last executing test programs: 1m22.9120191s ago: executing program 3 (id=1202): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000140)={[{@nodecompose}, {}, {@gid}, {@force}, {@uid}, {@creator={'creator', 0x3d, "e3fa1e83"}}, {@nls={'nls', 0x3d, 'cp869'}}]}, 0x44, 0x6fd, &(0x7f0000000500)="$eJzs3U1sHGf9B/DvrNcbbyq57nv/fyHFakQEDSR2TEmQkAgVQjlUKBKXXk3iNFacNLJdlESIuEDhCCeUQw9FKBx6Qj0gFXFAlDMSEleUeyTuEQcWzeysvV6/rRs7TsLnI83OMzPPy29+eWb2LdYG+J917u2MrqTIueNv3Si3792dWbh3d+Zqr5zkUJJG0uyuUlxLis+Ss+ku+b9yZ91dsdU4b9z/9MNjdz6e6W4166Wq39iu3ZrONiOs1Esmk4zU611qbtXfhby5ob/bu+q6WI27TNjRXuLgoHU2WNlN8yGuW+BxdzsZGd1k/0RyOMlY/Tog9d2h8YjD23O7ussBAADAY2iYN+fPPsiD3Mj4IwgHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnhpFMtJdVUujV55M0fv9/1a9r9RqHXC82/vKDsc/uPSIAgEAAAAAAACAffFJ/cX9kQd5kBsZ7+3vFNV3/q9VGy9Wj8/kvSxlLos5kRuZzXKWs5jpZHS8r8PWjdnl5cXpjS1/nbJlp9O5Xbc8lWRiQ8tTWwTa2OMTBwAAAAAAAICn009yLuMHHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPQrkpHuqlpe7JUn0mgmGUvSKuutJH/qlZ9kfz7oAAAAAGCf9b15Hy/+0y10iuo9/8vV+/6xvJdrWc58lrOQuVysPgvoNmz8fWVm4d7dmavlsrHvb/9r16E0kozk/S1GnqpqvLTa4ly+m+/neCZzPouZzw8zm+XMZTLt8iQymyIT7e6nFxO9ODeP9+y6rfODsR0Z2H61iqSdS5mvYjuRC610PzapzqEc89W+0f7QSgZGfL/MTvGt2pA5upikXZd/VX8uU+s8O2Qf+2OiOvPR1YxMlbmvs/Hc9rnf5TwZHGk6jXLuVGl/cW2UcnNwpF7Of7CbnB/ursbKh5+vz/le2+VHaYOZOJVGPfuSl9fn/PoX7zy/vvGX//GX85cb165cvrR0fB9P6WFM7lRhtFcYzMRMXyZe2X721ZlYKDOxMnwmRgd3jA3bcn+16mxUt6Ih75bfqUqzea1vCr6bi5nL6UxlOmcylW/kVGZWZ1i5vLQur82Zq+tzUl1rjY33t/Y2wR/9Ul+lX+xQ+dEq8/JcX17773QT1bF6z9lfZqpv9j2//ezb9bNAOf7/1+VyjJ+uPuM8DtZlor4396J7YftM/KZTPi4tXLuyeHn2+pDjHavX5WX7wfp782+Hj3rw2X0vlPOlvOM2q60qJ+3efCmPvbAa7fp8tepvXLrtGhuOvbR6bCLjmc/3trxSW/VruI09dY+90n/sn2t3zlb9+qZ3bN2rnLybhepVyMazBeCxcvj1w632/fbf2h+1f9a+3H5r7M1DZw59oZXRvzb/OPL7xu8a3yxez0f5ccYPOlIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgaLN28dWV2YWFucbWQscE9D1toDY7VSTJE8zR2rHP3meHCyESy/VhFXWjt7bk/iYV2Bvb0fmHpYXv+ZPt/99ZDB19sMp/3uFDmYU867HS6Sa32dEZ20bzZa7V5nWaWxnJltmhucnUfWrsKMnFlduHfnXXN2+m7ZICn3Mnlq9dPLt289dX5q7PvzL0zd+3UmdNnTs98ffprJy/NL8xNdR8POkpgPyzdvDWyye4Nv3QLAAAAAAAAAAAAPD7q//2//Ln/mKG5Q53W4tLmIx951KcKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPKHOvZ3RlRSZnjoxVW7fuzuzUC698lrNZpJGkuJHSfFZcjbdJRN93RVbjfPG/U8/PHbn45m1vpq9+o3t2g1npV4ymWSkXu/s0CbdbOzvQl9/K58rvGL1DMuEHe0lDg7afwMAAP//6lP2Ew==") openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8441, 0x118) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91) 1m22.647873444s ago: executing program 3 (id=1204): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x2, 0x0, &(0x7f00000000c0)) 1m22.451880757s ago: executing program 3 (id=1207): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) socketpair$unix(0x1, 0x3, 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffff8}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x4, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x2) shutdown(r0, 0x1) 1m22.025438624s ago: executing program 3 (id=1214): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 1m21.64731834s ago: executing program 3 (id=1218): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) write$tun(r0, &(0x7f0000000c00)={@void, @val={0x0, 0x4, 0x8, 0x6ed, 0x19, 0xc}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x9, 0xfc0, 0x65, 0x0, 0x10, 0x11, 0x0, @local, @multicast1}, {0x4e22, 0x4e22, 0xfac, 0x0, @opaque="3c48b59d51091827f7bd954712d1e7504267eb1bfbf3564a6b27e0bb1c22db2fb68ec49b33e7dac9c1cab424440034a8aca515e04da9fcf1242a4d05a302cae1b782b6a51beea830753d96cc4446b63f0fe6c6ff9c4fb2a4386452fbc82617c8928ccc9be77848784bf29d1e6892880aea52ed88da722b3e378ee6b15a3f23b872278d95e95a125594451e677b4c05e760d38e94bedaa75d127839c06060f1dec6537d7266bf4242862feed17584b7dcf5eea26c3d720b26e48d9246d90fa2d67f38121a1e73c92c8e0d165f929bdbc37e9aa80a1d6d7f6510a04d76672530a6507ac3be62ad55de6f8b34df8b8b412f2854271962a819d98a2fbc8574d0aa8fec9f2b393f26bd3876ebb8a6f6b99f960ecba7f6bd71c65bf7c4f77ebdac5955b6adb6c754394ef0dbbb202bca5d53125bc97dfe434077de9f6fa24eac5315fa6f57c93eaf8bd20a8ef0f3e66b3ed41f66ad7e9f165daee61c9c73d0c3a86bfde3bc9f5636da28730489be918af274c62b2a13d3552cc421da054167fbf27e0845a229de4b4549b9302d6e08f3498047612bb17b05297f443d47f66571fffa7d43b8a4c4010de0e6800df10acf7fdeaf2656faa3f442a61cab97dd8931d01aff7241cb23c233e77f78e40580c79123c6822f4f6c8043ae23668b0f8ce2e3bf30345f8c281aa74cdfb10af31e1907a4d948cea8c89a5b9ef92ab03a919f6cb7c52599289ffb5996ab2aaadd5c6ad67175b10493133234cfeccb7d22712d2743e3ef779163ca61fc630625d002bf011d34dd9fd4df51f6d63219602812297fe23c23532632d1e0bec319a40dac959a6f475d6f77ac17ccc8e00cfd04c9c95e4c10671c4acfa92f85a6a3b2e386a2aaf8ae64cfd89a498c24939ae544dbb365212a55efc546ba2ff685eb8e2a8567309b2bae5a82768747366ee47d32110bbd2b38ca18d0cc6aad59f581d4133aab273e096409b84114b3b2184bd308b931e647713bf2f2e11b3dbbf20e49b5461bb9db045260c9a695ed721e0e5f9660c0ea4a96ed10c538c79298436985f28ad8e8cb2003c2f34a03c1045f58eaca537e0be56b2dc6410e88dc9e24281981af155649adb3c7056612077f7a38bcf1b76b0cadf1adc41fb186fc615df9e2ddb40d09eac27d9882afd14ac60d04549c3727efa86daea05d378ca6d546bd4e3fb39d6bae0a914b6d88daebb949f3d52a817c3f2a5be689a9b7d2d4053fccc5a4fb8268f55bdc0f1208416f8a7d6a9b31a032fcffaf5b1b972cd3987dff4fba110f3807787df3d2ee0987310e96f58eddd6d97c2a0b83779931025a51c55fd7649d4fdfdc92e548b7e72a19947691f5a5d7e2162522c6035fee1b3c27b6a20a6493aba5ad729b4ec5470edf5f95f850b0b1399ac220a67b3f15ebdfa7a34c7c6889aa4132abc29e8cca6246d6d68a5fea648ad2650ed8a887f458e3a8846c49f59ad25dba0cc1276935512ff94abb05a2b2802f55bbee7febc899f987f75e3e3db8498fd23020fd309ff43520c7e8096ebf97cc3a1f2109c09c561d297717f773b63fccc8f13c5669f8932aa000f6f8dfdf1f5530d4a3baea68e27196e3f3d1319458eeb5db60799cdbeba1c0d0bdee37d122c54be4d36d73dc693ed391a23b9df0a24f30dc4e2ffae823aacb976077cd3b8e1a439cd01a05bfe945f5273a023a727148c3887bfb23b0fecb3b5ec363a02dfc9cf044ae30176116afbf3828747b4781dbc489f19e9da97b40d0c29ce7e518f9cdd002626194807704654b2322d618e1d5c5707b29f2c65d224d8b217e8d7347d679fcc3926bf778bc3c58aa9e99958bc8dcca1791e99ba80afcf4587402278119cef6feb40984730c210893714cbd6c5b34a81bb82581b50c189557f49ffda39326c041e536f8318d79894ddb9347a863ec3de21453c35e5b7c8162e24af2c12537f5b77d65f1d4314fc81978a7f4356802e49ca920fd7061eccfa0e5889da106df63a07f2a23d84dffbab39aa344db0d88c97d551d44272f4bd7e53f72c5df4abddf7dac67868ff9f189e5a02b6aa63d25d5e73da3e0aba28ee9fd6584b6b29ba4aa1124b2f685030a0723675e2296f1f7cc54c13859d0a12c2ad35915ae44818a1fa589cb7142f83f1f7dadf61d1f714ac4d5506b1cb2859a5bd900f8af940ce048e8155af421aee8ac63851cdd5324685e447b7a96100c32cd4d4f757cacb0eba2cd777f05d7cfc19efebc08aecd2e8c6a44c4fb1864d2a11958442386582e7cdb235bcd11615db06412bf7e493fd53ee85fcdb0983e086303e8373f1e190e71c5e66909aca706e0e9cb577c1d4f7c31f91d20b3b621ce7b0bcebb2b28248b24f1648871baf6f7594a0edd9ed12d74370060d11e1f58f815e8c3215a3b11152da9d23ef1746250a663ce59f5b192a83cf935e7a4fbb12ff9e881c57f4bc0d712c98fd2a68551418682ba2ffadda568770423ad009e9745d4c8f65a3981e8e2d6cb3ac79da197a433cf65714ab7fe755ed94f9f72ee1c0d90a0974ae98538630d1adeda105461a7add55d13736af858945c440cc559bf5c0dab10038b26d6601794c5b319794468178f5cdd9145d0445b41c997f757703add416b21fa45a8915d85e3d4017b9d31eecbd945731cc91dc53c2e5c045b1d9ff70415212a33aee8d1e3a033c51fb8d2027bcbc428547a610da282cccbe6f5d88856cf04b1b6a3fa385ecd7efd371d7330ad26a526c242d60f7c1b799783593340a9890926c60f8db03faddb4164533578e697c950acd18262c45768029efd530fbe26024fcfdfd20845194bb7d7c99ef3769bd9792c01f8126029bab5b4c2bbaf72afcf16e63d11266743cc9be485cb17844ed1d8eb97008763999f148e70ab5320580cc4d0e37b190ed7362902bb54dc85b72601e70d977640c3b58fc35e38f45881babbf7ef91aa3ae2ca25069c02a580f6024b5cca6330136f264a0a7111bcd8c7b5ad3272fa18b55777db79e290df660cdd63f385c80e0b7c00f372c562073e36f5f7f8b724f6c635def1103b66870d5f0a43d91c5b4b56ff7d86e98817177ef561d5358748af5d18fe797bd298a600d6d4dc817741f8f4667c4b2cc388b8f5a93e09f8645c2f54a0a1d1c5ff34579b779b6a8477749f70bdf61a17a33c9546962f07590fd56b99037582110fc33979c8d2a956afc89e60c2369a3308c2bb142951fa47a80dc6ce8b51de40d8b32037e369c60e40881f030514fa101b862ce8a26d29d1017fc3a8bdd5b02abb1a7e9111cc6e15774749720389c9d13eb58ac32ab2d831e0f5183bbf0e7567d627c7c7ff070cfd7d724bd934c06f8e7da1265380949a903092598b4cf00e2ce13c4b8476694d5166415f89ff0e7651d7bbe07ed8faf97184255f59f402395680df40e14f8b579fa58d8209399fd64aa598aa94d3b8c99fe6c76c4f0a18f7cb519fa6735b87a7a579e28a78f51056e9b5afd91221d11a8412d5c7dbc967f7e95eb253913a1c5bd31529995db0a4fcef65f7396dbda1cf196c485740a38216d2e9a6b8600bbf8482ba1d78ed66cf5c77e9981a097e79894c50e7276cdfc06eb8a63870e2ba50143d1eb88ae14722d53774185daa400a30d69cf1c7cddf47794e46946cc3b2f319fb5364431b11c074ae7ecbd9a593619b4de8808c63bdba60926f322c259ca3dfd929f35542f574c23823859a769616ee490ea4d98ea5d0a4f5599525742459803191b8f6f32a617f7fd8355ca3903b3a31cd7f5037c0291031a5b34097a5dae20709fa66230e84c5978f7538c29c0a82473050c864d35fa5734d4a18a1971e15930317dadb75542368dc0e776e2909ba199f9298e1f0d089387a9415e6ef85c49f4c21e143dcbcdabc4b65f18a87311513f70bf0ce3ba2b53855ed049977007beb75b89f57be2a6b9ee90025aec1e1f40bca697b90ecdf4a2e109099f0de5bfa018e49dc8de82bed32405f2d1921c348789a4d0c2a8219e8d46ccbb4d445ab8ea74a3b6185c4f95e1d8adbda03f3ba4c29d1bffe479093d18471b745a1773db74b1686e04f9958ee69552b46567697eb88e6f0c1e194d4b59aec43bc7de05d242ed12da8dfa3a0e1c07b857ec8e14e2b82b15561b3c9db8b3b9957c76e70ff50b27816f154c189fb4fe62f776a4a7d0cc3fd2136253184ec9bbf563c37caa80700b97b29fc2443ed2314739d993531ae46265da327cb848104a52792edd8775b205bff1c97ef662261f35a13eee1e9f749c4ac7bd64516135a9c8c474015dfd0baa17a15296d12ed5ad00081d75141a062b2e107a970b5f5bd3d9074813569866eee55e270a042c900ddeaa2bac1f8df0dd65525a5f5df144be494f067367d965da233aabdce7f084ecca539717614c4fbefa27c0407dacb48c4423be6c2783c064749ad6416ed0bbb1d8cc1c31a008908333df2c010081195a1c50d01a68bd4094070d10904690c29b349edfc881033c01f99fb87271dee2754e84930bbfb4a7fe6f47072743d890a0672fc5bd00c4d3932057aaf0f221c6b811355140e295735b653642c9af3bc0f2159cdd34db8f216a5930acfcdc93947b83ae8c2f3b66340fe1c51ce884a03593902cb232812a9289fac36ddc10098c71533f2b9c8c3f100442bcf895b0baea3d0d44fe44b9826010a69dfe98913853aa5e9a118f567d5a37a8dbc7dfe931ed1ccb4fe9e8bef8326008636d2412a7b4495f3d0924086972c2fb8990262d09b60b1d61f78994b918e699201e65f84b75e3bd03eb172f20039b38ef93a2f7378b549e9f0fdc7b784076fc2da9944611c1b4cb67c9f1e1501185110cbdaebfd3a52f4cfdf2fc4ee046e564c9a5422ec3e78f5671e33a816b87efc811ebf80853b78032feb3dea07241b3ee43b010546c1fbc14b137398885763bf13551408fd8b7296c869cbabf9b13e267734f800508ea853ddd6ad3072e6c4444d73ae6fae89b4cd3602ca111e3814955fd01aa914859cb101703b2279c4213f9000f867bc507ff78c9e3c37d586ee227a50010d47a76df90c0c198d5399e07d3466032c763699ae4382d74aa4adfc001db488017f98c3f95fa2d615e60fdf251d1e2539638b6e9fa8e1b27c37cf5cd8aa8fdf18762b37ecf91735576a0632087ebc6ff84cdf885fbca890f21254b21bbb3869ef2431b645be6b26664e25725c52327bdc0e61f906ee713d97fe22d86e77b5c0b9ff491fe7e53715ac5b4ba7a1010969d32b3b0a1e2fd995476c12a720788626994cceffbb3e16aeb5270d6b65eb4852ef1102de87820f2e7422908ba1b1d3651c19932d38a4c90f577f03f2aff88038620c7a42f240da5fbe6433065d3fd59acc5dd6de9d1667bdc55b9d1e0905d24558331e8c0fad5c41476fb2f727b9400f1a8327d1924ca1ad668e0a3d4186a6ebf5ca57c8c6c6e059d180693e73880333cd66beefd39606758daee4ac1951eb3dd304d9d2c5c582cae9be0faf8b5cfadf26d22ba1a29162aa766d371487a834eaeac619fb0c3cde62cd7e6b109be76745827d87857100d59ef8c7b5cf40d73836fd0df6fd6b445cf616ea7426f9932474a55753f6edd781b1c42f2a519108791890555ffbf5065ed0603de9b539a3e769ee8b8976db5de04b8747a6c63619b3b599120118e9ac3cdd653a2f7d2e40858db30b2c4e"}}}, 0xfca) 1m21.243166026s ago: executing program 3 (id=1226): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x80}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 1m20.960214121s ago: executing program 32 (id=1226): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x80}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 1m4.050116898s ago: executing program 4 (id=1353): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x8}]}]}, 0x28}}, 0x4040810) 1m3.799147802s ago: executing program 4 (id=1356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x5c}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4020000) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x4022c0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) userfaultfd(0x80001) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x80000003) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="8dffffff0600"}) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000500)='rxrpc_local\x00', r1}, 0x18) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) getsockopt(0xffffffffffffffff, 0x111, 0x1, 0x0, &(0x7f0000000080)) recvmmsg(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448cb, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, 0x0, 0x0) 1m2.790758288s ago: executing program 4 (id=1370): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x408c0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000180)='GPL\x00', 0x9, 0xc5, &(0x7f00000002c0)=""/197, 0x0, 0x8}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000000190001000100000000000a0080201400000400050000081e0e000900"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) 1m2.567627621s ago: executing program 4 (id=1373): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 1m2.04744305s ago: executing program 4 (id=1380): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip6_flowlabel\x00') openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) 1m1.614740277s ago: executing program 4 (id=1387): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m1.333587281s ago: executing program 33 (id=1387): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 42.427433609s ago: executing program 0 (id=1514): syz_usb_connect$cdc_ncm(0x4, 0x6e, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, 0x0) 41.724323361s ago: executing program 0 (id=1522): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 41.493341954s ago: executing program 0 (id=1524): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x101301) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) r1 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 41.243289758s ago: executing program 0 (id=1525): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x5c}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4020000) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x4022c0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) userfaultfd(0x80001) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x80000003) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="8dffffff0600"}) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000500)='rxrpc_local\x00', r1}, 0x18) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) getsockopt(0xffffffffffffffff, 0x111, 0x1, 0x0, &(0x7f0000000080)) recvmmsg(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448cb, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000040)="05000000", 0x4) 41.068970091s ago: executing program 0 (id=1526): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x80100, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r1, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"}) ioctl$TIOCGPGRP(r0, 0x5437, 0x0) 40.913114264s ago: executing program 0 (id=1527): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x2, 0x9, 0x0}) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==") pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5412, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000130001000000", @ANYRES32=r3, @ANYBLOB="100a06000908010014001a80100004"], 0x34}, 0x1, 0x0, 0x0, 0xc0c0}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}]}, &(0x7f00000008c0)='GPL\x00', 0x2, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, r1}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x5, 0x6, 0x6000, 0x2000, &(0x7f0000002000/0x2000)=nil}) sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_COMPAT_NAME={0xf, 0x1, '/\\\'{\xf7}-?