last executing test programs: 9m46.842939059s ago: executing program 3 (id=129): bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000306010200000000000000000700000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) close(r3) 9m46.61668118s ago: executing program 3 (id=131): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x48, 0x2, 0x2c}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/216, 0xd8, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 9m46.499969649s ago: executing program 3 (id=132): bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x2) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r3, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) sendmsg$can_bcm(r5, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000019200)=ANY=[@ANYBLOB, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0100004001000000010000c0060200004a4faa7920a000ad333f1e3b01f870bba382bf0be50e87dbe68947682beec215"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000) syz_mount_image$exfat(&(0x7f0000000540), &(0x7f0000000040)='./file0\x00', 0x880022, &(0x7f0000000080)=ANY=[@ANYBLOB='utf8,utf8,iocharset=cp862,iocharset=cp864,discard,errors=remount-ro,fmask=00000000000000000007777,gid=', @ANYRESHEX=0x0, @ANYRES64], 0x1, 0x1526, &(0x7f0000000780)="$eJzs3Au4TdXXMPAx5pyLQ9JOcjmsMcdip4NJkuSSkEuSJEmSW0KSJElIbrklIQm5J7knndw6Tjru9/s16eSVJElISDK/53T5e3v7+vzf99/3eb/3jN/zrLPnOGuPsefc46y9117POeebLsNrNKpZtQEzw79C/XbbGwASAGAQAFwDAAEAlMlVJhcgQDaNvf+lBxF/swdnXekZiCtJ+p+5Sf8zN+l/5ib9z9yk/5mb9D9zk/5nbtJ/ITKzrbPzXytb5t2+6TK8xrJ/6vq//T/vxl9v5Pr/fyfZLrNf3v//x/qnjjTpf+Ym/c/cpP+Zm/Q/c5P+Z27S/8xN+p+5Sf+FyMyu9PXn/w+235+qKz2Py2zBfynvyv70CSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTILM75SwwA/D6+0vMSQgghhBBCCCHE38dnvdIzEEIIIYQQQgghxP99CGA0GAggC2SFBMgG2eEqyAFXQ064BmJwLeSC6yA3XA95IC/kg/yQCAWgIIRAYIEhgkJQGOLgPcCNkARFoRgUBwcloCTcBKXgZigNt0AZSE4BuA3KQXmoABXhdqgEd0BlqAJV4U6oBtWhBtSEu6AW3A214R6oA/dCXbgP6sH9UB8egAbwIDSEh6ARPAyN4RFoAk2hGTSHFv+l/BegB7wIPaEX9IY+0Bdegn7QHwbAQBgEL8NgeAWGwKswFIbBcHgNRsDrMBLegFEwGsbAmzAWxsF4mAATYRJMhrdgCrwNU+EdmAbTYQbMhFkwG+bAuzAX3oN58D4kI8B8WAALYREshg8hBZZAKnwES+FjSINlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbATtgFu2FPlb3wCeyDT2E/fAbp8Pl/Mv8s/DG/KwICKlRo0GAWzIIJmIDZMTvmwByYE3NiDGOYC3NhbsyNeTAP5sN8mIiJWBALIiEhI2MhLIRxjGMRLIJJmITFsBg6dFgSS2IpvBlLY2ksg2WwLJbFclgey2NFrIiVsBJWxspY9bYFAFgNa2ANvAvvwruxNtbGOlgH62JdrIf1sD7WxwbYABtiQ2yEjbAxNsYm2ASbYTNsgS2wJbbEVtgK22AbbIttsR22w/bYHjtgB+yIHbETdsLO2Bm7YBfsit2wG76AL+CL+CL2wmqqD/bFvtgP++EAHIgD8WUcjK/gK/gqDsVhOBxfw9fwdRyJZ3AUjsYxOAYrqXE4Hicgq0k4GSfjFJyCU3EqTsPpOB1n4iycjXNwDs7F9zDjCEvGD/ADXIALcBEuxsWYgkswFVNxKZ7FNFyGy3EFrsRVuBLX4Fpcg+txA67HTbgJt+AW3IbbcAfuwF24C/fgHvwEP8FP8VMciumYjgfwAB7Eg3gID+FhPIxH8Mi2qwDwGB7D43gcT+BJPIUn8TSexjN4Fs/hOTyP5/ECPpf4VcM9RdcNBZXBKKOyqCwqQSWo7Cq7yqFyqJwqp4qpmMqlcqncKrfKo/KofCqfSlSJqqAqqEiRYhWpQqqQiqu4KqKKqCSVpIqpYsopp0qqkqqUKqVKq9KqjLpVlVW3qXKqvGrtKqqKqpJq4yqrKqqqqqqqqeqqhqqpaqpaqpaqrWqrOqqOqqvqqnrqflVf9cEB+KDK6EwjNQwbq+HYRDVVzVRz9To+qlqqkdhKtVZt1ONqNI7Cdqqla6+eUh3UeOyonkn4/YWui3pedVXdVHf1guqhWrmeqpeahn1UXzUT+6n+aoAaqOZidfU+JmMN9aoaqoap4eo1tQhfVyPVG2qUGq3GqDfVWDVOjVcT1EQ1SU1Wb6kp6m01Vb2jpqnpaoaaqWap2WqOelfNVe+peep9law+UPPVArVQLVKL1YcqRS1RqeojtVR9rNLUMrVcrVAr1Sq1Wq1Ra9U6tV5tUBvVJrVZbVFb1Ta1Xe1QO9UutVvtUXvVJ2qf+lTtV5+pdPW5ynj9Pqi+UIfUl+qw+kodUV+ro+obdUx9q46rXuqEOqlOqe/VafWDOqPO9jmnflTn1U/qgvpZXVRegUattNZGBzqLzqoTdDadXV+lc+irdU59jY7pa3UufZ3Ora/XeXRenU/n14m6gC6oQ03aataRLqQL67i+QRfRN+okXVQX08W10yV0SX2TLqVv1qX1LbqMvlWX1bfpcrq8rqAr6tt1JX2Hrqyr6Kr6Tl1NV9c1dE19l66l79a19T26jr5X19X36Xr6fl1fP6Ab6Ad1Q/2QbqQf1o31I7qJbqqb6ea6hX5Ut9SP6Va6tW6jH9dt9RO6nX5St9dP6Q76ad1RP6M76Wd1Z/2c7qKf1111N91d/6wvaq976l66t+6j++qXdD/dXw/QA/Ug/bIerF/RQ/Sreqgepofr1/QI/boeqd/Qo/RoPUa/qcfqcXq8nqAn6kl6sn5LT9Fv66n6HT1NT9czdFaYpWfrAb9VmvdP5L/9h/yZOiN/yC+PvkVv1dv0dr1D79S79G69R+/Ve/U+vU/v1/t1uk7XB/QBfVAf1If0IX1YH9ZH9BF9VB/Vx/QxfVwf1yf0Sf2j/l6f1j/oM/qsPqt/1Of1eX3ht+cADBpltDEmMFlMVpNgspns5iqTw1xtcpprTMxca3KZ60xuc73JY/KafCa/STQFTEETGjLWsIlMIVPYxM0Npoi50SSZoqaYKW6cKWFKmptMzCD8K/l/Mb8VM349pk0L08K0NC1NK9PKtDFtTFvT1rQz7Ux70950MB1MR9PRdDKdTGfT2XQxXUxX09V0N91ND9PD9EQwvU1v09e8ZPqZ/maAGWgGmZdNRuEhZogZaoaa4Wa4GWFGmJFmpBllRpmMnWPNWDPejDcTzUQz2Uw2U8wUM9VMNdPMNDPDzDCzzCwzx8wxc81cM8/MM8km2cw3881Cs9AsNotNikkxqSbVLDVLTZpZZpaZFWaFWWVWmTVmjVln1pkNZoPZZDaZNLPVbDXbzXaz0+w0u81us9fsNfvMPrPf7DfpJt0cMAfMQXPQHDKHzGFz2BwxR8xRc9QcM8fMcXPcnDAnzClzypw2p80Zc8acM+fMeXPeXDAXzEVzMeO0L1CBCkxggixBliAhSAiyB9mDHEGOIGeQM4gFsSBXkCvIHVwf5AnyBvmC/EFiUCAoGIQBBTbgIAoKBYWDeHBDUCS4MUgKigbFguKBC0oEJYObglLBzUHp4JagTHBrUDa4LSgXlA8qBBWD24NKwR1B5aBKUDW4M6gWVA9qBDWDu4Jawd1B7eCeoE5wb1A3uC+oF9wf1A8eCBoEDwYNg4eCRsHDQePgkaBJ0DRoFjQPWvyt9b0/k/cx1zPsFWaFPmHf8KWwX9g/HBAODAeFL4eDw1fCIeGr4dBwWDg8fC0cEb4ejgzfCEeFo8Mx4Zvh2HBcOD6cEE4MJ4WTw7fCKeHb4dTwnXBaOD2cEc4MZ4Wzwznhu+Hc8L1wXvh+mBx+EM4PF4QLw0Xh4vDDMCVcEqaGH4VLw4/DtHBZuDxcEa4MV4WrwzXh2nBduD7cEG4MN4Wbwy3h1nBbuD3cEe4Md4W7wz3h3vCTcF/4abg//CxMDz8PD4S/v+19GR4OvwqPhF+HR8NvwmPht+Hx8LvwRHgyPBV+H54OfwjPhGfDc+GP4fnwp/BC+HN4MfQZJ/cZb+9kyFAWykIJlEDZKTvloByUk3JSjGKUi3JRbspNeSgP5aN8lEiJVJAKUgYmpkJUiOIUpyJUhJIoiYpRMXLkqCSVpFJUikpTaSpDZagslaVyVI4qUAW6nW6nO+gOqkJV6E66k6pTdapJNakW1aLaVJvqUB2qS3WpHtWj+lSfGlADakgNqRE1osbUmJpQE2pGzagFtaCW1JJaUStqQ22oLbWldtSO2lN76kAdqCN1pE7UiTpTZ+pCXagrdaXu1J16UA/qST2pN/WmvtSX+lE/GkADaBANosE0mIbQEBpKQ2k4DacRNIJG0kgaRaNpDL1JY2kcjacJNJEm0WSaTFNoCk2lqTSNptEMmkGzaBbNoTk0l+bSPJpHyZRM82k+LaSFtJgWUwqlUCql0lJaSmmURstpOa2klbSaVtNaWkvraT1tpI20mTbTVtpK22k77aSdtJt2017aS/toH+2n/ZRO6XSADtBBOkiH6BAdpsN0hI7QUTpKx+gYHafjdIJO0Ck6RafpNJ2hM3SOztF5+oku0M90kTwl2Gw2u73K5rBX25z2Gvsf43w2v020BWxBG9o8Nu8fYrLWJtmitpgtbp0tYUvam/4Ul7PlbQVb0d5uK9k7bOXfYoDf41prd/76i+j2XlvT3mVr2bttbXuPrWPvtXXtfbaefdjWt4/YBrapbWib20b2YdvYPmKb2Ka2mW1u29onbDv7pG1vn7Id7NN/ilPsErvWrrPr7Qa7z35qz9kf7VH7jT1vf7I9bS87yL5sB9tX7BD7qh1qh/0pHmPftGPtODveTrAT7aQ/xTPsTDvLzrZz7Lt2rn3vT/Fi+6FNtql2vl1gF9pFv8QZc0q1H9ml9mObZpfZ5XaFXWlX2dV2zT/musJuspvtFrvXfmK32x12p91ld9s9v8QZ69hvP7Pp9nN7xH5tD9ov7CF7zB62X/0SZ6zvmP3WHrff2RP2pD1lv7en7Q/2jD37y/oz1v69/dletN4CIyvWbDjgLJyVEzgbZ+erOAdfzTn5Go7xtZyLr+PcfD3n4bycj/NzIhfgghwysWXmiAtxYY7zDVyEb+QkLsrFuDg7LsEl+SYuxTdzac44e72Vy/JtXI7LcwWuyLdzJb6DK3MVrsp3cjWuzjW4Jt/Ftfhurs33cB2+l+vyfVyP7+f6/AA34Ae5IT/EjfhhbsyPcBNuys24ObfgR7klP8atuDW34ce5LT/B7fhJbs9PcQd+mjvyM9yJn+XO/Bx34ee5K3fj7vwC9+AXuSf34t7ch/vyS9yP+/MAHsiD+GUezK/wEH6Vh/IwHs6v8Qh+nUfyGzyKR/MYfpPH8jgezxN4Ik/iyfwWT+G3eSq/w9N4Os/gmTyLZ/Mcfpfn8ns8j9/nZP6A5/MCXsiLeDF/yCm8hFP5I17KH3MaL+PlvIJX8ipezWt4La/j9byBN/Im3sxbeCtv4+28g5F38W7ew3v5E97Hn/J+/ozT+XM+wP/GB/kLPsRf8mH+io/w13yUv+Fj/C0f5+/4BJ/kU/w9n+Yf+Ayf5XP8I5/nn/gC/8wX2TNEGKlIRyYKoixR1ighyhZlj66KckRXRzmja6JYdG2UK7ouyh1dH+WJ8kb5ovxRYlQgKhiFEUU24iiKCkWFo3h0Q1QkujFKiopGxaLikYtKRCWjm6JS0c1R6eiWqEx0a1Q2ui0qF5WPHr63YnR7VCm6I6ocVYmqRndG1aLqUY2oZnRXVCu6O6od3RPVie6NSkf3RfWi+6P60QNRA3gwahg9FDWKHo4aR49ETaKmUbOoedQiejRqGT0WtYpaR22ix6O20RNRu+jJqH30VNQhevqy+3tHfaK+0UvRS5H39+iF8UXxxfEP4ynxJfHU+EfxpfGP42nxZfHl8RXxlfFV8dXxNfG18XXx9fEN8Y3xTfHN8S1x72tmBYdOOe2MC1wWl9UluGwuu7vK5XBXu5zuGhdz17pc7jqX213v8ri8Lp/L7xJdAVfQhY6cdewiV8gVdnF3gyvibnRJrqgr5oo750q4kq65a+FauJbuMdfKtXZt3OPucfeEe8I96Z50T7kO7mnX0T3jOrlnXWf3nHvOPe+6um6uu3vB9XAvup6ul+vteru+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6im+wmuyluipvqprppbpqb4Wa4WW6Wm+PmuLlurpvn5rnkpGQ33813C91Ct9gtdikuxaW6VLfULXVpLs0td8vdSrfSrXar3Vq31q13691Gt9FtdpvdVrfVbXfb3U630+12u91et9ftc/vcfrffpbt0d8AdOOfdQXfIfekOu6/cEfe1O+q+ccfct+64+86dcCfdKfe9O+1+cGfcWXfO/ejOu5/cBfezu+i8mxx7KzYl9nZsauyd2LTY9NiM2MzYrNjs2JzYu7G5sfdi82Lvx5JjH8TmxxbEFsYWxRbHPoylxJbEUmMfxZbGPo6lxZbFlsdWxFbGVsW8L7A98oV8YR/3N/gi/kaf5Iv6Yr64d76EL+lv8qX8zb60v8WX8bf6sv42X86X9xX8I76Jb+qb+ea+hX/Ut/SP+Va+tW/jH/dt/RO+nX/St/dP+Q7+ad/RP+M7+Wd9Z/+c7+Kf9119N9/dv+B7+Bd9T699b9/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hX/VA/zA/3r/kR/nU/0r/hR/nRfox/04/14/x4P8FP9JP8ZP+Wn+Lf9lP9O36an+5n+Jl+lp/t5/h3/Vz/np/n3/fJ/gM/3y/wC/0iv9h/6FP8Ep/qP/JL/cc+zS/zy/0KDwmr/Gq/xq/16/x6v8Fv9Jv8Zr/Fb/Xb/Ha/w+/0u/xuv8fv9Z/4ff5Tv99/5tP95/6A/zd/0H/hD/kv/WH/lT/iv/ZH/Tf+mP/WH/ff+RP+pD/lv/en/Q/+jD/rz/kf/Xn/k7/gf/YX5W/WhBBCCCH+Kfoy+/v8IVL/+Kp++05fALh6R/7D/7Hmxjy/jvurxLYxAHiqV5cHf9+qVevdu/dv903TEBReAACxS/lZ4FK8DNrAE9AeWkOp/+38+qtu5/ky9eO3AmT/dzkJcCm+VP/mv6g/Lvmy9RcAJBW+lJMNLsWX6pf+U+3gl/p5W16mfrYvJgO0+nd5OeBSfKl+SXgMnob2f7inEEIIIYQQQgjxq/6qQqfLfb7N+HyeaC7lZIVL8eU+nwshhBBCCCGEEOLKe7Zb9ycfbd++dae/GFT5610yyCyDLP89pnElBpc9QP4zA4ArvZx/DBDgl0t8f32fK/3KJIQQQgghhPi7XTrpv9IzEUIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghMq//F/9y7EqvUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLjS/lcAAAD//98IJ/w=") 9m45.156461956s ago: executing program 3 (id=137): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) move_mount(r1, &(0x7f0000000140)='.\x00', r0, &(0x7f0000000300)='./file0\x00', 0x41) move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x220) 9m44.964137749s ago: executing program 3 (id=141): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x54, 0x2, [@TCA_BASIC_ACT={0x50, 0x3, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0xffff, 0x6, 0x2, 0x6}, 0x4}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0xb}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4) 9m44.572878201s ago: executing program 3 (id=146): openat$ppp(0xffffffffffffff9c, 0x0, 0x101940, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0xc5) fcntl$notify(r2, 0x402, 0x31) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x40000103, &(0x7f0000009f00)) close_range(r0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) socket$nl_generic(0x10, 0x3, 0x10) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000880)=[{&(0x7f0000000500)=""/236, 0xec}, {0x0}], 0x2, &(0x7f0000000340), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000240)=""/208, 0xd0}], 0x1, 0x10001, 0x2) openat(0xffffffffffffff9c, 0x0, 0x0, 0x3) r3 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r3, 0x40140921, 0x200000000005) 9m44.022083628s ago: executing program 32 (id=146): openat$ppp(0xffffffffffffff9c, 0x0, 0x101940, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0xc5) fcntl$notify(r2, 0x402, 0x31) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x40000103, &(0x7f0000009f00)) close_range(r0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) socket$nl_generic(0x10, 0x3, 0x10) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000880)=[{&(0x7f0000000500)=""/236, 0xec}, {0x0}], 0x2, &(0x7f0000000340), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000240)=""/208, 0xd0}], 0x1, 0x10001, 0x2) openat(0xffffffffffffff9c, 0x0, 0x0, 0x3) r3 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r3, 0x40140921, 0x200000000005) 7m12.6283857s ago: executing program 1 (id=808): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x8, @private2, 0x6}, 0x1c, &(0x7f0000001c00)=[{&(0x7f00000004c0)="b4", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x84, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f) 7m12.370919012s ago: executing program 1 (id=810): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0) syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x3, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @loopback, @private}, "000088beffff0000"}}}}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r5, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x80) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4040}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fedbdf250c00000031006512000005000000050030000100"/46], 0x34}, 0x1, 0x0, 0x0, 0x200000c0}, 0x1) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, &(0x7f0000000000)) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r7) r8 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, 0x0) kcmp(r1, r2, 0x6, r7, r7) bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x8f4, 0x2c, 0x200, 0x70bd26, 0x691f, {0x0, 0x0, 0x0, 0x0, {0x7, 0x1}, {0xb, 0x6}, {0x2, 0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_fw={{0x7}, {0x894, 0x2, [@TCA_FW_ACT={0x4}, @TCA_FW_POLICE={0x87c, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x7, 0xf, 0x11, 0x400, {0x5e, 0x0, 0xfffb, 0x2, 0x9, 0x1}, {0x3, 0x0, 0x7, 0x6, 0x16, 0x5}, 0x9, 0x2, 0x1}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x5}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x9, 0x1, 0x7, 0x0, 0x2, 0x401, 0x7ff, 0x9, 0x7, 0xa003, 0xcf8, 0x5, 0xffff, 0x3, 0x100, 0x5, 0x7, 0x6, 0x7, 0xec, 0x1ff, 0x10000, 0x9, 0x3, 0x100, 0x8, 0x3, 0x2, 0xc00, 0x7, 0x9, 0x40000000, 0xfffffff8, 0x1, 0xa, 0x100, 0x5804, 0x4, 0x8, 0x6, 0x100, 0x0, 0xff, 0x2, 0x6, 0xa, 0x7ff, 0x80, 0x3, 0x9, 0x4, 0x4, 0x1, 0x4, 0x2, 0x3, 0x5, 0x80000000, 0xc, 0x3, 0x1, 0x5, 0x10001, 0x0, 0x0, 0x6, 0xffffffff, 0x3, 0x3, 0x8, 0x34228a3d, 0x6, 0x4, 0x4, 0x999, 0x7, 0x7fff, 0x5, 0x4, 0xfffffffb, 0x4, 0x101, 0x4, 0x4, 0x0, 0x7fff, 0x8, 0x3, 0x2, 0x3, 0x8000, 0x6, 0x80000001, 0x6, 0xf, 0x9, 0x5, 0xcf, 0x101, 0x1, 0x4, 0x95c1, 0xfffffffd, 0x6, 0x1, 0x7fffffff, 0x9, 0x8000, 0x3, 0x4, 0x6, 0x80, 0x40, 0xfffffff8, 0x4, 0x1, 0x35554c7a, 0xfffffff4, 0x7f, 0x0, 0x8, 0x6, 0x9, 0xa42a, 0x0, 0x9, 0x7b0, 0x48, 0xfffffe00, 0x1, 0x9, 0x9, 0x9, 0x79, 0xfffffffc, 0x9, 0xfff, 0x10001, 0x5, 0x2, 0x7, 0x2, 0x3, 0x3, 0xa602, 0x3, 0x1, 0xfff, 0x10000, 0x6, 0x5, 0x6, 0x800, 0x101, 0x80, 0x0, 0x74455a02, 0x5b4, 0x3, 0x9, 0x5, 0x400, 0x8, 0xfffffffa, 0x1, 0x5, 0x7fff, 0xc7b0, 0x9, 0x5d, 0x8, 0x5, 0x51b0, 0x6, 0x400, 0x5, 0x6, 0x101, 0x9, 0x6, 0x7, 0x1, 0x80000001, 0x0, 0x7ff, 0x100, 0x3, 0x1ff, 0x4218, 0x3, 0x2, 0x4, 0x80, 0x3, 0x905, 0x6, 0x36ffd6c, 0x3, 0x5, 0x4, 0x9, 0xd, 0x303, 0x8, 0x354, 0x1d8039a2, 0x401, 0xd1cf, 0x0, 0x1, 0x30a, 0x4c0, 0x5, 0xffffffff, 0x8, 0x4, 0x4, 0x10, 0x0, 0x9, 0x8, 0x7, 0x99, 0x3, 0xb, 0x8, 0x6, 0xfff, 0xa50, 0x80000001, 0x8, 0x9, 0x2, 0x7f65, 0x9, 0x4, 0x8, 0x9, 0x0, 0x6be2, 0x7f, 0xd, 0x1, 0x8000, 0x2, 0xfffff000, 0xf, 0x0, 0x81, 0x505, 0x9, 0x7, 0x3, 0xc, 0xffffffff]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4c2}, @TCA_POLICE_RATE={0x404, 0x2, [0x8000, 0x7, 0x847b, 0x1, 0x0, 0x0, 0x1, 0x1, 0x800, 0x6883616e, 0x7, 0x6, 0x1, 0x6, 0x8, 0x6, 0x9, 0x9, 0xfffffffa, 0x86, 0xfff, 0x5, 0x3a, 0xfffff599, 0x1, 0xa5c, 0x0, 0x3, 0x6, 0xb0, 0x7, 0x7ff, 0x6, 0x4c6, 0x40, 0x2, 0x3, 0xfff, 0x10000, 0x4, 0x5, 0x0, 0x8, 0x600000, 0x5, 0xe8e, 0x6, 0x4, 0x715a, 0x384, 0xfffffff7, 0x4, 0x401, 0x3, 0x4, 0xaf2, 0x0, 0x551391d6, 0x2, 0x1, 0x9, 0x7, 0x5, 0x11e, 0x4, 0x8f800000, 0x7fffffff, 0x6, 0x1a, 0x9, 0x800, 0x7, 0x7, 0x4, 0x401, 0x0, 0x3, 0x3, 0x4, 0x8, 0x7, 0x55, 0x8000, 0x5, 0x10, 0x598, 0x52b, 0x5, 0x2, 0x9, 0x40, 0x8, 0x5e09179, 0x80000000, 0x6, 0x3, 0x0, 0x1, 0x3, 0x3, 0x4, 0x6, 0x0, 0xd94, 0x800, 0x0, 0x10, 0x401, 0xfffffffd, 0x6, 0x8000, 0x3, 0x3, 0x7, 0x6, 0x8000, 0xfffffffc, 0x80, 0x2, 0x2, 0x51da, 0x7, 0x7f, 0xf, 0x10000, 0xfffff801, 0x4, 0x3, 0x8, 0x3ff, 0xffe0, 0xa, 0x9856, 0x0, 0x7, 0x0, 0x9, 0x6, 0x0, 0x45aa, 0xd, 0x400, 0xb3c, 0x100, 0x80000000, 0x5, 0x800, 0x8, 0xffffffff, 0x0, 0x6, 0xff, 0x13, 0x9, 0x8, 0x0, 0x7, 0x2b, 0x4, 0xfa5, 0x90c8, 0xffffffff, 0xe1, 0x1, 0x0, 0x100, 0x80, 0x7, 0x7, 0x5, 0x2, 0x1, 0x1, 0x0, 0xffffff9a, 0xfffff0d2, 0x7, 0x860, 0x3fcb, 0xffff9c0b, 0x7, 0x7f, 0x7, 0x8, 0xc, 0x4, 0x4, 0x6, 0x200, 0x200, 0x40, 0x8001, 0x5, 0x3, 0x0, 0x7, 0xc33, 0x9, 0x5, 0x9, 0x80000001, 0x1, 0x9, 0x80, 0x7fffffff, 0x8d2c, 0x1ff, 0x9, 0x7284, 0x5, 0x5, 0x13, 0xe, 0x1, 0x4, 0x3, 0x190c, 0xffffff3d, 0x4, 0x10001, 0x0, 0x5, 0x6, 0xe, 0x8, 0x1ff, 0x0, 0x6a, 0x5, 0x8, 0x1ff, 0x27bf62f, 0x4, 0xf, 0x4, 0x8, 0x3, 0x6, 0x5, 0x1, 0x8, 0x6c8, 0x8, 0x812c4d, 0x80, 0x5, 0x401, 0x0, 0x1, 0x1, 0x1ff, 0x4, 0x0, 0x10, 0x8ce, 0x5]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1ff}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1000}]}, @TCA_FW_POLICE={0x10, 0x2, [@TCA_POLICE_RATE64={0xc, 0x8, 0xc}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x9}, @TCA_CHAIN={0x8, 0xb, 0x94b}]}, 0x8f4}, 0x1, 0x0, 0x0, 0x2400c0e0}, 0x20000091) socket$nl_generic(0x10, 0x3, 0x10) 7m9.874845143s ago: executing program 1 (id=811): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x414, &(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRESOCT, @ANYRES8, @ANYRESHEX], 0x1, 0x2ca, &(0x7f0000000b80)="$eJzs3FFLU3EYx/EnZ25OdAtCKKge6iZvhq4XUCMUokFlTqqL4JhnNXba5JxhTCJ3E932OqRL74LqDXgT3XQb3UkgdZEX0Yl2dvRMj3OWs5nfD8h5tv//tz0iG8+E/VfvvHxczDupvFGRnphKj0hN1kWSv6uGY41rT73uk6CajAx8+3jm9t171zPZbHRSdSIzdSmtqkPn3jx5+ur8u8rA9PLQ66isJO+vrqU/rwyvnFr9OfWo4GjB0VK5oobOlMsVY8YydbbgFFOqNy3TcEwtlBzTblrPW+W5uaoapdnB+JxtOo4apaoWzapWylqxq2o8NAolTaVSOhiXo623jT25pclJIxO+1v9pvztCx/WH3WnbmZqI9G1fzC0dRFMAAKC7tJ7/vVm/ef6Xtc10dtq7+vP/+P7M/yLM/x1Sa7rVav7H/8K2M0a88fptxvwPAAAAAAAAAAAAAAAAAAAAAMBhsO66Cdd1E/7V/4mKSExE/Nv/uk90xm5//6/hscsH3Sc6I/DFvZiI9WI+N5/zrt56Ji8FscSUUUnIj/r7QYNXT1zLjo9q3XfXdRcb+cX5XESift6XDMufPTHm5VXeWoH8cYkHnz8tCTkZ/vzp0HzfrYsXAvmUJOT9AymLJbP197XN/LMx1as3slvy/fV9Owo9aQEAAAAAgO6U0g3J5s+/EW+9viEm29e9/B7+P7Dl83WvnG7niEoAAAAAAPDXnOpC0bAs0w4plkVkh6V6ERWRFvGjWkSkK9rYUlwRkS5oo2UxuH8dxkTEu0f/ID78ZSPeVsptY0/vLq+mjhYx2XMq9MBgAAAAAIfY5tC/h9CH5x3sCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo6flMWAjA96m6kLR39+0J/hALR4nsCtycL8ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0H1+BQAA//8wyhaW") syz_mount_image$fuse(0x0, &(0x7f0000000180)='./bus\x00', 0x3000408, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, 0x0, r0, &(0x7f0000000100)='./file1/file4\x00', 0x2) 7m8.076662001s ago: executing program 1 (id=818): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000340)="16456ac6a5b6", 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x67}, 0x50) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}, 0x1, 0x0, 0x0, 0x40801}, 0x40000) 7m5.382183495s ago: executing program 1 (id=825): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000014}, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_ACT={0x4}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0xb}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4) 7m5.003590575s ago: executing program 1 (id=828): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000200)=0xfffffffc, 0x4) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000010) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) r2 = socket$inet6(0xa, 0x3, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback, 0x3}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 6m49.906035105s ago: executing program 33 (id=828): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000200)=0xfffffffc, 0x4) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000010) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) r2 = socket$inet6(0xa, 0x3, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback, 0x3}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 1m45.248435352s ago: executing program 5 (id=2508): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240)={[{0x2, 0x5, 0x93, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x9, 0x9, 0x82}, {0xfffffff9, 0xfffa, 0x0, 0x0, 0x0, 0xf6, 0xca, 0x8, 0x4, 0xff, 0x81, 0x0, 0x800000000000000}, {0xffffff01, 0x0, 0x7, 0x4, 0x4, 0x5, 0x7, 0x8, 0x7, 0x8, 0xfe, 0x4, 0x1000000000000004}], 0x40003}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000002400)={[{0xa, 0xce, 0xfa, 0x5, 0x7, 0x96, 0x9, 0x6, 0x75, 0x0, 0x2, 0x6, 0xffffffff}, {0x15, 0x1, 0x6, 0x2, 0x1, 0x6, 0xbb, 0x6, 0xb, 0x5, 0x4, 0x9, 0x1}, {0x2, 0x1000, 0x8, 0x52, 0x1, 0x2a, 0x6, 0x8, 0xe, 0x40, 0xf4, 0x4, 0x200}], 0x9}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x9}) 1m44.932861613s ago: executing program 5 (id=2513): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) fallocate(r0, 0x14, 0x4, 0x3) ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1) ioctl$TUNSETTXFILTER(r0, 0x400454d1, 0x0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000300)=0x5) sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x24000052) 1m43.170186419s ago: executing program 5 (id=2516): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000040)={0x4, r1, 0x1}) 1m42.884420176s ago: executing program 5 (id=2518): syz_emit_ethernet(0x7a, &(0x7f00000001c0)={@link_local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "f2b900", 0x44, 0x2f, 0x1, @dev, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {0x289, 0x88be, 0x4}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x2, {0x6, 0x0, 0x0, 0x0, 0x1}}}}}}}}}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x86dd, r1}, 0x14) 1m42.557057746s ago: executing program 5 (id=2520): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240)={[{0x2, 0x5, 0x93, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x9, 0x9, 0x82}, {0xfffffff9, 0xfffa, 0x0, 0x0, 0x0, 0xf6, 0xca, 0x8, 0x4, 0xff, 0x81, 0x0, 0x800000000000000}, {0xffffff01, 0x0, 0x7, 0x4, 0x4, 0x5, 0x7, 0x8, 0x7, 0x8, 0xfe, 0x4, 0x1000000000000004}], 0x40003}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000002400)={[{0xa, 0xce, 0xfa, 0x5, 0x7, 0x96, 0x9, 0x6, 0x75, 0x0, 0x2, 0x6, 0xffffffff}, {0x15, 0x1, 0x6, 0x2, 0x1, 0x6, 0xbb, 0x6, 0xb, 0x5, 0x4, 0x9, 0x1}, {0x2, 0x1000, 0x8, 0x52, 0x1, 0x2a, 0x6, 0x8, 0xe, 0x40, 0xf4, 0x4, 0x200}], 0x9}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x9}) 1m42.065789386s ago: executing program 5 (id=2523): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x280b40, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 1m26.901521923s ago: executing program 34 (id=2523): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x280b40, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 3.170958554s ago: executing program 0 (id=3111): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 2.636400165s ago: executing program 4 (id=3115): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000240)='./file0\x00') mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) 2.436341419s ago: executing program 4 (id=3117): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x5}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x6, 0xffff, 0x3, 0x7f, 0x8}, 0x14) 2.416229185s ago: executing program 4 (id=3118): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 2.345228252s ago: executing program 4 (id=3119): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) syz_clone(0x2280700, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) 2.11633616s ago: executing program 0 (id=3120): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x2040, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xd, 0x10400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}}, 0x50) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000cc0)="e1", 0x1}], 0x1) close(r0) 2.018481732s ago: executing program 0 (id=3121): fsopen(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c033, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x64) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10) 1.885507217s ago: executing program 2 (id=3122): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x4b080, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r0, 0xc008aec1, &(0x7f0000000180)={0xa, 0x0, [{0x80000000, 0x3fe, 0x1, 0x0, 0x6, 0xffffffff, 0xda7}, {0xc0000000, 0x2, 0x4, 0x9, 0x3, 0x8000, 0x7}, {0x0, 0x4, 0x5, 0xf, 0x7, 0x8, 0xf}, {0xb, 0x1, 0x1, 0x48a3, 0xb5b60000, 0x9, 0x10c}, {0x4, 0x6, 0x2, 0xf, 0x1, 0x2, 0x5}, {0x2, 0x80000000, 0x0, 0x8, 0x6, 0x59e, 0xbd4}, {0x80000003, 0x97bb, 0x0, 0x3, 0x364, 0x36, 0x8}, {0xc0000000, 0x0, 0x4, 0x3, 0x80000000, 0x1, 0x8}, {0x1, 0xb, 0x3, 0x8, 0x10000000, 0x4}, {0xa, 0x7, 0x1, 0x5, 0x5, 0x5, 0x9}]}) 1.62834343s ago: executing program 2 (id=3123): setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x804d, @empty, 0x9}}, 0x103, 0x3, 0x8000, 0x7e, 0x32, 0x7, 0x4}, 0x9c) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}) 1.527311681s ago: executing program 0 (id=3125): r0 = fsopen(&(0x7f0000000080)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xcaR4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x1, 0x0, 0x0) r3 = fsmount(r0, 0x0, 0x0) fchdir(r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r4, &(0x7f0000000180)=""/82, 0x52) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) 1.418742531s ago: executing program 2 (id=3126): r0 = gettid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f00000004c0)={0x77359400}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.136375269s ago: executing program 2 (id=3127): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 1.059516645s ago: executing program 4 (id=3128): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 920.38685ms ago: executing program 2 (id=3130): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000400)=""/85, 0x0, 0x80a0000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001680)) r4 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000001c0)={0x0, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000000c0)={0x0, 0x1, 0x0, &(0x7f0000000640)=""/191, 0x0, 0x4}) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000000)={0x0, r4}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000340)=0x1) syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x3c12, 0x400, 0x1, 0x20e}, &(0x7f0000000180), &(0x7f00000002c0)) 727.087554ms ago: executing program 6 (id=3132): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000001c0)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x1, @mcast1}}, {{0xa, 0x0, 0x40, @empty}}}, 0x108) 596.45208ms ago: executing program 6 (id=3133): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x5}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x6, 0xffff, 0x3, 0x7f, 0x8}, 0x14) 540.75007ms ago: executing program 6 (id=3134): setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x804d, @empty, 0x9}}, 0x103, 0x3, 0x8000, 0x7e, 0x32, 0x7, 0x4}, 0x9c) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000006c0)={0xaa, 0x204}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, 0x0) 350.177845ms ago: executing program 0 (id=3135): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt(r3, 0x0, 0x21, &(0x7f0000000200)='.', 0x1) 349.785165ms ago: executing program 6 (id=3136): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) openat(0xffffffffffffff9c, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x441, 0x160) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYRES8=r0], 0x20) 216.33472ms ago: executing program 0 (id=3137): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 157.983509ms ago: executing program 6 (id=3138): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x1, 0x0) 111.007841ms ago: executing program 4 (id=3139): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x205, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xa) syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000bfd000/0x400000)=nil) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xfffffbff}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc4}, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1000, '\x00', 0x0, 0x0}, 0x50) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r6 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) sendto$inet(0xffffffffffffffff, 0x0, 0xfffffd19, 0x844, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) move_mount(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='\x00', 0x274) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000140)={0x9, 0x1fe, 0x6, 0x4, 0x2, 0x1ff}) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000300)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x2a4, @mcast2}, {0xa, 0x1c, 0x8ae5, @loopback, 0x4}, 0xffffffffffffffff, 0x3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000280)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x80000001}}, 0x10) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x8, @empty, 0x80ad}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x22}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 287.13µs ago: executing program 6 (id=3140): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c051}, 0x20000851) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x200440f1}, 0x24008041) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006a000d0e25bd7000fcdb4c0f000000040000000008000a"], 0x20}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8081}, 0x20040000) 0s ago: executing program 2 (id=3141): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x2040, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xd, 0x10400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000cc0)="e1", 0x1}], 0x1) close(r0) kernel console output (not intermixed with test programs): T8215] netlink: 'syz.4.750': attribute type 12 has an invalid length. [ 247.255213][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.750'. [ 247.588015][ T8220] fuse: Bad value for 'fd' [ 248.344857][ T8234] overlayfs: missing 'lowerdir' [ 249.693833][ T8258] random: crng reseeded on system resumption [ 250.641605][ T8277] overlayfs: missing 'lowerdir' [ 250.713561][ T8281] netlink: 24 bytes leftover after parsing attributes in process `syz.1.782'. [ 250.742609][ T8281] netlink: 24 bytes leftover after parsing attributes in process `syz.1.782'. [ 251.146245][ T5811] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 251.324198][ T5811] usb 1-1: device descriptor read/64, error -71 [ 251.445983][ T8299] random: crng reseeded on system resumption [ 251.626292][ T5811] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 251.766600][ T8309] overlayfs: missing 'lowerdir' [ 251.826364][ T5811] usb 1-1: device descriptor read/64, error -71 [ 251.987012][ T5811] usb usb1-port1: attempt power cycle [ 252.106289][ T8314] netlink: 24 bytes leftover after parsing attributes in process `syz.4.793'. [ 252.168233][ T8314] netlink: 24 bytes leftover after parsing attributes in process `syz.4.793'. [ 252.414465][ T8317] raw_sendmsg: syz.4.794 forgot to set AF_INET. Fix it! [ 252.446215][ T5811] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 252.487785][ T5811] usb 1-1: device descriptor read/8, error -71 [ 252.776178][ T5811] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 252.827312][ T5811] usb 1-1: device descriptor read/8, error -71 [ 252.956347][ T5811] usb usb1-port1: unable to enumerate USB device [ 255.265197][ T8340] netlink: 24 bytes leftover after parsing attributes in process `syz.0.802'. [ 255.287936][ T8340] netlink: 24 bytes leftover after parsing attributes in process `syz.0.802'. [ 255.507085][ T8342] random: crng reseeded on system resumption [ 256.186411][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.192954][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.716227][ T8355] binder: 8354:8355 ioctl c0306201 0 returned -14 [ 256.834434][ T8357] netlink: 12 bytes leftover after parsing attributes in process `syz.0.805'. [ 260.850524][ T8379] random: crng reseeded on system resumption [ 261.418759][ T8395] loop1: detected capacity change from 0 to 128 [ 261.439036][ T8395] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 261.518853][ T8396] loop0: detected capacity change from 0 to 1764 [ 261.630774][ T40] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 262.222631][ T8406] netlink: 24 bytes leftover after parsing attributes in process `syz.1.818'. [ 262.616365][ T8407] netlink: 24 bytes leftover after parsing attributes in process `syz.1.818'. [ 262.782643][ T8413] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-61) [ 264.400535][ T8421] loop4: detected capacity change from 0 to 128 [ 264.448782][ T8421] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 264.650487][ T8425] random: crng reseeded on system resumption [ 264.696868][ T2934] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 264.714195][ T8428] xt_hashlimit: size too large, truncated to 1048576 [ 266.274260][ T8439] fuse: Unknown parameter 'grou00000000000000000000' [ 268.362068][ T8455] loop4: detected capacity change from 0 to 128 [ 268.453849][ T8455] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 268.680621][ T40] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 270.583847][ T8458] loop0: detected capacity change from 0 to 8192 [ 270.969149][ T8468] fuse: Unknown parameter 'group_i00000000000000000000' [ 271.477467][ T8476] random: crng reseeded on system resumption [ 273.834831][ T8490] loop2: detected capacity change from 0 to 128 [ 273.858056][ T8490] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 275.455837][ T2979] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 275.636621][ T8496] fuse: Unknown parameter 'group_i00000000000000000000' [ 276.670154][ T4841] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 276.682929][ T8508] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 276.903043][ T8500] loop2: detected capacity change from 0 to 16 [ 276.918614][ T8500] erofs: (device loop2): mounted with root inode @ nid 36. [ 278.784779][ T8523] netlink: 'syz.0.858': attribute type 12 has an invalid length. [ 278.793983][ T8523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.858'. [ 279.193609][ T8532] block device autoloading is deprecated and will be removed. [ 279.577265][ T8537] fuse: Unknown parameter 'group_i00000000000000000000' [ 280.406236][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 282.070159][ T5085] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 282.086432][ T5085] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 282.094885][ T5085] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 282.104090][ T5085] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 282.145206][ T5085] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 282.153167][ T5085] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 283.338079][ T8569] fuse: Unknown parameter 'group_id00000000000000000000' [ 284.957410][ T5085] Bluetooth: hci4: command tx timeout [ 286.362547][ T8428] syz_tun (unregistering): left allmulticast mode [ 287.886932][ T5773] Bluetooth: hci4: command tx timeout [ 287.911829][ T8580] netlink: 'syz.2.874': attribute type 16 has an invalid length. [ 287.920390][ T8580] netlink: 'syz.2.874': attribute type 17 has an invalid length. [ 287.956916][ T8580] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 288.062568][ T8582] netlink: 'syz.4.876': attribute type 25 has an invalid length. [ 288.081622][ T8582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.876'. [ 288.115051][ T8588] random: crng reseeded on system resumption [ 288.166312][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 288.329224][ T2956] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 288.345172][ T2956] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.392679][ T8593] fuse: Bad value for 'fd' [ 288.457072][ T2956] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 288.484149][ T2956] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.668235][ T2956] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 288.687260][ T2956] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.138257][ T5773] Bluetooth: hci4: command tx timeout [ 290.304708][ T2956] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 290.337451][ T2956] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.384869][ T8596] netlink: 12 bytes leftover after parsing attributes in process `syz.4.880'. [ 292.166171][ T5773] Bluetooth: hci4: command tx timeout [ 292.427854][ T8559] chnl_net:caif_netlink_parms(): no params data found [ 292.452750][ T8619] netlink: 'syz.4.886': attribute type 25 has an invalid length. [ 292.476513][ T8619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.886'. [ 292.713437][ T8623] fuse: Unknown parameter 'group_id00000000000000000000' [ 292.996877][ T8630] random: crng reseeded on system resumption [ 293.389519][ T8559] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.408086][ T8559] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.423170][ T8559] bridge_slave_0: entered allmulticast mode [ 293.437316][ T8559] bridge_slave_0: entered promiscuous mode [ 293.473133][ T8644] fuse: Bad value for 'fd' [ 293.494954][ T8559] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.506446][ T8559] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.523412][ T8559] bridge_slave_1: entered allmulticast mode [ 293.542746][ T8559] bridge_slave_1: entered promiscuous mode [ 293.619447][ T2956] bond1: (slave gretap1): Releasing active interface [ 293.774740][ T8559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 293.839610][ T8559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.546345][ T8651] 8021q: adding VLAN 0 to HW filter on device bond6 [ 295.671106][ T8559] team0: Port device team_slave_0 added [ 295.810185][ T8559] team0: Port device team_slave_1 added [ 295.904490][ T8559] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.924114][ T8559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.014294][ T8559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.080435][ T2956] hsr_slave_0: left promiscuous mode [ 296.111528][ T2956] hsr_slave_1: left promiscuous mode [ 296.129652][ T2956] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.152303][ T2956] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.167307][ T2956] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.206580][ T2956] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.269830][ T2956] veth1_macvtap: left promiscuous mode [ 296.286281][ T2956] veth0_macvtap: left promiscuous mode [ 296.292032][ T2956] veth1_vlan: left promiscuous mode [ 296.306211][ T2956] veth0_vlan: left promiscuous mode [ 299.674126][ T2956] bond11 (unregistering): Released all slaves [ 299.956519][ T2956] bond10 (unregistering): Released all slaves [ 300.092520][ T8699] random: crng reseeded on system resumption [ 300.271129][ T2956] bond9 (unregistering): Released all slaves [ 300.462964][ T2956] bond8 (unregistering): Released all slaves [ 300.669466][ T2956] bond7 (unregistering): Released all slaves [ 300.831375][ T2956] bond6 (unregistering): Released all slaves [ 300.990789][ T2956] bond5 (unregistering): Released all slaves [ 301.168056][ T2956] bond4 (unregistering): Released all slaves [ 301.192414][ T2956] bond3 (unregistering): (slave geneve2): Releasing active interface [ 301.342285][ T2956] bond3 (unregistering): Released all slaves [ 301.503186][ T2956] bond2 (unregistering): Released all slaves [ 301.645766][ T2956] bond1 (unregistering): Released all slaves [ 302.195640][ T2956] team0 (unregistering): Port device team_slave_1 removed [ 302.250561][ T2956] team0 (unregistering): Port device team_slave_0 removed [ 302.304792][ T2956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 302.356135][ T2956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 302.746558][ T2956] bond0 (unregistering): Released all slaves [ 302.791253][ T8559] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.798529][ T8559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.825106][ T8559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.910533][ T8705] 8021q: adding VLAN 0 to HW filter on device bond12 [ 302.999661][ T8559] hsr_slave_0: entered promiscuous mode [ 303.037025][ T8559] hsr_slave_1: entered promiscuous mode [ 303.103638][ T8713] loop4: detected capacity change from 0 to 128 [ 304.166223][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 304.689353][ T8720] process 'syz.2.904' launched './file0' with NULL argv: empty string added [ 305.082665][ T8727] random: crng reseeded on system resumption [ 305.208705][ T2956] IPVS: stop unused estimator thread 0... [ 305.294030][ T8559] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 305.328810][ T8559] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 305.363104][ T8559] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 305.393463][ T8559] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 305.693063][ T8559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.749513][ T8559] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.787576][ T2979] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.794914][ T2979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.881554][ T2934] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.888844][ T2934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.265127][ T8747] 8021q: adding VLAN 0 to HW filter on device bond4 [ 309.100306][ T8559] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.508941][ T8792] random: crng reseeded on system resumption [ 310.031831][ T8804] 8021q: adding VLAN 0 to HW filter on device bond5 [ 310.183962][ T8559] veth0_vlan: entered promiscuous mode [ 310.249264][ T8559] veth1_vlan: entered promiscuous mode [ 310.376943][ T8559] veth0_macvtap: entered promiscuous mode [ 310.409633][ T8559] veth1_macvtap: entered promiscuous mode [ 310.481997][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.554549][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.575053][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.022778][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.034179][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.045539][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.058575][ T8559] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 312.158137][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.190959][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.206541][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.236232][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.271639][ T8559] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.295938][ T8559] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.324071][ T8559] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 312.379478][ T8559] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.402581][ T8559] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.426534][ T8559] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.435305][ T8559] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.717519][ T1204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.725420][ T1204] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.838419][ T2956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.876357][ T2956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.888644][ T8835] 8021q: adding VLAN 0 to HW filter on device bond7 [ 314.730069][ T5828] IPVS: starting estimator thread 0... [ 314.826204][ T8854] IPVS: using max 18 ests per chain, 43200 per kthread [ 315.084457][ T8859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 316.091412][ T8885] 8021q: adding VLAN 0 to HW filter on device bond13 [ 317.634271][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.640748][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.334199][ T8914] loop4: detected capacity change from 0 to 128 [ 318.722173][ T8922] netlink: 'syz.4.952': attribute type 1 has an invalid length. [ 318.961415][ T8922] 8021q: adding VLAN 0 to HW filter on device bond6 [ 320.538927][ T8937] netlink: 'syz.5.955': attribute type 25 has an invalid length. [ 320.588284][ T8937] netlink: 4 bytes leftover after parsing attributes in process `syz.5.955'. [ 320.640291][ T8937] netlink: 'syz.5.955': attribute type 25 has an invalid length. [ 320.696453][ T8937] netlink: 4 bytes leftover after parsing attributes in process `syz.5.955'. [ 321.321541][ T8957] loop5: detected capacity change from 0 to 512 [ 325.331852][ T8995] loop2: detected capacity change from 0 to 512 [ 328.083318][ T9021] fuse: Bad value for 'fd' [ 330.823042][ T9056] fuse: Bad value for 'fd' [ 331.082469][ T9062] loop2: detected capacity change from 0 to 128 [ 331.989790][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.988'. [ 332.396547][ T9075] netlink: 'syz.4.990': attribute type 25 has an invalid length. [ 332.404362][ T9075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.990'. [ 332.442524][ T9075] netlink: 'syz.4.990': attribute type 25 has an invalid length. [ 333.873601][ T9075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.990'. [ 335.040142][ T9089] fuse: Unknown parameter 'fd0x0000000000000003' [ 335.188495][ T9095] fuse: Invalid rootmode [ 335.381577][ T9101] loop5: detected capacity change from 0 to 128 [ 335.526547][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 338.784107][ T9125] fuse: Unknown parameter 'fd0x0000000000000003' [ 338.964471][ T9129] fuse: Invalid rootmode [ 340.234592][ T9151] netlink: 'syz.0.1009': attribute type 1 has an invalid length. [ 340.355589][ T9151] bond8: entered promiscuous mode [ 340.435530][ T9151] 8021q: adding VLAN 0 to HW filter on device bond8 [ 342.247298][ T9168] fuse: Unknown parameter 'fd0x0000000000000003' [ 342.376913][ T9171] fuse: Invalid rootmode [ 343.907917][ T9202] loop0: detected capacity change from 0 to 128 [ 345.759990][ T9214] fuse: Bad value for 'rootmode' [ 349.636779][ T9242] loop5: detected capacity change from 0 to 7 [ 349.671057][ T9242] Dev loop5: unable to read RDB block 7 [ 349.685059][ T9245] random: crng reseeded on system resumption [ 349.706459][ T9242] loop5: AHDI p1 p2 p3 [ 349.710715][ T9242] loop5: partition table partially beyond EOD, truncated [ 349.756427][ T9242] loop5: p1 start 1601398130 is beyond EOD, truncated [ 349.764091][ T9242] loop5: p2 start 1702059890 is beyond EOD, truncated [ 349.774829][ T9250] fuse: Bad value for 'fd' [ 350.073962][ T9258] fuse: Bad value for 'fd' [ 353.666840][ T9295] fuse: Bad value for 'rootmode' [ 353.782334][ T9300] random: crng reseeded on system resumption [ 355.997862][ T9348] loop5: detected capacity change from 0 to 2048 [ 356.096696][ T9348] loop5: p3 < > p4 < > [ 356.100991][ T9348] loop5: partition table partially beyond EOD, truncated [ 356.107275][ T9353] fuse: Unknown parameter 'use00000000000000000000' [ 356.122721][ T9348] loop5: p3 start 4284289 is beyond EOD, truncated [ 356.285733][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 356.286223][ T8559] __loop_clr_fd: partition scan of loop5 failed (rc=-16) [ 356.336571][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.362522][ T6134] Buffer I/O error on dev loop5p4, logical block 0, async page read [ 356.402344][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.423797][ T6134] Buffer I/O error on dev loop5p4, logical block 0, async page read [ 356.438725][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.467966][ T6134] Buffer I/O error on dev loop5p4, logical block 0, async page read [ 356.487899][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.529209][ T6134] Buffer I/O error on dev loop5p4, logical block 0, async page read [ 356.555443][ T6134] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.590332][ T6134] Buffer I/O error on dev loop5p4, logical block 0, async page read [ 356.814920][ T6134] udevd[6134]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 356.921548][ T9376] fuse: Bad value for 'fd' [ 356.942033][ T6134] udevd[6134]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 357.610309][ T9402] fuse: Unknown parameter 'use00000000000000000000' [ 357.914890][ T9408] loop5: detected capacity change from 0 to 2048 [ 357.989954][ T9408] loop5: p3 < > p4 < > [ 357.994213][ T9408] loop5: partition table partially beyond EOD, truncated [ 358.016360][ T9408] loop5: p3 start 4284289 is beyond EOD, truncated [ 358.110304][ T9414] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1067'. [ 359.005241][ T9439] fuse: Unknown parameter 'use00000000000000000000' [ 359.316605][ T9450] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1078'. [ 359.968106][ T9474] fuse: Unknown parameter 'user_i00000000000000000000' [ 360.281926][ T9485] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1089'. [ 360.301448][ T9487] capability: warning: `syz.5.1090' uses deprecated v2 capabilities in a way that may be insecure [ 360.364978][ T9487] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 360.551746][ T9497] loop4: detected capacity change from 0 to 512 [ 360.664502][ T9500] loop5: detected capacity change from 0 to 7 [ 360.689509][ T5761] Dev loop5: unable to read RDB block 7 [ 360.698873][ T5761] loop5: unable to read partition table [ 360.704822][ T5761] loop5: partition table beyond EOD, truncated [ 362.387781][ T9510] loop4: detected capacity change from 0 to 512 [ 363.071104][ T9526] loop2: detected capacity change from 0 to 512 [ 363.077416][ T9524] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1102'. [ 363.087727][ T9524] netlink: 'syz.4.1102': attribute type 1 has an invalid length. [ 363.190029][ T9524] 8021q: adding VLAN 0 to HW filter on device bond7 [ 363.312272][ T9528] bond7: (slave geneve2): making interface the new active one [ 363.331662][ T9526] loop2: detected capacity change from 512 to 0 [ 363.357842][ T9529] syz.2.1103: attempt to access beyond end of device [ 363.357842][ T9529] loop2: rw=524288, sector=240, nr_sectors = 4 limit=0 [ 363.384179][ T9528] bond7: (slave geneve2): Enslaving as an active interface with an up link [ 363.414046][ T9529] syz.2.1103: attempt to access beyond end of device [ 363.414046][ T9529] loop2: rw=0, sector=240, nr_sectors = 4 limit=0 [ 363.478421][ T9529] syz.2.1103: attempt to access beyond end of device [ 363.478421][ T9529] loop2: rw=2049, sector=144, nr_sectors = 4 limit=0 [ 363.495333][ T27] audit: type=1800 audit(1771955432.463:2): pid=9529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1103" name="file1" dev="loop2" ino=1048669 res=0 errno=0 [ 363.516956][ T9529] Buffer I/O error on dev loop2, logical block 36, lost sync page write [ 363.588416][ T9531] fuse: Unknown parameter 'user_i00000000000000000000' [ 365.121160][ T11] kworker/u4:0: attempt to access beyond end of device [ 365.121160][ T11] loop2: rw=0, sector=144, nr_sectors = 4 limit=0 [ 365.162970][ T11] FAT-fs (loop2): unable to read inode block for updating (i_pos 2306) [ 365.213791][ T5776] syz-executor: attempt to access beyond end of device [ 365.213791][ T5776] loop2: rw=0, sector=144, nr_sectors = 4 limit=0 [ 365.236659][ T5776] FAT-fs (loop2): unable to read inode block for updating (i_pos 2306) [ 365.266963][ T5776] syz-executor: attempt to access beyond end of device [ 365.266963][ T5776] loop2: rw=0, sector=144, nr_sectors = 4 limit=0 [ 365.273782][ T9541] fuse: Bad value for 'fd' [ 365.296020][ T5776] FAT-fs (loop2): unable to read inode block for updating (i_pos 2306) [ 365.326466][ T5776] FAT-fs (loop2): Failed to update on disk inode for unused fallocated blocks, inode could be corrupted. Please run fsck [ 365.356175][ T5776] syz-executor: attempt to access beyond end of device [ 365.356175][ T5776] loop2: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 365.389808][ T5776] Buffer I/O error on dev loop2, logical block 0, lost sync page write [ 365.605752][ T9548] loop2: detected capacity change from 0 to 128 [ 365.708750][ T9548] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000616) [ 365.727142][ T9548] FAT-fs (loop2): Filesystem has been set read-only [ 365.961205][ T9556] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 366.016566][ T9556] overlayfs: failed to set xattr on upper [ 366.034138][ T9556] overlayfs: ...falling back to redirect_dir=nofollow. [ 366.046803][ T9556] overlayfs: ...falling back to index=off. [ 366.052788][ T9556] overlayfs: ...falling back to uuid=null. [ 368.862276][ T9592] loop5: detected capacity change from 0 to 7 [ 368.899502][ T9592] Dev loop5: unable to read RDB block 7 [ 368.905352][ T9592] loop5: unable to read partition table [ 368.926812][ T9592] loop5: partition table beyond EOD, truncated [ 368.940461][ T9592] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 373.021077][ T9632] loop5: detected capacity change from 0 to 7 [ 373.045728][ T6134] Dev loop5: unable to read RDB block 7 [ 373.063492][ T6134] loop5: unable to read partition table [ 373.083517][ T6134] loop5: partition table beyond EOD, truncated [ 373.103786][ T9632] Dev loop5: unable to read RDB block 7 [ 373.116024][ T9632] loop5: unable to read partition table [ 373.127051][ T9632] loop5: partition table beyond EOD, truncated [ 373.143938][ T9632] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 375.140640][ T9649] fuse: Bad value for 'group_id' [ 375.735624][ T9663] loop5: detected capacity change from 0 to 7 [ 375.750164][ T9663] Dev loop5: unable to read RDB block 7 [ 375.759501][ T9663] loop5: unable to read partition table [ 375.765728][ T9663] loop5: partition table beyond EOD, truncated [ 375.784096][ T9663] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 377.721923][ T9680] fuse: Bad value for 'group_id' [ 378.028818][ T9692] loop5: detected capacity change from 0 to 128 [ 379.716971][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.723345][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.374101][ T9717] fuse: Bad value for 'group_id' [ 382.285671][ T9736] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1169'. [ 384.953839][ T9766] fuse: Unknown parameter '0x0000000000000004' [ 385.582901][ T9778] loop5: detected capacity change from 0 to 512 [ 386.919072][ T9796] fuse: Unknown parameter '0x0000000000000004' [ 389.808228][ T9846] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1205'. [ 392.324001][ T9870] loop2: detected capacity change from 0 to 128 [ 392.694284][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1215'. [ 393.316454][ T9891] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1219'. [ 393.550787][ T9897] fuse: Unknown parameter 'fd0x0000000000000004' [ 393.725044][ T9902] loop4: detected capacity change from 0 to 164 [ 393.802835][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1225'. [ 393.827884][ T9902] isofs: isofs_export_get_parent(): child directory not normalized! [ 393.849687][ T9909] netlink: 'syz.2.1227': attribute type 1 has an invalid length. [ 393.913269][ T9909] 8021q: adding VLAN 0 to HW filter on device bond14 [ 394.609042][ T9926] fuse: Unknown parameter 'grou00000000000000000000' [ 395.031759][ T9938] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1237'. [ 395.076703][ T9940] loop5: detected capacity change from 0 to 164 [ 395.418002][ T9951] fuse: Unknown parameter 'grou00000000000000000000' [ 395.692541][ T9961] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1247'. [ 396.347128][ T9977] fuse: Unknown parameter 'grou00000000000000000000' [ 396.738119][ T9988] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1257'. [ 396.779914][ T9990] loop4: detected capacity change from 0 to 128 [ 397.285611][T10003] fuse: Unknown parameter 'group_i00000000000000000000' [ 399.264257][T10021] netlink: 'syz.5.1270': attribute type 1 has an invalid length. [ 399.409781][T10021] 8021q: adding VLAN 0 to HW filter on device bond1 [ 399.483786][T10033] fuse: Unknown parameter 'group_i00000000000000000000' [ 401.435013][T10048] loop5: detected capacity change from 0 to 128 [ 402.086658][T10061] fuse: Unknown parameter 'group_i00000000000000000000' [ 