYa4oijMRoRx7aTP61MSHZPgwdy9VpE3Jjucf0nrevv/nWvXLdG+u/nRjn/TPea/9LO/BM95p+R9n8nPKD2/Ld91/x3J/+hPvPfhQFzHFk9+VXf/NciHhvplT/p5E/65H9pwPyfjn3zbb9jOx9HnIze+f+Ya4//h5iYWyjy1mPPHCc+e/XUXvUf65c/2bv+lQHr/+761Hy/uaTM/9SJvT//XvnLa+Kt1jjSiHi7tS/b73TlePLm5Ad71T/bp/57ff4fDVj/F69vfD/gUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKApjYixSNKsE6dplkUcj4j/xbG0qNUbp+Zqa8uz5bGI8RhN5xaKfDIiKrvtpGyfacZ32lNd7bMR8d+IeLfyr2Y7q9aK2WEXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMfxiBiLJM0iIo2IXyppmmXDHhUAAACw78aHPQAAAADgwLn/BwAAgEef+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIbhw/ny57WxvbVbL9uzl9bXF2uXTs3l9MVtaq2bV2upKNl+rzRd5Vq0t3ev1ilpt5Vwsr12ZaOT1xkR9fePSUm1tuXFpYWlmPr+Ujz6UqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPirxppbkmYRkTbjNM2yiH9HxHiMJnMLRT4ZEf+JiK8ro0fK9plhDxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9V1/fWJwpinxVIBAIOsGwZyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIahvr6xOFMU+Wp92CMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABguNIfkogot5OVJ8a6jx5Ofq009xHx8vWL712ZaTRWz5T9P3f6G++3+qeGMX4AAACgW/s+vX0fDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMKj6+sbiTFHkqwcYDLtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/vweAAD//4rSy1s=") symlink(&(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000240)=0x40) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INIT(r6, &(0x7f0000002140)={0x50, 0x0, 0x0, {0x7, 0x27, 0x0, 0x11ed415, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x50) read$FUSE(r6, &(0x7f000000b040)={0x2020}, 0x2020) newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 11.201030834s ago: executing program 5 (id=2134): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/arp\x00') r3 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newqdisc={0x58, 0x14, 0xf0b, 0xfffffffc, 0x0, {0x2, 0x0, 0x0, 0x0, {0xfff2}, {0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_BETA={0x8, 0x5, 0x19}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x5}, @TCA_PIE_TARGET={0x8, 0x1, 0x5}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x40000005}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x1}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_fuse_handle_req(r2, &(0x7f0000000cc0)="f773091228a43a58c864f1e0366b07de21fe64fbd0bf85a894f8d30ff6cc5256c4d3abd726c119dbebd0ddca6ad62fdbc55f46668ec0858ba96bf6733f0be147e9108ebf89278ca74e07fed107889459c0a5e30616db71c6973818d14e3571c410aef47e6e54ba02e48ec733ebc921795a1f431faeecbc65696ffb9e08760f45650f650d24af651d9986b956d8dd66017f17012f2358b5f69dd63f9aa5fad2ab7ee6df7c99f0b5601e1dab2ed5ca6aa237c52a838d7d51293628dde608fc4ec691b6e2023ff6a6813c505fc81bd0a0de800a5bd701a401ed07139dfa917e524c7d8fd47094122e9acb0382682d0b2adc54ab61c2d9aac6b5b0d50623187e31ca089585dab35411759db09bc44178011883cd0d5ab3fc6f8be3d0e71f083fb911a229995801eeab83581aa5bde0db85ff5c77aa311fdc9f9b4b4de0a96d371b6371ace3923e5557c7e911f522e132bae799ec6d11a43ff7420d4833d306f261ab6636b1f7d250829700456e3aa69bdfa28f24acd27b4df16cf417a7bbb852fe7b50e3841708110ab82af1e1145c542afb83cd7b542c6e310a86cdb76d492955312ae6665c95f36a0683bd12a394d6a45a0f38fcde7d665c4afbb329f3486e1b21af321b3f933d585d885485e6d9448b35e0f8d825365ce26af6cb8fb7466b66491e34b5313019beb3b2934b369daaa16b73734d3f787dcbe3115a3da3804aca82335ac9b20823728a6ee0d292dbcebb103ecdec0d27ae3a3ad5e0040cb78abfddfe16f98397c5f1f910372454722a612a0cc91ea8f709544f22c4e3bd70840745638d83b74197c0b22331e3b107af26097a37c8dd2b91e5156af1a33e06846eb15aa2fe95b6df98bfa7fe28693e0ed082aacb3181b657f81790d4556506f8f2a3753bfbd2949429dc3cd1e11291e82dc3db974a13d88d9cb4242165201f3d9b130c128d057bb9167f12859fbef6de8216d70eec7d3706b9013f9b8f61d8059ab50904b66a32376840d8c3e714bd6ae87640f352ca2b4fa2c1cd83f28d5de889f1454605fdd49c7a7cf1af226895ad6ce6612063d88ae60f5b8af22ef1306f55205152f0e72f2edee901bd89136eebed01475edd572f5a4da8b34bc6db8f29944cc720cf2b03cd2f768a34a81fdd58693fe859edfb2799b3f90cae32b6d2c577dfb9e03ab2bb25a41f53a42c11c89a615bf1c44f5c61084c70882a55fb3039792e9fff127b323c0783c506b6e4b7079cf27f67fdb191256b7c908e1e30a8f72072ac4323337062da5132369135408bf74e1b1f6c1bae332f75291d7a4f4aad4b9f70be298868305486c519434652da2535ff7924324472fb23c84558a5b1578ae94c8805becdb99eba47add535fcb7a72ad9b5d631b824a35d58807ea066bbe53859c50b5adb3508ccb3ae974ee187e40dbfc09a326b06a6004aa81c6c91eadf97ccc77cf9ccf4ed92199d95c2c8d5c965594e306d4e8b78d99d2ab0d282890c9d34639d719488b8d5fd3832a01f1a5f75449f460688e63825421aecef8a43a187739d8b1e14e54c658d57e4cf607430ea530720b3308609b57a9148ad5b921d94b6bb775880d492bb515bbd30caeb4ab8fc8b0c392a6c76dc63ca136d6e76e49a0878ea9577831e7bb3b4e3915b09222d3ccbec1b3dc4b1fd1515f302ba48d15adb9fd7aeb26fe553a60dcf82ff70b6c5d7389c54194e46bf7768584acbc18c7fd7fe0fdb11dd32a322f0ae97b481da34b47d0abc16c6d12f8e9d12db2dee5a1d66d5876bc6e100e02f3a921088947fc1d0a4d8e4e878e92cee18ceb78c7d9bf0204cc515eb8185b985e967134a1400b6a5b945b3ff86f62c2da8fe6dc8628ad36910b863a4b7cc519d853e6e3c6aff4d91862dc8c1364a8559f0c58f88a90ca4bc4a9d1aa2026229d46482819df72902a8d77615042340d758bb49153eb695823d43ef50e10e700a7303a4b798499464f39412a7b2cd7c460717364c595f3711d9ccb710075ae301100ce9f0c5d8b6ccf4f673112e2a7c2b29e56ab556d3e9dc0e777da840e1e304a24227bc9d1ba3c31f2bfc39b6ffe06e7dfc08ffbb799f56c5e9b4ce9120d10bc52d4d105167b30be7d4afa0007c59c3324121568fd4f48778d7b17a1ef117036520d25367253d763dd2f1369ef6562afeaa89dcbdd433ef80f92c41143cfeaf46325f2191b1b29b6a457e0a88e7a54dfede8e186ad4fd4d3eab77136d9e403dda03ddfb24708d648840427087481424d21b25a52922a359129ce109fec903fd33f03ea6176cb7cb64567d08204902acd1f1d0146c7c8ef5ca24d04209f2b55974ed7e11eb081beed06eb03ddb5ae80e3424d52741a5e7c8c89006a62f6ba37a7e39b75566b8d57cb11fd23ff73f7f251bfcfb74336760296a801488f77a8f0a830eb4ca2987be3ce42e2aad2f4a975d95eaf0834fbab05a7e97837c0d49ba31c93b2cd3ea05319ce1d223df3a08fc35d6d99bbc863602bc84d26926241ff70d7715d27d60b201315264f2ee3ed0ee2d1959228d9b388019151580a4a68449fd37cd2c894d749a0a281c4e458f5bfc76189e7c2ae21e318a99792090e7bb8bc73ead76439a4408b2ca49678ed93ececfdaedde0bea7f8df33910ab08518829435e642bad3aa9e373fdeb80c981e8f6f11602a8cb23b25dd718296c698aa602889638041b286c3234ae10d7d0c8ff1fe301735a467475db85fe88d155f4a8ac86937392129141f2784ff559c7dc79f0fc6a43c940fe735d91c74e3975415969548a9d7e996b5d6a0801e09519ab3852e8c5cc23f380be09fb7fd37e0cbc9f540a613aa289cce31fa3ee913e364a8a8fc1490087863222160b6899e32a391e090d41bfc961943d03f7b2f8e49750a04a20f2e2ca2951498e0fa8cf0d33d022d490704015c0a83ffb9f44114e37a386f2c7f940cce802edca5ff4ddeae0666167c2a466aecd919629185f491a210d407ebd09600406178ecc818a7cc4867ff14234efad41453027f6cbc62b4649fea7b227ede841e9816d98636c2a2c950680983d2375233a7dd64dc71c9733f5502ff4016724506ff026ba71df2623446f083df9e6df6e7fb701da63c640f8599e09cd7ea1b818bc34349a051430fe5791df7724eda9eae0adb53ec1e844565abe44063a465bb2ea15fa53342cd1229f0b6092c7d544dd0ffb9cadda6930115a66a5ae892f3661e32eb3ace734f4386da1ed040dfb0155ee3f079ec72a3bd8da69b943250a3d33fdc8f4666d77c680db12e0aacd2ea7adf4b00f86733ed27d3c7d677f6a7b60c3657a599a7a36c88e5c805eb7bc022613b6ed3489ac3217bc25e862973d9b3f2235049452aeeac96f3e40044df6d2dbde64b819bf1ee67c6a03566e1e5c8d123adc7eb0410be047cfecce48a5eaf41a718f5d1b78c17fbb6fbcf003f6b1dba0a00558ae60e6413c271bb0dbf733aedd68eab4f8d884bb46b5fd833dd718e6c4ea58ff44f4137372494ae1c74d2ce3cd66526518a798f095fa804088d18d2695740e930b8d57eb55ade001c1cc9c734b77da57482e024503a1ea9e2a43943a308b5285d622ab623b860603122b41fcc249f224212cfbdc8dbc15e791ea6f51c44154619c98661664b11a34d20ecec388d69f5b32fc674d0ddf2b1365c8709a529b2eb3ba0a0547bdde3adcd272e0a41de9904999fd890b75fed8e60f1f00bc8aac46d8043ff2451541f644f270d9fc65a0b772078b05a6ce60c0df8b2540d89d052fae472867edf3b03a252bfe8e9ca3d2e31c7950851d2e7e7273c0109f2ac002747d277b6c9e6a9bd51d57c59b178a6e329c81c7bf2f5c5d345b2e990093b2e47f79807a62017fcd34efc671c7c6270a1a80f60fba3fbabb48f294ee3b1425b6e8c0fe7b14c31c2b0100d8c5f50349cff1e4e0d3aaee1f4afe10f5c234c1c4ba670111ba0d29694811f3dc242a73a9b042535f3ae8ec5b94240fd091cdfa157e7d27bf26412cdbe54ef55eb5d7183ca5ef0a9f5e81aa6dbf705e3a0d542a7573ec99ae67293970aceb8ca52c9eb5786196cb61947436581745df8a5ca11706001844f581317d43e29fc6eb1d1b011278eb4d77cc6a2e1defabaf87177a162f6269abd97503cc26aa73a18a5954e88692b63e34ba673a6b302ea2a59679ef60094c3db6f3874dab8affd12a7d12c53e77efa807d3ad845b908438b59461da39c072c6ef2fb1889f9a9e39a9256bdc71179c98399e60df6b8224a30e22ffd9010488cbc101ef020ea78a90977fe35586b4140339bffbcf32d81b04f789a195a44f289f44c714e6163afada072871122aaf6f60da967554de66cc4ecbf50aef5d02af874873ae5a36a576eb5dfd749b6168e395ce5817d6275b25d6c6ecdc6d8c4a39fa98f749d6584ec0312bd781a0a14fca35c8b0ac2cdb5a4b15d03966ce40cae66ded0cf7afbc5f1a580bcc596360f9253a70f05ebf3a58ca30b05b6edf4367d988e6dde2cedf37237ebd56da02edcebd9ba841c210ab52bdd869fbf3a783b44670483a012419a50c0114863a97d9f152e63a3ffffc4c83710ef02a3a9c718450f4e8f918c2c551d477a88e91c67bf1337a52f4d680e9607a295feafe09e1a0c5e3c1a18c5390a6a84fa19dbfa2abe421021b471f1e80811a4ba036a9a457fa323b7fa65e666a08f673ca92a02c03d6eba96604f770444b96297307bc23f6a928f0da3d97f522125592c092bb32f97882a59603b268167e970bda981299524929e111e31b3301285cfd9bbbf0263d7e2e19cd42e56920565eb5f45f99455b0851dcefd6d91575ec4e273afaad0f7e831d46a8d5f95244e06febe9d9c76fe2de20e561b11d39a4884d29e68773aa85327279e667884f8d4f965e8b12815076da686c02d17a32bc97de630508b06b091a7fa705bd705a3b5e85975db69d4198f23547686cbd42dfeb495d2c0c2c4c155dd1c8c0522836b271015c8f23a5c129e49c0def56c0fd2a5d010583b4d2849b97dffa9d28dbf783be484de51b8c1facf821d8f6a295caa97f5245c8b3fbe71b47a3390f2c2ab9f6ee41ab082c6ddaed769ddbd9188c970be2843f4fdfe32d3b9242628e3a1d037746b564b4bf6cbc37824444a78605c010a00f2f8abded984e664c63a10cb24e0c1d2d53873d519475651d73e1e228fba31b3165de6572c3f4ca692b73652bb77c423a191d45e90b122e0a66b956302ff7bacccce85e7428d8c574ef3d78884495c95f1416c3f500f5be2c0a70303ee19d4e81c1360db322a0400f311caffe568d07adaf9d6bd6f136f0886db4fc6c2cb956b79064b61afe3abd2ca638c62bf89ba91cfab89aeb6fb4eee6b8a6a321076ed5efbeb369259390e780454eb1666c4fe8366b00765b5639e20827349f4df49c90bf5dd320b36510fedf5c18f59ee14e1a8e436f02506d6c6c3c8c3328eff00bcb66ea3a99f2e9cb20f0efcfb09876f7860ce4294de8c5ce007604031a8dadaa20955701736218a159845f8cc7a485412bebaf653462459380a2cb0900721d570391f8e62869546a610e8478d9536d473945a46d9a89686d1dba43690a5a4dcad2d4fbacd877e38495d4a1696bbf46ae8fc6a764faf7c67101a785d259ac8a6df1c7fbd006e9327e24d8fa4c569a5e37fc047521cf520e2bf11dff07f6c47442db2fe7a94a7b557454363043ad4fb00d2842a16a2b25fcdd5aa38d585600cf81e9d202822c4571a12668cc202ef3af5704337bd134b99c6df8538316c9e423032e4c3b73b1e26571b9890ee5a5f9885321281c1371614b57464647c8d5387dcc9878ba4f9c4f65cb3d34fcde5b5fa1610c28f50ddf5a1ccd682ddf4590adc3d3f98b8f98fcd1845dadfb142dde12116bf36d7b738d930e10c3317a0222914e059370b463611c7e8d37bab1f834ba690c98af9924540256cb073ce89d05715e50cb79948451c8c4fbb07f497e860ed293803689ba1895af65c8d97c276e2cd0e7bdbe50655293462dbe64499184a7b8a89a454e38219b5e979c98badc75513d7a6862e2db939347d9941d906432ae41b67df54c2c92568d847fbaef8773dd466bdaf52bffde53fdc2514ae006e19a9599e0fde9c5772c3b30ce30d8fd5e0f91fdd8c66a8884575adc7d2970321520722ab1ddeaa64aa21855f9263d0b51d2b2df0ab28cd32d709c0984ed7f0ef4ced427e99230553a0b0453b1f6daa0ff63cd7750cbdb5f3373ea044ead7c91acfcfdac09648c06f4520a6766d530b37ad2aea22b50419b26f3a40df01f4970a104df6893d6e0b6b3cf88eac9c3edd9e724c5357283e933173dce77bbf70c99367b68e55cb0a3e16d1696c571b483640c33b9f229d837fd1d303608ea286643ccf46dfbd26d2484c79827c6cf896e4904a1febc39932c76a17606c0a62010932fe29877c00dcf7d65fb006594d8869bbe7f78138a78a125a475da225920235b47ba8bd631815926f7a5c4ff69d61c39b26b078760dbceefaea9aa5f08c97d2e97bd478d014ee739db93824bfa7d3167f789624e5a98873422a0176c8b2a69eb5a01dfdb22ac1cb7f9294df6ac1245d50ec44fbdfaeb145c9bacad2abc7e160993afbad2abcb9c1019cfe0e358d1c44676cf002cf844d83de959c3c3f074bad5ac0326d0ca4864b2fd724beb5338e81fa81fd178e14e267c06189ac51fc6a248398986d25d6791c98d330b37a59b3d9c46f94e6170ec499fb3f27443c185e261761d9fac5fa44bc4912c41f93a642b89d51afa016c87d086a145255e808082a2036ead976bd2b78079f8410dfd8fbd15048e3264f15491204529f6b0e5dd560caa9113f9491433b9ba54dba2fcd648928717a1499582e6acba3dd28364b368a1e16b13a2cdaf13ef8b0d4046f8c2a5f280d538b0efe3297bcc226c17688be16315383fe043a7c51a8bb02497277bb1dcc9a16db9d04dabfb0bf6eb9f408d18266fa45d2fbbe3b18b89d6dc7c5b947b741925ac93991554216773ac5e0dc903d966e8fab10ae2eb22e002aebdea2d800ba75fe33082561b9222997bcfd8d246dcee7c46ba0a12a361880b6c4bbcf966a2ac0600d69d39c6c43c783859e5212dea9944a658c6fcf33df2be59da18f1385d3425bfcafda04071b83539311884d4cc8db5838dd84c3d8355292fee226e5a69c6c9a31f1b5406cebd486ffd050928f3916d748f159436fe37dbef68656842624063833cd1811151e9f05dc5ca63191587f51274b6ba07ad44e104a20dd2fc6d43e0274c35f926b56591cee7670856d5d5194df8bdbf608f77cd8701f0ef26a0e38e4cca58e4cc699065d27eb74bd6f89755779f3b2a73a3a0d0f655755dc7cb91772bbe0b89d360353335e545d8c3133260b2ade1814e2fb4e9bea7db3e30fb62c936544a91170ec2f86e3ae75319da0d873a05dc9f0e14bc709028e11da854a03d3941a51e6f3e0d363528c9d203fa5166d9aba23a49df941d5c902aaa68a3b99a709e9d9e3adc96b581494fd2c7e4605af5891261533ee403218c6901a37dec5e2d65dcfec9449cefef4eb4c4b793f34c9b0187ac1e9302c880149843a66feddfcfe47c5e33eaf1ab1eb0ed48cab980df0fe3e11c46a27d2be9972af5ecef3081f77ffb8640a8f3694085228f7400dbf177931fed7a9fada79fcb76251e5b64087e3e4d4fe0a5b86d7e6ddf47fcd131f68796de8c9e86bd6b08cf54ffdd5e10389e0d2122d72de173535a09defea837a519f96e1e795e6e767a2ea7ebcb44e96a11a2910bfc1b5221012732bca14534a2a97afb0faca2bee78f96b59930e27b7b410b53889a190ba70fd1b5fa4418f8fe6df52457a9f814eab291bd45471c20fdf973c0f75bb052417b69592e83cf8cb34b7b8189c01ade45736c77cfde6f44448b78e02ef376d75fd2f95fb0dd91f9321837777f5f514f083bab481b66639af323383a4d715a0c3a216536c52d3fb3933895e1709b25a84a8637a125a5fede40a90d84218efed8b65c021bffc279a4b30fd0cb390a95d1225862f37df93bc97f1192e725bc38e81ca4a4d59f18afc9d89793d3834e1781a8d5e4d521aa3c34b4335817f0dd88771a31d3336e14645323ad54c728cf1b0fe515602c064b41885ff14ff394d4deef3c5de136fec1a05e3662cf61f29a74e9da23f116585d85d3806d015fc8783c08916546e18c92c737f31a7d35c72b3bea01fd852e7dc6d68f24bc787ef7b7df2c4acff86981597a7dd2aadbf40e26109a10e856a78929e698c308960d999783134d7f5abf90a9ecf67e496818ee42afe66888b41707047ecf3374be56e6be6d878531057d4b16b7ca749ec672842c057868ca4c0f9e69e6d92432d6331c4c32db2a93d50a690a0659d4c9bc6fd75f7201f943c603bf7caed8d218ebcf947ea685c0710c26aa11ec886480983e06b9be0168313de87b0e068f98bd14f2066e3fc3a058c32ca0da2a1b449814755e935ab360b15bc91f5d44e54ba2a8db07d1c3854f6b38efa006263300f2113c6d3481868e08d406545a25a8dc75b01e429853e26747023913298e7b5b174c8dfd4e36a81061ba46beeaa200d6003b9f0cf50caf3d5b06632d25fe7ba91d2a97f7562555a67876e334c642e48e753ce6f12a78329c381a1349cf5d89413d04a6b93c566aa2e335f4f0732567388a9df0b3084d57f6393eaf5c20fd7c3c29981500dfd3573a16ee4bc56836b5c3e75ebdce347e46f3d1247a936df69a259fb35ff4372b774f960aa4e8d84e4ae54caaea634d37d2d4f3a276e15176e1f00a906b2fe6ceaec16cba278d0eacdfac9dbbe5af60c5f923ce670315bbc29ac72e9f848d2c168949d7fae8d19fb86ac5511c36035c6c101063cd5b8b9902f8f51b6de2e59da3e5ddb25eb6e9dcd0a64492da36f8a61c9e2b33dd731f0423fd407048346d5a19fbb84c1d23e34f5e43afb32f3c6b85c550dae394285b233ec5ae2ac8646e2804f2c59e870caf6fae5d6df810bf6bd64562b288af75a5d42478475dd72e81651453558e4f7370cea3def6439ccc1ff644e7d0e9c5c286b8aa1881b5bf641ceef24f557b68bb7532af2139b5a890cddf0b1e26328070a43fe509609fdc6de4dfcf8f2f4a79ada37a05b9a2bcac4df7774a79f6aa569b4dd4cfcd944d64982c13349f5a880baa7b5f20aa55af6077299c6d53e0c6ea063d45d8217d72104012b5d82ec46fde056dfc94e6cc9d61bbd1bf08401d1ee163f3d7f88d3481c0f395765e6653d6678dd73a71d411e0ea02608b226357ead909c8d5643527dcd1e0f0b7a785cf691b59812593bcba54624fa2ad1db9547b78bdfe0d6ba2dbc3298dd0c539260235adb385a00989685705cf3631ae545dfd8e2813d5a2ae507f357ef3ed5dd46a868e04cfca7d01edf77c19c6d4477b9a57c7629dff4afef542d19a1b559e55488a3083ad29b98019bc54cc59299e30aa5cdf96e073ae593f644ca0e7f334b1979d16b436e624747e9c86cd985d126bc7495dc27d010347f7a76266894de2ec5d2c9e460e723b0857313e17a17a6a2ad9983867cb78dc5dd3eec56056fcf4a76acf11af6e74fa9c08dc30df7590fccc00e8e972736397ba8680fd56f2fd3758d628c3c93c4222ded9de6b2341cd49325af64d48de4e1c62dea24b19e82f3ae3cf1212671774b510d2e2c18141b5b0ca54376d311443bf5bea59d9f07cb83767904e644a5cb77830f4f7f92de93dd6498ad091384d8899fea4d539ea6dd9178b07bcb47704e37ce6412ab52e24108c890848f9ae08f3c7bd72362cea73dfd0ffc8b77baab1fb43f9b2247f3c20e1a67839ddb28ba7ebef67abe121c3f55d1b63cf32698e068ed11b514f23b8762d55e6394613bb895b5f6bd256ca0732acb067f916bdce9120dffa8a9473815ccd35b3d622ee25ffb98bbdbd17955a0694cac0a64254ae997a9a15137b7f923f611a1adaea3fb6ef547d5a3be44a14be44202b1679968ded791d3a7632cdf4cd3c762d022cc3109e0b10b62b3e779836756ca3bb65a1c8a7fff871113f1975b556831aaaba1850acf0953383e223d3371ae4753a323dda2ea9298cf94c15abb084f8548672b257225544adb2b5eb8fa348a32a20f15d6873bf5dabde8fd89a76903d6f75e0c57c4d6918a3c3120ba5e5cb955cf224a17bd49bb08212d585ce979199247a40757ab81d9e1fbddbb14f015908a9aee690382cb07557beb1b157f5a3b279615d5b7c64a83d229a87cd16a6d401c06dc84ae286075c4d634e6f91dc7a284bbfc1795acedb1fd43c5c2e8ed6fa237e3d06a69b4fb83aa47a12e4ef83a5c5741d85d8342247d4d979601b66867313b1b8f19f769d13c9fbf6c1b2e272d0b0e875743c138ef0c014e1d8985642b029d35aa073d283da1367e869561913a1a0463cf3cc6c41835dcb60d69f6f71aafeede9bc6987c4a68c9e0fb3c1986433e6e45d23a5b03ec664b00cf6a207a8e7dccf7d493bee9a44331e8c1ed92d5cec7afd206d3a3cb78f213b4d2aa8c1c9b0730d818747ddf1027aeb8684944c5b9696ea935f55b5be94f69bdcecc50186cff82a73de8bd231314d9217b6089b8cd8a292793f1fdec1c5af1a2df89c1e300d2fb93516d56060e08f7e4c50b5f227325d0908677653d64dc5cf838f39e271ad79f0033b6b2a5611d5d1f9bb984e6f7d735c5bf0924d873e20e5869bd6d94d9f0994a78614dec3f36325299d189293dc5a4df8cbad29d1fd7f9b51c1c9e48e2238aaff3243cd346deb4ba8545af524776300f648c6728b0f97d17f7ec45daddd62478890a166e7db997047df69ded08cc4d9d8297259dc4100c88359c880dc855ffd5ef3b0922a5b00dae3daeb70441e15dffb415adafaaafb5f5c03b610a3c9903662c236e23baf01337a669f5e174cca1ec79ad7f3cd8635fdcea958cb67400bd01dd03a845fe820f0e7f19776867f247e9c2536ad2776de00480246ace33002c284d7a8929d1e708da9059212ae6d7da49afb9222c97983529158f69bbdbd8f502daae24aef87d0d8a4085dd0740ad1f33178b52447f43192acab0b9aa777262142ec29befefc95de9637f3cb7dff186af2020378870015feadf7b4bf66959cc81543ae33312e4ae3e9c152a65eb76df86b788d11a8534227a8d7e330ef48f5a1069ce4152bc6b311e4636d480272527fcc60c5c3aebbb513d06246ef52e33e7cca789f106ca53df689353c3a518c6dd4719a073f83ea70e1b37c312d216ef26f806f13ddb40e12e3c8b31ccab1440fcd2a2f2f7766997a610a1ad51108163ab4da30219c9a5a2545b19041bdff4e2569f3c281784ac3982de68af9405d634ea1c8d814d0f15b946a1e2130a2995e2d2330be135f21bf5abeb851c65cc3227aff2ce2d88325436409d725a5523253a722af8360a0dee622adc4690ae49f6c3445d2bc4ae75595874849b54798724a0a9f6161caeb83ad17c2d7325524d9acb94e80c7626458167e624f62e9dbf2c49ea52f8c978481f6fdce7222a4c353d8a77034d7a3e3237d253ce3402553ae63a4519298e96b534bab3aadba3dbae70c07fa06e03f89b711e1deb0e9f4dacbad30374777a2710dec408fb8531acb5d89376c07b5673cac6e361935", 0x2000, &(0x7f0000003ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lseek(r2, 0xffffffffffffffff, 0x1) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240)={[{0x2, 0x5, 0x93, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x9, 0x9, 0x82}, {0xfffffff9, 0xfffa, 0x0, 0x0, 0x0, 0xf6, 0xca, 0x8, 0x4, 0xff, 0x81, 0x0, 0x800000000000000}, {0xffffff01, 0x0, 0x7, 0x4, 0x4, 0x5, 0x7, 0x8, 0x7, 0x8, 0xfe, 0x4, 0x1000000000000004}], 0x40003}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000002400)={[{0xa, 0xce, 0xf8, 0x5, 0x7, 0x96, 0x9, 0x6, 0x65, 0x0, 0x2, 0x6, 0xffffffff}, {0x15, 0x1, 0x6, 0xa, 0x1, 0x6, 0x6, 0x6, 0xb, 0x5, 0x4, 0x9, 0x1}, {0x2, 0x1000, 0x8, 0xc, 0x1, 0x2a, 0x6, 0x8, 0x7, 0x40, 0xf4, 0x4, 0x200}], 0x9}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000025c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x7, &(0x7f0000000100)="17d72030", 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x100000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) sendmsg$inet6(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="944cf7", 0x3}], 0x1}, 0x20000010) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) 9.644716816s ago: executing program 2 (id=2137): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x1c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000640)={0x800, 0x31364d4e, 0x2, @discrete={0x5, 0x200}}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x56a7}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x40050}, 0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000200)=0xb) r7 