-}\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40096}, 0x4000080) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r4) r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000240)=""/50, 0x32) getdents64(r5, 0xfffffffffffffffe, 0x63) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x1, 0xc73f, 0x81, 0x1}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r6}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r7}, 0x38) 27.338877018s ago: executing program 5 (id=1612): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) fsopen(&(0x7f0000000100)='ubifs\x00', 0x1) r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000000)) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000340)={'filter\x00', 0x4}, 0x68) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r2, 0x3, {0x0, 0xf1, 0x4}, 0xfe}, 0x18) bind$can_j1939(r1, &(0x7f0000001200)={0x1d, r2, 0x0, {0x0, 0x1, 0x2}}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 27.16729927s ago: executing program 5 (id=1614): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(r0, 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x18}}, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x2a979d) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x401c5820, 0x0) socket$key(0xf, 0x3, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="a60a000000000000a6b000000000000018000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x3c, r6, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xb}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="3000000002"], 0x8) 26.941844284s ago: executing program 5 (id=1617): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x20081e, &(0x7f0000000100), 0x1, 0x502, &(0x7f0000000a00)="$eJzs3c9vI1cdAPCvnV9OmjZp6QEQokspLGi1TuJto6oHKCeEUCVEjyBtQ+KNothxFDulCXvY/g9IVOIER/4Azj3xJyC4cYEDEj8iULMSSFPNeLzrzdob7yaxs/HnI41m3ryxv+/t7rzn+W7iF8DYuhYR9yJiOiI+iIiF/Hwh3+Ld9pZe99nR3fXjo7vrhUiS9/9VyOrTc9H1mtQL+XuWIuLH34/4WeHxuM2Dw+21Wq261y7OLrXqu0vNg8ObW/W1zepmdadSWV1ZXX771luVc+vra/Xp9sFE2sBv/yJt1nxe192Pc/T/JDP1IE5qMiJ+eAHBRmEi78/0qBvCMylGxCsR8Xp2/y/ERPa3CQBcZUmyEMlCdxkAuOqKWQ6sUCznuYD5KBbL5XYO79WYK9YazdaNO439nY12rmwxpop3tmrV5TxXuBhThbS8kh0/LFdOlG9FxMsR8cuZ2axcXm/UNkb5wQcAxtgLJ+b//860538A4IorjboBAMDQmf8BYPyY/wFg/Jj/AWD8mP8BYPyY/wFg/Jj/AWCs/Oi999ItOc6//3rjw4P97caHNzeqze1yfX+9vN7Y2y1vNhqb2Xf21E97v1qjsbvyZux/tPid3WZrqXlweLve2N9p3c6+1/t2dWoovQIAnuTl1z79cyEi7r0zm23RtZaDuRqutuJZXjx7fu0Ahm9i1A0ARsZqXzC+zvCMLz0AV0SPJXofUXrkcT+/OkmS5GKbBVyg61+S/4dx1ZX/91PAMGbk/2F8DZr/Py0/ADx/kqQw6Jr/MeiFAMDlJscP9Hm+fyXf/y7/z4Gfbpy84pOLbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbp31f8v5WuDzUSyWyxEvRsRiTBXubNWqyxHxUkT8aWZqJi2vjLjNAMBZFf9eyNf/ur7wxvzJ2unC/ZlsHxE///X7v/pordXa+2N6/t8Pzrc+yc9XRtF+AOA0nXk623c9yH92dHe9sw2zPf/4XkSU2vGPj6bj+EH8yZjM9qWYioi5/xTycluhK3dxFvc+jogv9up/IeazHEh75dOT8dPYLw41fvGR+MWsrr1P/yy+8NSRk4VzaD481z5Nx593e91/xbiW7Xvf/6VshDq7fPxL32r9OBsDH8bvjH8Tfca/a4PGePMPP2gfzT5e93HElycjOrGPu8afTvxCn/hvDBj/L1/56uv96pLfRFyP3vG7Yy216rtLzYPDm1v1tc3qZnWnUlldWV1++9ZblaUsR73Ufzb45zs3XupXl/Z/rk/80in9/8aA/f/t/z74ydeeEP9bX+8VvxivPiF+Oid+c8D4a3O/L/WrS+Nv9Ox/R//+3xgw/l//dvjYsuEAwOg0Dw6312q16t4wDzofJIYa1MEVOEj/1VyCZvQ8+O6wYk3HU70qSZ4pVr8R4zyybsBl0L7Xk+peRNwfdWMAAAAAAAAAAAAAAICehvEbS6PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX5wEAAP//90HVog==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x3) read$FUSE(r1, &(0x7f0000000f40)={0x2020}, 0x2020) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000080)={0x3920e, r0, 0x2, 0x0, 0x2}) 26.491335771s ago: executing program 5 (id=1624): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 26.168413386s ago: executing program 5 (id=1628): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 25.995330069s ago: executing program 5 (id=1630): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r0], 0x48}}, 0x0) 25.636691915s ago: executing program 34 (id=1630): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r0], 0x48}}, 0x0) 25.571979066s ago: executing program 35 (id=1527): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x2, 0x9, 0x0}) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==") pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5412, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000130001000000", @ANYRES32=r3, @ANYBLOB="100a06000908010014001a80100004"], 0x34}, 0x1, 0x0, 0x0, 0xc0c0}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}]}, &(0x7f00000008c0)='GPL\x00', 0x2, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, r1}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x5, 0x6, 0x6000, 0x2000, &(0x7f0000002000/0x2000)=nil}) sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_COMPAT_NAME={0xf, 0x1, '/\\\'{\xf7}-?-}\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40096}, 0x4000080) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r4) r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000240)=""/50, 0x32) getdents64(r5, 0xfffffffffffffffe, 0x63) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x1, 0xc73f, 0x81, 0x1}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r6}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r7}, 0x38) 6.209759762s ago: executing program 1 (id=1684): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 5.883990427s ago: executing program 1 (id=1686): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) iopl(0x3) syz_open_dev$sndmidi(&(0x7f0000000580), 0x7, 0xcab867dd85abb010) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 3.530007794s ago: executing program 6 (id=1691): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000001, 0x12, 0xffffffffffffffff, 0xfebc8000) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e2c882420"], 0x7) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x110, 0x14, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, 0x0, 0x4004) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 3.271231718s ago: executing program 6 (id=1692): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") 3.065967572s ago: executing program 7 (id=1632): unshare(0x26020480) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x1, 0x0) r3 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2de, 0x400, 0xffffffff, 0x286}, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0) 3.065081861s ago: executing program 2 (id=1693): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="18ff00000000010000000020fbdb"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) iopl(0x3) modify_ldt$read(0x0, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000580), 0x7, 0xcab867dd85abb010) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r5, 0x0, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmmsg(r6, &(0x7f00000019c0)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x7fffffff}], 0x2, 0x12020, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x0, 0x0, 0x200d, 0x0, 0x6, 0x9, 0x5}}) 3.026364312s ago: executing program 6 (id=1694): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, 0x0) userfaultfd(0x80801) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x20, 0x0, &(0x7f00000004c0)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f00000034c0)={0x2020}, 0x2020) 2.674833928s ago: executing program 1 (id=1695): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000400)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@gettfilter={0x2c, 0x2e, 0x800, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8}, {0x9, 0x3}, {0x10}}, [{0x8, 0xb, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000017dcb4401e04114098af00000019090212000100000000090400000082dd9700"], 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x802, 0x0) ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f0000000180)={0x0, 0x4, 0xfff}) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001400090500000800fddbdf25020852fe", @ANYRES32, @ANYBLOB="08000200ffffffff080001000000000014000600"], 0x3c}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x20, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_TX_RATES={0x4}]}, 0x20}}, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4048aecb, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r12, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r13 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGPROP(r13, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMRU1(r13, 0x40047452, &(0x7f0000000000)=0xfffffff7) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x3c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac01]}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.89132864s ago: executing program 6 (id=1696): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000b40)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001370274902796e79e0e8b68f578bc93e0813a5ca0862be0be8f47c15589488024a13abb0f2995bf19618d7f3afd402dc6435fe8a07bb83514b70200678bf279d3343f376df14ebbf2638999bd3b02482da832836abfd8fe5b91c82dacd12636615d5e86e781761fe06d09b8c4b847f4c1debb9427747702853a8a343b89084cc008831fba81ec3d01fd41ce20c85357ff944ef0e77268c91e8921bd412ee154a53518d75f1cbf09ce8589f1a3bd260c3a1165437cd0dd7ed327d35afa75b21d9d7901c016a4c8ec69bf30ec5bcaf8d248961aaab9a12ef69101434050dbd55b60100e2bda31cb79ab63f99201dcb3352e1b2ae8892d871212db92d182d4d4061c2cd2d745607515b8291f096e53c54da0a937ff80de0990ee0a061103a303be4d0e5a"], 0x6f4}}, 0x4000000) 1.862030581s ago: executing program 2 (id=1697): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180), 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) 1.818598671s ago: executing program 7 (id=1698): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040961b070000000000000109022400010000000009040000020300000009210000000122050009058133"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000778009"], 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x60800) 1.594589874s ago: executing program 6 (id=1699): connect$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e8, 0x0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @local, [0xff, 0xffffffff, 0x0, 0xff000000], [0xffffff00, 0xff000000], 'erspan0\x00', 'wlan0\x00', {}, {0xff}, 0x2b, 0x3, 0x3}, 0x0, 0x298, 0x2e0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548) 1.543418646s ago: executing program 2 (id=1700): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x7, @loopback}], 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000000c0)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) 1.309787029s ago: executing program 2 (id=1701): connect$unix(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 606.45012ms ago: executing program 1 (id=1702): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r3 = dup(r1) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10) shutdown(r1, 0x1) close_range(r0, 0xffffffffffffffff, 0x100000000000000) 471.638302ms ago: executing program 6 (id=1703): syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='noadinicb,partition=00000000000000000005,noadinicb,mode=00000000000000000003324,gid=', @ANYRESDEC=0x0, @ANYBLOB=',volume=0000000000000,\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO") syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) 420.926083ms ago: executing program 2 (id=1704): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48) sched_setscheduler(0x0, 0x1, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x5ad202, 0x0) fchmodat(0xffffffffffffff9c, 0x0, 0xfffffed3) openat(0xffffffffffffff9c, &(0x7f0000000680)='.\x00', 0x88980, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_generic(0x10, 0x3, 0x10) getcwd(0x0, 0xfffffffffffffe7d) sendmsg$nl_generic(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x70bd2b, 0x25dfdbfa, {0x5}}, 0x14}}, 0x40800) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x64, 0x0, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000000b050000000000000000000300000908000100753332000800024000000001faff01007533320068bd9c72778082b26802676722c4c4588fe6f701a3861d48fc"], 0x2c}, 0x1, 0x0, 0x0, 0x20004045}, 0x20000000) r5 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r5, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4) 279.389445ms ago: executing program 1 (id=1705): r0 = socket(0x2b, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) 38.583739ms ago: executing program 2 (id=1706): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) iopl(0x3) syz_open_dev$sndmidi(&(0x7f0000000580), 0x7, 0xcab867dd85abb010) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 0s ago: executing program 1 (id=1707): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1057499, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x3004903, &(0x7f0000000380)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c756e695f786c6174653d302c005e13341d7266bc2347ebbeee425cd9f478728f40df5dab384b2b524e5c85ce2cef9bb0ead90d15c7d515e6317862de055987b712774e7e8a5e3d638e450c0e06964a9d85b0a800accf43d8f85391727539b5209a8fcc585d012bdbf8633db1d040d1776d04051467c8f42868e6054d84288287785e58524a494dfcb51a3c80813c616555d54380e6f5bd644aa1c722ede4421f736ea4e3cc7133a734c72b3ab1b216675addfceac075442c21322a38f2c4ff67608ca33b1dc41c04e1de006e8593a5a2d4e7149cd36d02b7c001abcf6a75edb5e5e64272a3213c052e8855e88d"], 0x0, 0x336, &(0x7f00000006c0)="$eJzs3UFrXFUUB/DTGJPSkr4sRFAQL7rRzZDEL+AgLYiBSmykuhBezYsO8zoT5g2VKWLdufVzFJfuBPELZOPenbtsXHZRfJKZZEziCG1pOhPm94NwD9z8mXMZ3nA2M/fg9o9327tVYzfvx8L7KRYiYuFRxOqwGrl0tC4M66U46ft4N7v9xxuffPb5R83NzetbKd1o3npvI6V07c1fv/n2p7d+61/99OdrvyzH/uoXB39t/Ln/6v5rB3/f+rpVpVaVOt1+ytOdbref3ymLtNOq2o2UPi6LvCpSq1MVvVP7u2V3b2+Q8s7OypW9XlFVKe8MUrsYpH439XuDlH+Vtzqp0WiklSsxX06eN3vCzPbDra28eU4NMSN6vWZ++Awv/2dn++FUGgIApurFzP91Fk82/x+PKE8//1+a9/n/WZj/58Hh/L909PyeZv4HAAAAAAAAAAAAAICL4FFdZ3VdZ8fr2b9p98f58v7PtxNf3LscUf5wb/ve9mgd7Td3oxVlFLEWWTyOqMdG9Y0PN6+vpaHVWLn7YJQ/XF86nV+PLFYn59dTSvWDlE7nXx7+osU4vxFZvDI5vzF6/TP5pXjn7RP5RmTx+5fRjTJ24jD7b/679ZQ+uLl5Jr88/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5kMjjU28v7/R+L/9UX58v/5aZPF48v38axPv51+M1xene3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOFYN7rfzsix6z7e4HBHPHK+PnEdjs1lEzEQbT1sszUYbZ4vF2WjjghfT/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2986ffNq9NuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCmqBvfbeVkWvXMspn1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+SfAAAA//8Hhik/") kernel console output (not intermixed with test programs): EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 152.842663][ T6613] loop3: detected capacity change from 0 to 128 [ 152.873904][ T6613] EXT4-fs (loop3): Test dummy encryption mode enabled [ 152.892022][ T6613] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 152.921109][ T6613] ext4 filesystem being mounted at /58/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 153.515366][ T6617] xt_ecn: cannot match TCP bits for non-tcp packets [ 153.633633][ T6619] vivid-000: disconnect [ 153.650661][ T6610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.255'. [ 153.739737][ T6620] random: crng reseeded on system resumption [ 153.809856][ T6621] vivid-000: reconnect [ 154.600377][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 155.205113][ T6626] loop0: detected capacity change from 0 to 32768 [ 155.251134][ T28] audit: type=1800 audit(1753579062.510:11): pid=6626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.262" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 155.620831][ T6635] loop3: detected capacity change from 0 to 32768 [ 155.717786][ T6635] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 155.920953][ T6635] XFS (loop3): Ending clean mount [ 155.970534][ T6635] XFS (loop3): Quotacheck needed: Please wait. [ 156.072304][ T6635] XFS (loop3): Quotacheck: Done. [ 156.636463][ T6651] netlink: 180 bytes leftover after parsing attributes in process `syz.0.268'. [ 156.983960][ T6655] 9pnet_virtio: no channels available for device syz [ 157.000324][ T6655] bridge0: port 3(syz_tun) entered blocking state [ 157.033082][ T6655] bridge0: port 3(syz_tun) entered disabled state [ 157.039112][ T6657] vivid-000: disconnect [ 157.081167][ T6655] syz_tun: entered allmulticast mode [ 157.133475][ T6660] random: crng reseeded on system resumption [ 157.205168][ T6661] vivid-000: reconnect [ 157.695092][ T6655] syz_tun: entered promiscuous mode [ 157.717632][ T6655] bridge0: port 3(syz_tun) entered blocking state [ 157.724564][ T6655] bridge0: port 3(syz_tun) entered forwarding state [ 157.829143][ T6659] netlink: 830 bytes leftover after parsing attributes in process `syz.1.270'. [ 157.995636][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.240635][ T6667] loop2: detected capacity change from 0 to 128 [ 158.274779][ T6667] EXT4-fs (loop2): Test dummy encryption mode enabled [ 158.345520][ T6667] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 158.363439][ T6667] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 158.423354][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 160.819348][ T6686] binder: 6685:6686 unknown command 0 [ 160.824888][ T6686] binder: 6685:6686 ioctl c0306201 200000000080 returned -22 [ 161.626614][ T6683] syz.2.281: attempt to access beyond end of device [ 161.626614][ T6683] loop2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 161.875774][ T6696] loop1: detected capacity change from 0 to 128 [ 161.909307][ T6696] EXT4-fs (loop1): Test dummy encryption mode enabled [ 161.934036][ T6696] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 161.954746][ T6696] ext4 filesystem being mounted at /81/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 162.194403][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 164.912246][ T6722] loop1: detected capacity change from 0 to 32768 [ 164.954315][ T6734] loop0: detected capacity change from 0 to 128 [ 164.989531][ T6734] EXT4-fs (loop0): Test dummy encryption mode enabled [ 165.022104][ T6722] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 165.022411][ T6734] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 165.120374][ T6734] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 165.428884][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 165.519630][ T6750] syz.3.302[6750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.520235][ T6750] syz.3.302[6750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.544157][ T6750] syz.3.302[6750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.556122][ T6750] syz.3.302[6750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.691753][ T6722] XFS (loop1): Ending clean mount [ 166.449075][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 167.255425][ T6770] binder: 6768:6770 unknown command 0 [ 167.272341][ T6770] binder: 6768:6770 ioctl c0306201 200000000080 returned -22 [ 167.467018][ T6772] fuse: Unknown parameter 'grou00000000000000000000' [ 167.537079][ T6776] loop1: detected capacity change from 0 to 128 [ 167.577466][ T6776] EXT4-fs (loop1): Test dummy encryption mode enabled [ 167.632284][ T6776] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 167.655144][ T6776] ext4 filesystem being mounted at /85/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 167.691453][ T6781] 9pnet_virtio: no channels available for device syz [ 167.755749][ T6781] bridge0: port 3(syz_tun) entered blocking state [ 167.766195][ T6781] bridge0: port 3(syz_tun) entered disabled state [ 167.773027][ T6781] syz_tun: entered allmulticast mode [ 167.780878][ T6781] syz_tun: entered promiscuous mode [ 167.789643][ T6781] bridge0: port 3(syz_tun) entered blocking state [ 167.796431][ T6781] bridge0: port 3(syz_tun) entered forwarding state [ 167.846774][ T6781] netlink: 830 bytes leftover after parsing attributes in process `syz.3.316'. [ 167.934798][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 168.605882][ T6791] syz.1.317: attempt to access beyond end of device [ 168.605882][ T6791] loop1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 170.309628][ T6799] netlink: 68 bytes leftover after parsing attributes in process `syz.0.320'. [ 170.804092][ T6788] loop3: detected capacity change from 0 to 32768 [ 170.930635][ T6788] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 170.991239][ T6812] fuse: Unknown parameter 'grou00000000000000000000' [ 171.188812][ T6788] XFS (loop3): Ending clean mount [ 171.347481][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.629030][ T6834] netlink: 'syz.1.331': attribute type 29 has an invalid length. [ 173.637485][ T6834] netlink: 'syz.1.331': attribute type 29 has an invalid length. [ 173.693007][ T6834] netlink: 'syz.1.331': attribute type 29 has an invalid length. [ 173.701065][ T6834] netlink: 'syz.1.331': attribute type 29 has an invalid length. [ 174.567891][ T6840] fuse: Unknown parameter 'grou00000000000000000000' [ 176.938466][ T6858] sched: RT throttling activated [ 177.957695][ T6866] syz.3.339: attempt to access beyond end of device [ 177.957695][ T6866] loop3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 178.930410][ T6868] loop1: detected capacity change from 0 to 1024 [ 179.168184][ T6876] netlink: 'syz.2.341': attribute type 29 has an invalid length. [ 179.176348][ T6876] netlink: 'syz.2.341': attribute type 29 has an invalid length. [ 179.186115][ T6876] netlink: 'syz.2.341': attribute type 29 has an invalid length. [ 179.194293][ T6876] netlink: 'syz.2.341': attribute type 29 has an invalid length. [ 179.592899][ T6875] fuse: Unknown parameter 'group_i00000000000000000000' [ 182.434788][ T6908] vivid-000: disconnect [ 183.180805][ T6911] vivid-000: reconnect [ 183.565835][ T6915] netlink: 'syz.3.352': attribute type 29 has an invalid length. [ 183.575521][ T6915] netlink: 'syz.3.352': attribute type 29 has an invalid length. [ 183.591125][ T6915] netlink: 'syz.3.352': attribute type 29 has an invalid length. [ 183.601208][ T6915] netlink: 'syz.3.352': attribute type 29 has an invalid length. [ 184.369956][ T6920] loop1: detected capacity change from 0 to 1024 [ 184.657757][ T6928] loop2: detected capacity change from 0 to 128 [ 184.754144][ T6928] EXT4-fs (loop2): Test dummy encryption mode enabled [ 184.876840][ T6928] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 185.010683][ T6928] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 185.080438][ T6935] loop0: detected capacity change from 0 to 128 [ 185.150401][ T6935] EXT4-fs (loop0): Test dummy encryption mode enabled [ 185.241830][ T6935] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 185.279040][ T6935] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 185.410414][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 185.685573][ T6946] loop3: detected capacity change from 0 to 1024 [ 185.716444][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 185.933921][ T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 186.243141][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 186.291998][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 186.363996][ T6954] netlink: 'syz.0.364': attribute type 29 has an invalid length. [ 186.372905][ T6954] netlink: 'syz.0.364': attribute type 29 has an invalid length. [ 186.383524][ T6954] netlink: 'syz.0.364': attribute type 29 has an invalid length. [ 186.392037][ T6954] netlink: 'syz.0.364': attribute type 29 has an invalid length. [ 188.024138][ T27] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 188.033754][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.042643][ T27] usb 3-1: Product: syz [ 188.046951][ T27] usb 3-1: Manufacturer: syz [ 188.054234][ T27] usb 3-1: SerialNumber: syz [ 188.092450][ T27] usb 3-1: config 0 descriptor?? [ 188.122589][ T27] hub 3-1:0.0: bad descriptor, ignoring hub [ 188.129120][ T27] hub: probe of 3-1:0.0 failed with error -5 [ 188.190086][ T27] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 188.823878][ T6961] loop1: detected capacity change from 0 to 1024 [ 189.262319][ T6972] fuse: Unknown parameter 'group_i00000000000000000000' [ 190.379762][ T9] usb 3-1: USB disconnect, device number 3 [ 190.589203][ T6973] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 190.872953][ T6984] vivid-000: disconnect [ 191.084773][ T6987] netlink: 'syz.1.375': attribute type 29 has an invalid length. [ 191.093261][ T6987] netlink: 'syz.1.375': attribute type 29 has an invalid length. [ 191.610150][ T6988] vivid-000: reconnect [ 191.998633][ T6992] 9pnet_virtio: no channels available for device syz [ 192.215611][ T6996] loop3: detected capacity change from 0 to 1024 [ 192.296297][ T6977] loop0: detected capacity change from 0 to 32768 [ 192.374832][ T28] audit: type=1800 audit(1753579099.640:12): pid=6977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.374" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 192.388883][ T6977] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 192.388883][ T6977] [ 192.452937][ T6977] ERROR: (device loop0): remounting filesystem as read-only [ 192.628541][ T7003] fuse: Unknown parameter 'group_id00000000000000000000' [ 192.697271][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 192.827368][ T54] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 192.923474][ T7007] 9pnet_virtio: no channels available for device syz [ 193.050556][ T54] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.620459][ T7012] netlink: 'syz.3.387': attribute type 29 has an invalid length. [ 193.629997][ T7012] netlink: 'syz.3.387': attribute type 29 has an invalid length. [ 194.357847][ T54] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 194.366837][ T54] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 194.376063][ T54] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.388390][ T54] usb 2-1: config 0 descriptor?? [ 194.399760][ T54] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 194.406831][ T54] dvb-usb: bulk message failed: -22 (3/0) [ 194.423204][ T54] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 194.438004][ T54] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 194.449911][ T54] usb 2-1: media controller created [ 194.459841][ T54] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 194.538883][ T54] dvb-usb: bulk message failed: -22 (6/0) [ 194.548354][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.554706][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.611323][ T54] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 195.103683][ T54] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 195.248689][ T7001] dvb-usb: bulk message failed: -22 (2/0) [ 195.317325][ T54] dvb-usb: schedule remote query interval to 150 msecs. [ 195.326529][ T54] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 195.349268][ T54] usb 2-1: USB disconnect, device number 2 [ 195.381606][ T7021] netlink: 'syz.0.389': attribute type 29 has an invalid length. [ 195.390024][ T7021] netlink: 'syz.0.389': attribute type 29 has an invalid length. [ 195.399339][ T7021] netlink: 'syz.0.389': attribute type 29 has an invalid length. [ 195.407438][ T7021] netlink: 'syz.0.389': attribute type 29 has an invalid length. [ 196.207843][ T54] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 196.259769][ T7024] loop0: detected capacity change from 0 to 128 [ 196.301652][ T7025] loop3: detected capacity change from 0 to 1024 [ 196.405041][ T7024] EXT4-fs (loop0): Test dummy encryption mode enabled [ 196.455618][ T7024] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 196.496774][ T7024] ext4 filesystem being mounted at /96/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 196.698166][ T7033] fuse: Unknown parameter 'group_id00000000000000000000' [ 196.721063][ T7034] 9pnet_virtio: no channels available for device syz [ 196.773369][ T7034] netlink: 830 bytes leftover after parsing attributes in process `syz.1.395'. [ 196.791536][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 196.948471][ T7028] loop2: detected capacity change from 0 to 32768 [ 196.977027][ T7036] loop3: detected capacity change from 0 to 1024 [ 197.059251][ T28] audit: type=1800 audit(1753579104.310:13): pid=7028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.393" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 197.122454][ T7028] ERROR: (device loop2): dbAdjCtl: the maximum free buddy is not the old root [ 197.122454][ T7028] [ 197.274584][ T7028] ERROR: (device loop2): remounting filesystem as read-only [ 197.985210][ T7048] input: syz0 as /devices/virtual/input/input8 [ 198.178585][ T7051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.400'. [ 198.218617][ T7051] team_slave_0: entered promiscuous mode [ 198.225067][ T7051] team_slave_1: entered promiscuous mode [ 198.282602][ T7054] loop2: detected capacity change from 0 to 1024 [ 198.296142][ T7051] team0: Device macsec1 is already an upper device of the team interface [ 198.353353][ T7051] team_slave_0: left promiscuous mode [ 198.360304][ T7051] team_slave_1: left promiscuous mode [ 200.359340][ T7067] fuse: Unknown parameter 'group_id00000000000000000000' [ 200.380054][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.403'. [ 200.582444][ T7070] loop2: detected capacity change from 0 to 128 [ 200.637411][ T7070] EXT4-fs (loop2): Test dummy encryption mode enabled [ 200.750721][ T7070] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 200.797660][ T7070] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 200.826162][ T7073] loop1: detected capacity change from 0 to 1024 [ 201.276079][ T7080] netlink: 'syz.3.407': attribute type 29 has an invalid length. [ 201.284561][ T7080] netlink: 'syz.3.407': attribute type 29 has an invalid length. [ 201.597917][ T7083] hfsplus: xattr searching failed [ 202.505148][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 202.662737][ T7088] vivid-000: disconnect [ 202.761316][ T7088] vivid-000: reconnect [ 203.021515][ T7093] tipc: Started in network mode [ 203.026727][ T7093] tipc: Node identity ac14140f, cluster identity 4711 [ 203.036665][ T7093] tipc: New replicast peer: 255.255.255.255 [ 203.046607][ T7093] tipc: Enabled bearer , priority 10 [ 203.057630][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.1.413'. [ 203.066668][ T7093] tipc: Disabling bearer [ 203.511080][ T7099] loop3: detected capacity change from 0 to 1024 [ 203.974964][ T7107] fuse: Bad value for 'user_id' [ 203.992781][ T7095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.415'. [ 204.321553][ T7109] netlink: 'syz.1.416': attribute type 10 has an invalid length. [ 204.671896][ T7109] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.832920][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.416'. [ 205.168284][ T7119] netlink: 'syz.2.418': attribute type 29 has an invalid length. [ 205.176411][ T7119] netlink: 'syz.2.418': attribute type 29 has an invalid length. [ 206.083648][ T7123] vivid-000: disconnect [ 206.121494][ T7123] vivid-000: reconnect [ 206.912380][ T7126] loop2: detected capacity change from 0 to 4096 [ 206.965488][ T7126] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 207.031959][ T7133] loop1: detected capacity change from 0 to 1024 [ 207.041669][ T7126] ntfs3: loop2: Failed to load $Extend (-22). [ 207.067445][ T7126] ntfs3: loop2: Failed to initialize $Extend. [ 207.146361][ T7114] loop3: detected capacity change from 0 to 32768 [ 207.197902][ T7114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.419 (7114) [ 207.342651][ T7114] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 207.367535][ T7114] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 207.397910][ T7114] BTRFS info (device loop3): turning on sync discard [ 207.408737][ T7114] BTRFS info (device loop3): force clearing of disk cache [ 207.416358][ T7114] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 207.428577][ T7114] BTRFS info (device loop3): trying to use backup root at mount time [ 207.437804][ T7114] BTRFS info (device loop3): enabling ssd optimizations [ 207.445015][ T7114] BTRFS info (device loop3): using spread ssd allocation scheme [ 207.453452][ T7114] BTRFS info (device loop3): doing ref verification [ 207.464077][ T7114] BTRFS info (device loop3): disabling free space tree [ 207.547917][ T7114] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 207.574967][ T7114] BTRFS info (device loop3): force lzo compression, level 0 [ 207.677389][ T9] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 208.358385][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 208.367877][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 208.756760][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 208.798820][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 208.868679][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 208.935556][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 208.955932][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 209.011764][ T9] usb 1-1: config 0 has no interface number 0 [ 209.018377][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 209.029559][ T9] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 209.075838][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.097748][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 209.098607][ T7114] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 209.258026][ T9] usb 1-1: config 0 descriptor?? [ 209.344356][ T7160] netlink: 'syz.2.429': attribute type 29 has an invalid length. [ 209.353827][ T7160] netlink: 'syz.2.429': attribute type 29 has an invalid length. [ 209.653676][ T7114] BTRFS error (device loop3): open_ctree failed: -12 [ 210.050827][ T9] usb 1-1: selecting invalid altsetting 1 [ 210.088392][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 210.094826][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 210.412980][ T9] DVB: Unable to find symbol cx22700_attach() [ 211.157592][ T9] DVB: Unable to find symbol tda10046_attach() [ 211.163832][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 211.233955][ T7174] loop0: detected capacity change from 0 to 1024 [ 211.234431][ T9] usb 1-1: USB disconnect, device number 3 [ 211.258324][ T7176] vivid-000: disconnect [ 211.330014][ T7176] vivid-000: reconnect [ 211.666592][ T7180] netlink: 'syz.2.434': attribute type 29 has an invalid length. [ 211.674819][ T7180] netlink: 'syz.2.434': attribute type 29 has an invalid length. [ 211.684053][ T7180] netlink: 'syz.2.434': attribute type 29 has an invalid length. [ 211.692199][ T7180] netlink: 'syz.2.434': attribute type 29 has an invalid length. [ 212.058179][ T5796] Bluetooth: hci2: command 0x0406 tx timeout [ 212.064575][ T5796] Bluetooth: hci1: command 0x0406 tx timeout [ 212.922549][ T7187] 9pnet_virtio: no channels available for device syz [ 213.415932][ T7184] netlink: 'syz.3.437': attribute type 10 has an invalid length. [ 213.444680][ T7184] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.555809][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.437'. [ 214.030099][ T7196] input: syz0 as /devices/virtual/input/input9 [ 214.213206][ T7183] loop2: detected capacity change from 0 to 40427 [ 214.257760][ T7183] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 214.264793][ T7183] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 214.312363][ T7183] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x7ffff [ 214.341294][ T7183] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x6 [ 214.413877][ T7183] F2FS-fs (loop2): invalid crc value [ 214.452867][ T7183] F2FS-fs (loop2): Found nat_bits in checkpoint [ 214.533283][ T2130] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 