402.327939][T10068] loop0: detected capacity change from 0 to 512 [ 402.642741][T10078] loop4: detected capacity change from 0 to 128 [ 402.972515][T10087] fuse: Unknown parameter 'group_id00000000000000000000' [ 403.110044][T10093] loop4: detected capacity change from 0 to 512 [ 403.247648][T10095] overlayfs: missing 'lowerdir' [ 403.341249][T10099] loop4: detected capacity change from 0 to 128 [ 404.646238][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 405.276611][T10119] loop5: detected capacity change from 0 to 512 [ 405.541399][T10122] overlayfs: missing 'lowerdir' [ 405.674428][T10124] netlink: 'syz.5.1309': attribute type 1 has an invalid length. [ 405.734589][T10124] 8021q: adding VLAN 0 to HW filter on device bond2 [ 405.918974][T10128] loop5: detected capacity change from 0 to 128 [ 405.973071][T10128] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000616) [ 405.981902][T10128] FAT-fs (loop5): Filesystem has been set read-only [ 407.936251][T10149] loop4: detected capacity change from 0 to 512 [ 407.990081][T10152] fuse: Unknown parameter 'group_id00000000000000000000' [ 408.025503][T10153] netlink: 'syz.2.1318': attribute type 1 has an invalid length. [ 408.121781][T10153] 8021q: adding VLAN 0 to HW filter on device bond15 [ 408.891252][T10179] fuse: Unknown parameter 'grou00000000000000000000' [ 409.274029][T10186] loop2: detected capacity change from 0 to 512 [ 409.395788][T10188] fuse: Bad value for 'user_id' [ 409.546547][T10191] netlink: 'syz.2.1329': attribute type 1 has an invalid length. [ 409.649103][T10191] 8021q: adding VLAN 0 to HW filter on device bond16 [ 411.527286][T10215] loop2: detected capacity change from 0 to 512 [ 411.826602][T10220] loop2: detected capacity change from 0 to 256 [ 411.846187][T10220] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 411.947446][T10222] netlink: 'syz.0.1340': attribute type 1 has an invalid length. [ 412.113961][T10222] 8021q: adding VLAN 0 to HW filter on device bond9 [ 412.631643][T10234] fuse: Bad value for 'user_id' [ 412.682579][ T27] audit: type=1800 audit(1771955481.663:3): pid=10220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1339" name="file1" dev="loop2" ino=1048680 res=0 errno=0 [ 416.014027][T10257] loop2: detected capacity change from 0 to 512 [ 416.432175][T10261] fuse: Bad value for 'user_id' [ 419.083330][T10292] loop4: detected capacity change from 0 to 512 [ 419.271596][T10294] fuse: Bad value for 'fd' [ 419.872538][T10310] loop5: detected capacity change from 0 to 7 [ 419.899355][T10310] Dev loop5: unable to read RDB block 7 [ 419.905013][T10310] loop5: AHDI p1 p2 p3 [ 419.928289][T10310] loop5: partition table partially beyond EOD, truncated [ 419.943635][T10310] loop5: p1 start 1601398130 is beyond EOD, truncated [ 419.966743][T10310] loop5: p2 start 1702059890 is beyond EOD, truncated [ 420.538694][T10329] fuse: Bad value for 'fd' [ 420.722516][ T5828] kernel write not supported for file [eventfd] (pid: 5828 comm: kworker/0:6) [ 421.993493][T10343] loop0: detected capacity change from 0 to 512 [ 422.023632][T10346] loop5: detected capacity change from 0 to 512 [ 422.034083][T10343] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 422.066333][T10347] fuse: Bad value for 'group_id' [ 422.099648][T10343] FAT-fs (loop0): FAT read failed (blocknr 1568) [ 422.132365][T10343] FAT-fs (loop0): FAT read failed (blocknr 1568) [ 422.396503][T10353] fuse: Bad value for 'fd' [ 423.506462][T10375] random: crng reseeded on system resumption [ 423.677915][T10381] fuse: Bad value for 'fd' [ 423.708707][T10382] fuse: Bad value for 'fd' [ 424.266640][T10397] loop5: detected capacity change from 0 to 16 [ 424.305044][T10397] erofs: (device loop5): mounted with root inode @ nid 36. [ 424.576229][T10407] fuse: Bad value for 'user_id' [ 424.676267][T10412] random: crng reseeded on system resumption [ 424.975884][T10422] lo: entered allmulticast mode [ 424.981597][T10422] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 424.999442][T10422] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 425.020434][T10423] fuse: Bad value for 'fd' [ 425.357383][T10429] loop5: detected capacity change from 0 to 7 [ 425.401541][T10429] Dev loop5: unable to read RDB block 7 [ 425.416486][T10429] loop5: AHDI p1 p2 p3 [ 425.433148][T10429] loop5: partition table partially beyond EOD, truncated [ 425.459954][T10429] loop5: p1 start 1601398130 is beyond EOD, truncated [ 425.473897][T10429] loop5: p2 start 1702059890 is beyond EOD, truncated [ 425.777036][T10442] syzkaller0: entered promiscuous mode [ 425.782597][T10442] syzkaller0: entered allmulticast mode [ 425.855563][T10446] random: crng reseeded on system resumption [ 428.230938][ T27] audit: type=1804 audit(1771955497.213:4): pid=10474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1434" name="/newroot/397/file0" dev="fuse" ino=1 res=1 errno=0 [ 428.309097][T10477] syzkaller0: entered promiscuous mode [ 428.314667][T10477] syzkaller0: entered allmulticast mode [ 429.140715][T10490] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 430.224394][T10500] overlayfs: missing 'workdir' [ 430.519770][T10504] loop0: detected capacity change from 0 to 512 [ 430.610310][T10509] netlink: 'syz.5.1447': attribute type 1 has an invalid length. [ 430.686599][T10510] loop5: detected capacity change from 0 to 7 [ 430.712858][T10510] Dev loop5: unable to read RDB block 7 [ 430.737298][T10509] 8021q: adding VLAN 0 to HW filter on device bond3 [ 430.756705][T10510] loop5: AHDI p1 p2 p3 [ 430.765621][T10510] loop5: partition table partially beyond EOD, truncated [ 430.776354][T10510] loop5: p1 start 1601398130 is beyond EOD, truncated [ 430.783333][T10510] loop5: p2 start 1702059890 is beyond EOD, truncated [ 430.963872][T10522] overlayfs: missing 'workdir' [ 431.563425][T10538] loop0: detected capacity change from 0 to 512 [ 432.038228][T10551] overlayfs: missing 'workdir' [ 432.043619][T10549] netlink: 'syz.0.1463': attribute type 1 has an invalid length. [ 432.132623][T10549] 8021q: adding VLAN 0 to HW filter on device bond10 [ 434.124750][T10569] fuse: Bad value for 'fd' [ 434.333557][T10577] loop0: detected capacity change from 0 to 512 [ 434.620825][T10579] netlink: 'syz.5.1476': attribute type 1 has an invalid length. [ 435.526366][T10579] 8021q: adding VLAN 0 to HW filter on device bond4 [ 435.774633][ T27] audit: type=1804 audit(1771955504.753:5): pid=10595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1479" name="/newroot/305/file0" dev="fuse" ino=1 res=1 errno=0 [ 436.007954][T10608] fuse: Bad value for 'fd' [ 436.189639][T10612] loop0: detected capacity change from 0 to 512 [ 437.688526][T10636] fuse: Bad value for 'fd' [ 438.168494][ T27] audit: type=1804 audit(1771955507.163:6): pid=10645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1499" name="/newroot/149/file0" dev="fuse" ino=1 res=1 errno=0 [ 438.311820][T10655] loop4: detected capacity change from 0 to 512 [ 439.479133][T10664] fuse: Unknown parameter 'grou00000000000000000000' [ 439.528396][T10667] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1507'. [ 440.497105][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.503736][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.203749][T10689] loop0: detected capacity change from 0 to 512 [ 441.281027][T10691] fuse: Unknown parameter 'grou00000000000000000000' [ 441.358153][T10689] loop0: detected capacity change from 512 to 0 [ 441.378709][T10693] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1518'. [ 441.463004][T10695] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1519'. [ 441.475327][ T5772] syz-executor: attempt to access beyond end of device [ 441.475327][ T5772] loop0: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 441.499918][ T5772] Buffer I/O error on dev loop0, logical block 0, lost sync page write [ 441.679584][T10697] loop5: detected capacity change from 0 to 7 [ 441.729235][T10697] Dev loop5: unable to read RDB block 7 [ 441.742635][T10697] loop5: AHDI p1 p2 p3 [ 441.756363][T10697] loop5: partition table partially beyond EOD, truncated [ 441.783989][T10697] loop5: p1 start 1601398130 is beyond EOD, truncated [ 441.800963][T10697] loop5: p2 start 1702059890 is beyond EOD, truncated [ 443.562544][T10711] fuse: Bad value for 'fd' [ 443.857473][T10719] loop0: detected capacity change from 0 to 512 [ 444.036368][T10719] loop0: detected capacity change from 512 to 0 [ 444.143545][ T5772] syz-executor: attempt to access beyond end of device [ 444.143545][ T5772] loop0: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 444.176189][ T5772] Buffer I/O error on dev loop0, logical block 0, lost sync page write [ 444.391683][T10727] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1530'. [ 446.256739][T10739] fuse: Unknown parameter 'group_i00000000000000000000' [ 448.037809][T10750] loop2: detected capacity change from 0 to 512 [ 448.247904][T10750] loop2: detected capacity change from 512 to 0 [ 448.416604][ T5776] syz-executor: attempt to access beyond end of device [ 448.416604][ T5776] loop2: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 448.446657][ T5776] Buffer I/O error on dev loop2, logical block 0, lost sync page write [ 449.032012][T10766] loop0: detected capacity change from 0 to 512 [ 449.266255][T10766] loop0: detected capacity change from 512 to 0 [ 449.383499][ T5772] syz-executor: attempt to access beyond end of device [ 449.383499][ T5772] loop0: rw=2049, sector=0, nr_sectors = 4 limit=0 [ 449.422265][ T5772] Buffer I/O error on dev loop0, logical block 0, lost sync page write [ 451.156423][T10783] fuse: Invalid rootmode [ 451.491553][T10787] loop5: detected capacity change from 0 to 7 [ 451.530012][T10787] Dev loop5: unable to read RDB block 7 [ 451.556315][T10787] loop5: unable to read partition table [ 451.568146][T10787] loop5: partition table beyond EOD, truncated [ 451.593937][T10787] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 452.786384][T10817] fuse: Bad value for 'group_id' [ 454.491326][T10866] fuse: Unknown parameter 'fd0x0000000000000003' [ 455.533316][T10901] fuse: Unknown parameter 'fd0x0000000000000003' [ 456.584157][T10926] 8021q: adding VLAN 0 to HW filter on device bond8 [ 457.528750][T10957] netlink: 'syz.2.1610': attribute type 1 has an invalid length. [ 457.577334][T10957] 8021q: adding VLAN 0 to HW filter on device bond17 [ 458.520887][T10981] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 458.653199][T10981] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 458.684073][T10981] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 458.745383][T10981] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 458.794496][T10996] syzkaller0: entered promiscuous mode [ 458.807286][T10996] syzkaller0: entered allmulticast mode [ 460.144541][T11028] syzkaller0: entered promiscuous mode [ 460.156401][T11028] syzkaller0: entered allmulticast mode [ 460.671400][T11037] loop5: detected capacity change from 0 to 7 [ 460.692057][T11037] Dev loop5: unable to read RDB block 7 [ 460.702331][T11037] loop5: unable to read partition table [ 460.712234][T11037] loop5: partition table beyond EOD, truncated [ 460.721576][T11037] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 461.266880][T11051] syzkaller0: entered promiscuous mode [ 461.272628][T11051] syzkaller0: entered allmulticast mode [ 461.564856][T11061] loop5: detected capacity change from 0 to 7 [ 461.586217][ T6134] Dev loop5: unable to read RDB block 7 [ 461.592060][ T6134] loop5: unable to read partition table [ 461.599210][ T6134] loop5: partition table beyond EOD, truncated [ 461.608106][T11061] Dev loop5: unable to read RDB block 7 [ 461.618330][T11061] loop5: unable to read partition table [ 461.624403][T11061] loop5: partition table beyond EOD, truncated [ 461.632204][T11061] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 461.769139][T11063] random: crng reseeded on system resumption [ 462.422802][T11085] syzkaller0: entered promiscuous mode [ 462.428129][T11087] loop5: detected capacity change from 0 to 7 [ 462.432153][T11085] syzkaller0: entered allmulticast mode [ 462.438264][T11087] Dev loop5: unable to read RDB block 7 [ 462.449952][T11087] loop5: unable to read partition table [ 462.456581][T11087] loop5: partition table beyond EOD, truncated [ 462.463079][T11087] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 462.637250][T11089] overlayfs: failed to resolve './file2': -2 [ 462.759100][T11093] random: crng reseeded on system resumption [ 462.916640][T11100] fuse: Bad value for 'fd' [ 463.369414][T11112] loop5: detected capacity change from 0 to 7 [ 463.399482][T11112] Dev loop5: unable to read RDB block 7 [ 463.405144][T11112] loop5: unable to read partition table [ 463.434497][T11112] loop5: partition table beyond EOD, truncated [ 463.444251][T11112] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 463.476099][ T27] audit: type=1326 audit(1771955532.453:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.556094][ T27] audit: type=1326 audit(1771955532.453:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.646011][ T27] audit: type=1326 audit(1771955532.453:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.756137][ T27] audit: type=1326 audit(1771955532.453:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.794689][T11121] syzkaller0: entered promiscuous mode [ 463.810596][T11121] syzkaller0: entered allmulticast mode [ 463.824927][ T27] audit: type=1326 audit(1771955532.453:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.896082][ T27] audit: type=1326 audit(1771955532.453:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.958146][ T27] audit: type=1326 audit(1771955532.453:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 463.983105][T11129] random: crng reseeded on system resumption [ 464.038439][ T27] audit: type=1326 audit(1771955532.453:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 464.135690][ T27] audit: type=1326 audit(1771955532.463:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 464.214587][ T27] audit: type=1326 audit(1771955532.463:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11113 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 464.350661][T11140] loop5: detected capacity change from 0 to 7 [ 464.359596][ T6134] Dev loop5: unable to read RDB block 7 [ 464.365301][ T6134] loop5: unable to read partition table [ 464.371460][ T6134] loop5: partition table beyond EOD, truncated [ 464.398914][T11140] Dev loop5: unable to read RDB block 7 [ 464.422296][T11140] loop5: unable to read partition table [ 464.431136][T11140] loop5: partition table beyond EOD, truncated [ 464.449796][T11140] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 464.672944][T11146] fuse: Bad value for 'fd' [ 465.027130][T11157] tmpfs: Bad value for 'huge' [ 465.172139][T11159] syzkaller0: entered promiscuous mode [ 465.178710][T11159] syzkaller0: entered allmulticast mode [ 465.218466][T11165] fuse: Bad value for 'fd' [ 467.593860][T11223] fuse: Unknown parameter 'group_id00000000000000000000' [ 467.814008][T11227] tmpfs: Bad value for 'huge' [ 468.347026][T11244] fuse: Unknown parameter 'group_id00000000000000000000' [ 468.554520][T11252] tmpfs: Bad value for 'huge' [ 469.692770][T11273] fuse: Unknown parameter 'group_id00000000000000000000' [ 469.709449][T11275] tmpfs: Bad value for 'huge' [ 470.269555][T11299] tmpfs: Bad value for 'huge' [ 470.301666][T11297] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 470.321570][T11297] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 470.331088][T11297] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 470.358567][T11297] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 470.369233][T11297] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 470.549860][T11309] fuse: Bad value for 'user_id' [ 471.061705][T11324] fuse: Bad value for 'fd' [ 471.133666][T11328] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 471.149359][T11328] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 471.159180][T11328] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 471.176991][T11328] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 471.194572][T11328] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 472.583785][T11363] fuse: Bad value for 'fd' [ 472.803614][T11367] loop5: detected capacity change from 0 to 7 [ 472.815330][ T6134] Dev loop5: unable to read RDB block 7 [ 472.833120][ T6134] loop5: unable to read partition table [ 472.841709][ T6134] loop5: partition table beyond EOD, truncated [ 472.858277][T11367] Dev loop5: unable to read RDB block 7 [ 472.863980][T11367] loop5: unable to read partition table [ 472.888710][T11367] loop5: partition table beyond EOD, truncated [ 472.905553][T11367] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 473.194702][T11380] fuse: Bad value for 'user_id' [ 473.460395][T11390] fuse: Bad value for 'fd' [ 473.773161][T11400] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 473.773161][T11400] The task syz.5.1788 (11400) triggered the difference, watch for misbehavior. [ 474.352451][T11412] fuse: Bad value for 'fd' [ 474.504547][T11417] fuse: Bad value for 'fd' [ 475.304803][T11443] fuse: Bad value for 'fd' [ 475.309941][T11439] create_pit_timer: 8 callbacks suppressed [ 475.309957][T11439] kvm: requested 108952 ns i8254 timer period limited to 200000 ns [ 475.334836][T11439] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 475.347305][T11439] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 475.764515][T11452] fuse: Bad value for 'fd' [ 476.885551][T11470] fuse: Bad value for 'fd' [ 476.939539][T11472] fuse: Invalid rootmode [ 477.156810][T11479] fuse: Bad value for 'fd' [ 478.194882][T11498] fuse: Bad value for 'fd' [ 478.195255][T11500] fuse: Bad value for 'rootmode' [ 478.427282][T11503] fuse: Unknown parameter '0x0000000000000003' [ 478.624840][T11508] loop5: detected capacity change from 0 to 7 [ 478.655196][T11508] Dev loop5: unable to read RDB block 7 [ 478.664784][T11508] loop5: unable to read partition table [ 478.695279][T11508] loop5: partition table beyond EOD, truncated [ 