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRES64, @ANYRES16], 0x1, 0x374, &(0x7f0000000f80)="$eJzs3c9rI2UYwPEnbX5MWrbJQRQF6YNe9DK01bMaZBfEgEt3I+4Kwux2oiFjUmZCJCK2N6/izX9AcNnjgocF9R/oxdt68eLJXgRBFxFH5leapJMfjSmb7n4/0OZJ3veZed/84nkDeXP83pcfN+ueWbc6smKoZEREHoqUZUUSmegiLykO5eX1Px48f+3Gzbcr1erlXdUrleuv7Kjqxub3n3xWjLvdL8hR+YNjMX49evro2eN/r3/U8LThaavdUUtvtX/pWLccW/caXtNUverYlmdro+XZbtTejtrrTnt/v6dWa+/S2r5re55arZ427Z522tpxe2p9aDVaapqmXlpLG+5jzJgjp3Znd9eqzHnC23PmYdH+9n1/QrPrVqxVEbN4qqV251zHBQAAltJI/f91UiOUZaVfUGbitUA+jIeXAUH9n8Rh/R8sFk7q/7sv/NhZf/feRlz/38+n1f+v/hzlD9X/wdkXXv9/O3L9dEV04R2cpfP/qv+xHDaHX5G/nazYY0H9H7wa+iv63Pt3t8KA+h8AAAAAAAAAAAAAAAAAAAAAgIvgoe+XfN8vJZfJ38lXCOLrybVJXzTGhTPu8S/EOwr0nw94LF27cVOM8It72Q0R54turVuLLuP2pOOWlOSf8PkQizacOAwbNVCWH5yDbi0XJ6yG/ysiKo7Ysi0lKQ/lh/GVt6qXtzUS5YfnP+jWMtm1IL8ujTB/R0ryVHr+Tmp+Xl56cSDflJL8dFva4she/D6W5H++rfrmO9WR/GLYL83r5/uQAAAAAACwcKaqES+fy8Pr32j9bpqqae3BWl4G1+enPx/or6+3Utfn2dJz2Uc7dwAAAAAAnhRe/tOm5Ti26/XGBkWZ1qcQH22kKStTjhwE2Rn6DAUPwiA3qc/qwAxnPXI+/gWNWYfhej2ZecxJ8GdBUu/MZAvXoSYj/V6dMUjmP0Nn46wPgeutnH3ututtBuPRuaYzECQfG43rI1fnPfK4INk5d1rnZ7765q/5TpGJd+0dbHrtnjFlpmGQGbnlcMqT9nffD17UE8eTS3+3+G6eH5kBAAAAsCSSor/oJbe8MSVj/fwHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAADAE2ah26SNCR71HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl8V8AAAD//1f39NU=") r8 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r9 = open(&(0x7f00000000c0)='./bus\x00', 0x10507e, 0xa6) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r11, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x9}]}, 0x34}}, 0x4044890) fallocate(r8, 0x0, 0x0, 0x1000f4) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r12, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0xfffffffffffffdef, 0x0, 0x0, 0x0, 0x0, r9, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r9}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r8, 0x0, 0x0, 0xffffffffffffffff}]) 9.509646863s ago: executing program 5 (id=2138): socket$nl_route(0x10, 0x3, 0x0) socket$can_raw(0x1d, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) pipe(&(0x7f00000000c0)) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socket$can_bcm(0x1d, 0x2, 0x2) socket$can_bcm(0x1d, 0x2, 0x2) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) socket(0x10, 0x803, 0x0) socket(0x10, 0x3, 0x0) syz_open_procfs(0x0, &(0x7f00000190c0)='syscall\x00') r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x3a3d00, 0x183) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x9e}}, {0x2, 0x4e24, @local}, 0x221, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd1, 0xbc, 0xfffc}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20004044}, 0x24040804) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 8.611812319s ago: executing program 3 (id=2139): bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ce\x00'}, 0x58) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="190000000400000004000000020000", @ANYBLOB='\x00\x00\x00\x00\x00', @ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r4, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00', 0x7) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r4, 0x84, 0x5, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e20, @local}}}, 0x84) openat$nvram(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000100)='GPL\x00') write$UHID_INPUT(r5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r0, 0x0, 0x0}, 0x20) 8.582178861s ago: executing program 1 (id=2140): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000140)="be27a0fbbe4e95", 0x7}]) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x2d, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x17, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1a}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xd3588a68d39da5d3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x23}, 0x94) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) timer_settime(0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x47) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e1f, @loopback}, {0x20000010304, @local}, 0x6, {0x2, 0x4e21, @rand_addr=0x64010101}}) setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file0/file1\x00', &(0x7f0000000140), &(0x7f0000000180)={'L-', 0x4}, 0x16, 0x2) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) umount2(&(0x7f0000000040)='./file0/file0\x00', 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, 0x0, 0x82}], 0x1, 0x0, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.541437703s ago: executing program 5 (id=2141): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x105, 0x10000839, r3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(0xffffffffffffffff, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @private2, 0xb}, 0x1c) listen(r4, 0x6) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$FUSE_OPEN(r5, &(0x7f0000000080)={0x20, 0x8000000000000009, 0x0, {0x0, 0x8}}, 0x20) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r6, &(0x7f0000000680)={0x1f, 0x1, @none}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000004e40), 0x4) socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000001000/0x4000)=nil, 0x3) 7.313098397s ago: executing program 3 (id=2142): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRESHEX=r0, @ANYBLOB="3f0800000000fedbdf25170000003ff81960e21d1946b9d1d39a18c46392ff9afe4ded89e58496b604007a370d13c3cc8e2d199ce7ef2e84de942a20246cf1d75e59e58761a5bba305ba1ef2042e95ecf5cb293a1ecf30793e8294aa0606b5bb7dcfb657d99c6ac8a043b39f6b7604a1d4640e2955cdb2c333d2180421cbbd9ab428044f"], 0x14}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$audion(&(0x7f0000000140), 0x4, 0x400) openat$cgroup_procs(r1, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1000000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$kcm(0x10, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000040)={0xfffffffb, 0x80, 0x1, 'queue1\x00', 0x85}) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000002c80)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[]) mknodat$loop(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x8, 0x1) openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) statx(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x4000, 0x2dd8806920477201, &(0x7f00000003c0)) io_uring_setup(0x937, &(0x7f00000002c0)={0x0, 0x32b6, 0x80, 0x0, 0x35d}) 6.724853028s ago: executing program 5 (id=2143): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x1800, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x44090) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x3c, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x8400, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) write$rfkill(0xffffffffffffffff, 0x0, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0) ioctl$VIDIOC_S_STD(r4, 0xc0405626, &(0x7f0000000000)=0x100) read$dsp(r3, &(0x7f00000011c0)=""/4117, 0x200021d5) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="89cda10663c63528c8a080e651d76ea38db451e86cbc09b307ceac2bd4f20701b21d3e3f6f232e3107cb3daf10236ae2bbc96c33ee917d5e594c0e3d4a931991281f595c22d63e146bf411e26e8062fd0828fe58ffd02662fa81ef1efcbe7936e8d01cee57ddcab798e512aacc6e8db9a584d32e35452f47b56d51790bef05ed8efeb38888e401fa052a9fd13a32eac25dd8f77dced900268a255b622bbebca764ef1abbb9a2d52a8a88741c55b541e763e0a3f2d23bb303f0f508d7c81d77a5", 0xc0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000680)="5141aaa6b380c88e8cdc0a29b7d59cc88f7f2b45ad4712b401f6d9aff496a2b040911ac95311721c777670fa0f54eddbef6ae72cfc6849154d96b0780a6cab2549d72f8cd0c94feb68d33efba3f88dc40ecc6710de85ba3eaf83e9133a94b6329921b00daf6b53d3af61daa8e3758a0de0b10d0fa2b075240afa5b3ef8a296c91d66", 0x82}], 0x1}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)="f7", 0x1}], 0x1}}], 0x3, 0x0) shutdown(r5, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 6.620509933s ago: executing program 2 (id=2144): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r3) socket$inet(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711814000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4.942135591s ago: executing program 2 (id=2145): fsmount(0xffffffffffffffff, 0x1, 0x9e) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x2, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r1 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x102) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x5c, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44) socket(0x2, 0x80805, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x8, @loopback, 0xfffffffc}}, 0x0, 0x0, 0x6, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) sendto$inet6(r4, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0xa15f}, 0x1c) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x1}) close_range(r5, 0xffffffffffffffff, 0x0) 4.941691581s ago: executing program 3 (id=2146): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x30}, 0x4c050) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$audio1(0xffffffffffffff9c, 0x0, 0x200, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) sched_setscheduler(0xffffffffffffffff, 0x5, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xd) ioctl$TIOCVHANGUP(r4, 0x5437, 0x200000000000000) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000007c0), 0x1, 0x73a, &(0x7f0000000800)="$eJzs3E9rXOUaAPDnnCZtb5t7Jxfu4uJKqFih9iRN1a6EiOtCoR+ghslJCDnJhMykNjFg68KFIKgI/ulGv4EbRXBT+h0UwZ2CC0FrGheCi8iZzEx1OpOObdKR+vvBmfO875kzz/vMHF7mwLwTwD/W4+VDEjEWERciotLqTyPicDM6GnF193m3tzar21ub1SR2di7eSsrTmn3t10pa++PRPCX+HxE3RyNOvXZ33vr6xuJMUeSrrfZEY2llor6+cXphaWY+n8+XpyYnz559burZZyb3rdY3X/nkpzc+f/HLD88t/fb8radnk5hu1h1ddeyn3fdkNKa7+pcPItkQJcMeAAAAAym/5x+KiJHmt9RKHGpGAAAAwKNk58gOAAAA8MhLYtgjAAAAAA5W+3cAt7c2q+3tYf7+4McXImL8ztri7U7+keYa4oijMRoRx7aTP61MSHZPgwdy9VpE3Jjucf0nrevv/nWvXLdG+u/nRjn/TPea/9LO/BM95p+R9n8nPKD2/Ld91/x3J/+hPvPfhQFzHFk9+VXf/NciHhvplT/p5E/65H9pwPyfjn3zbb9jOx9HnIze+f+Ya4//h5iYWyjy1mPPHCc+e/XUXvUf65c/2bv+lQHr/+761Hy/uaTM/9SJvT//XvnLa+Kt1jjSiHi7tS/b73TlePLm5Ad71T/bp/57ff4fDVj/F69vfD/gUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKApjYixSNKsE6dplkUcj4j/xbG0qNUbp+Zqa8uz5bGI8RhN5xaKfDIiKrvtpGyfacZ32lNd7bMR8d+IeLfyr2Y7q9aK2WEXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMfxiBiLJM0iIo2IXyppmmXDHhUAAACw78aHPQAAAADgwLn/BwAAgEef+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIbhw/ny57WxvbVbL9uzl9bXF2uXTs3l9MVtaq2bV2upKNl+rzRd5Vq0t3ev1ilpt5Vwsr12ZaOT1xkR9fePSUm1tuXFpYWlmPr+Ujz6UqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPirxppbkmYRkTbjNM2yiH9HxHiMJnMLRT4ZEf+JiK8ro0fK9plhDxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9V1/fWJwpinxVIBAIOsGwZyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIahvr6xOFMU+Wp92CMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABguNIfkogot5OVJ8a6jx5Ofq009xHx8vWL712ZaTRWz5T9P3f6G++3+qeGMX4AAACgW/s+vX0fDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMKj6+sbiTFHkqwcYDLtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/vweAAD//4rSy1s=") symlink(&(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000240)=0x40) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INIT(r6, &(0x7f0000002140)={0x50, 0x0, 0x0, {0x7, 0x27, 0x0, 0x11ed415, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x50) read$FUSE(r6, &(0x7f000000b040)={0x2020}, 0x2020) newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 4.054172558s ago: executing program 5 (id=2147): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000001280)={0x58f5, 0xd0002, 0x2, 0xfffffff7fffffffd, 0x1, 0x0, 0x2401}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="58000000020601030000000000000000020000060c00"], 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x10) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) syz_read_part_table(0x5da, &(0x7f0000000a00)="$eJzs3D2LHVUYB/D/mTtz714I7hewWEgjCm5h66IIJqQLop2FrUVQYiEWeveiIoidVVrRwhcIfgRBgugXEGHRQsRexBSGIzNz9iayIMgugvD7FfM855nzumfaveH/re7vp5aUufXRYgp9l6zG5Jfk3SHZdmmFZGgDxxEvfPbslWsH18tqVxurx+3t6v4qyxb7HEzxmdZ+b3oep2STlmb4Ypl+7FvncbfObvpuyWLsUy70T8G/13/46XzNy3bbN4bpWlbJNp8kv9fZYZJFrXXzynzJ6yGL3VdxDreP7myfavk67aMb5tbm/VL69m7IuIsum8unIxfJw08e3jw75Xoev52Ol/Y911qHS6dju/ZiPO69Zb+e0ye++WmT7d5u9tTu/qQn6+TVk+cen3ZS5jmG8x8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAL9shrj37VzWkLKdPz6WTzQDHJcfLnXByyvaj1bx/d2X/7nZtd3jh6+fvNmz9f/TW/JVnk8OqlZLXr99JbU95PGxvDZHHu9W/c65aff/z1eldoU5fk28s/3K2nK5y0+Hr6K7u+R9251wcAAAAAAAAAAAAAAAAAAIDRl7l2cL3L80nJi3/7d/+9pJQHGrXW+sf4qLvq8tZDLfvux5SkJuPLZSsOp/3q6oPHpp8V2JubtfZjSPkPDsg/+isAAP//tadi8g==") fsopen(0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1f) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x3, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000340)) name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r3, &(0x7f00000001c0)={0x1d, r4}, 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000040)=0x80, 0x4) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f0000000000)="2400000011005f0414f9f4070009041f810000000e0000000000000008000f0001000000", 0x24) open_by_handle_at(0xffffffffffffff9c, 0x0, 0x200000000000000) 3.788093191s ago: executing program 2 (id=2148): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r4, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r3) socket$inet(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711814000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r5) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.85623645s ago: executing program 1 (id=2149): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) ptrace$ARCH_SHSTK_DISABLE(0x1e, r3, 0x1, 0x5002) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3c) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0xfffffffffffeffff, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x8, 0x248e, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x81, 0x6, 0x5, 0x7ff, 0xf439}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610430000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) ptrace$getregset(0x4204, r6, 0x2, &(0x7f0000000740)={0x0}) r7 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@ipv6_delroute={0x30, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfd}, [@RTA_GATEWAY={0x14, 0x5, @empty}]}, 0x30}}, 0x0) 2.85595462s ago: executing program 3 (id=2150): bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ce\x00'}, 0x58) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="190000000400000004000000020000", @ANYBLOB='\x00\x00\x00\x00\x00', @ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r4, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00', 0x7) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r4, 0x84, 0x5, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e20, @local}}}, 0x84) openat$nvram(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000100)='GPL\x00') write$UHID_INPUT(r5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r0, 0x0, 0x0}, 0x20) 1.106423132s ago: executing program 3 (id=2151): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da55a02ddbe2665dca1029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r3 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@ifindex, 0x13, 0x1, 0xf, &(0x7f0000000440)=[0x0], 0x1, 0x0, &(0x7f0000000480)=[0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0), 0x0}, 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000005400010029bd662189f1000007000000", @ANYRES32=r0], 0x18}, 0x1, 0x0, 0x0, 0x22004000}, 0x40080c0) ioctl$XFS_IOC_PATH_TO_HANDLE(r2, 0xc01c5869, &(0x7f0000000780)={r2, &(0x7f0000000680)='tls', 0x201, &(0x7f00000006c0)={@align, {0x100, 0x2, 0x8, 0xffffffffffffff00}}, 0x7, &(0x7f0000000700), &(0x7f0000000740)=0x2f7}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)=ANY=[@ANYRES32=r5, @ANYRES32=r3, @ANYBLOB="55e4c98e04000000000000004dea45e6edb0bdb13f2772c4db91a7e2cffaae24896f1e68cee214ee77a4117d498154587143ea011285cbf7ea9d93d9725e9c10e7d924ad77d52459cabcac7001316267dd6e674d46caaae3cdc637fec6cfcf070aef4ee0b47bfac560d1bdfeed5b14cebc083a354bdac44a3484a7d0641c60d2e796cfc235d339671c9d5d71d0b82da42289338a89bd0d487376c17f60b788c1d4762ea22c62527eeb005d211d2e64f5512a269e7b0b4a388ac286c4cb9ffdc28c1c954494cb89453607a8774cd3b5cbcb2b74502e5e4597041d2f031c279b10c3325c317c9d177093e4c713e5c8d9fc5bef6d97c1f5f71c82d21c376e96e62a233282460216bc630b33eec1e0e00bf4773d2231b0d110e65ce38d5c69b2c2c6c998c54deb0bd4b5", @ANYRES32=r6, @ANYBLOB, @ANYRES64=r4], 0x20) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000004c0)={r8, 0x0, 0x4, 0x0, 0x2, [0x0], [0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r9, 0x80000}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r10}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0x1) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$setlease(r11, 0x403, 0x0) r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r12, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x2, 0x300) 1.025072616s ago: executing program 5 (id=2152): socket$nl_generic(0x10, 0x3, 0x10) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffff7dd}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001b00)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lli, {}, {0x7, 0x1, 0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0x99}}]}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000600)="2e61b3e3dff01e19adc7beef915d564c90c2000000000000", 0x18) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r8) close(0xffffffffffffffff) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) sendmsg$NFT_BATCH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYRES16=r4], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x20000040) sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0xff07}, 0x2000000) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) 953.984489ms ago: executing program 1 (id=2153): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000140)="be27a0fbbe4e95", 0x7}]) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x2d, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x17, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x1a}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xd3588a68d39da5d3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x23}, 0x94) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) timer_settime(0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x47) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e1f, @loopback}, {0x20000010304, @local}, 0x6, {0x2, 0x4e21, @rand_addr=0x64010101}}) setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file0/file1\x00', &(0x7f0000000140), &(0x7f0000000180)={'L-', 0x4}, 0x16, 0x2) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) umount2(&(0x7f0000000040)='./file0/file0\x00', 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, 0x0, 0x82}], 0x1, 0x0, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 91.988625ms ago: executing program 3 (id=2154): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @mcast1, 0x9}, 0x1c, &(0x7f0000000240)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}], 0x28}, 0xc000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) close(r3) socket$inet(0x2, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711814000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 0s ago: executing program 1 (id=2155): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getpgid(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000070}, 0x4) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9) r1 = socket(0x10, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40040c4) sendto$packet(r1, &(0x7f0000000400)="e2049778b270cf1d10937905ccfe72ae37683ccf36", 0x15, 0x4c010, 0x0, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049ec) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x28) close(r3) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, 0x0) close(0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x3c, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x892f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50800}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r1, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) kernel console output (not intermixed with test programs): ink: 8 bytes leftover after parsing attributes in process `syz.5.1060'. [ 