214.876088][ T2130] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 215.172758][ T2130] usb 2-1: config 0 has no interface number 0 [ 215.203192][ T2130] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 215.236530][ T2130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.291719][ T2130] usb 2-1: config 0 descriptor?? [ 215.302092][ T7183] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 215.337910][ T7183] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 215.372018][ T2130] usb 2-1: selecting invalid altsetting 1 [ 215.383024][ T7193] loop0: detected capacity change from 0 to 32768 [ 215.393492][ T2130] dvb_ttusb_budget: ttusb_init_controller: error [ 215.420875][ T2130] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 215.460125][ T7193] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.440 (7193) [ 215.481607][ T7208] loop3: detected capacity change from 0 to 1024 [ 215.489928][ T7193] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.547330][ T7193] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 215.591478][ T7193] BTRFS info (device loop0): turning on sync discard [ 215.648564][ T7193] BTRFS info (device loop0): force clearing of disk cache [ 215.696446][ T7193] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 215.708573][ T7193] BTRFS info (device loop0): trying to use backup root at mount time [ 215.718116][ T7193] BTRFS info (device loop0): enabling ssd optimizations [ 215.725211][ T7193] BTRFS info (device loop0): using spread ssd allocation scheme [ 215.738651][ T2130] DVB: Unable to find symbol cx22700_attach() [ 215.777510][ T7193] BTRFS info (device loop0): doing ref verification [ 215.784193][ T7193] BTRFS info (device loop0): disabling free space tree [ 215.836329][ T7193] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 215.869491][ T7193] BTRFS info (device loop0): force lzo compression, level 0 [ 215.885729][ T2130] DVB: Unable to find symbol tda10046_attach() [ 215.902368][ T2130] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 215.938004][ T2130] usb 2-1: USB disconnect, device number 3 [ 216.180710][ T1083] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 216.194588][ T7193] BTRFS error (device loop0): failed to load root extent [ 216.288045][ T7228] netlink: 'syz.3.446': attribute type 29 has an invalid length. [ 216.297791][ T7228] netlink: 'syz.3.446': attribute type 29 has an invalid length. [ 216.313857][ T7228] netlink: 'syz.3.446': attribute type 29 has an invalid length. [ 216.323193][ T7228] netlink: 'syz.3.446': attribute type 29 has an invalid length. [ 216.336053][ T7193] BTRFS warning (device loop0): try to load backup roots slot 1 [ 216.458185][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 216.692014][ T7193] BTRFS warning (device loop0): couldn't read tree root [ 216.856369][ T7193] BTRFS warning (device loop0): try to load backup roots slot 2 [ 216.905315][ T12] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 217.017494][ T7193] BTRFS warning (device loop0): couldn't read tree root [ 217.025456][ T7193] BTRFS warning (device loop0): try to load backup roots slot 3 [ 217.133010][ T7233] loop1: detected capacity change from 0 to 128 [ 217.142591][ T7230] vivid-000: disconnect [ 217.155718][ T7234] 9pnet_virtio: no channels available for device syz [ 217.163082][ T7233] EXT4-fs (loop1): Test dummy encryption mode enabled [ 217.220160][ T7230] vivid-000: reconnect [ 217.238630][ T7233] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 217.258038][ T7193] BTRFS error (device loop0): open_ctree failed: -4 [ 217.268278][ T7234] netlink: 830 bytes leftover after parsing attributes in process `syz.3.448'. [ 217.280661][ T7233] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 217.432991][ T5980] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by udevd (5980) [ 217.563756][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 217.678152][ T7246] input: syz0 as /devices/virtual/input/input10 [ 217.813233][ T7250] fuse: Bad value for 'fd' [ 217.869059][ T7252] loop2: detected capacity change from 0 to 512 [ 217.960193][ T7252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 217.987546][ T7252] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.142991][ T7256] loop0: detected capacity change from 0 to 1024 [ 219.212760][ T7252] ext4: Unknown parameter '€' [ 219.292725][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 219.678795][ T7263] netlink: 'syz.0.456': attribute type 29 has an invalid length. [ 219.686941][ T7263] netlink: 'syz.0.456': attribute type 29 has an invalid length. [ 219.696236][ T7263] netlink: 'syz.0.456': attribute type 29 has an invalid length. [ 219.704532][ T7263] netlink: 'syz.0.456': attribute type 29 has an invalid length. [ 220.735730][ T7266] netlink: 'syz.2.457': attribute type 10 has an invalid length. [ 221.092647][ T7266] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.941948][ T7275] loop0: detected capacity change from 0 to 128 [ 222.030576][ T7275] EXT4-fs (loop0): Test dummy encryption mode enabled [ 222.052983][ T7277] loop1: detected capacity change from 0 to 1024 [ 222.094543][ T7275] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 222.217385][ T7275] ext4 filesystem being mounted at /112/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 222.638095][ T7284] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 223.040499][ T5793] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 223.102659][ T7286] loop1: detected capacity change from 0 to 1024 [ 223.569789][ T7288] loop0: detected capacity change from 0 to 40427 [ 223.582536][ T7288] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 223.590398][ T7288] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 223.606834][ T7288] F2FS-fs (loop0): invalid crc value [ 223.695510][ T7288] F2FS-fs (loop0): Found nat_bits in checkpoint [ 223.767749][ T7299] netlink: 'syz.3.469': attribute type 10 has an invalid length. [ 223.876149][ T7288] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 223.883332][ T7288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 224.288421][ T7299] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.667503][ T7309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.472'. [ 225.986057][ T7313] loop1: detected capacity change from 0 to 128 [ 226.104935][ T7313] EXT4-fs (loop1): Test dummy encryption mode enabled [ 226.442043][ T7313] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 226.500746][ T7313] ext4 filesystem being mounted at /129/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 227.484619][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 228.322117][ T7329] loop1: detected capacity change from 0 to 1024 [ 228.476135][ T7335] fuse: Invalid rootmode [ 228.627079][ T7337] loop1: detected capacity change from 0 to 128 [ 228.640878][ T7337] EXT4-fs (loop1): Test dummy encryption mode enabled [ 228.710881][ T7341] fuse: Bad value for 'rootmode' [ 228.933227][ T7337] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 228.976819][ T7347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.483'. [ 229.005455][ T7337] ext4 filesystem being mounted at /131/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 229.046771][ T7339] loop3: detected capacity change from 0 to 40427 [ 229.055556][ T7339] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 229.063403][ T7339] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 229.081145][ T7339] F2FS-fs (loop3): invalid crc value [ 229.108309][ T7339] F2FS-fs (loop3): Found nat_bits in checkpoint [ 229.173357][ T7339] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 229.180471][ T7339] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 229.618466][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 230.074378][ T7358] netlink: 'syz.0.485': attribute type 29 has an invalid length. [ 230.114671][ T7358] netlink: 'syz.0.485': attribute type 29 has an invalid length. [ 231.399611][ T7368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'. [ 232.073444][ T7374] fuse: Bad value for 'rootmode' [ 232.085190][ T7378] 9pnet_virtio: no channels available for device syz [ 232.123551][ T7378] netlink: 830 bytes leftover after parsing attributes in process `syz.3.487'. [ 232.294760][ T7384] loop3: detected capacity change from 0 to 128 [ 232.321959][ T7384] EXT4-fs (loop3): Test dummy encryption mode enabled [ 232.484610][ T7385] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 232.502500][ T7385] input: syz0 as /devices/virtual/input/input11 [ 232.532474][ T7384] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 232.560581][ T7384] ext4 filesystem being mounted at /116/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 232.723436][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 232.908168][ T7393] loop3: detected capacity change from 0 to 128 [ 232.967624][ T7393] EXT4-fs (loop3): Test dummy encryption mode enabled [ 233.057689][ T7393] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 233.146162][ T7393] ext4 filesystem being mounted at /117/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 233.984022][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 234.313208][ T7411] xt_TPROXY: Can be used only with -p tcp or -p udp [ 234.370425][ T7410] fuse: Bad value for 'rootmode' [ 234.857956][ T7408] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 235.545473][ T7430] netlink: 'syz.0.509': attribute type 10 has an invalid length. [ 235.607486][ T7430] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.840290][ T7430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.509'. [ 236.679303][ T7440] loop2: detected capacity change from 0 to 128 [ 236.823488][ T7440] EXT4-fs (loop2): Test dummy encryption mode enabled [ 236.937250][ T5803] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 237.227522][ T7440] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 237.244792][ T7440] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 237.470238][ T5788] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 237.587092][ T5803] Bluetooth: hci3: command 0x0406 tx timeout [ 238.701605][ T7455] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 239.093627][ T7468] loop2: detected capacity change from 0 to 4096 [ 239.274187][ T7474] loop3: detected capacity change from 0 to 1024 [ 240.573426][ T7485] netlink: 'syz.1.527': attribute type 29 has an invalid length. [ 240.582695][ T7485] netlink: 'syz.1.527': attribute type 29 has an invalid length. [ 240.824247][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 241.177829][ T7494] ntfs3: loop2: ino=5, "/" directory corrupted [ 242.106347][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 242.336512][ T7492] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 242.447251][ T7504] 9pnet_virtio: no channels available for device syz [ 242.958225][ T7523] loop3: detected capacity change from 0 to 1024 [ 244.232016][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.543'. [ 244.457360][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 245.073366][ T7543] fuse: Unknown parameter 'user_i00000000000000000000' [ 245.481377][ T7552] netlink: 830 bytes leftover after parsing attributes in process `syz.2.550'. [ 245.824643][ T7555] netlink: 'syz.0.551': attribute type 29 has an invalid length. [ 245.832944][ T7555] netlink: 'syz.0.551': attribute type 29 has an invalid length. [ 246.102356][ T54] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 246.310715][ T54] usb 4-1: not running at top speed; connect to a high speed hub [ 246.320633][ T54] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 246.330339][ T54] usb 4-1: config 1 has no interface number 1 [ 246.343920][ T54] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 246.369141][ T54] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 246.381132][ T54] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.389465][ T54] usb 4-1: Product: syz [ 246.393912][ T54] usb 4-1: Manufacturer: syz [ 246.400027][ T54] usb 4-1: SerialNumber: syz [ 246.971358][ T7573] netlink: 4 bytes leftover after parsing attributes in process `syz.2.556'. [ 247.094242][ T54] usb 4-1: failed to enable PITCH for EP 0x82 [ 247.198138][ T7572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'. [ 247.472068][ T54] usb 4-1: USB disconnect, device number 3 [ 247.675271][ T5805] udevd[5805]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 247.850023][ T7583] netlink: 'syz.2.562': attribute type 29 has an invalid length. [ 247.858155][ T7583] netlink: 'syz.2.562': attribute type 29 has an invalid length. [ 248.715857][ T7601] netlink: 'syz.0.565': attribute type 10 has an invalid length. [ 248.725461][ T7601] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.776526][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.0.565'. [ 249.398631][ T7612] trusted_key: syz.2.569 sent an empty control message without MSG_MORE. [ 249.693629][ T7618] netlink: 830 bytes leftover after parsing attributes in process `syz.2.572'. [ 249.840092][ T7622] loop3: detected capacity change from 0 to 512 [ 249.872551][ T7622] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.574: corrupted in-inode xattr: invalid ea_ino [ 249.917562][ T7622] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.574: couldn't read orphan inode 15 (err -117) [ 249.939306][ T7622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.032015][ T7631] netlink: 'syz.1.575': attribute type 29 has an invalid length. [ 250.040369][ T7631] netlink: 'syz.1.575': attribute type 29 has an invalid length. [ 252.630190][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.872981][ T2130] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 254.311102][ T2130] usb 2-1: device descriptor read/64, error -71 [ 254.722527][ T2130] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 254.887324][ T2130] usb 2-1: device descriptor read/64, error -71 [ 255.027407][ T2130] usb usb2-port1: attempt power cycle [ 255.257283][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 255.450382][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.459571][ T2130] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 255.469604][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.485815][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 255.507537][ T9] usb 4-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 255.516805][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.539938][ T2130] usb 2-1: device descriptor read/8, error -71 [ 255.561439][ T9] usb 4-1: config 0 descriptor?? [ 255.992326][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.998976][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.018758][ T9] hid-udraw 0003:20D6:CB17.0002: unknown main item tag 0x0 [ 256.038467][ T2130] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 256.608818][ T9] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0002/input/input12 [ 256.682829][ T2130] usb 2-1: device descriptor read/8, error -71 [ 256.726376][ T9] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0002/input/input13 [ 256.831763][ T9] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0002/input/input14 [ 256.837681][ T2130] usb usb2-port1: unable to enumerate USB device [ 256.964913][ T7691] loop1: detected capacity change from 0 to 2048 [ 257.028473][ T9] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0002/input/input15 [ 257.361719][ T7691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 257.371171][ T9] hid-udraw 0003:20D6:CB17.0002: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.3-1/input0 [ 257.393108][ T9] usb 4-1: USB disconnect, device number 4 [ 257.639584][ T7698] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 257.665570][ T7697] fido_id[7697]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 257.710963][ T7698] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 246 with error 28 [ 257.735503][ T7698] EXT4-fs (loop1): This should not happen!! Data will be lost [ 257.735503][ T7698] [ 257.746113][ T7698] EXT4-fs (loop1): Total free blocks count 0 [ 257.757883][ T7698] EXT4-fs (loop1): Free/Dirty block details [ 257.765250][ T7698] EXT4-fs (loop1): free_blocks=2415919104 [ 257.775134][ T7698] EXT4-fs (loop1): dirty_blocks=256 [ 257.781991][ T7698] EXT4-fs (loop1): Block reservation details [ 257.792002][ T7698] EXT4-fs (loop1): i_reserved_data_blocks=16 [ 258.214556][ T7705] loop3: detected capacity change from 0 to 40427 [ 258.264986][ T7705] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 258.273105][ T7705] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 258.338408][ T7705] F2FS-fs (loop3): invalid crc value [ 258.449833][ T7705] F2FS-fs (loop3): Found nat_bits in checkpoint [ 258.768803][ T7705] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 258.776061][ T7705] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 259.377891][ T7705] syz.3.605: attempt to access beyond end of device [ 259.377891][ T7705] loop3: rw=2049, sector=45096, nr_sectors = 48 limit=40427 [ 