478.726151][T11508] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 478.775706][ T5140] Dev loop5: unable to read RDB block 7 [ 478.807458][ T5140] loop5: unable to read partition table [ 478.819442][ T5140] loop5: partition table beyond EOD, truncated [ 479.346468][T11523] fuse: Bad value for 'rootmode' [ 479.373353][T11525] fuse: Bad value for 'fd' [ 479.591120][T11534] fuse: Unknown parameter '0x0000000000000003' [ 479.807445][T11539] loop5: detected capacity change from 0 to 7 [ 479.836983][T11539] Dev loop5: unable to read RDB block 7 [ 479.853163][T11539] loop5: unable to read partition table [ 479.877202][T11539] loop5: partition table beyond EOD, truncated [ 479.896144][T11539] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 480.112194][T11551] fuse: Bad value for 'rootmode' [ 480.146033][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 480.146050][ T27] audit: type=1326 audit(1771955549.133:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.187993][T11556] fuse: Bad value for 'fd' [ 480.236101][ T27] audit: type=1326 audit(1771955549.133:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.263033][ T27] audit: type=1326 audit(1771955549.133:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.368992][ T27] audit: type=1326 audit(1771955549.133:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.441192][ T27] audit: type=1326 audit(1771955549.133:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.474205][T11563] fuse: Unknown parameter '0x0000000000000003' [ 480.521258][ T27] audit: type=1326 audit(1771955549.133:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.606463][ T27] audit: type=1326 audit(1771955549.133:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.609296][T11566] netlink: 'syz.0.1852': attribute type 6 has an invalid length. [ 480.680731][ T27] audit: type=1326 audit(1771955549.133:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.753528][ T27] audit: type=1326 audit(1771955549.133:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.835532][ T27] audit: type=1326 audit(1771955549.133:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11548 comm="syz.2.1846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fccf359c629 code=0x7ffc0000 [ 480.953851][T11572] overlayfs: missing 'lowerdir' [ 481.049163][T11574] loop5: detected capacity change from 0 to 7 [ 481.079176][T11574] Dev loop5: unable to read RDB block 7 [ 481.096082][T11574] loop5: unable to read partition table [ 481.113122][T11576] fuse: Unknown parameter 'use00000000000000000000' [ 481.125419][T11574] loop5: partition table beyond EOD, truncated [ 481.139762][T11574] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 481.402009][T11583] fuse: Unknown parameter '0x0000000000000003' [ 481.931786][T11604] fuse: Unknown parameter 'use00000000000000000000' [ 482.041394][T11609] loop5: detected capacity change from 0 to 7 [ 482.069647][T11609] Dev loop5: unable to read RDB block 7 [ 482.075400][T11609] loop5: unable to read partition table [ 482.086505][T11609] loop5: partition table beyond EOD, truncated [ 482.092748][T11609] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 482.330931][T11619] fuse: Invalid rootmode [ 482.992751][T11635] loop5: detected capacity change from 0 to 7 [ 483.018593][ T6134] Dev loop5: unable to read RDB block 7 [ 483.110205][ T6134] loop5: unable to read partition table [ 483.134540][ T6134] loop5: partition table beyond EOD, truncated [ 483.158167][T11635] Dev loop5: unable to read RDB block 7 [ 483.196565][T11635] loop5: unable to read partition table [ 483.238535][T11635] loop5: partition table beyond EOD, truncated [ 483.281042][T11635] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 485.272766][T11679] fuse: Bad value for 'rootmode' [ 485.687938][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 485.687955][ T27] audit: type=1326 audit(1771955554.683:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 485.767008][ T27] audit: type=1326 audit(1771955554.713:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 485.803043][ T27] audit: type=1326 audit(1771955554.713:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 485.866103][ T27] audit: type=1326 audit(1771955554.713:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 485.935491][ T27] audit: type=1326 audit(1771955554.713:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 485.981554][T11704] fuse: Bad value for 'rootmode' [ 485.996050][ T27] audit: type=1326 audit(1771955554.713:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 486.056053][ T27] audit: type=1326 audit(1771955554.713:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 486.104872][ T27] audit: type=1326 audit(1771955554.713:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.0.1902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc78fb9c629 code=0x7ffc0000 [ 486.660004][T11717] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 486.710948][T11717] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 486.721259][T11717] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 486.725164][T11727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1914'. [ 486.745417][T11717] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 486.754660][T11717] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 486.771410][T11717] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 486.910294][T11731] fuse: Unknown parameter 'use00000000000000000000' [ 487.500884][T11750] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1923'. [ 487.704493][T11756] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 487.739700][T11756] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 487.761760][T11756] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 487.778921][T11756] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 488.784790][T11781] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1934'. [ 489.514921][T11802] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1944'. [ 490.607346][ T27] audit: type=1326 audit(1771955559.603:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408f39c629 code=0x7ffc0000 [ 490.664929][ T27] audit: type=1326 audit(1771955559.603:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408f39c629 code=0x7ffc0000 [ 490.681467][T11837] loop5: detected capacity change from 0 to 7 [ 490.703634][T11837] Dev loop5: unable to read RDB block 7 [ 490.710234][ T27] audit: type=1326 audit(1771955559.603:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408f39c629 code=0x7ffc0000 [ 490.710285][ T27] audit: type=1326 audit(1771955559.603:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f408f39c629 code=0x7ffc0000 [ 490.710327][ T27] audit: type=1326 audit(1771955559.603:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f408f39c629 code=0x7ffc0000 [ 490.710369][ T27] audit: type=1326 audit(1771955559.653:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.710411][ T27] audit: type=1326 audit(1771955559.653:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.710450][ T27] audit: type=1326 audit(1771955559.683:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.710490][ T27] audit: type=1326 audit(1771955559.683:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.710531][ T27] audit: type=1326 audit(1771955559.683:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.744718][T11837] loop5: unable to read partition table [ 490.780858][ T27] audit: type=1326 audit(1771955559.683:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 490.937508][T11837] loop5: partition table beyond EOD, truncated [ 490.943930][T11837] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 491.056604][ T27] audit: type=1326 audit(1771955559.683:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.4.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f408f35cece code=0x7ffc0000 [ 491.815420][T11864] loop5: detected capacity change from 0 to 7 [ 491.833219][T11864] Dev loop5: unable to read RDB block 7 [ 491.839521][T11864] loop5: unable to read partition table [ 491.870522][T11864] loop5: partition table beyond EOD, truncated [ 491.880596][T11864] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 492.280449][T11875] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 492.295844][T11875] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 492.305861][T11875] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 492.316405][T11875] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 492.324462][T11875] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 492.347689][T11875] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 492.361033][T11875] kvm: requested 108952 ns i8254 timer period limited to 200000 ns [ 492.369702][T11875] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 492.399453][T11875] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 492.413228][T11875] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 492.797024][T11894] fuse: Unknown parameter 'user_i00000000000000000000' [ 494.264980][T11922] netlink: 'syz.0.1987': attribute type 1 has an invalid length. [ 494.375762][T11922] 8021q: adding VLAN 0 to HW filter on device bond11 [ 494.507925][T11933] fuse: Bad value for 'fd' [ 495.063154][T11950] fuse: Unknown parameter 'user_id00000000000000000000' [ 495.346201][T11959] netlink: 'syz.0.2001': attribute type 1 has an invalid length. [ 495.381923][T11959] 8021q: adding VLAN 0 to HW filter on device bond12 [ 495.729935][T11966] fuse: Bad value for 'fd' [ 495.808498][T11970] syzkaller0: entered promiscuous mode [ 495.814905][T11970] syzkaller0: entered allmulticast mode [ 496.340504][T11977] fuse: Unknown parameter 'user_id00000000000000000000' [ 496.596790][T11985] netlink: 'syz.4.2010': attribute type 1 has an invalid length. [ 496.682765][T11988] fuse: Unknown parameter '0x0000000000000003' [ 496.701739][T11985] 8021q: adding VLAN 0 to HW filter on device bond9 [ 496.970090][T11997] fuse: Bad value for 'fd' [ 497.214117][T12005] fuse: Bad value for 'fd' [ 497.920042][T12012] create_pit_timer: 9 callbacks suppressed [ 497.920072][T12012] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 497.988429][T12016] fuse: Unknown parameter '0x0000000000000003' [ 498.078738][T12018] loop5: detected capacity change from 0 to 7 [ 498.090553][T12018] Dev loop5: unable to read RDB block 7 [ 498.099238][T12018] loop5: unable to read partition table [ 498.108247][T12018] loop5: partition table beyond EOD, truncated [ 498.115182][T12018] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 498.132060][ T5140] Dev loop5: unable to read RDB block 7 [ 498.145629][ T5140] loop5: unable to read partition table [ 498.153061][ T5140] loop5: partition table beyond EOD, truncated [ 498.281503][ T27] kauditd_printk_skb: 35 callbacks suppressed [ 498.281520][ T27] audit: type=1326 audit(1771955567.273:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.317834][ T27] audit: type=1326 audit(1771955567.303:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.356758][ T27] audit: type=1326 audit(1771955567.303:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.382963][ T27] audit: type=1326 audit(1771955567.303:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.411685][ T27] audit: type=1326 audit(1771955567.303:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.444469][ T27] audit: type=1326 audit(1771955567.303:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.491629][T12028] fuse: Bad value for 'fd' [ 498.505364][ T27] audit: type=1326 audit(1771955567.303:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.540829][ T27] audit: type=1326 audit(1771955567.303:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.569874][ T27] audit: type=1326 audit(1771955567.303:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.598799][ T27] audit: type=1326 audit(1771955567.303:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a4639c629 code=0x7ffc0000 [ 498.762244][T12038] fuse: Unknown parameter '0x0000000000000003' [ 499.064627][T12042] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 499.499719][T12050] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 499.794939][T12060] fuse: Bad value for 'fd' [ 499.958035][T12068] fuse: Unknown parameter '0x0000000000000003' [ 501.944342][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.954810][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 505.660015][T12174] fuse: Unknown parameter '0x0000000000000003' [ 506.571057][T12198] fuse: Unknown parameter '0x0000000000000003' [ 508.763652][T12240] loop5: detected capacity change from 0 to 128 [ 511.650076][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 511.650094][ T27] audit: type=1804 audit(1771955580.643:124): pid=12308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2128" name="/newroot/316/file0" dev="fuse" ino=1 res=1 errno=0 [ 512.883776][T12325] loop5: detected capacity change from 0 to 8192 [ 514.049203][T12362] overlayfs: failed to get inode (-116) [ 514.055263][T12362] overlayfs: failed to get inode (-116) [ 516.250945][T12417] netlink: 'syz.5.2167': attribute type 1 has an invalid length. [ 516.280355][ T27] audit: type=1326 audit(1771955585.273:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12418 comm="syz.0.2168" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc78fb9c629 code=0x0 [ 516.317168][T12417] 8021q: adding VLAN 0 to HW filter on device bond5 [ 517.366758][T12446] netlink: 'syz.0.2177': attribute type 1 has an invalid length. [ 517.474174][T12446] 8021q: adding VLAN 0 to HW filter on device bond13 [ 518.194897][T12474] netlink: 'syz.2.2189': attribute type 1 has an invalid length. [ 518.238853][T12474] 8021q: adding VLAN 0 to HW filter on device bond18 [ 518.990185][T12494] loop5: detected capacity change from 0 to 7 [ 519.039063][T12494] Dev loop5: unable to read RDB block 7 [ 519.044807][T12494] loop5: unable to read partition table [ 519.074808][T12494] loop5: partition table beyond EOD, truncated [ 519.097560][T12494] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 519.426683][T12502] netlink: 'syz.0.2199': attribute type 1 has an invalid length. [ 519.454707][T12500] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 519.566414][T12502] 8021q: adding VLAN 0 to HW filter on device bond14 [ 519.625054][T12509] bond14: (slave geneve3): making interface the new active one [ 519.691568][T12509] bond14: (slave geneve3): Enslaving as an active interface with an up link [ 519.929373][T12522] loop5: detected capacity change from 0 to 7 [ 519.947011][T12522] Dev loop5: unable to read RDB block 7 [ 519.952753][T12522] loop5: unable to read partition table [ 519.976376][T12522] loop5: partition table beyond EOD, truncated [ 519.986803][T12522] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 520.028832][T12526] loop0: detected capacity change from 0 to 128 [ 520.477690][T12539] netlink: 'syz.2.2213': attribute type 1 has an invalid length. [ 520.590730][T12539] 8021q: adding VLAN 0 to HW filter on device bond19 [ 520.615396][T12542] bond19: (slave geneve3): making interface the new active one [ 520.627660][T12542] bond19: (slave geneve3): Enslaving as an active interface with an up link [ 520.924228][T12550] loop5: detected capacity change from 0 to 7 [ 520.953457][T12550] Dev loop5: unable to read RDB block 7 [ 520.977714][T12550] loop5: unable to read partition table [ 520.995507][T12550] loop5: partition table beyond EOD, truncated [ 521.012539][T12550] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 521.035086][T12555] syzkaller0: entered promiscuous mode [ 521.057109][T12555] syzkaller0: entered allmulticast mode [ 521.718261][T12574] netlink: 'syz.5.2226': attribute type 1 has an invalid length. [ 521.851153][T12574] 8021q: adding VLAN 0 to HW filter on device bond6 [ 521.914817][T12584] fuse: Unknown parameter 'grou00000000000000000000' [ 521.928068][T12579] bond6: (slave geneve2): making interface the new active one [ 521.948425][T12579] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 522.247362][T12597] syzkaller0: entered promiscuous mode [ 522.253048][T12597] syzkaller0: entered allmulticast mode [ 522.882753][T12612] fuse: Unknown parameter 'grou00000000000000000000' [ 523.262628][T12623] syzkaller0: entered promiscuous mode [ 523.286015][T12623] syzkaller0: entered allmulticast mode [ 523.627712][T12633] loop5: detected capacity change from 0 to 7 [ 523.636657][ T6134] Dev loop5: unable to read RDB block 7 [ 523.644605][ T6134] loop5: unable to read partition table [ 523.655613][ T6134] loop5: partition table beyond EOD, truncated [ 523.663453][T12633] Dev loop5: unable to read RDB block 7 [ 523.674399][T12633] loop5: unable to read partition table [ 523.687592][T12633] loop5: partition table beyond EOD, truncated [ 523.700099][T12633] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 523.724338][T12635] fuse: Unknown parameter 'group_i00000000000000000000' [ 524.901145][T12650] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 524.915213][T12650] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 524.946341][T12650] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 524.963022][T12650] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 524.978206][T12650] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 524.985734][T12650] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 525.339614][T12663] loop5: detected capacity change from 0 to 7 [ 525.367900][T12663] Dev loop5: unable to read RDB block 7 [ 525.373603][T12663] loop5: unable to read partition table [ 525.383703][T12663] loop5: partition table beyond EOD, truncated [ 525.397982][T12663] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 525.402486][T12660] syzkaller0: entered promiscuous mode [ 525.437308][T12660] syzkaller0: entered allmulticast mode [ 525.904552][T12648] chnl_net:caif_netlink_parms(): no params data found [ 526.022571][T12648] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.030081][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.038356][T12648] bridge_slave_0: entered allmulticast mode [ 526.045351][T12648] bridge_slave_0: entered promiscuous mode [ 