891.849531][T11500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 892.577083][T11505] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 893.050972][ T28] audit: type=1326 audit(1777093535.155:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.099581][T11508] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge0 [ 893.113661][ T28] audit: type=1326 audit(1777093535.175:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.572613][ T28] audit: type=1326 audit(1777093535.175:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.647088][ T28] audit: type=1326 audit(1777093535.175:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.697165][ T28] audit: type=1326 audit(1777093535.175:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.787244][ T28] audit: type=1326 audit(1777093535.175:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.837132][ T28] audit: type=1326 audit(1777093535.175:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.927274][ T28] audit: type=1326 audit(1777093535.175:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 893.980846][ T28] audit: type=1326 audit(1777093535.175:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 894.003612][ T28] audit: type=1326 audit(1777093535.175:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.5.1061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 894.691142][T11523] loop1: detected capacity change from 0 to 2048 [ 894.802996][T11523] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 894.912136][T11523] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 898.028940][T11545] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1069'. [ 898.060365][ T31] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 898.707060][ T9509] Bluetooth: hci1: command 0x0406 tx timeout [ 898.828842][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 899.004471][T11549] loop5: detected capacity change from 0 to 512 [ 899.090848][T11549] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 899.124559][T11549] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 899.466027][T11549] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 899.482015][T11549] __quota_error: 121 callbacks suppressed [ 899.482031][T11549] Quota error (device loop5): write_blk: dquota write failed [ 899.495426][T11549] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 899.505510][T11549] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1072: Failed to acquire dquot type 0 [ 899.635652][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 900.827168][T11566] netlink: 'syz.2.1071': attribute type 1 has an invalid length. [ 900.888758][T11566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1071'. [ 902.376585][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 904.438998][T11589] netlink: 'syz.3.1078': attribute type 1 has an invalid length. [ 904.457491][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 904.477383][T11589] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1078'. [ 904.937447][ T27] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 905.466089][T11596] comedi comedi3: board detection failed [ 905.607096][T11595] lo speed is unknown, defaulting to 1000 [ 905.635814][T11597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 905.645056][T11597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 905.678460][T11598] bridge0: port 4(erspan0) entered blocking state [ 905.686680][T11598] bridge0: port 4(erspan0) entered disabled state [ 905.697215][T11598] erspan0: entered allmulticast mode [ 905.727837][T11598] erspan0: entered promiscuous mode [ 907.114476][T11604] loop5: detected capacity change from 0 to 512 [ 907.235852][T11604] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 907.320313][T11604] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 907.726449][T11604] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 907.733446][ T27] usb 3-1: unable to get BOS descriptor or descriptor too short [ 907.748292][T11604] Quota error (device loop5): write_blk: dquota write failed [ 907.756762][T11604] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 907.767720][T11604] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1081: Failed to acquire dquot type 0 [ 907.860644][ T27] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 907.950735][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 908.105973][ T27] usb 3-1: can't read configurations, error -71 [ 908.697084][T11621] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004 [ 910.239012][T11636] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1089'. [ 910.395811][T11641] netlink: 'syz.5.1090': attribute type 39 has an invalid length. [ 910.527696][T11645] loop5: detected capacity change from 0 to 7 [ 910.585561][T11645] Dev loop5: unable to read RDB block 7 [ 910.591499][T11645] loop5: unable to read partition table [ 910.597922][T11645] loop5: partition table beyond EOD, truncated [ 910.605767][T11645] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 910.677551][T11647] binder: 11640:11647 ioctl c0285840 200000000000 returned -22 [ 910.846421][T11648] netlink: 'syz.1.1087': attribute type 1 has an invalid length. [ 910.877873][T11650] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 910.892796][T11648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 912.339752][T11662] loop5: detected capacity change from 0 to 64 [ 912.363324][T11661] loop3: detected capacity change from 0 to 512 [ 912.438357][T11661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 912.497883][T11661] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 912.814603][T11671] ptrace attach of "./syz-executor exec"[10021] was attempted by "./syz-executor exec"[11671] [ 912.903245][T11661] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 912.919771][T11661] Quota error (device loop3): write_blk: dquota write failed [ 912.928273][T11661] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 912.938644][T11661] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1094: Failed to acquire dquot type 0 [ 913.311730][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 913.609875][T11676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1096'. [ 916.284181][T11691] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 916.340485][T11696] smc: net device vcan0 applied user defined pnetid SYZ1 [ 916.369760][T11697] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1101'. [ 916.391040][T11696] smc: net device vcan0 erased user defined pnetid SYZ1 [ 916.507926][ T28] audit: type=1326 audit(1777093558.615:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 916.557417][ T28] audit: type=1326 audit(1777093558.615:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 916.709134][T11707] ip6t_REJECT: ECHOREPLY is not supported [ 917.471116][ T28] audit: type=1326 audit(1777093558.635:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.622458][ T28] audit: type=1326 audit(1777093558.635:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.705674][ T28] audit: type=1326 audit(1777093558.635:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.777143][ T28] audit: type=1326 audit(1777093558.635:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.827389][ T28] audit: type=1326 audit(1777093558.635:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.877158][ T28] audit: type=1326 audit(1777093558.635:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.947480][ T28] audit: type=1326 audit(1777093558.635:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 917.964905][T11715] loop2: detected capacity change from 0 to 64 [ 917.998343][ T28] audit: type=1326 audit(1777093559.555:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 918.408234][ T28] audit: type=1326 audit(1777093559.555:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 918.923301][T11724] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[11724] [ 919.676231][T11727] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 920.257525][T11726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1107'. [ 923.104822][T11741] syz.1.1109 (11741): drop_caches: 2 [ 923.450101][T11743] loop5: detected capacity change from 0 to 2048 [ 924.218836][T11743] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 924.236846][T11743] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 924.902301][ T28] audit: type=1326 audit(1777093566.765:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 925.172763][T11762] loop2: detected capacity change from 0 to 64 [ 925.442947][ T28] audit: type=1326 audit(1777093566.765:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 925.502501][ T28] audit: type=1326 audit(1777093566.765:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 925.547550][ T28] audit: type=1326 audit(1777093566.765:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 925.596036][ T28] audit: type=1326 audit(1777093566.765:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 925.865847][ T28] audit: type=1326 audit(1777093566.785:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa43eb5d60e code=0x7ffc0000 [ 926.325652][ T28] audit: type=1326 audit(1777093566.815:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa43eb9cb42 code=0x7ffc0000 [ 926.357689][T11767] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[11767] [ 926.852085][ T28] audit: type=1326 audit(1777093566.815:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa43eb9cb42 code=0x7ffc0000 [ 926.877361][ T28] audit: type=1326 audit(1777093566.825:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43eb9cdd9 code=0x7ffc0000 [ 926.930830][ T28] audit: type=1326 audit(1777093566.825:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.5.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa43eb9cb42 code=0x7ffc0000 [ 927.158921][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 927.430210][T11771] netlink: 'syz.2.1117': attribute type 10 has an invalid length. [ 927.441250][T11771] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1117'. [ 927.454206][T11771] dummy0: entered promiscuous mode [ 927.527284][T11771] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 930.076181][T11781] loop5: detected capacity change from 0 to 2048 [ 930.083718][T11781] ext4: Unknown parameter 'dont_measure' [ 930.112607][ T5943] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 930.182734][T11789] loop2: detected capacity change from 0 to 512 [ 930.400050][T11789] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 930.429890][T11796] loop3: detected capacity change from 0 to 512 [ 930.456863][T11789] ext4 filesystem being mounted at /280/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 930.507644][T11796] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 930.833514][T11796] ext4 filesystem being mounted at /298/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 931.022574][T11781] loop5: detected capacity change from 0 to 1024 [ 931.034280][T11781] EXT4-fs: Ignoring removed orlov option [ 931.179841][T11781] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c018, mo2=0002] [ 931.188912][T11781] System zones: 0-1, 3-12 [ 931.195161][T11781] EXT4-fs (loop5): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 931.453601][T11809] EXT4-fs error (device loop3): ext4_lookup:1858: inode #12: comm syz.3.1122: iget: bad i_size value: 2533274857506816 [ 931.938378][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.945118][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.163047][T11807] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 932.178480][T11807] __quota_error: 59 callbacks suppressed [ 932.178497][T11807] Quota error (device loop2): write_blk: dquota write failed [ 932.192030][T11807] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 932.202250][T11807] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1121: Failed to acquire dquot type 0 [ 932.459986][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 932.536193][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 932.891683][T11827] wlan0 speed is unknown, defaulting to 1000 [ 932.898229][T11827] wlan0 speed is unknown, defaulting to 1000 [ 932.907551][T11827] wlan0 speed is unknown, defaulting to 1000 [ 932.991579][T11827] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 933.180879][T11827] wlan0 speed is unknown, defaulting to 1000 [ 933.200101][T11827] wlan0 speed is unknown, defaulting to 1000 [ 933.217211][T11827] wlan0 speed is unknown, defaulting to 1000 [ 933.231666][T11827] wlan0 speed is unknown, defaulting to 1000 [ 935.017071][ T28] audit: type=1326 audit(1777093577.085:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11830 comm="syz.3.1125" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb8c499cdd9 code=0x0 [ 936.994198][T11855] netlink: 'syz.5.1129': attribute type 1 has an invalid length. [ 937.002071][T11855] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1129'. [ 937.663227][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 940.530321][T11858] netlink: 'syz.5.1132': attribute type 1 has an invalid length. [ 940.687728][T11858] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1132'. [ 941.642066][ C1] sd 0:0:1:0: [sda] tag#6278 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 941.652767][ C1] sd 0:0:1:0: [sda] tag#6278 CDB: Read(6) 08 00 00 00 00 00 00 00 00 00 00 00 [ 941.776044][T11891] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0 [ 941.788811][T11888] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 943.455205][T11902] netlink: 'syz.1.1141': attribute type 1 has an invalid length. [ 943.463206][T11902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1141'. [ 944.280085][T11907] Cannot find del_set index 1 as target [ 944.321069][T11907] overlayfs: missing 'lowerdir' [ 947.480158][T11922] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 949.841931][T11941] netlink: 'syz.3.1151': attribute type 1 has an invalid length. [ 949.849774][T11941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1151'. [ 951.606234][T11949] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 952.650022][T11960] netlink: 'syz.2.1152': attribute type 1 has an invalid length. [ 952.657962][T11960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1152'. [ 953.396782][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1154'. [ 953.423454][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1154'. [ 957.676622][T11989] netlink: 'syz.1.1163': attribute type 1 has an invalid length. [ 957.684563][T11989] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1163'. [ 960.359654][T12014] netlink: 'syz.5.1164': attribute type 1 has an invalid length. [ 960.367858][T12014] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1164'. [ 962.017086][T12026] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 962.469775][T12037] netlink: 'syz.2.1173': attribute type 1 has an invalid length. [ 962.478604][T12037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1173'. [ 963.786876][ T5943] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 964.742831][T12046] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 971.605250][T12096] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 972.225154][T12100] netlink: 'syz.5.1183': attribute type 1 has an invalid length. [ 972.233123][T12100] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1183'. [ 973.152182][T12107] netlink: 'syz.3.1188': attribute type 1 has an invalid length. [ 973.160371][T12107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1188'. [ 973.950148][T12105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 973.980373][T12111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'. [ 973.990035][T12111] erspan0: left allmulticast mode [ 973.995381][T12111] erspan0: left promiscuous mode [ 974.003478][T12111] bridge0: port 4(erspan0) entered disabled state [ 974.435122][T12111] bridge0: port 3(team0) entered disabled state [ 974.542433][T12111] bridge_slave_1: left allmulticast mode [ 974.759350][T12111] bridge_slave_1: left promiscuous mode [ 974.785646][T12111] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.620421][T12111] bridge_slave_0: left allmulticast mode [ 975.818174][T12111] bridge_slave_0: left promiscuous mode [ 975.843919][T12111] bridge0: port 1(bridge_slave_0) entered disabled state [ 975.868303][T12120] loop2: detected capacity change from 0 to 512 [ 976.778183][T12120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 977.381675][T12126] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 977.463673][T12120] ext4 filesystem being mounted at /298/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 979.041900][T12137] Quota error (device loop2): write_blk: dquota write failed [ 979.049561][T12137] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 979.059544][T12137] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1193: Failed to acquire dquot type 0 [ 979.359392][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 983.495942][T12169] loop5: detected capacity change from 0 to 512 [ 983.574678][T12169] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 983.651846][T12169] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 985.108761][T12179] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 985.124033][T12179] Quota error (device loop5): write_blk: dquota write failed [ 985.131842][T12179] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 985.142269][T12179] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1204: Failed to acquire dquot type 0 [ 985.278458][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 985.798559][T12190] 8021q: adding VLAN 0 to HW filter on device .