259.383641][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 259.432857][ T7705] syz.3.605: attempt to access beyond end of device [ 259.432857][ T7705] loop3: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 259.915478][ T7724] fuse: Bad value for 'fd' [ 259.936199][ T7725] netlink: 'syz.1.608': attribute type 29 has an invalid length. [ 259.944968][ T7725] netlink: 'syz.1.608': attribute type 29 has an invalid length. [ 259.955046][ T7725] netlink: 'syz.1.608': attribute type 29 has an invalid length. [ 259.963319][ T7725] netlink: 'syz.1.608': attribute type 29 has an invalid length. [ 260.258814][ T7731] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 260.307473][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.082921][ T7741] loop1: detected capacity change from 0 to 4096 [ 261.098888][ T7741] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 261.342810][ T7741] ntfs3: loop1: ino=1e, "file1" ntfs3_write_inode failed, -22. [ 261.448883][ T7745] ntfs3: loop1: ino=1e, "file1" ntfs3_write_inode failed, -22. [ 261.924012][ T7756] netlink: 4 bytes leftover after parsing attributes in process `syz.0.620'. [ 262.308388][ T11] ntfs3: loop1: ino=1e, ntfs3_write_inode failed, -22. [ 262.404041][ T7763] netlink: 'syz.2.621': attribute type 29 has an invalid length. [ 262.413331][ T7763] netlink: 'syz.2.621': attribute type 29 has an invalid length. [ 263.476662][ T7778] loop1: detected capacity change from 0 to 512 [ 263.559871][ T7778] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.629: corrupted in-inode xattr: invalid ea_ino [ 263.597306][ T7778] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.629: couldn't read orphan inode 15 (err -117) [ 263.621052][ T7778] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 263.851328][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.270366][ T7802] netlink: 4 bytes leftover after parsing attributes in process `syz.0.633'. [ 266.279293][ T7821] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 266.287662][ T7821] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 266.297030][ T7821] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 266.306546][ T7821] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 266.930747][ T7793] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 267.724910][ T7839] netlink: 'syz.1.643': attribute type 29 has an invalid length. [ 267.738582][ T7839] netlink: 'syz.1.643': attribute type 29 has an invalid length. [ 268.649971][ T7853] netlink: 'syz.0.649': attribute type 29 has an invalid length. [ 268.658991][ T7853] netlink: 'syz.0.649': attribute type 29 has an invalid length. [ 268.668355][ T7853] netlink: 'syz.0.649': attribute type 29 has an invalid length. [ 268.676428][ T7853] netlink: 'syz.0.649': attribute type 29 has an invalid length. [ 269.017436][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 269.732426][ T7865] netlink: 830 bytes leftover after parsing attributes in process `syz.0.653'. [ 269.906965][ T7854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.650'. [ 270.608811][ T7879] loop3: detected capacity change from 0 to 164 [ 271.987441][ T7895] netlink: 'syz.2.661': attribute type 29 has an invalid length. [ 271.995559][ T7895] netlink: 'syz.2.661': attribute type 29 has an invalid length. [ 272.005094][ T7895] netlink: 'syz.2.661': attribute type 29 has an invalid length. [ 272.013826][ T7895] netlink: 'syz.2.661': attribute type 29 has an invalid length. [ 272.390474][ T7897] netlink: 830 bytes leftover after parsing attributes in process `syz.0.664'. [ 272.903454][ T7900] netlink: 68 bytes leftover after parsing attributes in process `syz.1.660'. [ 274.543931][ T7918] hfs: can't find a HFS filesystem on dev nullb0 [ 275.228090][ T7920] fuse: Unknown parameter '0x0000000000000003' [ 275.585284][ T7926] netlink: 'syz.2.674': attribute type 29 has an invalid length. [ 275.593582][ T7926] netlink: 'syz.2.674': attribute type 29 has an invalid length. [ 275.602873][ T7926] netlink: 'syz.2.674': attribute type 29 has an invalid length. [ 275.610923][ T7926] netlink: 'syz.2.674': attribute type 29 has an invalid length. [ 275.893482][ T7932] netlink: 830 bytes leftover after parsing attributes in process `syz.1.675'. [ 276.723764][ T7942] netlink: 68 bytes leftover after parsing attributes in process `syz.1.679'. [ 276.898044][ T7951] fuse: Unknown parameter '0x0000000000000003' [ 277.082200][ T7950] netlink: 'syz.2.684': attribute type 29 has an invalid length. [ 277.090274][ T7950] netlink: 'syz.2.684': attribute type 29 has an invalid length. [ 277.099711][ T7950] netlink: 'syz.2.684': attribute type 29 has an invalid length. [ 277.107707][ T7950] netlink: 'syz.2.684': attribute type 29 has an invalid length. [ 277.462999][ T7960] netlink: 830 bytes leftover after parsing attributes in process `syz.3.688'. [ 277.484229][ T7962] loop2: detected capacity change from 0 to 7 [ 277.507364][ T7962] Dev loop2: unable to read RDB block 7 [ 277.523837][ T7962] loop2: unable to read partition table [ 277.530195][ T7962] loop2: partition table beyond EOD, truncated [ 277.571136][ T7962] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 278.454627][ T7981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.691'. [ 278.597530][ T7984] fuse: Unknown parameter 'fd0x0000000000000003' [ 278.854525][ T7986] netlink: 'syz.0.696': attribute type 29 has an invalid length. [ 278.862975][ T7986] netlink: 'syz.0.696': attribute type 29 has an invalid length. [ 278.872227][ T7986] netlink: 'syz.0.696': attribute type 29 has an invalid length. [ 278.880340][ T7986] netlink: 'syz.0.696': attribute type 29 has an invalid length. [ 281.260170][ T7999] netlink: 68 bytes leftover after parsing attributes in process `syz.2.698'. [ 282.021377][ T8005] netlink: 830 bytes leftover after parsing attributes in process `syz.0.703'. [ 283.601684][ T8026] netlink: 'syz.3.708': attribute type 29 has an invalid length. [ 283.610799][ T8026] netlink: 'syz.3.708': attribute type 29 has an invalid length. [ 283.620106][ T8026] netlink: 'syz.3.708': attribute type 29 has an invalid length. [ 283.628178][ T8026] netlink: 'syz.3.708': attribute type 29 has an invalid length. [ 283.981257][ T8022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'. [ 289.457417][ T8057] netlink: 'syz.0.719': attribute type 29 has an invalid length. [ 289.465645][ T8057] netlink: 'syz.0.719': attribute type 29 has an invalid length. [ 289.475042][ T8057] netlink: 'syz.0.719': attribute type 29 has an invalid length. [ 289.483496][ T8057] netlink: 'syz.0.719': attribute type 29 has an invalid length. [ 292.496277][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.721'. [ 294.977200][ T8086] netlink: 830 bytes leftover after parsing attributes in process `syz.2.727'. [ 295.831938][ T8093] netlink: 'syz.1.728': attribute type 29 has an invalid length. [ 295.840111][ T8093] netlink: 'syz.1.728': attribute type 29 has an invalid length. [ 295.849332][ T8093] netlink: 'syz.1.728': attribute type 29 has an invalid length. [ 295.857410][ T8093] netlink: 'syz.1.728': attribute type 29 has an invalid length. [ 299.348314][ T8116] netlink: 830 bytes leftover after parsing attributes in process `syz.0.738'. [ 299.853135][ T8124] netlink: 'syz.1.739': attribute type 29 has an invalid length. [ 299.896806][ T8124] netlink: 'syz.1.739': attribute type 29 has an invalid length. [ 300.002504][ T8127] netlink: 'syz.1.739': attribute type 29 has an invalid length. [ 300.047752][ T8127] netlink: 'syz.1.739': attribute type 29 has an invalid length. [ 302.194839][ T8139] syz.3.747: attempt to access beyond end of device [ 302.194839][ T8139] loop3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 303.581492][ T8168] loop3: detected capacity change from 0 to 512 [ 304.551305][ T8180] loop3: detected capacity change from 0 to 4096 [ 305.004877][ T8192] ntfs3: loop3: ino=5, "/" directory corrupted [ 306.885748][ T8223] netlink: 'syz.2.775': attribute type 29 has an invalid length. [ 306.894083][ T8223] netlink: 'syz.2.775': attribute type 29 has an invalid length. [ 307.700178][ T8219] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 309.743051][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 310.806998][ T8259] netlink: 'syz.3.788': attribute type 29 has an invalid length. [ 310.815755][ T8259] netlink: 'syz.3.788': attribute type 29 has an invalid length. [ 312.892114][ T8296] netlink: 'syz.3.800': attribute type 29 has an invalid length. [ 312.900644][ T8296] netlink: 'syz.3.800': attribute type 29 has an invalid length. [ 313.712013][ T8298] netlink: 'syz.0.801': attribute type 10 has an invalid length. [ 313.721080][ T8298] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.769056][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.801'. [ 314.191778][ T8312] netlink: 'syz.3.802': attribute type 29 has an invalid length. [ 314.247970][ T8312] netlink: 'syz.3.802': attribute type 29 has an invalid length. [ 314.329995][ T8317] netlink: 'syz.3.802': attribute type 29 has an invalid length. [ 314.338383][ T8317] netlink: 'syz.3.802': attribute type 29 has an invalid length. [ 314.726777][ T8320] xt_CT: You must specify a L4 protocol and not use inversions on it [ 315.829009][ T8333] netlink: 68 bytes leftover after parsing attributes in process `syz.2.810'. [ 315.866909][ T8332] loop1: detected capacity change from 0 to 4096 [ 316.108366][ T8337] ntfs3: loop1: ino=5, "/" directory corrupted [ 317.431643][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.289089][ T8360] netlink: 830 bytes leftover after parsing attributes in process `syz.3.823'. [ 319.586031][ T8373] netlink: 68 bytes leftover after parsing attributes in process `syz.0.824'. [ 319.732087][ T8377] netlink: 'syz.2.825': attribute type 29 has an invalid length. [ 319.854729][ T8377] netlink: 'syz.2.825': attribute type 29 has an invalid length. [ 319.966171][ T8375] loop1: detected capacity change from 0 to 4096 [ 319.991090][ T8381] netlink: 'syz.2.825': attribute type 29 has an invalid length. [ 320.062765][ T8381] netlink: 'syz.2.825': attribute type 29 has an invalid length. [ 320.205279][ T8384] ntfs3: loop1: ino=5, "/" directory corrupted [ 321.309531][ T8388] loop1: detected capacity change from 0 to 4096 [ 321.338265][ T8388] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 322.330828][ T8395] xt_CT: You must specify a L4 protocol and not use inversions on it [ 322.412275][ T8397] netlink: 16 bytes leftover after parsing attributes in process `syz.2.834'. [ 322.708570][ T8407] overlayfs: failed to clone upperpath [ 323.086771][ T8418] netlink: 'syz.1.837': attribute type 29 has an invalid length. [ 323.095105][ T8418] netlink: 'syz.1.837': attribute type 29 has an invalid length. [ 323.171831][ T8421] xt_CT: You must specify a L4 protocol and not use inversions on it [ 323.386348][ T8422] netlink: 'syz.0.842': attribute type 29 has an invalid length. [ 323.455586][ T8422] netlink: 'syz.0.842': attribute type 29 has an invalid length. [ 323.520198][ T8425] netlink: 'syz.0.842': attribute type 29 has an invalid length. [ 323.553256][ T8425] netlink: 'syz.0.842': attribute type 29 has an invalid length. [ 324.412028][ T8439] bridge1: entered promiscuous mode [ 324.417778][ T8439] bridge1: entered allmulticast mode [ 324.456831][ T8439] team0: Port device bridge1 added [ 325.237300][ T8445] xt_CT: You must specify a L4 protocol and not use inversions on it [ 326.934549][ T8465] loop1: detected capacity change from 0 to 512 [ 326.969276][ T8465] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.861: corrupted in-inode xattr: invalid ea_ino [ 326.980694][ T8464] gtp0: entered promiscuous mode [ 326.999654][ T8465] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.861: couldn't read orphan inode 15 (err -117) [ 327.004357][ T8464] gtp0: entered allmulticast mode [ 327.058953][ T8465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 327.990380][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.941574][ T8499] netlink: 'syz.2.872': attribute type 29 has an invalid length. [ 328.949905][ T8499] netlink: 'syz.2.872': attribute type 29 has an invalid length. [ 328.959468][ T8499] netlink: 'syz.2.872': attribute type 29 has an invalid length. [ 328.968723][ T8499] netlink: 'syz.2.872': attribute type 29 has an invalid length. [ 330.919399][ T8505] loop3: detected capacity change from 0 to 32768 [ 331.098019][ T8526] netlink: 'syz.0.885': attribute type 10 has an invalid length. [ 331.107059][ T8526] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.145733][ T8505] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 331.155282][ T8505] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 331.192293][ T8505] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 331.206825][ T8532] netlink: 'syz.2.884': attribute type 29 has an invalid length. [ 331.215011][ T8532] netlink: 'syz.2.884': attribute type 29 has an invalid length. [ 331.225485][ T8532] netlink: 'syz.2.884': attribute type 29 has an invalid length. [ 331.233518][ T8532] netlink: 'syz.2.884': attribute type 29 has an invalid length. [ 332.364031][ T8526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.885'. [ 332.617736][ T8505] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 334.573843][ T8560] netlink: 'syz.2.887': attribute type 29 has an invalid length. [ 334.582660][ T8560] netlink: 'syz.2.887': attribute type 29 has an invalid length. [ 334.693803][ T8565] netlink: 'syz.3.895': attribute type 29 has an invalid length. [ 334.703075][ T8565] netlink: 'syz.3.895': attribute type 29 has an invalid length. [ 334.719869][ T8565] netlink: 'syz.3.895': attribute type 29 has an invalid length. [ 334.729081][ T8565] netlink: 'syz.3.895': attribute type 29 has an invalid length. [ 336.663031][ T8583] netlink: 44 bytes leftover after parsing attributes in process `syz.3.902'. [ 336.672244][ T8583] netlink: 8 bytes leftover after parsing attributes in process `syz.3.902'. [ 336.676369][ T8581] loop1: detected capacity change from 0 to 256 [ 336.770915][ T8581] FAT-fs (loop1): Directory bread(block 64) failed [ 336.787270][ T8581] FAT-fs (loop1): Directory bread(block 65) failed [ 336.793956][ T8581] FAT-fs (loop1): Directory bread(block 66) failed [ 336.817299][ T8581] FAT-fs (loop1): Directory bread(block 67) failed [ 336.823976][ T8581] FAT-fs (loop1): Directory bread(block 68) failed [ 336.851954][ T8581] FAT-fs (loop1): Directory bread(block 69) failed [ 336.875287][ T8581] FAT-fs (loop1): Directory bread(block 70) failed [ 336.903020][ T8581] FAT-fs (loop1): Directory bread(block 71) failed [ 336.927750][ T8581] FAT-fs (loop1): Directory bread(block 72) failed [ 336.934363][ T8581] FAT-fs (loop1): Directory bread(block 73) failed [ 338.123499][ T8596] netlink: 'syz.2.906': attribute type 29 has an invalid length. [ 338.133437][ T8596] netlink: 'syz.2.906': attribute type 29 has an invalid length. [ 338.150351][ T8596] netlink: 'syz.2.906': attribute type 29 has an invalid length. [ 338.159417][ T8596] netlink: 'syz.2.906': attribute type 29 has an invalid length. [ 342.427604][ T8641] netlink: 'syz.0.917': attribute type 29 has an invalid length. [ 342.437216][ T8641] netlink: 'syz.0.917': attribute type 29 has an invalid length. [ 342.453804][ T8641] netlink: 'syz.0.917': attribute type 29 has an invalid length. [ 342.463164][ T8641] netlink: 'syz.0.917': attribute type 29 has an invalid length. [ 343.039635][ T8642] netlink: 'syz.2.914': attribute type 29 has an invalid length. [ 343.113797][ T8642] netlink: 'syz.2.914': attribute type 29 has an invalid length. [ 346.170202][ T8671] xt_CT: You must specify a L4 protocol and not use inversions on it [ 347.317937][ T8680] netlink: 'syz.2.929': attribute type 29 has an invalid length. [ 347.334449][ T8680] netlink: 'syz.2.929': attribute type 29 has an invalid length. [ 347.344158][ T8680] netlink: 'syz.2.929': attribute type 29 has an invalid length. [ 347.352283][ T8680] netlink: 'syz.2.929': attribute type 29 has an invalid length. [ 350.837692][ T8698] netlink: 68 bytes leftover after parsing attributes in process `syz.2.932'. [ 353.000879][ T8720] netlink: 'syz.3.940': attribute type 29 has an invalid length. [ 353.009133][ T8720] netlink: 'syz.3.940': attribute type 29 has an invalid length. [ 353.018631][ T8720] netlink: 'syz.3.940': attribute type 29 has an invalid length. [ 353.026612][ T8720] netlink: 'syz.3.940': attribute type 29 has an invalid length. [ 353.718272][ T8721] netlink: 'syz.1.937': attribute type 29 has an invalid length. [ 353.733624][ T8722] IPv6: Can't replace route, no match found [ 353.744419][ T8721] netlink: 'syz.1.937': attribute type 29 has an invalid length. [ 353.875728][ T8726] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 354.336308][ T8735] xt_CT: You must specify a L4 protocol and not use inversions on it [ 355.252979][ T8745] netlink: 68 bytes leftover after parsing attributes in process `syz.0.950'. [ 355.321465][ T8745] netlink: 