526.065418][T12648] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.075170][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.082621][T12648] bridge_slave_1: entered allmulticast mode [ 526.090713][T12648] bridge_slave_1: entered promiscuous mode [ 526.129424][ T4834] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.141347][ T4834] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.190723][T12648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 526.232418][T12648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 526.330785][ T4834] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.348299][ T4834] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.414010][T12648] team0: Port device team_slave_0 added [ 526.455660][ T4834] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.467144][ T4834] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.490360][T12648] team0: Port device team_slave_1 added [ 526.658932][ T4834] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 526.679560][ T4834] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.731480][T12648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.746814][T12648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.782524][T12648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.839506][T12648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.869702][T12648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.943327][T12648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 527.018762][T12648] hsr_slave_0: entered promiscuous mode [ 527.044358][T12648] hsr_slave_1: entered promiscuous mode [ 527.056543][ T5773] Bluetooth: hci0: command tx timeout [ 527.063897][T12648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 527.098152][T12648] Cannot create hsr debugfs directory [ 527.314439][T12696] syzkaller0: entered promiscuous mode [ 527.322343][T12696] syzkaller0: entered allmulticast mode [ 527.884292][T12709] loop5: detected capacity change from 0 to 7 [ 527.897830][T12709] Dev loop5: unable to read RDB block 7 [ 527.905051][T12709] loop5: unable to read partition table [ 527.914030][T12709] loop5: partition table beyond EOD, truncated [ 527.927462][T12709] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 528.604553][ T4834] bond1: (slave gretap1): Releasing active interface [ 529.136219][ T5773] Bluetooth: hci0: command tx timeout [ 529.167406][T12747] loop4: detected capacity change from 0 to 256 [ 529.183067][T12736] syzkaller0: entered promiscuous mode [ 529.210689][T12736] syzkaller0: entered allmulticast mode [ 531.216150][ T5773] Bluetooth: hci0: command tx timeout [ 531.947607][T12648] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 532.000927][T12648] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 532.019174][T12648] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 532.044636][T12648] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 532.127495][ T4834] hsr_slave_0: left promiscuous mode [ 532.133692][ T4834] hsr_slave_1: left promiscuous mode [ 532.176646][ T4834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 532.184233][ T4834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 532.205542][ T4834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 532.213432][ T4834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 532.330489][ T4834] veth1_macvtap: left promiscuous mode [ 532.336614][ T4834] veth0_macvtap: left promiscuous mode [ 532.342483][ T4834] veth1_vlan: left promiscuous mode [ 532.348548][ T4834] veth0_vlan: left promiscuous mode [ 532.707775][ T4834] bond19 (unregistering): (slave geneve3): Releasing active interface [ 533.037780][ T4834] bond19 (unregistering): Released all slaves [ 533.294704][ T5773] Bluetooth: hci0: command tx timeout [ 533.340233][ T4834] bond18 (unregistering): Released all slaves [ 533.615606][ T4834] bond17 (unregistering): Released all slaves [ 533.787910][ T4834] bond16 (unregistering): Released all slaves [ 533.991694][ T4834] bond15 (unregistering): Released all slaves [ 534.152388][ T4834] bond14 (unregistering): Released all slaves [ 534.315013][ T4834] bond13 (unregistering): Released all slaves [ 534.470717][ T4834] bond12 (unregistering): Released all slaves [ 534.618815][ T4834] bond11 (unregistering): Released all slaves [ 534.775824][ T4834] bond10 (unregistering): Released all slaves [ 534.945088][ T4834] bond9 (unregistering): Released all slaves [ 535.107082][ T4834] bond8 (unregistering): Released all slaves [ 535.269651][ T4834] bond7 (unregistering): Released all slaves [ 535.427342][ T4834] bond6 (unregistering): Released all slaves [ 535.582237][ T4834] bond5 (unregistering): Released all slaves [ 535.749972][ T4834] bond4 (unregistering): Released all slaves [ 535.895163][ T4834] bond3 (unregistering): Released all slaves [ 536.046669][ T4834] bond2 (unregistering): Released all slaves [ 536.218966][ T4834] bond1 (unregistering): Released all slaves [ 536.925023][ T4834] team0 (unregistering): Port device team_slave_1 removed [ 536.987532][ T4834] team0 (unregistering): Port device team_slave_0 removed [ 537.041125][ T4834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.100397][ T4834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 537.715062][ T4834] bond0 (unregistering): Released all slaves [ 537.900351][T12806] netlink: 'syz.5.2298': attribute type 1 has an invalid length. [ 537.934579][T12806] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 538.372572][T12648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.499800][T12648] 8021q: adding VLAN 0 to HW filter on device team0 [ 538.532237][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.539524][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.650675][ T4841] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.657972][ T4841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 538.812762][T12648] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 538.844071][ T4834] IPVS: stop unused estimator thread 0... [ 539.409807][T12648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 539.495031][T12648] veth0_vlan: entered promiscuous mode [ 539.523027][T12648] veth1_vlan: entered promiscuous mode [ 539.590275][T12648] veth0_macvtap: entered promiscuous mode [ 539.605369][T12648] veth1_macvtap: entered promiscuous mode [ 539.637255][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.648370][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.659730][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.673247][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.690302][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 539.701944][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.715841][T12648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.733890][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.745030][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.755734][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.782603][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.793161][T12648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.804443][T12648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.825310][T12648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.843295][T12648] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.846300][T12650] Bluetooth: hci4: command 0x0406 tx timeout [ 539.882308][T12648] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.919862][T12648] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.956352][T12648] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.157753][T12860] loop5: detected capacity change from 0 to 7 [ 540.165385][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.167867][T12862] syzkaller0: entered promiscuous mode [ 540.174643][ T6134] Dev loop5: unable to read RDB block 7 [ 540.197680][ T6134] loop5: unable to read partition table [ 540.199689][T12862] syzkaller0: entered allmulticast mode [ 540.203583][ T6134] loop5: partition table beyond EOD, [ 540.210087][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.236081][ T6134] truncated [ 540.240850][T12860] Dev loop5: unable to read RDB block 7 [ 540.261470][T12860] loop5: unable to read partition table [ 540.279148][T12860] loop5: partition table beyond EOD, truncated [ 540.295318][T12860] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 540.609443][ T128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.626280][ T128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.655745][T12892] syzkaller0: entered promiscuous mode [ 541.661706][T12892] syzkaller0: entered allmulticast mode [ 542.886508][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 547.477954][T12920] loop4: detected capacity change from 0 to 736 [ 547.697470][T12923] syzkaller0: entered promiscuous mode [ 547.703022][T12923] syzkaller0: entered allmulticast mode [ 549.562184][T12983] loop2: detected capacity change from 0 to 128 [ 549.585012][T12983] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 549.610999][T12983] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 549.749106][T12980] loop0: detected capacity change from 0 to 8192 [ 549.777858][T12980] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 549.827978][T12980] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 549.852567][T12980] FAT-fs (loop0): Filesystem has been set read-only [ 549.887443][T12980] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 549.895637][T12980] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 550.116746][T12996] bridge_slave_0: default FDB implementation only supports local addresses [ 550.969693][T13018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2369'. [ 550.980134][T13018] team0: No ports can be present during mode change [ 551.428083][T13024] fuse: Unknown parameter 'use00000000000000000000' [ 551.707307][T13029] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 552.411461][T13054] fuse: Unknown parameter 'use00000000000000000000' [ 553.545465][T13066] loop5: detected capacity change from 0 to 7 [ 553.567899][T13066] Dev loop5: unable to read RDB block 7 [ 553.585806][T13066] loop5: unable to read partition table [ 553.601877][T13066] loop5: partition table beyond EOD, truncated [ 553.611420][T13066] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 553.658680][T13068] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 554.063559][T13083] fuse: Unknown parameter 'use00000000000000000000' [ 554.444566][T13098] loop5: detected capacity change from 0 to 7 [ 554.473909][T13098] Dev loop5: unable to read RDB block 7 [ 554.484875][T13090] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 554.496386][T13098] loop5: unable to read partition table [ 554.514078][T13098] loop5: partition table beyond EOD, truncated [ 554.529477][T13098] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 554.812770][T13102] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 556.518436][T13134] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 556.676146][T13141] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 558.057946][T13164] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 558.409967][T13170] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 558.620776][T13177] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 558.870049][T13191] loop5: detected capacity change from 0 to 7 [ 558.969454][T13191] Dev loop5: unable to read RDB block 7 [ 559.020556][T13191] loop5: unable to read partition table [ 559.099830][T13191] loop5: partition table beyond EOD, truncated [ 559.165663][T13191] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 561.138332][T13219] loop5: detected capacity change from 0 to 7 [ 561.160555][T13219] Dev loop5: unable to read RDB block 7 [ 561.191430][T13219] loop5: unable to read partition table [ 561.204820][T13219] loop5: partition table beyond EOD, truncated [ 561.225982][T13219] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 561.604987][T13237] loop2: detected capacity change from 0 to 128 [ 561.683695][T13237] FAT-fs (loop2): bogus logical sector size 4 [ 561.718471][T13237] FAT-fs (loop2): Can't find a valid FAT filesystem [ 562.000529][T13250] loop2: detected capacity change from 0 to 128 [ 562.506342][T13266] netlink: 'syz.4.2458': attribute type 7 has an invalid length. [ 562.561032][T13266] netlink: 'syz.4.2458': attribute type 8 has an invalid length. [ 563.389582][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.396394][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.529099][T12650] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 568.540737][T12650] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 568.549568][T12650] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 568.560684][T12650] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 568.571332][T12650] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 568.579672][T12650] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 568.832475][ T5772] syz_tun (unregistering): left promiscuous mode [ 569.074093][T13315] loop5: detected capacity change from 0 to 7 [ 569.086938][T12921] Dev loop5: unable to read RDB block 7 [ 569.098930][ T4841] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 569.116045][T12921] loop5: unable to read partition table [ 569.121999][T12921] loop5: partition table beyond EOD, truncated [ 569.142641][ T4841] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.157444][T13315] Dev loop5: unable to read RDB block 7 [ 569.173604][T13315] loop5: unable to read partition table [ 569.190360][T13315] loop5: partition table beyond EOD, truncated [ 569.205059][T13315] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 569.346917][ T4841] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 569.413017][ T4841] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.536313][T12650] Bluetooth: hci2: command tx timeout [ 573.751156][ T4841] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 573.779302][ T4841] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.040771][T13342] loop4: detected capacity change from 0 to 256 [ 574.079616][ T4841] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 574.097905][ T4841] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.350119][T13299] chnl_net:caif_netlink_parms(): no params data found [ 576.105779][T12650] Bluetooth: hci2: command tx timeout [ 577.403177][T13362] loop5: detected capacity change from 0 to 7 [ 577.449695][T13362] Dev loop5: unable to read RDB block 7 [ 577.455405][T13362] loop5: unable to read partition table [ 577.536352][T13362] loop5: partition table beyond EOD, truncated [ 577.585812][T13362] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 577.774833][ T4841] tipc: Left network mode [ 577.787177][T13299] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.807343][T13299] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.814638][T13299] bridge_slave_0: entered allmulticast mode [ 577.842546][T13299] bridge_slave_0: entered promiscuous mode [ 577.884933][T13299] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.905759][T13299] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.950313][T13299] bridge_slave_1: entered allmulticast mode [ 577.971315][T13299] bridge_slave_1: entered promiscuous mode [ 578.139469][ T4841] ip6gretap0 (unregistering): left promiscuous mode [ 580.075957][T12650] Bluetooth: hci2: command tx timeout [ 581.102903][T13299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.226478][T13299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 581.377029][T13401] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 581.453974][T13299] team0: Port device team_slave_0 added [ 581.538290][T13408] fuse: Bad value for 'fd' [ 581.569549][T13299] team0: Port device team_slave_1 added [ 581.681708][T13299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.695399][T13299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.767221][T13299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.845332][T13299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.862889][T13299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.981601][T13299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.086020][T12650] Bluetooth: hci2: command tx timeout [ 584.851737][T13299] hsr_slave_0: entered promiscuous mode [ 584.862060][T13299] hsr_slave_1: entered promiscuous mode [ 584.869997][T13299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 584.879795][T13299] Cannot create hsr debugfs directory [ 586.793503][ T4841] hsr_slave_0: left promiscuous mode [ 586.816753][ T4841] hsr_slave_1: left promiscuous mode [ 586.831701][ T4841] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.847340][ T4841] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.868229][ T4841] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.876338][ T4841] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 587.103674][ T4841] veth1_macvtap: left promiscuous mode [ 587.128502][ T4841] veth0_macvtap: left promiscuous mode [ 587.134241][ T4841] veth1_vlan: left promiscuous mode [ 587.190420][ T4841] veth0_vlan: left promiscuous mode [ 587.312887][T13479] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 587.707350][ T4841] bond14 (unregistering): (slave geneve3): Releasing active interface [ 589.564405][T13513] loop5: detected capacity change from 0 to 7 [ 589.583573][T13513] Dev loop5: unable to read RDB block 7 [ 589.596310][T13513] loop5: unable to read partition table [ 589.602363][T13513] loop5: partition table beyond EOD, truncated [ 589.636223][T13513] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 589.717533][ T4841] bond14 (unregistering): Released all slaves [ 589.982353][ T4841] bond13 (unregistering): Released all slaves [ 590.162659][ T4841] bond12 (unregistering): Released all slaves [ 590.329691][ T4841] bond11 (unregistering): Released all slaves [ 590.489034][ T4841] bond10 (unregistering): Released all slaves [ 590.642749][ T4841] bond9 (unregistering): Released all slaves [ 590.898733][ T4841] bond8 (unregistering): Released all slaves [ 591.049400][T13530] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 591.115684][ T4841] bond7 (unregistering): Released