` [ 985.817852][T12190] dummy0: left promiscuous mode [ 985.869674][T12190] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 986.751990][T12188] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 991.103810][T12221] loop3: detected capacity change from 0 to 512 [ 991.192483][T12221] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 991.232143][T12221] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 992.146262][T12233] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 992.162971][T12233] Quota error (device loop3): write_blk: dquota write failed [ 992.171329][T12233] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 992.181807][T12233] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1216: Failed to acquire dquot type 0 [ 992.772880][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 994.687941][T12251] loop2: detected capacity change from 0 to 64 [ 995.502792][T12252] ceph: No mds server is up or the cluster is laggy [ 995.671847][T12253] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 995.698501][ T23] libceph: connect (1)[c::]:6789 error -101 [ 995.709742][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 995.773410][T12257] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[12257] [ 996.183332][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 996.191191][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 997.428194][ T1131] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 997.662313][T12267] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 999.780890][T12289] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1002.511231][T12304] loop1: detected capacity change from 0 to 64 [ 1003.197741][T12312] ptrace attach of "./syz-executor exec"[5769] was attempted by "./syz-executor exec"[12312] [ 1003.841691][T12317] netlink: 'syz.5.1234': attribute type 1 has an invalid length. [ 1003.849735][T12317] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1234'. [ 1003.946436][T12315] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1232'. [ 1004.284536][T12319] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1235'. [ 1006.860078][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 1009.014933][T12351] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1010.057201][T12359] loop2: detected capacity change from 0 to 64 [ 1010.342460][T12363] netlink: 'syz.5.1246': attribute type 1 has an invalid length. [ 1010.350305][T12363] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1246'. [ 1010.688736][T12365] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[12365] [ 1011.518775][T12376] loop3: detected capacity change from 0 to 128 [ 1012.197488][T12376] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1012.210444][T12376] ext4 filesystem being mounted at /328/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1013.171711][ T5768] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1014.702549][T12393] siw: device registration error -23 [ 1017.037689][T12415] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1018.963888][T12425] loop3: detected capacity change from 0 to 512 [ 1019.006153][T12427] loop5: detected capacity change from 0 to 64 [ 1019.058403][T12425] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1019.119712][T12425] ext4 filesystem being mounted at /331/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1019.442985][T12436] ptrace attach of "./syz-executor exec"[10021] was attempted by "./syz-executor exec"[12436] [ 1020.452903][T12437] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1020.467929][T12437] Quota error (device loop3): write_blk: dquota write failed [ 1020.476923][T12437] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1020.486972][T12437] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1259: Failed to acquire dquot type 0 [ 1020.728216][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1021.335650][T12445] netlink: 'syz.2.1262': attribute type 1 has an invalid length. [ 1021.397843][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'. [ 1023.614317][T12454] team0: left promiscuous mode [ 1023.619258][T12454] team_slave_0: left promiscuous mode [ 1023.624844][T12454] team_slave_1: left promiscuous mode [ 1023.630530][T12454] team0: left allmulticast mode [ 1023.635443][T12454] team_slave_0: left allmulticast mode [ 1023.641047][T12454] team_slave_1: left allmulticast mode [ 1023.893236][T12454] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1026.734351][T12472] loop1: detected capacity change from 0 to 512 [ 1027.801162][T12472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1027.965465][T12472] ext4 filesystem being mounted at /318/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1029.797637][T12486] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1029.814212][T12486] Quota error (device loop1): write_blk: dquota write failed [ 1029.822019][T12486] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 1029.832157][T12486] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.1268: Failed to acquire dquot type 0 [ 1029.998584][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1030.993995][T12493] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1031.093540][T12497] loop1: detected capacity change from 0 to 512 [ 1031.709052][T12497] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1031.742514][ T31] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1031.898827][T12497] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1032.670228][T12502] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1032.698222][T12509] Quota error (device loop1): write_blk: dquota write failed [ 1032.706143][T12509] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 1032.716228][T12509] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.1275: Failed to acquire dquot type 0 [ 1032.975134][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1034.735240][T12525] siw: device registration error -23 [ 1035.667282][T12529] netlink: 'syz.2.1280': attribute type 1 has an invalid length. [ 1035.675328][T12529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1280'. [ 1040.269666][T12543] loop2: detected capacity change from 0 to 512 [ 1040.354921][T12543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1040.438738][T12543] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1041.503147][T12550] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1041.518485][T12550] Quota error (device loop2): write_blk: dquota write failed [ 1041.526269][T12550] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 1041.536444][T12550] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1287: Failed to acquire dquot type 0 [ 1042.398808][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1045.154836][T12575] bond0: (slave bond_slave_0): Releasing backup interface [ 1047.889493][T12575] bond0: (slave bond_slave_1): Releasing backup interface [ 1047.949996][T12575] team0: Port device team_slave_0 removed [ 1048.090977][T12575] team0: Port device team_slave_1 removed [ 1048.097843][T12575] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1048.105583][T12575] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1048.207306][T12575] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1048.214897][T12575] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1048.811699][T12584] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1050.322781][ T23] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 1050.952877][T12608] lo speed is unknown, defaulting to 1000 [ 1050.962092][T12608] wlan0 speed is unknown, defaulting to 1000 [ 1050.998157][T12610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1051.007650][T12610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1051.848955][ C1] hrtimer: interrupt took 38891 ns [ 1053.114118][T12617] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1053.251079][ T23] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1053.381536][ T23] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1053.395450][T12620] loop1: detected capacity change from 0 to 512 [ 1053.402354][ T23] usb 4-1: can't read configurations, error -71 [ 1053.696104][T12620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1054.785296][T12620] ext4 filesystem being mounted at /331/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1055.026664][T12625] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1055.377429][T12628] Quota error (device loop1): write_blk: dquota write failed [ 1055.387357][T12628] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 1055.398509][T12628] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.1312: Failed to acquire dquot type 0 [ 1056.616359][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1056.815068][T12634] comedi comedi3: board detection failed [ 1059.117991][T12634] bridge0: port 2(erspan0) entered blocking state [ 1059.124592][T12634] bridge0: port 2(erspan0) entered disabled state [ 1059.179299][T12634] erspan0: entered allmulticast mode [ 1059.697345][T12634] erspan0: entered promiscuous mode [ 1059.771376][T12640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1061.825306][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1061.832182][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1063.016866][T12663] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1064.595796][T12676] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1067.967656][ T1131] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1069.280261][T12712] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1069.699148][T12718] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1071.706120][T12732] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1325'. [ 1072.176553][T12736] fuse: Unknown parameter '0x0000000000000007' [ 1072.197950][T12736] 9pnet_fd: Insufficient options for proto=fd [ 1074.889186][T12743] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1075.606763][T12749] (syz.5.1329,12749,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 1076.428650][T12754] loop5: detected capacity change from 0 to 512 [ 1076.947330][T12754] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1076.976093][T12754] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1079.215070][T12765] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1080.062474][T12772] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1080.077403][T12772] Quota error (device loop5): write_blk: dquota write failed [ 1080.085006][T12772] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 1080.095313][T12772] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1331: Failed to acquire dquot type 0 [ 1081.405774][T12776] loop2: detected capacity change from 0 to 512 [ 1081.418186][T12776] EXT4-fs: Ignoring removed orlov option [ 1081.424200][T12776] EXT4-fs: Ignoring removed bh option [ 1081.820940][T12776] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1081.846189][T12776] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1081.884713][T12776] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.1334: bg 0: block 248: padding at end of block bitmap is not set [ 1081.921393][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1082.001214][T12776] Quota error (device loop2): write_blk: dquota write failed [ 1082.009458][T12776] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1082.019829][T12776] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1334: Failed to acquire dquot type 1 [ 1082.047635][T12776] EXT4-fs (loop2): 1 truncate cleaned up [ 1082.072918][T12776] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1082.097709][T12779] loop3: detected capacity change from 0 to 64 [ 1082.185729][T12774] EXT4-fs (loop2): shut down requested (2) [ 1082.429706][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1082.470218][T12781] loop1: detected capacity change from 0 to 2048 [ 1082.574498][T12787] ptrace attach of "./syz-executor exec"[5768] was attempted by "./syz-executor exec"[12787] [ 1083.055411][T12781] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1083.317033][T12781] ext4 filesystem being mounted at /342/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1083.326645][T12790] comedi comedi3: board detection failed [ 1083.873542][T12792] netlink: 'syz.3.1340': attribute type 39 has an invalid length. [ 1085.713191][ T28] audit: type=1326 audit(1777093717.736:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1085.758104][T12801] loop5: detected capacity change from 0 to 7 [ 1085.786895][T12579] Dev loop5: unable to read RDB block 7 [ 1085.819362][T12579] loop5: unable to read partition table [ 1085.819354][ T28] audit: type=1326 audit(1777093717.736:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1085.819445][ T28] audit: type=1326 audit(1777093717.736:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1085.879379][T12579] loop5: partition table beyond EOD, truncated [ 1085.898890][T12801] Dev loop5: unable to read RDB block 7 [ 1085.909663][T12801] loop5: unable to read partition table [ 1085.915524][ T28] audit: type=1326 audit(1777093717.736:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1085.945382][T12801] loop5: partition table beyond EOD, truncated [ 1085.965324][T12801] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1085.975056][ T28] audit: type=1326 audit(1777093717.736:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1086.000433][T12794] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1086.019914][ T28] audit: type=1326 audit(1777093717.754:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12798 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0c3f75d60e code=0x7ffc0000 [ 1086.044593][T12803] binder: 12789:12803 ioctl c0285840 200000000000 returned -22 [ 1086.065213][ T28] audit: type=1326 audit(1777093717.782:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1086.933445][ T28] audit: type=1326 audit(1777093717.782:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0c3f79cb42 code=0x7ffc0000 [ 1087.480952][ T28] audit: type=1326 audit(1777093717.782:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0c3f79cb42 code=0x7ffc0000 [ 1087.617509][ T28] audit: type=1326 audit(1777093717.792:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.1.1337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3f79cdd9 code=0x7ffc0000 [ 1087.974070][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1088.268931][T12817] loop3: detected capacity change from 0 to 2048 [ 1088.276500][T12817] ext4: Unknown parameter 'dont_measure' [ 1089.191835][T12579] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1089.242807][T12815] loop3: detected capacity change from 0 to 1024 [ 1089.249988][T12815] EXT4-fs: Ignoring removed orlov option [ 1089.365150][T12815] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c018, mo2=0002] [ 1089.374035][T12815] System zones: 0-1, 3-12 [ 1089.381422][T12815] EXT4-fs (loop3): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1089.472139][T12825] loop1: detected capacity change from 0 to 512 [ 1089.644182][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 1089.683081][T12825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1089.728481][T12825] ext4 filesystem being mounted at /343/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1092.579525][T12837] loop2: detected capacity change from 0 to 64 [ 1092.912488][T12839] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[12839] [ 1093.062892][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1093.698801][T12847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1350'. [ 1096.149031][T12855] Cannot find del_set index 1 as target [ 1096.236639][T12855] overlayfs: missing 'lowerdir' [ 1096.535107][T12869] netlink: 'syz.5.1353': attribute type 1 has an invalid length. [ 1096.543169][T12869] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1353'. [ 1097.713287][T12878] loop3: detected capacity change from 0 to 2048 [ 1097.822707][T12883] siw: device registration error -23 [ 1097.862651][T12878] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1098.643814][T12878] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1098.692144][T12889] loop2: detected capacity change from 0 to 512 [ 1098.760415][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 1098.760431][ T28] audit: type=1800 audit(1777093731.361:554): pid=12878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1347" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 1099.244225][T12889] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1099.368488][T12889] ext4 filesystem being mounted at /335/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1099.729585][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1100.403413][T12902] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1100.418385][T12902] Quota error (device loop2): write_blk: dquota write failed [ 1100.425998][T12902] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 1100.436016][T12902] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1358: Failed to acquire dquot type 0 [ 1100.856244][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1102.182611][ T31] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1102.633261][T12920] loop5: detected capacity change from 0 to 512 [ 1102.640741][T12920] EXT4-fs: Ignoring removed orlov option [ 1102.646492][T12920] EXT4-fs: Ignoring removed bh option [ 1102.675271][T12920] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1102.764465][T12920] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1102.778389][T12920] EXT4-fs error (device loop5): ext4_validate_block_bitmap:439: comm syz.5.1365: bg 0: block 248: padding at end of block bitmap is not set [ 1102.797716][T12920] Quota error (device loop5): write_blk: dquota write failed [ 1102.805338][T12920] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1102.815561][T12920] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1365: Failed to acquire dquot type 1 [ 1102.934262][T12920] EXT4-fs (loop5): 1 truncate cleaned up [ 1102.942253][T12920] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1103.017564][T12913] EXT4-fs (loop5): shut down requested (2) [ 1103.348064][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1103.788655][T12924] netlink: 'syz.3.1366': attribute type 1 has an invalid length. [ 1103.796537][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1366'. [ 1104.299593][T12931] fuse: Unknown parameter '0x0000000000000007' [ 1104.308373][T12931] 9pnet_fd: Insufficient options for proto=fd [ 1105.126851][T12936] loop3: detected capacity change from 0 to 512 [ 1108.001215][T12936] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1108.056266][T12936] ext4 filesystem being mounted at /358/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1108.283018][T12948] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1108.599392][T12950] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1108.619366][T12950] Quota error (device loop3): write_blk: dquota write failed [ 1108.627702][T12950] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1108.639026][T12950] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1369: Failed to acquire dquot type 0 [ 1109.205236][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1109.495530][T12952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1111.875155][T12965] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1112.450235][T12970] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1112.707922][T12969] loop3: detected capacity change from 0 to 512 [ 1113.001815][T12969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1113.025372][T12969] ext4 filesystem being mounted at /360/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1113.423902][T12977] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1113.439573][T12977] Quota error (device loop3): write_blk: dquota write failed [ 1113.447810][T12977] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1113.458127][T12977] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1379: Failed to acquire dquot type 0 [ 1113.978959][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1117.459202][T12995] loop2: detected capacity change from 0 to 512 [ 1117.613152][T12995] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1117.695198][T12995] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1117.855482][T13003] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1118.422558][T13007] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1118.443207][T13007] Quota error (device loop2): write_blk: dquota write failed [ 1118.454386][T13007] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 1118.482216][T13007] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1382: Failed to acquire dquot type 0 [ 1119.785592][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1120.348614][T13011] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1121.760474][T13017] loop2: detected capacity change from 0 to 2048 [ 1121.812142][T13017] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1121.941258][T13017] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 1121.948994][T13017] UDF-fs: Scanning with blocksize 512 failed [ 1121.981373][T13019] loop3: detected capacity change from 0 to 512 [ 1122.068691][T13017] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1122.104908][T13019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1122.130039][T13019] ext4 filesystem being mounted at /364/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1123.044309][T13027] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1123.059377][T13027] Quota error (device loop3): write_blk: dquota write failed [ 1123.067066][T13027] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1123.079475][T13027] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1389: Failed to acquire dquot type 0 [ 1125.033890][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1126.303787][T13038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1126.352366][T13038] bond0: (slave sit0): The slave device specified does not support setting the MAC address [ 1126.404257][T13038] bond0: (slave sit0): Error -95 calling set_mac_address [ 1127.044057][T13067] loop2: detected capacity change from 0 to 512 [ 1127.051191][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 1127.183380][T13067] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1127.270256][T13067] ext4 filesystem being mounted at /345/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1127.482407][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1127.489520][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1128.327554][T13076] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1128.343371][T13076] Quota