108 bytes leftover after parsing attributes in process `syz.0.950'. [ 355.712659][ T8754] netlink: 'syz.3.953': attribute type 29 has an invalid length. [ 355.721832][ T8754] netlink: 'syz.3.953': attribute type 29 has an invalid length. [ 355.731421][ T8754] netlink: 'syz.3.953': attribute type 29 has an invalid length. [ 355.740233][ T8754] netlink: 'syz.3.953': attribute type 29 has an invalid length. [ 356.996175][ T8773] loop3: detected capacity change from 0 to 128 [ 357.026594][ T8771] xt_CT: You must specify a L4 protocol and not use inversions on it [ 358.647020][ T8784] netlink: 68 bytes leftover after parsing attributes in process `syz.2.966'. [ 358.743231][ T8783] netlink: 108 bytes leftover after parsing attributes in process `syz.2.966'. [ 358.849201][ T8794] validate_nla: 4 callbacks suppressed [ 358.849218][ T8794] netlink: 'syz.0.964': attribute type 29 has an invalid length. [ 358.901683][ T8794] netlink: 'syz.0.964': attribute type 29 has an invalid length. [ 359.219512][ T8802] loop3: detected capacity change from 0 to 1024 [ 359.248731][ T8802] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 359.503234][ T8802] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 359.594146][ T8808] xt_CT: You must specify a L4 protocol and not use inversions on it [ 359.607313][ T28] audit: type=1800 audit(1753579266.870:14): pid=8802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.973" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 359.721701][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.881130][ T8815] loop3: detected capacity change from 0 to 1024 [ 359.935761][ T8815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.062794][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.403119][ T8831] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 360.574685][ T8841] netlink: 68 bytes leftover after parsing attributes in process `syz.0.983'. [ 360.620282][ T8842] loop1: detected capacity change from 0 to 1024 [ 360.629311][ T8841] netlink: 108 bytes leftover after parsing attributes in process `syz.0.983'. [ 360.667738][ T8842] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 360.735169][ T8842] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 360.812361][ T8842] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.894800][ T8842] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: inode #11: comm syz.1.986: missing EA_INODE flag [ 360.943599][ T8842] EXT4-fs (loop1): Remounting filesystem read-only [ 360.986375][ T8842] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 361.180074][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.597787][ T8864] loop3: detected capacity change from 0 to 2048 [ 361.636497][ T8864] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 361.747469][ T8865] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 361.793907][ T8866] xt_CT: You must specify a L4 protocol and not use inversions on it [ 361.796459][ T8864] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 361.814168][ T8864] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 361.836699][ T8864] Remounting filesystem read-only [ 361.844157][ T8864] NILFS (loop3): error -5 truncating bmap (ino=16) [ 362.456642][ T5787] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 362.465083][ T5787] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 362.467346][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 362.486282][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.496325][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.508353][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.519643][ T5787] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 362.530436][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 362.543645][ T5787] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 362.551156][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.564490][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.573977][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.587364][ T5787] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 362.594108][ T5787] NILFS (loop3): discard dirty block: blocknr=42, size=1024 [ 362.601652][ T5787] NILFS (loop3): discard dirty block: blocknr=43, size=1024 [ 362.609176][ T5787] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 362.616523][ T5787] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 362.962219][ T8868] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 363.316162][ T8896] xt_CT: You must specify a L4 protocol and not use inversions on it [ 363.584378][ T8898] loop1: detected capacity change from 0 to 4096 [ 364.040388][ T8910] overlayfs: failed to clone upperpath [ 364.292632][ T8914] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 364.460277][ T8924] IPv4: Oversized IP packet from 127.202.26.0 [ 364.747427][ T8933] loop3: detected capacity change from 0 to 4096 [ 364.762731][ T8933] EXT4-fs: Ignoring removed mblk_io_submit option [ 364.770142][ T8932] xt_CT: You must specify a L4 protocol and not use inversions on it [ 365.137021][ T8933] EXT4-fs (loop3): Test dummy encryption mode enabled [ 365.240994][ T8933] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 365.534360][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.387356][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 366.458472][ T8978] netlink: 'syz.1.1033': attribute type 29 has an invalid length. [ 366.466678][ T8978] netlink: 'syz.1.1033': attribute type 29 has an invalid length. [ 366.476051][ T8978] netlink: 'syz.1.1033': attribute type 29 has an invalid length. [ 366.484269][ T8978] netlink: 'syz.1.1033': attribute type 29 has an invalid length. [ 366.527671][ T8979] xt_CT: You must specify a L4 protocol and not use inversions on it [ 367.167643][ T8983] netlink: 'syz.0.1037': attribute type 29 has an invalid length. [ 367.203916][ T8983] netlink: 'syz.0.1037': attribute type 29 has an invalid length. [ 368.306224][ T8990] loop3: detected capacity change from 0 to 40427 [ 368.352139][ T8990] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 368.397435][ T8990] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 368.408240][ T8990] F2FS-fs (loop3): invalid crc value [ 368.421805][ T8990] F2FS-fs (loop3): Found nat_bits in checkpoint [ 368.545662][ T8990] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 368.591788][ T8990] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 368.711446][ T8990] syz.3.1044: attempt to access beyond end of device [ 368.711446][ T8990] loop3: rw=2049, sector=45096, nr_sectors = 48 limit=40427 [ 368.789677][ T8990] syz.3.1044: attempt to access beyond end of device [ 368.789677][ T8990] loop3: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 369.155368][ T9017] xt_CT: You must specify a L4 protocol and not use inversions on it [ 369.235279][ T9020] loop1: detected capacity change from 0 to 128 [ 369.592027][ T9020] syz.1.1053: attempt to access beyond end of device [ 369.592027][ T9020] loop1: rw=2049, sector=145, nr_sectors = 288 limit=128 [ 370.464217][ T9032] GUP no longer grows the stack in syz.2.1060 (9032): 200000005000-200000008000 (200000004000) [ 370.489314][ T9043] netlink: 'syz.0.1057': attribute type 29 has an invalid length. [ 370.503428][ T9032] CPU: 1 PID: 9032 Comm: syz.2.1060 Not tainted 6.6.100-syzkaller #0 [ 370.511571][ T9032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 370.521699][ T9032] Call Trace: [ 370.525033][ T9032] [ 370.528019][ T9032] dump_stack_lvl+0x16c/0x230 [ 370.532759][ T9032] ? show_regs_print_info+0x20/0x20 [ 370.538025][ T9032] ? load_image+0x3b0/0x3b0 [ 370.542603][ T9032] ? find_vma+0x12e/0x1b0 [ 370.547012][ T9032] fixup_user_fault+0x652/0x710 [ 370.551934][ T9032] fault_in_user_writeable+0x71/0xe0 [ 370.557294][ T9032] futex_lock_pi+0x21b/0x8d0 [ 370.561960][ T9032] ? fixup_pi_state_owner+0x5c0/0x5c0 [ 370.567451][ T9032] do_futex+0x23d/0x3e0 [ 370.571668][ T9032] ? __ia32_sys_get_robust_list+0x90/0x90 [ 370.577448][ T9032] ? blkcg_maybe_throttle_current+0x19e/0xa40 [ 370.583585][ T9032] __se_sys_futex+0x36f/0x3f0 [ 370.588327][ T9032] ? __x64_sys_futex+0xf0/0xf0 [ 370.593151][ T9032] ? __x64_sys_futex+0x21/0xf0 [ 370.597973][ T9032] do_syscall_64+0x55/0xb0 [ 370.602443][ T9032] ? clear_bhb_loop+0x40/0x90 [ 370.607199][ T9032] ? clear_bhb_loop+0x40/0x90 [ 370.611919][ T9032] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 370.617878][ T9032] RIP: 0033:0x7f649818e9a9 [ 370.622351][ T9032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.642008][ T9032] RSP: 002b:00007f64990af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 370.650479][ T9032] RAX: ffffffffffffffda RBX: 00007f64983b5fa0 RCX: 00007f649818e9a9 [ 370.658497][ T9032] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 370.666683][ T9032] RBP: 00007f6498210d69 R08: 0000200000004000 R09: 0000000000000000 [ 370.674700][ T9032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.682705][ T9032] R13: 0000000000000000 R14: 00007f64983b5fa0 R15: 00007ffee6ca6e08 [ 370.690703][ T9032] [ 370.739095][ T9043] netlink: 'syz.0.1057': attribute type 29 has an invalid length. [ 370.815430][ T9045] netlink: 'syz.3.1055': attribute type 29 has an invalid length. [ 370.824039][ T9045] netlink: 'syz.3.1055': attribute type 29 has an invalid length. [ 370.907305][ T2130] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 371.228809][ T2130] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 371.261572][ T2130] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 371.297187][ T2130] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 371.306306][ T2130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.560852][ T2130] usb 2-1: usb_control_msg returned -32 [ 371.582890][ T2130] usbtmc 2-1:16.0: can't read capabilities [ 371.921459][ T9053] loop3: detected capacity change from 0 to 4096 [ 372.100628][ T9053] ntfs3: loop3: failed to convert "0000" to iso8859-6 [ 372.132237][ T9053] ntfs3: loop3: failed to convert "0030" to iso8859-6 [ 372.153510][ T9053] ntfs3: loop3: failed to convert name for inode 1e. [ 372.170635][ T9053] ntfs3: loop3: failed to convert "0032" to iso8859-6 [ 372.199198][ T9053] ntfs3: loop3: failed to convert "0033" to iso8859-6 [ 372.649809][ T9064] xt_CT: You must specify a L4 protocol and not use inversions on it [ 372.975439][ T9063] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 373.023228][ T9065] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1069'. [ 373.048460][ T9065] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1069'. [ 373.475413][ T2130] usb 2-1: USB disconnect, device number 8 [ 373.726725][ T9080] loop1: detected capacity change from 0 to 4096 [ 373.908172][ T9086] validate_nla: 2 callbacks suppressed [ 373.908192][ T9086] netlink: 'syz.3.1072': attribute type 29 has an invalid length. [ 373.983313][ T9086] netlink: 'syz.3.1072': attribute type 29 has an invalid length. [ 374.030257][ T9090] netlink: 'syz.3.1072': attribute type 29 has an invalid length. [ 374.082289][ T9090] netlink: 'syz.3.1072': attribute type 29 has an invalid length. [ 375.017431][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 375.074399][ T9101] loop1: detected capacity change from 0 to 4096 [ 375.150930][ T9101] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 375.379116][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 375.468257][ T9115] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1085'. [ 375.509889][ T9115] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1085'. [ 375.675140][ T9126] loop3: detected capacity change from 0 to 128 [ 376.184968][ T9137] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 376.522263][ T9152] netlink: 'syz.3.1094': attribute type 29 has an invalid length. [ 376.571171][ T9152] netlink: 'syz.3.1094': attribute type 29 has an invalid length. [ 376.621216][ T9158] netlink: 'syz.3.1094': attribute type 29 has an invalid length. [ 376.632692][ T9158] netlink: 'syz.3.1094': attribute type 29 has an invalid length. [ 376.852379][ T9162] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1104'. [ 378.222665][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 378.225464][ T9191] netlink: 'syz.2.1116': attribute type 29 has an invalid length. [ 378.229610][ T9192] netlink: 'syz.3.1113': attribute type 10 has an invalid length. [ 378.319993][ T9193] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1113'. [ 378.458095][ T9192] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.870448][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.986962][ T9191] netlink: 'syz.2.1116': attribute type 29 has an invalid length. [ 379.005299][ T9194] netlink: 'syz.2.1116': attribute type 29 has an invalid length. [ 379.014408][ T9194] netlink: 'syz.2.1116': attribute type 29 has an invalid length. [ 379.279764][ T9203] netlink: 'syz.0.1110': attribute type 29 has an invalid length. [ 379.314276][ T9203] netlink: 'syz.0.1110': attribute type 29 has an invalid length. [ 379.663536][ T9206] xt_CT: You must specify a L4 protocol and not use inversions on it [ 379.891855][ T9210] loop3: detected capacity change from 0 to 512 [ 380.022185][ T9210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 380.266774][ T9219] loop1: detected capacity change from 0 to 16 [ 380.345491][ T9219] erofs: (device loop1): mounted with root inode @ nid 36. [ 380.381057][ T9219] overlayfs: missing 'lowerdir' [ 380.487616][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.926143][ T9233] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 382.328489][ T9294] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1156'. [ 382.937258][ T5794] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 383.288074][ T9333] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1171'. [ 383.462133][ T9337] vlan2: entered promiscuous mode [ 383.478890][ T9337] bridge0: entered promiscuous mode [ 383.509771][ T9337] vlan2: entered allmulticast mode [ 383.543816][ T9337] bridge0: entered allmulticast mode [ 383.574246][ T9342] syz_tun: left allmulticast mode [ 383.595828][ T9342] syz_tun: left promiscuous mode [ 383.613412][ T9342] bridge0: port 3(syz_tun) entered disabled state [ 383.642782][ T9342] bridge_slave_0: left allmulticast mode [ 383.662136][ T9342] bridge_slave_0: left promiscuous mode [ 383.671829][ T9342] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.695316][ T9342] bridge_slave_1: left allmulticast mode [ 383.702525][ T9342] bridge_slave_1: left promiscuous mode [ 383.712847][ T9342] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.744517][ T9342] bond0: (slave bond_slave_0): Releasing backup interface [ 383.784853][ T9342] bond0: (slave bond_slave_1): Releasing backup interface [ 383.887863][ T9342] team0: Port device team_slave_0 removed [ 383.926957][ T9342] team0: Port device team_slave_1 removed [ 383.934152][ T9354] xt_CT: You must specify a L4 protocol and not use inversions on it [ 383.943187][ T9342] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 383.963910][ T9342] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.001125][ T9342] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.025610][ T9342] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 385.515490][ T9389] xt_CT: You must specify a L4 protocol and not use inversions on it [ 386.703222][ T9392] netlink: 'syz.3.1196': attribute type 10 has an invalid length. [ 386.842750][ T9392] 8021q: adding VLAN 0 to HW filter on device team0 [ 386.929383][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'. [ 387.475685][ T9408] loop3: detected capacity change from 0 to 1024 [ 387.658701][ T1323] hfsplus: b-tree write err: -5, ino 4 [ 387.983367][ T5794] Bluetooth: hci2: unexpected event for opcode 0x1002 [ 388.407653][ T9434] loop3: detected capacity change from 0 to 512 [ 388.558398][ T9440] netlink: 'syz.1.1216': attribute type 4 has an invalid length. [ 388.882157][ T9451] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1222'. [ 388.927005][ T9451] 8021q: adding VLAN 0 to HW filter on device bond1 [ 388.950223][ T9451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.962382][ T9451] batadv_slave_1: entered promiscuous mode [ 389.005118][ T9451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 389.049830][ T9451] bond1: (slave batadv_slave_1): Enslaving as an active interface with an up link [ 389.217688][ T1140] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.318190][ T1140] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.426264][ T1140] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.449394][ T9465] overlayfs: failed to clone upperpath [ 389.584335][ T1140] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.624510][ T9467] ip6_vti0: Master is either lo or non-ether device [ 390.315169][ T9469] netlink: 'syz.2.1233': attribute type 29 has an invalid length. [ 390.334558][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 390.350178][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 390.360740][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 