all slaves [ 591.384174][ T4841] bond6 (unregistering): Released all slaves [ 591.592104][ T4841] bond5 (unregistering): Released all slaves [ 591.793275][ T4841] bond4 (unregistering): Released all slaves [ 592.036539][ T4841] bond3 (unregistering): Released all slaves [ 592.269174][ T4841] bond2 (unregistering): Released all slaves [ 592.514419][ T4841] bond1 (unregistering): Released all slaves [ 597.414816][ T4841] team0 (unregistering): Port device team_slave_1 removed [ 597.521201][ T4841] team0 (unregistering): Port device team_slave_0 removed [ 597.590753][ T4841] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 597.693831][ T4841] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.310436][ T4841] bond0 (unregistering): Released all slaves [ 600.091848][T13563] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 600.758205][T13567] loop4: detected capacity change from 0 to 128 [ 603.295095][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 603.322395][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 603.342455][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 603.377852][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 603.389379][ T5773] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 603.415187][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 605.342257][ T4841] IPVS: stop unused estimator thread 0... [ 605.532581][ T5773] Bluetooth: hci1: command tx timeout [ 605.739617][ T4841] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.838964][T13612] chnl_net:caif_netlink_parms(): no params data found [ 605.871968][T13299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 605.904611][T13299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 605.981159][ T4841] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.103357][ T4841] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.540234][T13299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 607.119923][ T4841] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.169610][T13299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 607.479685][T13612] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.496316][T13612] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.503645][T13612] bridge_slave_0: entered allmulticast mode [ 607.530406][T13612] bridge_slave_0: entered promiscuous mode [ 607.559830][T13612] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.576107][T13612] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.593661][T13612] bridge_slave_1: entered allmulticast mode [ 607.606588][ T5773] Bluetooth: hci1: command tx timeout [ 607.607429][T13612] bridge_slave_1: entered promiscuous mode [ 608.954007][T13612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 608.994188][T13612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.213640][T13612] team0: Port device team_slave_0 added [ 609.233472][T13612] team0: Port device team_slave_1 added [ 609.462152][T13299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 609.497525][T13612] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.504598][T13612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 609.560979][T13612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.640848][T13612] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 609.648165][T13612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 609.697980][ T5773] Bluetooth: hci1: command tx timeout [ 609.744274][T13612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 609.827011][T13711] overlayfs: failed to clone upperpath [ 609.848918][T13299] 8021q: adding VLAN 0 to HW filter on device team0 [ 610.083365][T13612] hsr_slave_0: entered promiscuous mode [ 610.109467][T13612] hsr_slave_1: entered promiscuous mode [ 610.125695][T13612] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 610.146037][T13612] Cannot create hsr debugfs directory [ 610.172168][ T128] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.179427][ T128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.303131][ T128] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.310489][ T128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 611.131769][ T4841] hsr_slave_0: left promiscuous mode [ 611.171358][ T4841] hsr_slave_1: left promiscuous mode [ 611.197753][ T4841] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 611.205259][ T4841] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 611.249468][ T4841] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 611.286390][ T4841] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 611.302220][T13752] overlayfs: failed to clone upperpath [ 611.306683][ T4841] bridge_slave_1: left allmulticast mode [ 611.326050][ T4841] bridge_slave_1: left promiscuous mode [ 611.332132][ T4841] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.360700][ T4841] bridge_slave_0: left allmulticast mode [ 611.386302][ T4841] bridge_slave_0: left promiscuous mode [ 611.392147][ T4841] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.496722][ T4841] veth1_macvtap: left promiscuous mode [ 611.502355][ T4841] veth0_macvtap: left promiscuous mode [ 611.526526][ T4841] veth1_vlan: left promiscuous mode [ 611.531938][ T4841] veth0_vlan: left promiscuous mode [ 611.732672][T13766] fuse: Bad value for 'fd' [ 611.766208][ T5773] Bluetooth: hci1: command tx timeout [ 611.854024][ T4841] bond6 (unregistering): (slave geneve2): Releasing active interface [ 612.033189][ T4841] bond6 (unregistering): Released all slaves [ 612.204912][ T4841] bond5 (unregistering): Released all slaves [ 612.371116][ T4841] bond4 (unregistering): Released all slaves [ 612.532606][ T4841] bond3 (unregistering): Released all slaves [ 612.752981][ T4841] bond2 (unregistering): Released all slaves [ 612.976184][ T4841] bond1 (unregistering): Released all slaves [ 613.902737][ T4841] team0 (unregistering): Port device team_slave_1 removed [ 613.960981][ T4841] team0 (unregistering): Port device team_slave_0 removed [ 614.013779][ T4841] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 614.072122][ T4841] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.525770][ T4841] bond0 (unregistering): Released all slaves [ 614.641424][T13803] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 616.163187][T13299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 616.224143][T13612] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 616.278433][T13612] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 616.309975][T13612] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 616.356058][T13612] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 616.529696][T13299] veth0_vlan: entered promiscuous mode [ 616.634949][T13299] veth1_vlan: entered promiscuous mode [ 616.708179][ T4841] IPVS: stop unused estimator thread 0... [ 616.844127][T13299] veth0_macvtap: entered promiscuous mode [ 616.893536][T13299] veth1_macvtap: entered promiscuous mode [ 616.931563][T13612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.972469][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.990640][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.024963][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 617.046443][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.062105][T13299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 617.099376][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.116321][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.147025][T13299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 617.185921][T13299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 617.207891][T13299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 617.228208][T13612] 8021q: adding VLAN 0 to HW filter on device team0 [ 617.245142][T13299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.269470][T13299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.281516][T13299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.293963][T13299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.341495][ T2934] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.348850][ T2934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 617.375182][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.382407][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 617.632546][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.653237][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.762927][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.779554][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.148016][T13612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 618.218768][T13883] loop0: detected capacity change from 0 to 164 [ 619.023146][T13612] veth0_vlan: entered promiscuous mode [ 619.067607][T13612] veth1_vlan: entered promiscuous mode [ 619.161113][T13612] veth0_macvtap: entered promiscuous mode [ 619.174659][T13612] veth1_macvtap: entered promiscuous mode [ 619.230336][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 619.273055][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.306121][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 619.409506][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.461310][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 619.508727][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.533944][T13612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 619.559475][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.575813][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.590258][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.774607][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.969459][T13612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 620.186538][T13612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 620.228262][T13612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 620.324160][T13612] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.404545][T13612] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.414553][T13612] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.423441][T13612] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.678908][ T1204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.713455][ T1204] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.733712][T13938] fuse: Unknown parameter 'grou00000000000000000000' [ 620.851306][ T4841] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.880552][ T4841] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.447018][T13970] fuse: Unknown parameter 'grou00000000000000000000' [ 623.037496][T13989] ptrace attach of "./syz-executor exec"[13990] was attempted by "./syz-executor exec"[13989] [ 623.270924][T12650] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 623.282413][T12650] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 623.287895][ T2979] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 623.313586][T12650] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 623.346767][T12650] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 623.357674][ T2979] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.357784][T12650] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 623.380539][T12650] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 623.426851][T14003] fuse: Unknown parameter 'grou00000000000000000000' [ 624.241784][ T2979] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.304882][ T2979] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.714618][ T2979] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.748126][ T2979] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.813434][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.820031][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.841198][T14025] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 624.919269][ T2979] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 624.929801][ T2979] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.226892][T14039] fuse: Unknown parameter 'group_i00000000000000000000' [ 625.446397][T12650] Bluetooth: hci3: command tx timeout [ 625.829551][T14055] loop0: detected capacity change from 0 to 16 [ 625.843073][T14055] erofs: (device loop0): mounted with root inode @ nid 36. [ 626.085725][T13995] chnl_net:caif_netlink_parms(): no params data found [ 626.519290][T13995] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.533537][T13995] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.543565][T13995] bridge_slave_0: entered allmulticast mode [ 626.559629][T13995] bridge_slave_0: entered promiscuous mode [ 626.656365][T13995] bridge0: port 2(bridge_slave_1) entered blocking state [ 626.676080][T13995] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.683552][T13995] bridge_slave_1: entered allmulticast mode [ 626.713842][T13995] bridge_slave_1: entered promiscuous mode [ 626.739749][T14073] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 626.757562][T14073] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 626.930813][T13995] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 627.015807][T13995] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 627.044961][T14080] loop5: detected capacity change from 0 to 7 [ 627.064302][T14080] Dev loop5: unable to read RDB block 7 [ 627.074385][T14080] loop5: unable to read partition table [ 627.096204][T14080] loop5: partition table beyond EOD, truncated [ 627.102497][T14080] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 627.319545][T13995] team0: Port device team_slave_0 added [ 627.428781][T13995] team0: Port device team_slave_1 added [ 627.443257][T14088] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 627.480305][T14088] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 627.514541][T14088] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 627.526470][T12650] Bluetooth: hci3: command tx timeout [ 627.615202][T13995] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 627.656503][T13995] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 627.732788][T13995] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 627.900738][T13995] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 627.938152][T13995] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.321963][T13995] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 628.945284][T14115] loop5: detected capacity change from 0 to 7 [ 628.977065][T14115] Dev loop5: unable to read RDB block 7 [ 628.991248][T14115] loop5: unable to read partition table [ 629.011801][T14115] loop5: partition table beyond EOD, truncated [ 629.020611][ T2979] hsr_slave_0: left promiscuous mode [ 629.049913][T14115] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 629.078639][ T2979] hsr_slave_1: left promiscuous mode [ 629.172791][ T2979] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.190579][ T2979] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.227429][ T2979] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.234938][ T2979] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.252963][T14125] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 629.273489][T14125] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 629.293970][T14125] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 629.307485][ T2979] veth1_macvtap: left promiscuous mode [ 629.313108][ T2979] veth0_macvtap: left promiscuous mode [ 629.345459][ T2979] veth1_vlan: left promiscuous mode [ 629.360319][ T2979] veth0_vlan: left promiscuous mode [ 629.605986][T12650] Bluetooth: hci3: command tx timeout [ 630.252340][ T2979] bond9 (unregistering): Released all slaves [ 630.524001][ T2979] bond8 (unregistering): Released all slaves [ 630.525713][T14149] overlayfs: missing 'lowerdir' [ 630.565009][ T2979] bond7 (unregistering): (slave geneve2): Releasing active interface [ 630.658970][T14151] loop6: detected capacity change from 0 to 164 [ 630.921219][ T2979] bond7 (unregistering): Released all slaves [ 631.783828][T12650] Bluetooth: hci3: command tx timeout [ 631.818355][ T2979] bond6 (unregistering): Released all slaves [ 632.102041][ T2979] bond5 (unregistering): Released all slaves [ 632.325008][ T2979] bond4 (unregistering): Released all slaves [ 632.571310][ T2979] bond3 (unregistering): Released all slaves [ 632.787088][ T2979] bond2 (unregistering): Released all slaves [ 633.003712][ T2979] bond1 (unregistering): Released all slaves [ 633.565004][T14169] overlayfs: missing 'lowerdir' [ 633.688035][T14171] fuse: Bad value for 'user_id' [ 633.943163][ T2979] team0 (unregistering): Port device team_slave_1 removed [ 634.029162][ T2979] team0 (unregistering): Port device team_slave_0 removed [ 634.145372][ T2979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 634.228788][ T2979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 635.612284][ T2979] bond0 (unregistering): Released all slaves [ 635.971113][T13995] hsr_slave_0: entered promiscuous mode [ 636.001912][T13995] hsr_slave_1: entered promiscuous mode [ 636.383837][T14192] overlayfs: missing 'lowerdir' [ 636.615539][T14196] fuse: Bad value for 'user_id' [ 636.809914][ T2979] IPVS: stop unused estimator thread 0... [ 638.135653][T13995] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 638.238129][T13995] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 638.277715][T13995] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 642.067059][T13995] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 642.462595][T13995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.524301][T13995] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.572115][ T2934] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.579420][ T2934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.596359][T14236] overlayfs: missing 'workdir' [ 642.606979][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.614171][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.630482][T14238] fuse: Bad value for 'user_id' [ 643.153473][T14249] loop6: detected capacity change from 0 to 1764 [ 643.497528][T13995] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 643.727339][T14271] fuse: Bad value for 'fd' [ 643.770154][T14272] overlayfs: missing 'workdir' [ 