error (device loop2): write_blk: dquota write failed [ 1128.351051][T13076] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 1128.361156][T13076] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.1394: Failed to acquire dquot type 0 [ 1128.622247][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1128.658612][T13078] loop5: detected capacity change from 0 to 512 [ 1128.828632][T13078] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1128.865441][T13078] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1129.309804][T13089] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1129.325921][T13089] Quota error (device loop5): write_blk: dquota write failed [ 1129.334080][T13089] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 1129.344526][T13089] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1400: Failed to acquire dquot type 0 [ 1129.755802][T13080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1130.025499][T13090] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1130.424316][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1130.667843][T13091] netlink: 'syz.1.1395': attribute type 10 has an invalid length. [ 1130.765996][T13091] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1130.849010][T13080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1139.067331][T13034] Bluetooth: hci1: command 0x0406 tx timeout [ 1139.341133][ T9480] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1139.629670][T13132] NILFS (nullb0): couldn't find nilfs on the device [ 1142.223234][T13163] Error parsing options; rc = [-22] [ 1142.306383][T13165] loop3: detected capacity change from 0 to 64 [ 1143.974301][T13180] netlink: 'syz.2.1412': attribute type 4 has an invalid length. [ 1143.982850][T13180] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1412'. [ 1146.841061][T13214] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1416'. [ 1148.084319][T13229] loop5: detected capacity change from 0 to 512 [ 1148.143497][T13229] EXT4-fs (loop5): DAX unsupported by block device. [ 1149.395107][T13242] pim6reg: entered allmulticast mode [ 1150.930795][T13251] loop2: detected capacity change from 0 to 164 [ 1150.962963][T13251] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1421'. [ 1150.973913][T13251] pim6reg: left allmulticast mode [ 1151.291389][T13257] loop1: detected capacity change from 0 to 32768 [ 1151.327883][T13257] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1151.601974][T13257] XFS (loop1): Ending clean mount [ 1152.556895][T13281] 9pnet_fd: Insufficient options for proto=fd [ 1152.615610][T13281] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 1152.622300][T13281] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1152.630331][T13281] vhci_hcd vhci_hcd.0: Device attached [ 1153.812977][T13290] vhci_hcd: connection closed [ 1153.824744][ T1121] vhci_hcd: stop threads [ 1153.898409][ T1121] vhci_hcd: release socket [ 1154.006443][ T1121] vhci_hcd: disconnect device [ 1154.562626][ T5769] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1157.441554][T13299] DRBG: could not allocate digest TFM handle: hmac(sha384) [ 1158.139533][T13329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1158.204813][T13329] netlink: 'syz.5.1434': attribute type 10 has an invalid length. [ 1158.336872][T13336] loop3: detected capacity change from 0 to 512 [ 1158.385999][T13339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1158.437268][T13329] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1158.592449][T13336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1158.646576][T13336] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1159.152644][T13347] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1159.168803][T13347] Quota error (device loop3): write_blk: dquota write failed [ 1159.177117][T13347] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1159.187626][T13347] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1437: Failed to acquire dquot type 0 [ 1159.578327][T13034] Bluetooth: hci1: command 0x0406 tx timeout [ 1159.777331][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1161.064569][T13356] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1165.083531][T13380] loop2: detected capacity change from 0 to 32768 [ 1165.132793][T13380] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1446 (13380) [ 1165.170737][T13380] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1165.181132][T13380] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 1165.189917][T13380] BTRFS info (device loop2): force clearing of disk cache [ 1165.197118][T13380] BTRFS info (device loop2): enabling auto defrag [ 1165.203709][T13380] BTRFS info (device loop2): max_inline at 0 [ 1165.209965][T13380] BTRFS info (device loop2): enabling disk space caching [ 1165.217031][T13380] BTRFS info (device loop2): disk space caching is enabled [ 1165.301720][T13380] BTRFS info (device loop2): enabling ssd optimizations [ 1165.316773][T13380] BTRFS info (device loop2): rebuilding free space tree [ 1165.334188][T13398] binder: 13376:13398 ioctl 81e8943c 200000000c00 returned -22 [ 1165.371141][T13380] BTRFS info (device loop2): disabling free space tree [ 1165.378254][T13380] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1165.388251][T13380] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1165.402915][T13381] nbd0: detected capacity change from 0 to 128 [ 1165.657341][ T31] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 1165.705721][T13380] fs-verity: sha512 using implementation "sha512-avx2" [ 1165.744713][T13034] block nbd0: Receive control failed (result -104) [ 1166.202710][T13380] BTRFS: error (device loop2) in rollback_verity:485: errno=-122 Quota exceeded (failed to start transaction in verity rollback 258) [ 1166.217684][T13380] BTRFS info (device loop2: state E): forced readonly [ 1166.225084][T13380] BTRFS error (device loop2: state E): failed to rollback verity items: -122 [ 1166.234380][T13380] fs-verity (loop2, inode 258): btrfs_end_enable_verity() failed with err -122 [ 1166.889001][T13034] Bluetooth: hci1: command 0x0406 tx timeout [ 1167.766777][T13409] random: crng reseeded on system resumption [ 1169.094545][T13419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1169.135739][T13419] netlink: 'syz.3.1449': attribute type 10 has an invalid length. [ 1169.200165][T13419] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1169.269834][T13419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1169.992468][T13426] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1170.660233][T13429] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1170.912405][ T5767] BTRFS info (device loop2: state E): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1175.102424][T13447] NILFS (nullb0): couldn't find nilfs on the device [ 1175.179768][T13034] Bluetooth: hci1: command 0x0406 tx timeout [ 1176.021738][T13457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1459'. [ 1176.491587][T13461] netlink: 'syz.5.1460': attribute type 1 has an invalid length. [ 1176.499648][T13461] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1460'. [ 1177.223207][T13466] loop2: detected capacity change from 0 to 64 [ 1177.258987][T13462] bond0: (slave sit0): The slave device specified does not support setting the MAC address [ 1177.549975][T13471] ptrace attach of "./syz-executor exec"[5767] was attempted by "./syz-executor exec"[13471] [ 1178.333706][T13462] bond0: (slave sit0): Error -95 calling set_mac_address [ 1178.404807][T13475] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1179.360181][T13476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1456'. [ 1180.738011][T13492] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1181.232612][T13493] loop4: detected capacity change from 0 to 7 [ 1181.404472][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1181.415022][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1181.424694][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1181.441725][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1181.451112][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1181.460050][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1181.469407][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 1181.488052][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1181.497300][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1181.508548][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1181.517805][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1181.574510][T13498] loop2: detected capacity change from 0 to 2048 [ 1182.463159][T13498] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1182.714492][T13498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1182.782268][T13504] Malformed UNC in devname [ 1182.782268][T13504] [ 1182.789855][T13504] CIFS: VFS: Malformed UNC in devname [ 1183.012396][ T28] audit: type=1800 audit(1777093810.211:555): pid=13498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1468" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 1183.166586][T13512] netlink: 'syz.1.1470': attribute type 1 has an invalid length. [ 1183.174617][T13512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1470'. [ 1184.456347][T13521] loop1: detected capacity change from 0 to 64 [ 1184.819463][T13526] ptrace attach of "./syz-executor exec"[5769] was attempted by "./syz-executor exec"[13526] [ 1185.517538][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1185.771799][T13531] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1186.726143][T13535] loop1: detected capacity change from 0 to 40427 [ 1187.113946][T13535] F2FS-fs (loop1): invalid crc value [ 1187.127142][T13535] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1187.182437][T13535] F2FS-fs (loop1): Start checkpoint disabled! [ 1187.278780][T13535] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 1189.441930][T13558] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1191.289640][ T12] kworker/u4:1: attempt to access beyond end of device [ 1191.289640][ T12] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 1191.507677][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1191.517663][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1191.524973][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1192.157976][T13578] NILFS (nullb0): couldn't find nilfs on the device [ 1192.769870][T13584] loop5: detected capacity change from 0 to 512 [ 1192.818775][T13584] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1192.832327][T13584] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1193.078190][T13587] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1193.919436][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1194.000685][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1194.049610][T13591] Quota error (device loop5): write_blk: dquota write failed [ 1194.057419][T13591] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 1194.067734][T13591] EXT4-fs error (device loop5): ext4_acquire_dquot:6953: comm syz.5.1486: Failed to acquire dquot type 0 [ 1194.271884][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1197.137496][T13631] loop3: detected capacity change from 0 to 512 [ 1197.253615][T13631] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1197.307345][T13631] ext4 filesystem being mounted at /391/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1197.587595][T13635] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1197.615141][T13640] Quota error (device loop3): write_blk: dquota write failed [ 1197.622929][T13640] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1197.633108][T13640] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1495: Failed to acquire dquot type 0 [ 1197.647318][T13641] nbd1: detected capacity change from 0 to 128 [ 1197.659034][T13644] binder: 13636:13644 ioctl 81e8943c 200000000c00 returned -22 [ 1197.975464][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 30 seconds [ 1198.109510][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1198.191845][T13034] block nbd1: Receive control failed (result -104) [ 1198.277668][T13646] loop3: detected capacity change from 0 to 512 [ 1198.357466][T13646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1198.388777][T13646] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1198.906391][T13654] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1198.922663][T13654] Quota error (device loop3): write_blk: dquota write failed [ 1198.931134][T13654] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1198.941553][T13654] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1506: Failed to acquire dquot type 0 [ 1199.280478][T13655] loop5: detected capacity change from 0 to 2048 [ 1199.469790][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1199.498066][T13655] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1199.823808][T13655] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1201.801377][ T28] audit: type=1800 audit(1777093827.786:556): pid=13655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1498" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 1205.532041][T13690] netlink: 'syz.3.1504': attribute type 4 has an invalid length. [ 1205.540860][T13690] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1504'. [ 1205.589489][T13690] wlan1: mtu less than device minimum [ 1205.682404][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1206.739548][T13703] ubi31: attaching mtd0 [ 1206.765068][T13703] ubi31: scanning is finished [ 1206.770153][T13703] ubi31: empty MTD device detected [ 1207.858147][T13699] overlayfs: failed to clone upperpath [ 1207.955622][T13703] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 1208.260924][T13708] loop3: detected capacity change from 0 to 512 [ 1208.321582][T13708] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1208.417794][T13708] ext4 filesystem being mounted at /395/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1208.729535][T13714] nbd2: detected capacity change from 0 to 128 [ 1208.753611][T13715] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1208.770747][T13715] Quota error (device loop3): write_blk: dquota write failed [ 1208.778250][T13715] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1208.788153][T13715] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.1510: Failed to acquire dquot type 0 [ 1208.809699][T13716] binder: 13712:13716 ioctl 81e8943c 200000000c00 returned -22 [ 1209.317007][T13719] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1209.566598][T13034] block nbd2: Receive control failed (result -104) [ 1209.745303][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1210.031141][T13722] netlink: 'syz.5.1518': attribute type 4 has an invalid length. [ 1210.039483][T13722] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1518'. [ 1210.049693][T13722] wlan1: mtu less than device minimum [ 1210.385150][T13725] loop3: detected capacity change from 0 to 512 [ 1210.427627][T13725] EXT4-fs (loop3): DAX unsupported by block device. [ 1210.678623][T13731] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1213.727203][T13747] NILFS (nullb0): couldn't find nilfs on the device [ 1214.068726][T13748] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1215.129787][T13755] loop2: detected capacity change from 0 to 32768 [ 1215.290081][T13755] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1216.903415][T13760] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1217.147382][T13755] XFS (loop2): Ending clean mount [ 1217.656824][T13779] 9pnet_fd: Insufficient options for proto=fd [ 1218.423229][T13781] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 1218.430360][T13781] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1218.438808][T13781] vhci_hcd vhci_hcd.0: Device attached [ 1218.487940][T13784] vhci_hcd: connection closed [ 1218.649663][ T5945] vhci_hcd: stop threads [ 1218.658724][ T5945] vhci_hcd: release socket [ 1218.679078][ T5945] vhci_hcd: disconnect device [ 1218.746061][T12637] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 1218.770899][ T5810] IPVS: starting estimator thread 0... [ 1218.787823][T12637] usb 37-1: enqueue for inactive port 0 [ 1218.876477][T13792] IPVS: using max 28 ests per chain, 67200 per kthread [ 1218.916830][T12637] vhci_hcd: vhci_device speed not set [ 1219.021346][T13799] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1219.576633][ T5767] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1219.830525][T13805] loop1: detected capacity change from 0 to 512 [ 1220.024708][T13806] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1220.032801][T13805] EXT4-fs (loop1): DAX unsupported by block device. [ 1221.882355][T13816] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1224.214697][T13833] NILFS (nullb0): couldn't find nilfs on the device [ 1225.954259][T13845] loop2: detected capacity change from 0 to 1024 [ 1226.510924][T13854] netlink: 'syz.1.1539': attribute type 1 has an invalid length. [ 1226.510993][T13854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1539'. [ 1227.336170][T13855] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1228.053232][T13860] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1230.065022][T13884] netlink: 'syz.5.1549': attribute type 1 has an invalid length. [ 1230.073252][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1549'. [ 1230.105030][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 30 seconds [ 1230.814192][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 60 seconds [ 1233.342573][ T28] audit: type=1326 audit(1777093856.655:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13895 comm="syz.3.1551" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb8c499cdd9 code=0x0 [ 1235.357987][T13924] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1236.191120][T13936] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1237.307769][T13943] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1566'. [ 1238.688130][T13960] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1240.936798][T13973] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1241.123565][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 30 seconds [ 1242.177326][T13983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1577'. [ 1245.028552][T14007] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1246.224547][T14007] loop2: detected capacity change from 0 to 2048 [ 1246.474212][T14007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1246.513441][T14022] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1246.801157][T14007] ext4 filesystem being mounted at /392/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1247.327264][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1247.634730][T14031] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1248.486663][T14029] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1588'. [ 1248.504137][T14037] loop2: detected capacity change from 0 to 512 [ 1248.534397][T14037] EXT4-fs (loop2): DAX unsupported by block device. [ 1248.637973][T13131] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1252.473518][T14064] loop2: detected capacity change from 0 to 64 [ 1254.920416][T14076] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1256.127316][T14086] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1602'. [ 1256.368676][T14089] loop3: detected capacity change from 0 to 32768 [ 1256.527659][T14089] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1256.699623][T14089] XFS (loop3): Ending clean mount [ 1257.191091][T14106] 9pnet_fd: Insufficient options for proto=fd [ 1257.621503][T14108] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 1257.628205][T14108] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1257.638169][T14108] vhci_hcd vhci_hcd.0: Device attached [ 1258.278082][T14110] vhci_hcd: connection closed [ 1258.304371][ T31] vhci_hcd: stop threads [ 1258.350435][ T5836] usb 39-1: new high-speed USB device number 3 using vhci_hcd [ 1258.358030][ T31] vhci_hcd: release socket [ 1258.375893][ T31] vhci_hcd: disconnect device [ 1258.777776][T14113] overlayfs: failed to clone