390.370871][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 390.382748][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 390.390326][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 390.490820][ T9469] netlink: 'syz.2.1233': attribute type 29 has an invalid length. [ 392.459242][ T5803] Bluetooth: hci1: command tx timeout [ 392.484463][ T9483] chnl_net:caif_netlink_parms(): no params data found [ 393.062825][ T9483] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.072362][ T9483] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.080898][ T9483] bridge_slave_0: entered allmulticast mode [ 393.089642][ T9483] bridge_slave_0: entered promiscuous mode [ 393.111502][ T1140] hsr_slave_0: left promiscuous mode [ 393.118349][ T1140] hsr_slave_1: left promiscuous mode [ 393.143080][ T1140] veth1_macvtap: left promiscuous mode [ 393.150501][ T1140] veth0_macvtap: left promiscuous mode [ 393.156170][ T1140] veth1_vlan: left promiscuous mode [ 393.161951][ T1140] veth0_vlan: left promiscuous mode [ 393.308575][ T9549] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1255'. [ 394.119765][ T9560] fuse: Bad value for 'fd' [ 394.537436][ T5803] Bluetooth: hci1: command tx timeout [ 395.255238][ T1140] bond0 (unregistering): Released all slaves [ 395.364175][ T9483] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.375688][ T9483] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.394138][ T9483] bridge_slave_1: entered allmulticast mode [ 395.402529][ T9483] bridge_slave_1: entered promiscuous mode [ 395.612071][ T9483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.658764][ T9483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.838876][ T9483] team0: Port device team_slave_0 added [ 395.904483][ T9483] team0: Port device team_slave_1 added [ 396.033074][ T9483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.056582][ T9483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.120448][ T9483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.167835][ T9483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.174858][ T9483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.222669][ T9483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.333785][ T9483] hsr_slave_0: entered promiscuous mode [ 396.346079][ T9483] hsr_slave_1: entered promiscuous mode [ 396.355645][ T9483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 396.366754][ T9483] Cannot create hsr debugfs directory [ 396.617246][ T5803] Bluetooth: hci1: command tx timeout [ 397.014683][ T9620] syz_tun: entered allmulticast mode [ 397.052845][ T9483] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 397.071159][ T9483] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 397.104837][ T9483] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 397.127906][ T9483] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 397.192423][ T9614] syz_tun: left allmulticast mode [ 397.670533][ T9654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1287'. [ 397.704694][ T9648] netlink: 'syz.1.1287': attribute type 10 has an invalid length. [ 397.714136][ T9648] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.786546][ T9483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.030628][ T9483] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.089418][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.096614][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.163381][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.171269][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.697878][ T5803] Bluetooth: hci1: command tx timeout [ 398.853496][ T9483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.669216][ T9483] veth0_vlan: entered promiscuous mode [ 399.730020][ T9483] veth1_vlan: entered promiscuous mode [ 399.913210][ T9483] veth0_macvtap: entered promiscuous mode [ 399.940121][ T9483] veth1_macvtap: entered promiscuous mode [ 400.008960][ T9483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 400.040314][ T9483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.067629][ T9483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 400.084314][ T9483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.094616][ T9483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 400.105525][ T9483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.121192][ T9483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 400.161748][ T9483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.182996][ T9483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.202193][ T9483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 400.215379][ T9483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 400.232061][ T9483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 400.263234][ T9483] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.287592][ T9483] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.306318][ T9483] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.315663][ T9483] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.846088][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.913015][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.931366][ T1323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.956106][ T1323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.709184][ T9778] netlink: 'syz.2.1313': attribute type 29 has an invalid length. [ 401.734087][ T9778] netlink: 'syz.2.1313': attribute type 29 has an invalid length. [ 401.777350][ T5778] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 401.980394][ T5778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.008486][ T5778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.027269][ T5778] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 402.037230][ T5778] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.069544][ T5778] usb 5-1: config 0 descriptor?? [ 403.157658][ T5778] input: HID 256c:006d as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input16 [ 403.343666][ T5778] input: HID 256c:006d as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input17 [ 403.464076][ T5778] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input18 [ 403.597426][ T5778] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input19 [ 403.730978][ T5778] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 403.817445][ T5778] usb 5-1: USB disconnect, device number 2 [ 403.985785][ T9828] fido_id[9828]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 404.120701][ T9834] overlayfs: failed to clone upperpath [ 404.604393][ T9851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 406.014291][ T9894] loop4: detected capacity change from 0 to 764 [ 406.113395][ T9894] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 407.428064][ T9910] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 407.984724][ T9959] loop4: detected capacity change from 0 to 512 [ 409.575470][ T1323] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.605703][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 409.627334][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 409.636409][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 409.656210][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 409.668189][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 409.678067][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 409.903812][ T5803] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 409.913109][ T5803] Bluetooth: hci3: Injecting HCI hardware error event [ 409.926205][ T5794] Bluetooth: hci3: hardware error 0x00 [ 410.299023][ T1323] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.536655][ T1323] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.680984][ T1323] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.239993][T10010] chnl_net:caif_netlink_parms(): no params data found [ 411.691127][T10052] netlink: 'syz.2.1406': attribute type 29 has an invalid length. [ 411.748632][ T5803] Bluetooth: hci1: command tx timeout [ 411.857874][T10052] netlink: 'syz.2.1406': attribute type 29 has an invalid length. [ 411.867013][T10010] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.908260][T10010] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.916336][T10010] bridge_slave_0: entered allmulticast mode [ 411.960700][T10010] bridge_slave_0: entered promiscuous mode [ 412.074260][T10010] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.107332][T10010] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.124894][T10010] bridge_slave_1: entered allmulticast mode [ 412.141122][T10010] bridge_slave_1: entered promiscuous mode [ 412.228574][ T5794] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 412.516466][T10010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.540736][T10080] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1418'. [ 412.583657][T10086] overlayfs: failed to clone upperpath [ 412.616586][T10010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.845107][T10010] team0: Port device team_slave_0 added [ 412.874520][T10091] overlayfs: failed to resolve './cgroup': -2 [ 412.955904][T10010] team0: Port device team_slave_1 added [ 413.300951][T10010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.340334][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.419701][T10010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.542069][T10010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.560464][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.626902][T10104] netlink: 'syz.0.1425': attribute type 29 has an invalid length. [ 413.747302][T10010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.864766][ T5794] Bluetooth: hci1: command tx timeout [ 414.320969][T10105] netlink: 'syz.1.1423': attribute type 29 has an invalid length. [ 414.369905][T10104] netlink: 'syz.0.1425': attribute type 29 has an invalid length. [ 414.385832][T10010] hsr_slave_0: entered promiscuous mode [ 414.402270][T10010] hsr_slave_1: entered promiscuous mode [ 414.426259][T10010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 414.451956][T10010] Cannot create hsr debugfs directory [ 414.539681][T10105] netlink: 'syz.1.1423': attribute type 29 has an invalid length. [ 414.593053][ T1323] hsr_slave_0: left promiscuous mode [ 414.603153][ T1323] hsr_slave_1: left promiscuous mode [ 414.672831][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.685915][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.716190][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.724160][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.744942][ T1323] bridge_slave_1: left allmulticast mode [ 414.751131][ T1323] bridge_slave_1: left promiscuous mode [ 414.770720][ T1323] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.798857][ T1323] bridge_slave_0: left allmulticast mode [ 414.804721][ T1323] bridge_slave_0: left promiscuous mode [ 414.818627][ T1323] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.881407][ T1323] veth1_macvtap: left promiscuous mode [ 414.887025][ T1323] veth0_macvtap: left promiscuous mode [ 414.893293][ T1323] veth1_vlan: left promiscuous mode [ 414.898975][ T1323] veth0_vlan: left promiscuous mode [ 415.313022][ T28] audit: type=1800 audit(1753579322.580:15): pid=10126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.1.1430" name="/newroot/351/file0" dev="tmpfs" ino=1901 res=0 errno=0 [ 415.886831][T10138] netlink: 'syz.1.1433': attribute type 29 has an invalid length. [ 415.907309][ T5794] Bluetooth: hci1: command tx timeout [ 416.564751][ T1323] team0 (unregistering): Port device team_slave_1 removed [ 416.616801][ T1323] team0 (unregistering): Port device team_slave_0 removed [ 416.666975][ T1323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.720183][ T1323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.250774][ T1323] bond0 (unregistering): Released all slaves [ 417.401584][T10138] netlink: 'syz.1.1433': attribute type 29 has an invalid length. [ 417.981391][ T5794] Bluetooth: hci1: command tx timeout [ 418.378218][T10010] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 418.417573][T10010] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 418.452565][T10010] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 418.490991][T10010] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 418.579028][T10171] netlink: 'syz.0.1436': attribute type 29 has an invalid length. [ 418.629565][T10171] netlink: 'syz.0.1436': attribute type 29 has an invalid length. [ 418.840701][T10010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.946773][T10010] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.011634][ T7062] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.018898][ T7062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.059548][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.066783][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.126336][T10192] netlink: 'syz.2.1442': attribute type 10 has an invalid length. [ 419.174998][T10193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1442'. [ 419.188275][T10192] 8021q: adding VLAN 0 to HW filter on device team0 [ 420.086123][T10010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.839829][T10010] veth0_vlan: entered promiscuous mode [ 420.885620][T10010] veth1_vlan: entered promiscuous mode [ 420.977091][T10010] veth0_macvtap: entered promiscuous mode [ 420.995014][T10010] veth1_macvtap: entered promiscuous mode [ 421.045178][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.067205][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.087139][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.111693][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.137105][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 421.155337][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.179903][T10010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.232974][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.258527][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.277488][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.297485][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.329743][T10010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.352625][T10010] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.373621][T10010] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.413523][T10010] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.433520][T10010] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.520547][T10266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 421.649023][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.656907][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.784733][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.815683][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.061285][T10283] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 423.219989][T10320] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1472'. [ 423.239985][T10320] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1472'. [ 423.267572][T10320] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1472'. [ 423.558466][T10336] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1473'. [ 424.526910][T10362] loop5: detected capacity change from 0 to 4096 [ 424.745158][T10362] ntfs3: loop5: ino=5, "/" directory corrupted [ 425.235865][T10367] netlink: 'syz.0.1484': attribute type 29 has an invalid length. [ 425.266307][T10367] netlink: 'syz.0.1484': attribute type 29 has an invalid length. [ 426.170854][ T28] audit: type=1326 audit(1753579333.440:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.223619][T10431] loop5: detected capacity change from 0 to 512 [ 426.240696][ T28] audit: type=1326 audit(1753579333.440:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.281428][T10431] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 426.350185][ T28] audit: type=1326 audit(1753579333.470:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.421054][T10431] EXT4-fs (loop5): 1 truncate cleaned up [ 426.432858][T10431] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.445872][ T28] audit: type=1326 audit(1753579333.480:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f18c5b8e9e3 code=0x7ffc0000 [ 426.547525][ T28] audit: type=1326 audit(1753579333.480:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.646354][ T28] audit: type=1326 audit(1753579333.540:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.681178][ T28] audit: type=1326 audit(1753579333.540:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.712633][ T28] audit: type=1326 audit(1753579333.540:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.715371][T10010] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.748864][ T28] audit: type=1326 audit(1753579333.540:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 426.869766][ T28] audit: type=1326 audit(1753579333.540:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10426 comm="syz.1.1503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c5b8e9a9 