643.961078][T14280] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2729'. [ 644.460102][T13995] veth0_vlan: entered promiscuous mode [ 644.498908][T13995] veth1_vlan: entered promiscuous mode [ 644.600005][T13995] veth0_macvtap: entered promiscuous mode [ 644.632242][T13995] veth1_macvtap: entered promiscuous mode [ 644.683130][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.715887][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.751064][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.795029][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.820234][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.833508][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.860315][T13995] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 644.877250][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.900641][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.926664][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.965967][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.996039][T13995] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.010722][T13995] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.032784][T14308] overlayfs: missing 'workdir' [ 645.060133][T13995] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 645.122405][T13995] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.161039][T13995] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.181478][T13995] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.214921][T13995] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.308456][T14318] bridge1: entered promiscuous mode [ 645.313758][T14318] bridge1: entered allmulticast mode [ 645.364705][T14318] team0: Port device bridge1 added [ 645.633697][ T4841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.657259][ T4841] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.790770][ T2934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.817944][ T2934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 646.095347][T14343] loop4: detected capacity change from 0 to 128 [ 647.682251][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 649.070197][T14408] overlayfs: failed to clone upperpath [ 649.815015][T14431] fuse: Bad value for 'fd' [ 650.021145][T14438] fuse: Bad value for 'fd' [ 650.173004][T14441] overlayfs: failed to clone upperpath [ 651.003025][T14470] fuse: Invalid rootmode [ 651.082120][T14474] overlayfs: failed to clone upperpath [ 651.274756][T14481] 9pnet_fd: Insufficient options for proto=fd [ 652.108997][T14499] fuse: Invalid rootmode [ 652.281662][T14503] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 652.407538][T14506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2804'. [ 652.429869][T14506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2804'. [ 652.807036][T14518] fuse: Invalid rootmode [ 652.919244][T14525] fuse: Bad value for 'fd' [ 653.462521][T14543] fuse: Bad value for 'rootmode' [ 654.065173][T14563] fuse: Bad value for 'rootmode' [ 654.095218][T14561] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2828'. [ 654.256846][T14567] 9pnet_fd: Insufficient options for proto=fd [ 654.757082][T14588] fuse: Bad value for 'rootmode' [ 655.623789][T14614] fuse: Unknown parameter 'use00000000000000000000' [ 656.001100][ T9] kernel write not supported for file [eventfd] (pid: 9 comm: kworker/0:1) [ 656.486808][T14645] fuse: Unknown parameter 'use00000000000000000000' [ 658.924991][T14674] fuse: Unknown parameter 'use00000000000000000000' [ 660.669741][T14699] fuse: Unknown parameter 'user_i00000000000000000000' [ 663.186720][T14761] fuse: Unknown parameter 'user_i00000000000000000000' [ 664.556257][T14798] fuse: Unknown parameter 'user_i00000000000000000000' [ 664.993767][T14817] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 665.190841][T14824] overlayfs: failed to clone upperpath [ 666.222867][T14855] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 669.702838][T14937] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 671.577041][T14981] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 672.495396][T15019] fuse: Bad value for 'fd' [ 673.367492][T15054] fuse: Bad value for 'fd' [ 673.611643][T15062] fuse: Bad value for 'fd' [ 673.876172][ T27] audit: type=1326 audit(1771955742.863:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 673.933896][ T27] audit: type=1326 audit(1771955742.863:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 673.988672][ T27] audit: type=1326 audit(1771955742.873:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.049296][ T27] audit: type=1326 audit(1771955742.893:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.073567][ T27] audit: type=1326 audit(1771955742.893:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.136564][ T27] audit: type=1326 audit(1771955742.893:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.199462][ T27] audit: type=1326 audit(1771955742.893:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.238715][ T27] audit: type=1326 audit(1771955742.893:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.272455][ T27] audit: type=1326 audit(1771955742.893:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.349007][ T27] audit: type=1326 audit(1771955742.893:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15072 comm="syz.0.2989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f1d7f19c629 code=0x7ffc0000 [ 674.630820][T15101] overlayfs: failed to clone upperpath [ 675.191684][T15114] fuse: Bad value for 'fd' [ 675.327661][T15120] overlayfs: failed to clone upperpath [ 679.068761][T15187] overlayfs: failed to clone upperpath [ 679.873691][T15207] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 681.764019][T15247] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 683.760359][T15294] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 685.001644][T15351] x_tables: ip_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 685.097448][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3103'. [ 686.266990][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.273484][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.837434][ T27] kauditd_printk_skb: 26 callbacks suppressed [ 688.837451][ T27] audit: type=1326 audit(1771955757.833:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 688.894215][ T27] audit: type=1326 audit(1771955757.863:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 688.954094][ T27] audit: type=1326 audit(1771955757.863:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.019798][ T27] audit: type=1326 audit(1771955757.863:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.075944][ T27] audit: type=1326 audit(1771955757.863:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.116339][ T27] audit: type=1326 audit(1771955757.863:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.165951][ T27] audit: type=1326 audit(1771955757.863:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.215991][ T27] audit: type=1326 audit(1771955757.863:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.271149][ T27] audit: type=1326 audit(1771955757.863:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.317195][ T27] audit: type=1326 audit(1771955757.863:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15426 comm="syz.6.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095d79c629 code=0x7ffc0000 [ 689.546995][T15441] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3137'. [ 689.582775][T15441] ------------[ cut here ]------------ [ 689.588435][T15441] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 689.627053][T15441] WARNING: CPU: 0 PID: 15441 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0 [ 689.636390][T15441] Modules linked in: [ 689.640337][T15441] CPU: 0 PID: 15441 Comm: syz.0.3137 Not tainted syzkaller #0 [ 689.647926][T15441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 689.658185][T15441] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 689.663539][T15441] Code: f8 eb 59 e8 a8 a0 d9 f8 c6 05 51 12 c8 05 01 b9 10 00 00 00 48 c7 c7 e0 40 c7 8b 4c 89 f6 48 c7 c2 60 41 c7 8b e8 16 62 a3 f8 <0f> 0b e9 86 f0 ff ff e8 7a a0 d9 f8 eb 24 e8 73 a0 d9 f8 c6 05 f3 [ 689.683551][T15441] RSP: 0018:ffffc9000ba7ed40 EFLAGS: 00010246 [ 689.689856][T15441] RAX: 7fff5276efa13d00 RBX: ffff888023cfec00 RCX: 0000000000080000 [ 689.698933][T15441] RDX: ffffc9000ea51000 RSI: 000000000000667b RDI: 000000000000667c [ 689.707160][T15441] RBP: ffffc9000ba7eef8 R08: ffffc9000ba7e947 R09: 1ffff9200174fd28 [ 689.715403][T15441] R10: dffffc0000000000 R11: fffff5200174fd29 R12: ffff888023cfc800 [ 689.723567][T15441] R13: ffff888023cfc8e8 R14: 0000000000000020 R15: ffff88802f633a80 [ 689.731723][T15441] FS: 00007f1d7ffef6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 689.740744][T15441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 689.747404][T15441] CR2: 00007fd4759e9078 CR3: 00000000483d2000 CR4: 00000000003506f0 [ 689.755528][T15441] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 689.763627][T15441] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 689.771770][T15441] Call Trace: [ 689.775093][T15441] [ 689.778220][T15441] ? tc_new_tfilter+0x8c6/0x1640 [ 689.783242][T15441] ? u32_get+0x370/0x370 [ 689.787752][T15441] tc_new_tfilter+0xe4f/0x1640 [ 689.792609][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 689.799791][T15441] ? rcu_read_unlock+0x8c/0xa0 [ 689.804645][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 689.810920][T15441] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 689.816307][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 689.822360][T15441] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 689.827443][T15441] ? lockdep_hardirqs_on+0x98/0x150 [ 689.832792][T15441] ? rtnetlink_bind+0x80/0x80 [ 689.837589][T15441] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 689.844410][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 689.849880][T15441] ? lock_chain_count+0x20/0x20 [ 689.854801][T15441] ? __local_bh_enable_ip+0x13a/0x1c0 [ 689.860380][T15441] ? lockdep_hardirqs_on+0x98/0x150 [ 689.865640][T15441] ? __local_bh_enable_ip+0x13a/0x1c0 [ 689.871139][T15441] ? _local_bh_enable+0xa0/0xa0 [ 689.876096][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 689.881361][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 689.886791][T15441] ? __dev_queue_xmit+0x124f/0x36b0 [ 689.892065][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 689.897350][T15441] ? ref_tracker_free+0x690/0x840 [ 689.903327][T15441] netlink_rcv_skb+0x241/0x4d0 [ 689.908511][T15441] ? rtnetlink_bind+0x80/0x80 [ 689.913252][T15441] ? netlink_ack+0x1180/0x1180 [ 689.918167][T15441] ? __lock_acquire+0x7d40/0x7d40 [ 689.923355][T15441] ? netlink_deliver_tap+0x2e/0x1b0 [ 689.928709][T15441] netlink_unicast+0x751/0x8d0 [ 689.933819][T15441] netlink_sendmsg+0x8d0/0xbf0 [ 689.938710][T15441] ? netlink_getsockopt+0x590/0x590 [ 689.943949][T15441] ? aa_sock_msg_perm+0x94/0x150 [ 689.949077][T15441] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 689.954492][T15441] ? security_socket_sendmsg+0x80/0xa0 [ 689.960041][T15441] ? netlink_getsockopt+0x590/0x590 [ 689.965295][T15441] ____sys_sendmsg+0x5ba/0x960 [ 689.970312][T15441] ? __asan_memset+0x22/0x40 [ 689.975063][T15441] ? __sys_sendmsg_sock+0x30/0x30 [ 689.980182][T15441] ? __import_iovec+0x5f2/0x850 [ 689.985095][T15441] ? import_iovec+0x73/0xa0 [ 689.989758][T15441] ___sys_sendmsg+0x2a6/0x360 [ 689.994477][T15441] ? __sys_sendmsg+0x2a0/0x2a0 [ 689.999385][T15441] __sys_sendmmsg+0x2ca/0x510 [ 690.004612][T15441] ? __ia32_sys_sendmsg+0x90/0x90 [ 690.009962][T15441] ? __ia32_sys_get_robust_list+0x110/0x110 [ 690.015971][T15441] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 690.022008][T15441] ? lock_chain_count+0x20/0x20 [ 690.027141][T15441] __x64_sys_sendmmsg+0xa0/0xb0 [ 690.032045][T15441] do_syscall_64+0x55/0xa0 [ 690.036777][T15441] ? clear_bhb_loop+0x40/0x90 [ 690.041500][T15441] ? clear_bhb_loop+0x40/0x90 [ 690.046297][T15441] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 690.052238][T15441] RIP: 0033:0x7f1d7f19c629 [ 690.056858][T15441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 690.076701][T15441] RSP: 002b:00007f1d7ffef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 690.085168][T15441] RAX: ffffffffffffffda RBX: 00007f1d7f415fa0 RCX: 00007f1d7f19c629 [ 690.093375][T15441] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004 [ 690.101524][T15441] RBP: 00007f1d7f232b39 R08: 0000000000000000 R09: 0000000000000000 [ 690.110167][T15441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 690.118408][T15441] R13: 00007f1d7f416038 R14: 00007f1d7f415fa0 R15: 00007ffca98fe3e8 [ 690.126500][T15441] [ 690.129567][T15441] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 690.136989][T15441] CPU: 0 PID: 15441 Comm: syz.0.3137 Not tainted syzkaller #0 [ 690.144569][T15441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 690.154796][T15441] Call Trace: [ 690.158096][T15441] [ 690.161067][T15441] dump_stack_lvl+0x18c/0x250 [ 690.165789][T15441] ? show_regs_print_info+0x20/0x20 [ 690.171103][T15441] ? load_image+0x400/0x400 [ 690.175662][T15441] panic+0x2dc/0x730 [ 690.179598][T15441] ? bpf_jit_dump+0xd0/0xd0 [ 690.184149][T15441] __warn+0x2e0/0x470 [ 690.188347][T15441] ? u32_change+0x1c5a/0x24f0 [ 690.193173][T15441] ? u32_change+0x1c5a/0x24f0 [ 690.197872][T15441] report_bug+0x2be/0x4f0 [ 690.202219][T15441] ? u32_change+0x1c5a/0x24f0 [ 690.206938][T15441] ? u32_change+0x1c5a/0x24f0 [ 690.211741][T15441] ? u32_change+0x1c5c/0x24f0 [ 690.216529][T15441] handle_bug+0xcf/0x120 [ 690.220967][T15441] exc_invalid_op+0x1a/0x50 [ 690.225486][T15441] asm_exc_invalid_op+0x1a/0x20 [ 690.230367][T15441] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 690.235698][T15441] Code: f8 eb 59 e8 a8 a0 d9 f8 c6 05 51 12 c8 05 01 b9 10 00 00 00 48 c7 c7 e0 40 c7 8b 4c 89 f6 48 c7 c2 60 41 c7 8b e8 16 62 a3 f8 <0f> 0b e9 86 f0 ff ff e8 7a a0 d9 f8 eb 24 e8 73 a0 d9 f8 c6 05 f3 [ 690.255504][T15441] RSP: 0018:ffffc9000ba7ed40 EFLAGS: 00010246 [ 690.261590][T15441] RAX: 7fff5276efa13d00 RBX: ffff888023cfec00 RCX: 0000000000080000 [ 690.269575][T15441] RDX: ffffc9000ea51000 RSI: 000000000000667b RDI: 000000000000667c [ 690.277652][T15441] RBP: ffffc9000ba7eef8 R08: ffffc9000ba7e947 R09: 1ffff9200174fd28 [ 690.285730][T15441] R10: dffffc0000000000 R11: fffff5200174fd29 R12: ffff888023cfc800 [ 690.293713][T15441] R13: ffff888023cfc8e8 R14: 0000000000000020 R15: ffff88802f633a80 [ 690.301719][T15441] ? tc_new_tfilter+0x8c6/0x1640 [ 690.306696][T15441] ? u32_get+0x370/0x370 [ 690.310980][T15441] tc_new_tfilter+0xe4f/0x1640 [ 690.315881][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 690.321909][T15441] ? rcu_read_unlock+0x8c/0xa0 [ 690.326699][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 690.332696][T15441] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 690.337820][T15441] ? tcf_proto_signal_destroying+0x240/0x240 [ 690.343833][T15441] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 690.348785][T15441] ? lockdep_hardirqs_on+0x98/0x150 [ 690.354037][T15441] ? rtnetlink_bind+0x80/0x80 [ 690.358736][T15441] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 690.364815][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 690.369943][T15441] ? lock_chain_count+0x20/0x20 [ 690.374809][T15441] ? __local_bh_enable_ip+0x13a/0x1c0 [ 690.380292][T15441] ? lockdep_hardirqs_on+0x98/0x150 [ 690.385513][T15441] ? __local_bh_enable_ip+0x13a/0x1c0 [ 690.390901][T15441] ? _local_bh_enable+0xa0/0xa0 [ 690.395779][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 690.401079][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 690.406204][T15441] ? __dev_queue_xmit+0x124f/0x36b0 [ 690.411413][T15441] ? __dev_queue_xmit+0x26b/0x36b0 [ 690.416566][T15441] ? ref_tracker_free+0x690/0x840 [ 690.421792][T15441] netlink_rcv_skb+0x241/0x4d0 [ 690.426575][T15441] ? rtnetlink_bind+0x80/0x80 [ 690.431268][T15441] ? netlink_ack+0x1180/0x1180 [ 690.436067][T15441] ? __lock_acquire+0x7d40/0x7d40 [ 690.441108][T15441] ? netlink_deliver_tap+0x2e/0x1b0 [ 690.446327][T15441] netlink_unicast+0x751/0x8d0 [ 690.451119][T15441] netlink_sendmsg+0x8d0/0xbf0 [ 690.455908][T15441] ? netlink_getsockopt+0x590/0x590 [ 690.461186][T15441] ? aa_sock_msg_perm+0x94/0x150 [ 690.466161][T15441] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 690.471505][T15441] ? security_socket_sendmsg+0x80/0xa0 [ 690.476998][T15441] ? netlink_getsockopt+0x590/0x590 [ 690.482224][T15441] ____sys_sendmsg+0x5ba/0x960 [ 690.487013][T15441] ? __asan_memset+0x22/0x40 [ 690.491624][T15441] ? __sys_sendmsg_sock+0x30/0x30 [ 690.496743][T15441] ? __import_iovec+0x5f2/0x850 [ 690.501623][T15441] ? import_iovec+0x73/0xa0 [ 690.506144][T15441] ___sys_sendmsg+0x2a6/0x360 [ 690.510837][T15441] ? __sys_sendmsg+0x2a0/0x2a0 [ 690.515744][T15441] __sys_sendmmsg+0x2ca/0x510 [ 690.520528][T15441] ? __ia32_sys_sendmsg+0x90/0x90 [ 690.525577][T15441] ? __ia32_sys_get_robust_list+0x110/0x110 [ 690.531491][T15441] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 690.537487][T15441] ? lock_chain_count+0x20/0x20 [ 690.542357][T15441] __x64_sys_sendmmsg+0xa0/0xb0 [ 690.547338][T15441] do_syscall_64+0x55/0xa0 [ 690.551859][T15441] ? clear_bhb_loop+0x40/0x90 [ 690.556719][T15441] ? clear_bhb_loop+0x40/0x90 [ 690.561513][T15441] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 690.567418][T15441] RIP: 0033:0x7f1d7f19c629 [ 690.571934][T15441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 690.591748][T15441] RSP: 002b:00007f1d7ffef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 690.600185][T15441] RAX: ffffffffffffffda RBX: 00007f1d7f415fa0 RCX: 00007f1d7f19c629 [ 690.608164][T15441] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004 [ 690.616146][T15441] RBP: 00007f1d7f232b39 R08: 0000000000000000 R09: 0000000000000000 [ 690.624124][T15441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 690.632104][T15441] R13: 00007f1d7f416038 R14: 00007f1d7f415fa0 R15: 00007ffca98fe3e8 [ 690.640101][T15441] [ 690.643564][T15441] Kernel Offset: disabled [ 690.647889][T15441] Rebooting in 86400 seconds..