upperpath [ 1258.784325][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1258.803480][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1258.810368][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1260.524928][T14132] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1261.629185][T14137] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1262.242634][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 60 seconds [ 1262.957661][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 90 seconds [ 1263.510515][T14150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1263.851790][ T5836] vhci_hcd: vhci_device speed not set [ 1264.686779][T14160] loop4: detected capacity change from 0 to 7 [ 1264.750492][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1264.761481][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1264.770725][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1264.780782][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1264.790014][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1264.799491][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1264.808674][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1264.823509][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1264.832750][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1264.843796][ C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1264.852980][ C0] Buffer I/O error on dev loop4, logical block 0, async page read [ 1265.271143][T14167] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1265.322903][T14169] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1265.872833][T14172] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1267.330028][ T28] audit: type=1326 audit(1777093889.099:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14173 comm="syz.5.1621" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa43eb9cdd9 code=0x0 [ 1268.687189][T14189] netlink: 'syz.1.1631': attribute type 1 has an invalid length. [ 1268.695264][T14189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1631'. [ 1271.327564][T14209] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1272.121357][T14218] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1272.920005][T14222] netlink: 'syz.1.1635': attribute type 1 has an invalid length. [ 1272.928098][T14222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'. [ 1273.256876][T14224] loop3: detected capacity change from 0 to 64 [ 1274.365550][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 60 seconds [ 1274.657114][T14237] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1275.724536][T14246] Error parsing options; rc = [-22] [ 1275.761680][T14246] loop2: detected capacity change from 0 to 64 [ 1278.130030][T14268] netlink: 'syz.3.1647': attribute type 1 has an invalid length. [ 1278.138031][T14268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1647'. [ 1279.749248][T14272] netlink: 'syz.3.1648': attribute type 1 has an invalid length. [ 1279.932708][T14272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1648'. [ 1280.748510][T14286] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1282.719262][T14299] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1654'. [ 1283.038970][T14308] netlink: 'syz.1.1656': attribute type 1 has an invalid length. [ 1283.047238][T14308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1656'. [ 1284.399642][T14318] ieee802154 phy0 wpan0: encryption failed: -22 [ 1284.649969][T14311] comedi comedi0: pcl724: I/O port conflict (0x4000409,4) [ 1286.173434][T14317] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1287.444786][T14340] netlink: 'syz.1.1660': attribute type 1 has an invalid length. [ 1287.452839][T14340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1660'. [ 1289.236546][T14362] netlink: 'syz.3.1665': attribute type 1 has an invalid length. [ 1289.244802][T14362] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1665'. [ 1289.319453][T14369] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1290.047420][T14375] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1290.150356][T14376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1667'. [ 1292.727214][T14405] netlink: 'syz.5.1675': attribute type 1 has an invalid length. [ 1292.735075][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1675'. [ 1293.099171][T14412] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1293.735227][T14417] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1294.528706][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 90 seconds [ 1295.028067][T14430] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1295.463484][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 120 seconds [ 1295.845551][T14434] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1683'. [ 1297.122911][T14444] netlink: 'syz.5.1686': attribute type 1 has an invalid length. [ 1297.130825][T14444] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1686'. [ 1298.780025][T14461] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1298.810563][T14457] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1299.436500][T14457] loop5: detected capacity change from 0 to 2048 [ 1299.615656][T14457] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1299.684552][T14457] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1299.836858][T14473] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 1300.152727][T14473] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 1300.465379][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1301.279043][T14489] loop2: detected capacity change from 0 to 512 [ 1301.331966][T14488] netlink: 'syz.3.1696': attribute type 1 has an invalid length. [ 1301.340141][T14488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1696'. [ 1302.050783][T14492] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1302.164247][T14489] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1302.176890][T14489] ext4 filesystem being mounted at /424/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1303.252332][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1304.310352][T14505] ubi31: attaching mtd0 [ 1304.436995][T14505] ubi31: scanning is finished [ 1304.923946][T14505] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 1305.079683][T14517] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1305.602943][T14519] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1306.541664][T14525] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1306.667308][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 90 seconds [ 1307.244852][T14525] loop1: detected capacity change from 0 to 2048 [ 1307.346974][T14525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1307.498709][T14525] ext4 filesystem being mounted at /431/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1307.753033][T14534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1705'. [ 1307.763261][T14537] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1307.794806][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1308.152546][T14541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1309.371897][T14546] netlink: 'syz.5.1709': attribute type 1 has an invalid length. [ 1309.380042][T14546] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1709'. [ 1310.135117][T14559] trusted_key: encrypted_key: key user:syz not found [ 1310.156569][T14559] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1711'. [ 1310.621993][T14562] siw: device registration error -23 [ 1311.101375][T14565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1312.109423][T14576] Error parsing options; rc = [-22] [ 1312.147522][T14576] loop3: detected capacity change from 0 to 64 [ 1313.203251][T14570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1720'. [ 1313.225385][T14583] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1313.265589][T14585] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1313.854629][T14583] loop3: detected capacity change from 0 to 2048 [ 1313.943191][T14583] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1313.958191][T14583] ext4 filesystem being mounted at /446/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1314.169777][T14592] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1315.783794][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1315.855175][T14603] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1316.130774][T14609] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1721'. [ 1316.963627][T14613] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1316.973486][T14603] loop5: detected capacity change from 0 to 2048 [ 1317.152944][T14613] loop3: detected capacity change from 0 to 2048 [ 1317.183823][T14603] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1317.248143][T14603] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1317.879156][T14621] ubi31: attaching mtd0 [ 1317.892881][T14621] ubi31: scanning is finished [ 1319.087325][T14621] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 1319.189542][T14613] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1319.315841][T14613] ext4 filesystem being mounted at /447/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1319.357079][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1319.477030][T14627] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1320.031052][T14629] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1320.088351][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1320.428145][T14636] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1321.107166][T14639] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1322.988785][T14647] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1733'. [ 1324.383809][T14665] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1324.726491][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1324.733606][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1324.903398][T14667] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1325.107553][T14667] loop2: detected capacity change from 0 to 2048 [ 1325.241521][T14667] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1325.317584][T14667] ext4 filesystem being mounted at /432/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1325.582040][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1325.659439][ T5776] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1325.905077][ T5776] usb 6-1: Using ep0 maxpacket: 8 [ 1325.961782][ T5776] usb 6-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 1325.971290][ T5776] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1326.001381][ T5776] usb 6-1: Product: syz [ 1326.005687][ T5776] usb 6-1: Manufacturer: syz [ 1326.010345][ T5776] usb 6-1: SerialNumber: syz [ 1326.028238][ T5776] usb 6-1: config 0 descriptor?? [ 1326.052333][ T5776] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state. [ 1326.089639][ T5776] dvb-usb: bulk message failed: -22 (2/0) [ 1326.128251][ T5776] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1326.160139][ T5776] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201)) [ 1326.182136][ T5776] usb 6-1: media controller created [ 1326.222428][ T5776] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1326.277980][ T5776] dvb-usb: bulk message failed: -22 (1/0) [ 1326.321369][ T5776] DVB: Unable to find symbol mt352_attach() [ 1326.327503][ T5776] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)' [ 1326.428969][ T5776] rc_core: IR keymap rc-dvico-portable not found [ 1326.437183][ T5776] Registered IR keymap rc-empty [ 1326.446152][ T5776] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 1326.459781][ T5776] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input9 [ 1326.478252][ T5776] dvb-usb: schedule remote query interval to 100 msecs. [ 1326.485377][ T5776] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected. [ 1326.591926][ T5776] usb 6-1: USB disconnect, device number 2 [ 1326.647561][ T5776] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected. [ 1327.176938][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 120 seconds [ 1327.544055][T14684] loop5: detected capacity change from 0 to 32768 [ 1328.231790][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 150 seconds [ 1328.255288][T14692] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1744'. [ 1328.283849][T14684] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1328.370480][T14684] XFS (loop5): Ending clean mount [ 1328.838872][T14709] 9pnet_fd: Insufficient options for proto=fd [ 1329.549043][T14711] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12) [ 1329.555742][T14711] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1329.563696][T14711] vhci_hcd vhci_hcd.0: Device attached [ 1329.671345][T14713] vhci_hcd: connection closed [ 1329.819575][ T1121] vhci_hcd: stop threads [ 1329.860120][ T5814] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 1329.922078][T14719] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1330.175277][ T1121] vhci_hcd: release socket [ 1330.260031][ T1121] vhci_hcd: disconnect device [ 1330.555881][T14720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1747'. [ 1330.573263][T10021] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1331.358427][T14728] loop1: detected capacity change from 0 to 512 [ 1331.987626][T14728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1332.000402][T14728] ext4 filesystem being mounted at /442/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1332.973003][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1333.697804][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 1334.551859][T14746] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1335.159714][T14748] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1755'. [ 1335.481960][ T5814] vhci_hcd: vhci_device speed not set [ 1336.471633][T14759] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1336.623980][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1757'. [ 1338.697877][T14765] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 1338.716353][T14765] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 1338.806052][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 120 seconds [ 1340.247040][T14791] loop2: detected capacity change from 0 to 128 [ 1343.026544][T14803] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1767'. [ 1343.672223][T14810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1769'. [ 1346.349133][T14828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1775'. [ 1346.421583][ T5836] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1346.435116][ T5836] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1346.482250][ T5836] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1347.832099][T14833] fido_id[14833]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1347.884824][T14844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1778'. [ 1348.503761][T14850] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1779'. [ 1348.743561][T14854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1781'. [ 1348.793028][T14856] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1348.862226][T14856] loop1: detected capacity change from 0 to 2048 [ 1348.914514][T14856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1348.931904][T14856] ext4 filesystem being mounted at /450/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1349.701513][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1350.832913][T14874] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1787'. [ 1353.104723][T14891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1790'. [ 1353.129827][T14893] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1353.214130][T14893] loop5: detected capacity change from 0 to 2048 [ 1353.233717][T14893] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1353.273065][T14893] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1354.528412][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1354.543823][ T5773] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1354.858725][T14909] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1793'. [ 1355.750139][T14925] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1794'. [ 1357.647773][T14938] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1358.635217][T14943] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1800'. [ 1359.860916][T14951] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1359.897475][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 150 seconds [ 1359.949687][T14951] loop1: detected capacity change from 0 to 2048 [ 1359.996230][T14953] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 1360.008453][T14953] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 1360.052782][T14951] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1360.075117][T14951] ext4 filesystem being mounted at /456/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1360.689125][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 180 seconds [ 1360.826523][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1360.843744][T14963] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1804'. [ 1362.827252][T14977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1808'. [ 1363.901022][T14988] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1364.617799][T14997] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1364.627301][T14993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1812'. [ 1365.698506][T14998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1813'. [ 1369.437984][T15027] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1369.656853][T15028] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1369.984754][T15032] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1370.062254][T15028] loop3: detected capacity change from 0 to 2048 [ 1370.090948][T15028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1370.119533][T15028] ext4 filesystem being mounted at /471/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1370.195489][T15034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1823'. [ 1370.406568][T15042] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1371.267353][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 150 seconds [ 1371.281910][T15042] loop5: detected capacity change from 0 to 2048 [ 1371.372551][T15042] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1371.590646][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1371.609652][T15042] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1373.999229][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1374.134255][T15062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1828'. [ 1375.252606][T15073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1375.853911][T15075] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1379.827643][T15095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1837'. [ 1381.050013][T15108] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1842'. [ 1382.260540][ T5776] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1382.434410][ T5776] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1382.526362][T15124] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1844'. [ 1383.406413][ T5776] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1383.561854][T15127] fido_id[15127]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1385.006711][T15136] loop2: detected capacity change from 0 to 512 [ 1385.121272][T15136] EXT4-fs: test_dummy_encryption requires encrypt feature [ 1387.180445][T15151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1851'. [ 1387.509387][T15157] netlink: 'syz.3.1852': attribute type 3 has an invalid length. [ 1387.517540][T15157] netlink: 'syz.3.1852': attribute type 1 has an invalid length. [ 1388.331514][T15160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1853'. [ 1389.407818][T15178] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1390.697285][T15181] ubi31: attaching mtd0 [ 1390.711352][T15181] ubi31: scanning is finished [ 1391.796517][T15181] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 1391.893879][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1391.900299][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1391.970732][T15176] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1864'. [ 1392.183620][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 180 seconds [ 1393.206725][ T55] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 210 seconds [ 1393.280757][T15192] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1393.405052][T15192] loop1: detected capacity change from 0 to 2048 [ 1393.489032][T15192] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1393.514624][T15192] ext4 filesystem being mounted at /473/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1393.540773][T15201] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1393.583700][T15198] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1862'. [ 1393.701971][T15201] loop2: detected capacity change from 0 to 2048 [ 1393.727839][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1393.768264][T15201] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1393.813677][T15201] ext4 filesystem being mounted at /459/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1394.967736][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1395.133438][T15216] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1395.261947][T15220] ALSA: mixer_oss: invalid OSS volume '' [ 1397.252752][T15228] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1398.291400][T15235] loop5: detected capacity change from 0 to 40427 [ 1398.346163][T15235] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x7ffff [ 1398.356012][T15235] F2FS-fs (loop5): invalid crc value [ 1398.863231][T15235] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1398.925976][T15235] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1401.442986][T10021] syz-executor: attempt to access beyond end of device [ 1401.442986][T10021] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 1401.469951][T10021] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1401.483713][T10021] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1402.060996][T15247] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1875'. [ 1403.049741][T15252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1876'. [ 1403.495432][T15260] loop3: detected capacity change from 0 to 256 [ 1403.502824][T15260] exfat: Deprecated parameter 'utf8' [ 1403.720319][T15260] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1405.281466][ T55] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 180 seconds [ 1405.790412][T15266] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1874'. [ 1406.543791][T15271] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1410.111244][ T5138] udevd[5138]: worker [13167] /devices/virtual/block/nbd1 timeout; kill it [ 1410.146083][ T5138] udevd[5138]: seq 14838 '/devices/virtual/block/nbd1' killed [ 1410.153681][ T5138] udevd[5138]: worker [13311] /devices/virtual/block/nbd0 timeout; kill it [ 1410.164821][ T5138] udevd[5138]: seq 14714 '/devices/virtual/block/nbd0' killed [ 1410.172637][ T5138] udevd[5138]: worker [13510] /devices/virtual/block/nbd2 timeout; kill it [ 1410.183441][ T5138] udevd[5138]: seq 14871 '/devices/virtual/block/nbd2' killed [ 1412.187402][T15295] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1886'. [ 1413.648853][T15310] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1413.697508][T15313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1890'. [ 1413.728620][T15310] loop5: detected capacity change from 0 to 2048 [ 1413.784575][T15310] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1413.823699][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1891'. [ 1413.836561][T15310] ext4 filesystem being mounted at /266/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1414.452800][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1414.642654][T15320] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1416.966860][T15337] loop3: detected capacity change from 0 to 256 [ 1416.975062][T15337] exfat: Deprecated parameter 'utf8' [ 1416.999333][T15337] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1417.443197][T15343] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1898'. [ 1418.843177][T15352] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1419.474210][T15352] loop5: detected capacity change from 0 to 2048 [ 1419.533793][T15352] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1419.574969][T15352] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1419.998739][T15365] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1902'. [ 1420.809869][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1420.905797][T15371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1903'. [ 1421.038980][T15373] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1421.171558][ T5776] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 1422.231688][ T5776] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1422.390279][ T5776] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1422.571233][ T5776] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1422.641910][T15386] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1907'. [ 1422.879500][ T5776] usb 2-1: Product: syz [ 1422.918605][ T5776] usb 2-1: Manufacturer: syz [ 1423.035659][ T5776] usb 2-1: SerialNumber: syz [ 1423.066857][ T5776] usb 2-1: config 0 descriptor?? [ 1424.292020][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 210 seconds [ 1424.674687][T15409] netlink: 'syz.5.1909': attribute type 1 has an invalid length. [ 1424.682788][T15409] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1909'. [ 1425.720410][T15263] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 240 seconds [ 1426.715234][ T5776] usb 2-1: can't set config #0, error -71 [ 1426.757297][ T5776] usb 2-1: USB disconnect, device number 5 [ 1427.089721][T15426] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1914'. [ 1427.892712][ T8] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 1429.755690][ T8] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1429.932693][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1429.957727][ T8] usb 3-1: config 0 descriptor?? [ 1430.090696][T15441] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1919'. [ 1430.430921][T15447] netlink: 'syz.3.1920': attribute type 1 has an invalid length. [ 1430.438949][T15447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1920'. [ 1431.501244][ T8] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 1431.671633][ T8] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1431.682286][ T8] [drm:udl_init] *ERROR* Selecting channel failed [ 1431.719157][ T8] [drm] Initialized udl 0.0.1 20120220 for 3-1:0.0 on minor 2 [ 1431.726813][ T8] [drm] Initialized udl on minor 2 [ 1431.747156][ T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1431.941193][ T8] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1432.118419][T15455] Cannot find del_set index 2 as target [ 1432.573651][ T8] usb 3-1: USB disconnect, device number 6 [ 1432.580182][T15427] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1432.618187][T15427] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1433.291416][ T8] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 1433.596030][ T8] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1433.641102][ T8] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1433.671672][ T8] usb 3-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1433.876811][T15472] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1927'. [ 1434.495873][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1434.504809][ T8] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 1434.522972][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1434.574738][ T8] usb 3-1: config 0 descriptor?? [ 1436.615030][T15484] netlink: 'syz.5.1930': attribute type 1 has an invalid length. [ 1436.622899][T15484] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1930'. [ 1437.681822][T15493] loop1: detected capacity change from 0 to 256 [ 1437.715484][T15493] exfat: Deprecated parameter 'utf8' [ 1438.638850][T15263] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 210 seconds [ 1438.778507][T15493] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1439.660617][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 1439.668863][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 1439.703970][ T8] usb 3-1: USB disconnect, device number 7 [ 1441.221530][T15513] ALSA: mixer_oss: invalid OSS volume '' [ 1442.086421][T15522] netlink: 'syz.1.1938': attribute type 3 has an invalid length. [ 1442.094411][T15522] netlink: 'syz.1.1938': attribute type 1 has an invalid length. [ 1443.660697][T15528] netlink: 'syz.5.1941': attribute type 1 has an invalid length. [ 1443.668733][T15528] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1941'. [ 1444.504151][T15532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1939'. [ 1446.833852][T15554] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1948'. [ 1451.422735][T15574] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1953'. [ 1452.358122][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1954'. [ 1452.764627][T15586] loop5: detected capacity change from 0 to 512 [ 1452.857321][T15586] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1452.870298][T15586] ext4 filesystem being mounted at /287/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1452.882316][T15588] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1957'. [ 1453.108297][T15595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1453.655491][T15595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1453.776663][T15597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1453.928798][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1454.759305][T15608] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1455.407474][T15610] loop5: detected capacity change from 0 to 2048 [ 1455.635872][T15610] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1455.656719][T15610] ext4 filesystem being mounted at /288/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1455.765088][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1455.771695][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1456.447202][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 240 seconds [ 1456.498739][T15624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1964'. [ 1456.573364][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1456.614395][T15627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1965'. [ 1457.624422][T15632] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1967'. [ 1458.135008][T15263] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 270 seconds [ 1458.690014][T15649] loop1: detected capacity change from 0 to 128 [ 1460.121022][ T28] audit: type=1800 audit(1777094019.274:559): pid=15649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1971" name="bus" dev="loop1" ino=1048654 res=0 errno=0 [ 1460.141227][T15648] syz.1.1971: attempt to access beyond end of device [ 1460.141227][T15648] loop1: rw=2049, sector=857, nr_sectors = 184 limit=128 [ 1463.937612][T15676] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1977'. [ 1464.236546][T15682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1979'. [ 1465.038037][T15693] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1465.075683][T15689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1981'. [ 1465.596070][T15699] Cannot find del_set index 2 as target [ 1468.392720][ T8] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 1468.678754][T15705] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1470.006729][ T8] usb 4-1: device descriptor read/all, error -71 [ 1470.805424][T15263] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 240 seconds [ 1470.915039][T15720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1988'. [ 1471.215188][T15725] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1990'. [ 1471.565261][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1993'. [ 1471.605851][T15731] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 1471.626803][T15734] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1990'. [ 1471.638652][T15734] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1990'. [ 1471.655136][T15734] gretap1: entered promiscuous mode [ 1471.662417][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1992'. [ 1472.052994][T15737] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1472.095971][T15737] loop5: detected capacity change from 0 to 2048 [ 1472.147048][T15737] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1472.167035][T15737] ext4 filesystem being mounted at /295/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1475.438080][T10021] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1475.539601][T15753] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 1475.546697][T15753] PKCS7: Only support pkcs7_signedData type [ 1478.302078][T15755] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1480.633336][T15765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2001'. [ 1480.839372][T15770] netlink: 'syz.5.2002': attribute type 2 has an invalid length. [ 1481.113146][T15770] netlink: 'syz.5.2002': attribute type 2 has an invalid length. [ 1484.796753][T15792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2007'. [ 1486.229130][T15794] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1488.692304][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 270 seconds [ 1488.725618][T15807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2013'. [ 1489.503905][T15824] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1490.752015][T15263] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 300 seconds [ 1492.498611][T15857] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2021'. [ 1494.600507][T15883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2024'. [ 1497.750679][T15919] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1500.190655][T15941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2037'. [ 1500.677419][T15949] netlink: 'syz.1.2039': attribute type 1 has an invalid length. [ 1500.685643][T15949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2039'. [ 1501.802832][T15950] netlink: 'syz.5.2040': attribute type 10 has an invalid length. [ 1501.874875][T15948] loop5: detected capacity change from 0 to 7 [ 1502.400386][T15948] Dev loop5: unable to read RDB block 7 [ 1502.406157][T15948] loop5: AHDI p1 [ 1502.410017][T15948] loop5: partition table partially beyond EOD, truncated [ 1502.514359][T15950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1502.525625][T15950] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1503.385708][T15958] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1503.661423][T15263] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 270 seconds [ 1505.722178][T15977] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1506.500198][T15983] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1507.874392][T15995] loop3: detected capacity change from 0 to 128 [ 1507.927360][T15992] netlink: 'syz.2.2051': attribute type 1 has an invalid length. [ 1507.935395][T15992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2051'. [ 1508.891035][T15997] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1509.359702][T15997] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR [ 1509.584458][T15983] loop1: detected capacity change from 0 to 2048 [ 1509.670542][T16009] netlink: 'syz.3.2054': attribute type 2 has an invalid length. [ 1509.700877][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2052'. [ 1509.931821][T16009] netlink: 'syz.3.2054': attribute type 2 has an invalid length. [ 1510.987448][T16017] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1512.482976][T16028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1513.563224][T16037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1513.643125][T16039] netlink: 'syz.1.2060': attribute type 1 has an invalid length. [ 1513.651226][T16039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2060'. [ 1514.387383][T16043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1514.435038][T16037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1515.635791][T16048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2070'. [ 1515.801209][T16056] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1517.415772][T16072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2066'. [ 1517.572778][T16075] netlink: 'syz.2.2068': attribute type 2 has an invalid length. [ 1517.603906][T16075] netlink: 'syz.2.2068': attribute type 2 has an invalid length. [ 1518.804494][T16081] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1519.761884][T16089] lo speed is unknown, defaulting to 1000 [ 1519.774977][T16089] lo speed is unknown, defaulting to 1000 [ 1519.791600][T16089] lo speed is unknown, defaulting to 1000 [ 1519.832964][T16089] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1519.960782][T16097] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1519.972535][T16094] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2073'. [ 1520.341068][T16089] lo speed is unknown, defaulting to 1000 [ 1520.524381][T16089] lo speed is unknown, defaulting to 1000 [ 1520.531279][T16089] lo speed is unknown, defaulting to 1000 [ 1520.547187][T16089] lo speed is unknown, defaulting to 1000 [ 1520.604642][T16097] loop3: detected capacity change from 0 to 2048 [ 1520.651560][T16097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1520.703042][T16097] ext4 filesystem being mounted at /534/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1520.928218][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1521.135396][T16108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 1521.431338][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 300 seconds [ 1522.053733][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 1522.060138][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1522.795965][T16132] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 1522.965407][T16129] netlink: 'syz.1.2083': attribute type 2 has an invalid length. [ 1523.343587][T16129] netlink: 'syz.1.2083': attribute type 2 has an invalid length. [ 1523.531163][T15263] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 330 seconds [ 1524.009157][T16147] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1524.377323][T16148] loop5: detected capacity change from 0 to 128 [ 1524.693877][ T28] audit: type=1800 audit(1777094079.860:560): pid=16149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2085" name="bus" dev="loop5" ino=1048655 res=0 errno=0 [ 1524.963661][T16150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1526.695296][T16158] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1527.214992][T16160] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2087'. [ 1530.747718][T16185] input: syz1 as /devices/virtual/input/input10 [ 1531.473834][T16192] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1532.077457][T16196] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2098'. [ 1533.296828][T16203] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1533.982400][T16206] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2101'. [ 1535.018375][T16213] netlink: 'syz.1.2102': attribute type 10 has an invalid length. [ 1535.080748][T16213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1535.090729][T16213] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1535.317696][T13033] Bluetooth: (null): Invalid header checksum [ 1535.351800][T13033] Bluetooth: (null): Invalid header checksum [ 1535.423845][T13033] Bluetooth: (null): Invalid header checksum [ 1536.798124][T15263] block nbd2: Possible stuck request ffff8880223f8000: control (read@0,4096B). Runtime 300 seconds [ 1538.350160][T16236] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1540.965715][T16258] loop3: detected capacity change from 0 to 128 [ 1541.784759][T16259] syz.3.2112: attempt to access beyond end of device [ 1541.784759][T16259] loop3: rw=2049, sector=369, nr_sectors = 672 limit=128 [ 1541.895632][ T28] audit: type=1800 audit(1777094095.753:561): pid=16258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2112" name="bus" dev="loop3" ino=1048656 res=0 errno=0 [ 1541.950836][T16256] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1544.451278][T16276] syzkaller0: entered allmulticast mode [ 1544.508972][T16267] netlink: 'syz.2.2115': attribute type 4 has an invalid length. [ 1545.329522][T16287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1546.878276][T16298] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1547.532936][T16301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1548.963703][T16312] loop2: detected capacity change from 0 to 128 [ 1550.769010][T16314] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1551.441087][T16314] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 1552.079260][ T28] audit: type=1800 audit(1777094105.565:562): pid=16310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2123" name="bus" dev="loop2" ino=1048657 res=0 errno=0 [ 1552.189286][T16310] syz.2.2123: attempt to access beyond end of device [ 1552.189286][T16310] loop2: rw=0, sector=121, nr_sectors = 920 limit=128 [ 1553.054358][T16332] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1553.586052][ T1056] block nbd1: Possible stuck request ffff888022340000: control (read@0,4096B). Runtime 330 seconds [ 1554.096244][T16344] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1554.776821][T16352] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1554.861038][T16352] loop2: detected capacity change from 0 to 2048 [ 1554.879447][T16354] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 1554.922287][T16352] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1555.807878][T16352] ext4 filesystem being mounted at /524/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1555.818841][T15263] block nbd0: Possible stuck request ffff8880222f0000: control (read@0,4096B). Runtime 360 seconds [ 1556.221458][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1556.858119][T16368] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1558.053944][T16388] loop2: detected capacity change from 0 to 128 [ 1558.792084][ T28] audit: type=1800 audit(1777094111.833:563): pid=16388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2137" name="bus" dev="loop2" ino=1048658 res=0 errno=0 [ 1559.301454][T16398] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1561.041617][T16413] overlayfs: failed to clone lowerpath [ 1561.121912][T16417] overlayfs: failed to clone upperpath [ 1561.699431][T16421] genirq: Flags mismatch irq 7. 00000000 (ttyS3) vs. 00000000 (at-a2150c) [ 1561.812676][T16421] loop3: detected capacity change from 0 to 2048 [ 1561.869339][T16421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1561.893582][T16421] ext4 filesystem being mounted at /549/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1562.048038][T16426] loop5: detected capacity change from 0 to 2048 [ 1562.115760][T16426] loop5: p2 p3 < > p4 < p5 > [ 1562.279604][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1562.465436][T16431] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2147'. [ 1564.742936][T16444] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1565.881002][ T29] INFO: task udevd:13167 blocked for more than 144 seconds. [ 1565.888391][ T29] Not tainted syzkaller #0 [ 1565.930446][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1565.966307][ T29] task:udevd state:D stack:23048 pid:13167 ppid:5138 flags:0x00004006 [ 1565.978605][ T29] Call Trace: [ 1566.140532][ T29] [ 1566.165550][ T29] __schedule+0x1553/0x45a0 [ 1566.205046][ T29] ? asan.module_dtor+0x20/0x20 [ 1566.246234][ T29] ? mark_lock+0x94/0x320 [ 1566.273097][ T29] ? lock_chain_count+0x20/0x20 [ 1566.298202][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1566.327965][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1566.368081][ T29] schedule+0xbd/0x170 [ 1566.412348][ T29] io_schedule+0x80/0xd0 [ 1566.490078][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1566.873861][ T29] ? folio_wait_bit+0x30/0x30 [ 1566.895739][ T29] ? _compound_head+0x120/0x120 [ 1566.900941][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1566.906446][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1566.911946][ T29] ? blkdev_writepage+0x30/0x30 [ 1566.917001][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1566.922797][ T29] ? blkdev_writepage+0x30/0x30 [ 1566.931704][ T29] read_part_sector+0xd2/0x340 [ 1566.936641][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1566.943148][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1566.952895][ T29] ? put_partition+0x370/0x370 [ 1566.957810][ T29] ? alloc_pages+0x4dc/0x740 [ 1566.965683][ T29] bdev_disk_changed+0x740/0x1420 [ 1566.971787][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1566.977331][ T29] ? iput+0x343/0x920 [ 1566.983990][ T29] blkdev_get_whole+0x30d/0x390 [ 1566.989063][ T29] blkdev_get_by_dev+0x279/0x600 [ 1567.006271][ T29] blkdev_open+0x152/0x360 [ 1567.010919][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1567.019675][T16465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2155'. [ 1567.022110][ T29] do_dentry_open+0x8c6/0x1500 [ 1567.034088][ T29] path_openat+0x27f1/0x3230 [ 1567.039301][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1567.044307][ T29] ? verify_lock_unused+0x140/0x140 [ 1567.050341][ T29] ? do_filp_open+0x430/0x430 [ 1567.055231][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1567.063010][ T29] do_filp_open+0x1f5/0x430 [ 1567.068050][ T29] ? vfs_tmpfile+0x490/0x490 [ 1567.072865][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1567.078463][ T29] ? alloc_fd+0x58f/0x630 [ 1567.083027][ T29] do_sys_openat2+0x134/0x1d0 [ 1567.094093][ T29] ? do_sys_open+0xe0/0xe0 [ 1567.103145][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1567.114074][ T29] ? lock_chain_count+0x20/0x20 [ 1567.119156][ T29] __x64_sys_openat+0x139/0x160 [ 1567.124934][ T29] do_syscall_64+0x55/0xa0 [ 1567.129594][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.138871][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.144147][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1567.150332][ T29] RIP: 0033:0x7fb9a88a7407 [ 1567.158367][ T29] RSP: 002b:00007ffc77bd7e80 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1567.167537][ T29] RAX: ffffffffffffffda RBX: 00007fb9a87bb880 RCX: 00007fb9a88a7407 [ 1567.177659][ T29] RDX: 00000000000a0800 RSI: 0000562a9c842860 RDI: ffffffffffffff9c [ 1567.190510][ T29] RBP: 0000562a9c83a910 R08: 0000000000000000 R09: 0000000000000000 [ 1567.200279][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000562a9c857f10 [ 1567.219913][ T29] R13: 0000562a9c852410 R14: 0000000000000000 R15: 0000562a9c857f10 [ 1567.232214][ T29] [ 1567.236179][ T29] INFO: task udevd:13311 blocked for more than 145 seconds. [ 1567.247126][ T29] Not tainted syzkaller #0 [ 1567.255511][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1567.268043][ T29] task:udevd state:D stack:24968 pid:13311 ppid:5138 flags:0x00004006 [ 1567.279590][ T29] Call Trace: [ 1567.287181][ T29] [ 1567.290317][ T29] __schedule+0x1553/0x45a0 [ 1567.296966][ T29] ? asan.module_dtor+0x20/0x20 [ 1567.307075][ T29] ? mark_lock+0x94/0x320 [ 1567.313492][ T29] ? lock_chain_count+0x20/0x20 [ 1567.320209][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1567.338227][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1567.347686][ T29] schedule+0xbd/0x170 [ 1567.352058][ T29] io_schedule+0x80/0xd0 [ 1567.357688][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1567.363715][ T29] ? folio_wait_bit+0x30/0x30 [ 1567.369116][ T29] ? _compound_head+0x120/0x120 [ 1567.374258][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1567.381262][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1567.393047][ T29] ? blkdev_writepage+0x30/0x30 [ 1567.399221][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1567.404606][ T29] ? blkdev_writepage+0x30/0x30 [ 1567.414685][ T29] read_part_sector+0xd2/0x340 [ 1567.440841][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1567.459864][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1567.470978][ T29] ? put_partition+0x370/0x370 [ 1567.476344][ T29] ? alloc_pages+0x4dc/0x740 [ 1567.481150][ T29] bdev_disk_changed+0x740/0x1420 [ 1567.486887][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1567.492411][ T29] ? iput+0x343/0x920 [ 1567.496983][ T29] blkdev_get_whole+0x30d/0x390 [ 1567.502063][ T29] blkdev_get_by_dev+0x279/0x600 [ 1567.507721][ T29] blkdev_open+0x152/0x360 [ 1567.512361][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1567.517728][ T29] do_dentry_open+0x8c6/0x1500 [ 1567.522744][ T29] path_openat+0x27f1/0x3230 [ 1567.534065][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1567.547479][ T29] ? verify_lock_unused+0x140/0x140 [ 1567.552777][ T29] ? do_filp_open+0x430/0x430 [ 1567.557525][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1567.563011][ T29] do_filp_open+0x1f5/0x430 [ 1567.567583][ T29] ? vfs_tmpfile+0x490/0x490 [ 1567.572320][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1567.577258][ T29] ? alloc_fd+0x58f/0x630 [ 1567.584086][ T29] do_sys_openat2+0x134/0x1d0 [ 1567.588945][ T29] ? do_sys_open+0xe0/0xe0 [ 1567.593496][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1567.599539][ T29] ? lock_chain_count+0x20/0x20 [ 1567.604791][ T29] __x64_sys_openat+0x139/0x160 [ 1567.609715][ T29] do_syscall_64+0x55/0xa0 [ 1567.614475][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.619511][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.624716][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1567.630672][ T29] RIP: 0033:0x7fb9a88a7407 [ 1567.635433][ T29] RSP: 002b:00007ffc77bd7e80 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1567.644175][ T29] RAX: ffffffffffffffda RBX: 00007fb9a87bb880 RCX: 00007fb9a88a7407 [ 1567.652208][ T29] RDX: 00000000000a0800 RSI: 0000562a9c83b430 RDI: ffffffffffffff9c [ 1567.660305][ T29] RBP: 0000562a9c83a910 R08: 0000000000000000 R09: 0000000000000000 [ 1567.668598][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000562a9c854320 [ 1567.676990][ T29] R13: 0000562a9c852410 R14: 0000000000000000 R15: 0000562a9c854320 [ 1567.685023][ T29] [ 1567.688234][ T29] INFO: task udevd:13510 blocked for more than 146 seconds. [ 1567.695554][ T29] Not tainted syzkaller #0 [ 1567.704445][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1567.713831][ T29] task:udevd state:D stack:24968 pid:13510 ppid:5138 flags:0x00004006 [ 1567.726404][ T29] Call Trace: [ 1567.730074][ T29] [ 1567.733082][ T29] __schedule+0x1553/0x45a0 [ 1567.737670][ T29] ? asan.module_dtor+0x20/0x20 [ 1567.742912][ T29] ? mark_lock+0x94/0x320 [ 1567.747322][ T29] ? lock_chain_count+0x20/0x20 [ 1567.752762][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1567.757902][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1567.763945][ T29] schedule+0xbd/0x170 [ 1567.768087][ T29] io_schedule+0x80/0xd0 [ 1567.772696][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1567.778061][ T29] ? folio_wait_bit+0x30/0x30 [ 1567.783025][ T29] ? _compound_head+0x120/0x120 [ 1567.787934][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1567.793114][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1567.798708][ T29] ? blkdev_writepage+0x30/0x30 [ 1567.803646][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1567.808845][ T29] ? blkdev_writepage+0x30/0x30 [ 1567.813985][ T29] read_part_sector+0xd2/0x340 [ 1567.822008][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1567.827624][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1567.832967][ T29] ? put_partition+0x370/0x370 [ 1567.838375][ T29] ? alloc_pages+0x4dc/0x740 [ 1567.843035][ T29] bdev_disk_changed+0x740/0x1420 [ 1567.848188][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1567.853570][ T29] ? iput+0x343/0x920 [ 1567.857811][ T29] blkdev_get_whole+0x30d/0x390 [ 1567.862831][ T29] blkdev_get_by_dev+0x279/0x600 [ 1567.867910][ T29] blkdev_open+0x152/0x360 [ 1567.872509][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1567.877201][ T29] do_dentry_open+0x8c6/0x1500 [ 1567.882311][ T29] path_openat+0x27f1/0x3230 [ 1567.886965][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1567.891903][ T29] ? verify_lock_unused+0x140/0x140 [ 1567.897165][ T29] ? do_filp_open+0x430/0x430 [ 1567.902010][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1567.907184][ T29] do_filp_open+0x1f5/0x430 [ 1567.911763][ T29] ? vfs_tmpfile+0x490/0x490 [ 1567.916425][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1567.921322][ T29] ? alloc_fd+0x58f/0x630 [ 1567.926878][ T29] do_sys_openat2+0x134/0x1d0 [ 1567.931676][ T29] ? do_sys_open+0xe0/0xe0 [ 1567.940093][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1567.946650][ T29] ? lock_chain_count+0x20/0x20 [ 1567.951554][ T29] __x64_sys_openat+0x139/0x160 [ 1567.957048][ T29] do_syscall_64+0x55/0xa0 [ 1567.961545][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.966538][ T29] ? clear_bhb_loop+0x40/0x90 [ 1567.971478][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1567.977637][ T29] RIP: 0033:0x7fb9a88a7407 [ 1567.982192][ T29] RSP: 002b:00007ffc77bd7e80 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1567.991069][ T29] RAX: ffffffffffffffda RBX: 00007fb9a87bb880 RCX: 00007fb9a88a7407 [ 1567.999176][ T29] RDX: 00000000000a0800 RSI: 0000562a9c83b480 RDI: ffffffffffffff9c [ 1568.007540][ T29] RBP: 0000562a9c83a910 R08: 0000000000000000 R09: 0000000000000000 [ 1568.015571][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000562a9c84eba0 [ 1568.023708][ T29] R13: 0000562a9c852410 R14: 0000000000000000 R15: 0000562a9c84eba0 [ 1568.034245][ T29] [ 1568.037344][ T29] [ 1568.037344][ T29] Showing all locks held in the system: [ 1568.046890][ T29] 1 lock held by khungtaskd/29: [ 1568.057758][ T29] #0: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 1568.069548][ T29] 2 locks held by getty/5528: [ 1568.076796][ T29] #0: ffff888031c1a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1568.087600][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 1568.100161][ T29] 1 lock held by udevd/13167: [ 1568.106705][ T29] #0: ffff8880222634c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1568.117018][ T29] 1 lock held by udevd/13311: [ 1568.121729][ T29] #0: ffff88802228d4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1568.131950][ T29] 1 lock held by udevd/13510: [ 1568.136884][ T29] #0: ffff8880223a84c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1568.147119][ T29] [ 1568.149488][ T29] ============================================= [ 1568.149488][ T29] [ 1568.159197][ T29] NMI backtrace for cpu 0 [ 1568.163566][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1568.170805][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1568.180925][ T29] Call Trace: [ 1568.184237][ T29] [ 1568.187190][ T29] dump_stack_lvl+0x18c/0x250 [ 1568.191931][ T29] ? show_regs_print_info+0x20/0x20 [ 1568.197181][ T29] ? load_image+0x420/0x420 [ 1568.201744][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 1568.206747][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 1568.212937][ T29] ? _printk+0xde/0x130 [ 1568.217156][ T29] ? load_image+0x420/0x420 [ 1568.221724][ T29] ? load_image+0x420/0x420 [ 1568.226281][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1568.232420][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 1568.238441][ T29] watchdog+0xf3d/0xf80 [ 1568.242633][ T29] ? watchdog+0x1e1/0xf80 [ 1568.247003][ T29] kthread+0x2fa/0x390 [ 1568.251142][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1568.256204][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1568.260827][ T29] ret_from_fork+0x48/0x80 [ 1568.265288][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1568.269910][ T29] ret_from_fork_asm+0x11/0x20 [ 1568.274731][ T29] [ 1568.278706][ T29] Sending NMI from CPU 0 to CPUs 1: [ 1568.283972][ C1] NMI backtrace for cpu 1 [ 1568.283988][ C1] CPU: 1 PID: 9479 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 1568.284005][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1568.284014][ C1] Workqueue: events_unbound nsim_dev_trap_report_work [ 1568.284035][ C1] RIP: 0010:stack_trace_consume_entry+0xb/0x270 [ 1568.284060][ C1] Code: 24 78 75 09 48 8d 65 f0 5b 41 5e 5d c3 e8 9d 87 10 09 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 55 41 57 41 56 41 55 <41> 54 53 48 83 ec 18 48 ba 00 00 00 00 00 fc ff df 4c 8d 47 10 4c [ 1568.284073][ C1] RSP: 0018:ffffc9000e1ff640 EFLAGS: 00000282 [ 1568.284086][ C1] RAX: ffffffff8132a3fa RBX: ffffc9000e1ff720 RCX: ffff88805cc19e00 [ 1568.284098][ C1] RDX: 0000000000000000 RSI: ffffffff81df30b6 RDI: ffffc9000e1ff720 [ 1568.284109][ C1] RBP: ffffc9000e1ff6f0 R08: ffff88805cc19e00 R09: 0000000000000003 [ 1568.284121][ C1] R10: 0000000000000004 R11: 0000000000000000 R12: ffffffff81df30b6 [ 1568.284131][ C1] R13: ffffc9000e1ffa90 R14: ffffffff8175c250 R15: ffffc9000e1ff668 [ 1568.284143][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1568.284157][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1568.284167][ C1] CR2: 00007f0c3f9ea2f8 CR3: 000000000cf32000 CR4: 00000000003506e0 [ 1568.284182][ C1] Call Trace: [ 1568.284187][ C1] [ 1568.284193][ C1] ? stack_trace_save+0x100/0x100 [ 1568.284214][ C1] arch_stack_walk+0x138/0x190 [ 1568.284234][ C1] ? ____kasan_slab_free+0x126/0x1e0 [ 1568.284256][ C1] stack_trace_save+0xaa/0x100 [ 1568.284275][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 1568.284294][ C1] ? skb_release_data+0x634/0x800 [ 1568.284343][ C1] ? worker_thread+0xa55/0xfc0 [ 1568.284367][ C1] ? kthread+0x2fa/0x390 [ 1568.284381][ C1] ? ret_from_fork+0x48/0x80 [ 1568.284399][ C1] ? ret_from_fork_asm+0x11/0x20 [ 1568.284425][ C1] kasan_set_track+0x4e/0x70 [ 1568.284442][ C1] ? kasan_set_track+0x4e/0x70 [ 1568.284458][ C1] ? kasan_save_free_info+0x2e/0x50 [ 1568.284508][ C1] ? kmem_cache_free+0xf8/0x270 [ 1568.284531][ C1] kasan_save_free_info+0x2e/0x50 [ 1568.284552][ C1] ____kasan_slab_free+0x126/0x1e0 [ 1568.284572][ C1] slab_free_freelist_hook+0x130/0x1a0 [ 1568.284591][ C1] ? nsim_dev_trap_report_work+0x76f/0xb00 [ 1568.284608][ C1] kmem_cache_free+0xf8/0x270 [ 1568.284634][ C1] nsim_dev_trap_report_work+0x76f/0xb00 [ 1568.284661][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 1568.284681][ C1] process_scheduled_works+0xa5d/0x15d0 [ 1568.284718][ C1] ? worker_attach_to_pool+0x380/0x380 [ 1568.284744][ C1] ? assign_work+0x3d2/0x5d0 [ 1568.284768][ C1] worker_thread+0xa55/0xfc0 [ 1568.284805][ C1] kthread+0x2fa/0x390 [ 1568.284819][ C1] ? pr_cont_work+0x560/0x560 [ 1568.284839][ C1] ? kthread_blkcg+0xd0/0xd0 [ 1568.284854][ C1] ret_from_fork+0x48/0x80 [ 1568.284873][ C1] ? kthread_blkcg+0xd0/0xd0 [ 1568.284889][ C1] ret_from_fork_asm+0x11/0x20 [ 1568.284918][ C1] [ 1568.571789][ C1] vkms_vblank_simulate: vblank timer overrun [ 1568.590578][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 1568.597505][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1568.604745][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1568.614832][ T29] Call Trace: [ 1568.618134][ T29] [ 1568.621098][ T29] dump_stack_lvl+0x18c/0x250 [ 1568.625814][ T29] ? show_regs_print_info+0x20/0x20 [ 1568.631047][ T29] ? load_image+0x420/0x420 [ 1568.635588][ T29] panic+0x2dc/0x730 [ 1568.639509][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 1568.645192][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 1568.649735][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 1568.655313][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 1568.661493][ T29] watchdog+0xf7c/0xf80 [ 1568.665687][ T29] ? watchdog+0x1e1/0xf80 [ 1568.670068][ T29] kthread+0x2fa/0x390 [ 1568.674162][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1568.679220][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1568.683970][ T29] ret_from_fork+0x48/0x80 [ 1568.688413][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1568.693024][ T29] ret_from_fork_asm+0x11/0x20 [ 1568.697926][ T29] [ 1568.701536][ T29] Kernel Offset: disabled [ 1568.705878][ T29] Rebooting in 86400 seconds..