code=0x7ffc0000 [ 427.356003][T10463] netlink: 'syz.5.1510': attribute type 4 has an invalid length. [ 427.654369][T10473] netlink: 'syz.1.1512': attribute type 10 has an invalid length. [ 427.682965][T10473] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.726383][T10473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1512'. [ 428.859480][T10520] xt_CT: You must specify a L4 protocol and not use inversions on it [ 429.431743][T10535] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1527'. [ 430.654026][T10555] bridge0: port 3(syz_tun) entered disabled state [ 430.723881][T10555] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.731391][T10555] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.272389][T10555] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 431.304173][T10564] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 431.888609][T10555] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.907185][T10555] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.925978][T10555] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.935018][T10555] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.946534][T10599] netlink: 'syz.5.1541': attribute type 29 has an invalid length. [ 432.956109][T10599] netlink: 'syz.5.1541': attribute type 29 has an invalid length. [ 432.971535][T10599] netlink: 'syz.5.1541': attribute type 29 has an invalid length. [ 432.980678][T10599] netlink: 'syz.5.1541': attribute type 29 has an invalid length. [ 434.785593][T10644] netlink: 'syz.2.1554': attribute type 29 has an invalid length. [ 434.795295][T10644] netlink: 'syz.2.1554': attribute type 29 has an invalid length. [ 434.812029][T10644] netlink: 'syz.2.1554': attribute type 29 has an invalid length. [ 434.821146][T10644] netlink: 'syz.2.1554': attribute type 29 has an invalid length. [ 436.105563][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1564'. [ 436.155022][T10670] dummy0: entered promiscuous mode [ 436.162425][T10670] macvtap1: entered promiscuous mode [ 436.173358][T10670] macvtap1: entered allmulticast mode [ 436.176297][T10665] loop5: detected capacity change from 0 to 4096 [ 436.181945][T10670] dummy0: entered allmulticast mode [ 436.232519][T10672] dummy0: left allmulticast mode [ 436.245760][T10672] dummy0: left promiscuous mode [ 436.721387][T10683] netlink: 'syz.1.1566': attribute type 29 has an invalid length. [ 436.730986][T10683] netlink: 'syz.1.1566': attribute type 29 has an invalid length. [ 437.777481][T10700] loop5: detected capacity change from 0 to 512 [ 437.816504][T10700] EXT4-fs: Ignoring removed bh option [ 437.861736][T10700] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 437.903069][T10700] EXT4-fs (loop5): 1 truncate cleaned up [ 437.917817][T10700] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 438.016126][T10700] EXT4-fs (loop5): shut down requested (0) [ 438.185784][T10010] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.974502][T10741] overlayfs: failed to clone upperpath [ 439.419187][T10759] loop5: detected capacity change from 0 to 64 [ 439.794943][T10772] validate_nla: 2 callbacks suppressed [ 439.794957][T10772] netlink: 'syz.2.1593': attribute type 10 has an invalid length. [ 439.813060][T10772] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.853709][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1593'. [ 440.303294][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.835361][T10773] loop5: detected capacity change from 0 to 40427 [ 440.851745][T10773] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 440.892783][T10773] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 440.939986][T10773] F2FS-fs (loop5): invalid crc value [ 440.970631][T10773] F2FS-fs (loop5): Found nat_bits in checkpoint [ 441.132337][T10773] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 441.150521][T10773] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 442.201853][T10835] netlink: 'syz.5.1603': attribute type 10 has an invalid length. [ 442.331171][T10835] 8021q: adding VLAN 0 to HW filter on device team0 [ 442.352115][T10835] bond0: (slave team0): Enslaving as an active interface with an up link [ 442.562223][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1603'. [ 443.403299][T10866] loop5: detected capacity change from 0 to 512 [ 443.494876][T10866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.567568][T10866] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 443.679098][ T28] kauditd_printk_skb: 168 callbacks suppressed [ 443.679114][ T28] audit: type=1800 audit(1753579350.950:194): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1617" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 443.751315][ T28] audit: type=1800 audit(1753579350.950:195): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1617" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 443.778174][T10010] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.026691][T10889] loop5: detected capacity change from 0 to 512 [ 444.411585][ T1083] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.622518][ T1083] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.867539][T10899] xt_CT: You must specify a L4 protocol and not use inversions on it [ 444.887449][ T1083] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.234454][ T1083] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.741810][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 445.753734][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 445.764455][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 445.776687][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 445.793314][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 445.801506][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 446.088809][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 446.099169][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 446.119293][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 446.139930][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 446.150300][ T5803] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 446.157893][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 446.368415][T10928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1639'. [ 446.661553][T10910] chnl_net:caif_netlink_parms(): no params data found [ 447.031207][T10947] netlink: 'syz.2.1641': attribute type 29 has an invalid length. [ 447.683380][T10947] netlink: 'syz.2.1641': attribute type 29 has an invalid length. [ 447.898329][ T5803] Bluetooth: hci1: command tx timeout [ 448.192192][T10964] netlink: 'syz.1.1643': attribute type 29 has an invalid length. [ 448.217217][ T5803] Bluetooth: hci4: command tx timeout [ 448.721638][T10964] netlink: 'syz.1.1643': attribute type 29 has an invalid length. [ 448.927475][T10910] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.950119][T10910] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.966437][T10910] bridge_slave_0: entered allmulticast mode [ 448.988744][T10910] bridge_slave_0: entered promiscuous mode [ 449.008691][T10910] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.015846][T10910] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.025712][T10910] bridge_slave_1: entered allmulticast mode [ 449.050127][T10910] bridge_slave_1: entered promiscuous mode [ 449.431528][T10910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.460863][T10910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.489756][T10919] chnl_net:caif_netlink_parms(): no params data found [ 449.734439][ T1083] hsr_slave_0: left promiscuous mode [ 449.765601][ T1083] hsr_slave_1: left promiscuous mode [ 449.777918][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.792697][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 449.804592][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.894212][T10990] netlink: 'syz.1.1650': attribute type 29 has an invalid length. [ 449.916436][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.991510][ T5803] Bluetooth: hci1: command tx timeout [ 450.151130][ T1083] bridge_slave_1: left allmulticast mode [ 450.226766][ T1083] bridge_slave_1: left promiscuous mode [ 450.297936][ T5803] Bluetooth: hci4: command tx timeout [ 450.316835][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.473002][ T1083] bridge_slave_0: left allmulticast mode [ 450.503033][ T1083] bridge_slave_0: left promiscuous mode [ 450.509152][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.563990][ T1083] veth1_macvtap: left promiscuous mode [ 450.570509][ T1083] veth0_macvtap: left promiscuous mode [ 450.578691][ T1083] veth1_vlan: left promiscuous mode [ 450.584124][ T1083] veth0_vlan: left promiscuous mode [ 451.438565][ T1083] team0 (unregistering): Port device team_slave_1 removed [ 451.510916][ T1083] team0 (unregistering): Port device team_slave_0 removed [ 451.587798][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 451.653722][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.063442][ T5803] Bluetooth: hci1: command tx timeout [ 452.196044][ T1083] bond0 (unregistering): (slave team0): Releasing backup interface [ 452.387095][ T5803] Bluetooth: hci4: command tx timeout [ 452.453782][ T1083] bond0 (unregistering): Released all slaves [ 452.562197][T10990] netlink: 'syz.1.1650': attribute type 29 has an invalid length. [ 452.595296][T10910] team0: Port device team_slave_0 added [ 452.942932][T10910] team0: Port device team_slave_1 added [ 453.018448][T10919] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.025726][T10919] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.047672][T10919] bridge_slave_0: entered allmulticast mode [ 453.075564][T10919] bridge_slave_0: entered promiscuous mode [ 453.120154][T10919] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.147461][T10919] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.154901][T10919] bridge_slave_1: entered allmulticast mode [ 453.170432][T10919] bridge_slave_1: entered promiscuous mode [ 453.299585][T10910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 453.318185][T10910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.370569][T10910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 453.399697][T10910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.415429][T11015] netlink: 'syz.1.1653': attribute type 29 has an invalid length. [ 453.415786][T10910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.487120][T10910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.547972][T10919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.587571][T11015] netlink: 'syz.1.1653': attribute type 29 has an invalid length. [ 453.633673][T11022] overlayfs: failed to clone upperpath [ 453.682099][T10919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.857452][ T28] audit: type=1326 audit(1753579361.120:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 453.910714][T10919] team0: Port device team_slave_0 added [ 453.917752][ T28] audit: type=1326 audit(1753579361.120:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 453.945271][ T28] audit: type=1326 audit(1753579361.160:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 453.989408][T10910] hsr_slave_0: entered promiscuous mode [ 454.005793][T10910] hsr_slave_1: entered promiscuous mode [ 454.028205][ T28] audit: type=1326 audit(1753579361.170:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 454.057227][T10910] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.075263][T10910] Cannot create hsr debugfs directory [ 454.087402][T10919] team0: Port device team_slave_1 added [ 454.102016][ T28] audit: type=1326 audit(1753579361.170:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 454.146677][ T5803] Bluetooth: hci1: command tx timeout [ 454.187212][ T28] audit: type=1326 audit(1753579361.170:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 454.279775][ T28] audit: type=1326 audit(1753579361.170:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11024 comm="syz.2.1658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649818e9a9 code=0x7ffc0000 [ 454.328510][T10919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.358560][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.407890][T10919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.477479][ T5803] Bluetooth: hci4: command tx timeout [ 454.524987][T11032] netlink: 'syz.2.1659': attribute type 29 has an invalid length. [ 455.036457][T10919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.064100][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.116840][T10919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.133762][T11032] netlink: 'syz.2.1659': attribute type 29 has an invalid length. [ 455.400393][T10919] hsr_slave_0: entered promiscuous mode [ 455.430419][T10919] hsr_slave_1: entered promiscuous mode [ 455.450603][T10919] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 455.466989][T10919] Cannot create hsr debugfs directory [ 455.559779][ T1083] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.846804][ T1083] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.017025][ T1083] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.374293][ T1083] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.647119][T10910] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 456.741373][T10910] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 456.771144][T10910] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 456.801258][T10910] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 457.038163][T11078] netlink: 'syz.2.1666': attribute type 29 has an invalid length. [ 457.611079][T10919] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 457.650384][T11078] netlink: 'syz.2.1666': attribute type 29 has an invalid length. [ 457.790840][T10919] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 457.877234][T10919] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 457.956833][T10919] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 458.278236][T11101] netlink: 'syz.1.1668': attribute type 29 has an invalid length. [ 458.332217][T11101] netlink: 'syz.1.1668': attribute type 29 has an invalid length. [ 458.503770][T10910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.585451][T10910] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.652613][ T7062] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.659949][ T7062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.675151][ T7062] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.682387][ T7062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.893430][ T1083] batman_adv: batadv0: Removing interface: gretap1 [ 459.049497][T10919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.282109][T10919] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.325333][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.332606][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.435558][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.442753][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.935431][ T1083] hsr_slave_0: left promiscuous mode [ 459.999519][ T1083] hsr_slave_1: left promiscuous mode [ 460.186624][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 460.195331][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 460.228339][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 460.292643][T11139] netlink: 'syz.2.1675': attribute type 29 has an invalid length. [ 460.934363][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.016833][ T1083] bridge_slave_1: left allmulticast mode [ 461.044250][ T1083] bridge_slave_1: left promiscuous mode [ 461.054507][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.096267][ T1083] bridge_slave_0: left allmulticast mode [ 461.119355][ T1083] bridge_slave_0: left promiscuous mode [ 461.126510][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.187962][ T1083] veth1_macvtap: left promiscuous mode [ 461.193531][ T1083] veth0_macvtap: left promiscuous mode [ 461.199886][ T1083] veth1_vlan: left promiscuous mode [ 461.205429][ T1083] veth0_vlan: left promiscuous mode [ 461.835464][T11150] netlink: 'syz.1.1678': attribute type 29 has an invalid length. [ 462.010667][ T1083] team0 (unregistering): Port device team_slave_1 removed [ 462.109269][ T1083] team0 (unregistering): Port device team_slave_0 removed [ 462.168604][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.252535][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 462.913914][ T1083] bond0 (unregistering): Released all slaves [ 463.039204][T11139] netlink: 'syz.2.1675': attribute type 29 has an invalid length. [ 463.127731][T11150] netlink: 'syz.1.1678': attribute type 29 has an invalid length. [ 463.273176][T10910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.048610][T10919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.592350][T11196] netlink: 'syz.2.1685': attribute type 29 has an invalid length. [ 464.829748][T11196] netlink: 'syz.2.1685': attribute type 29 has an invalid length. [ 464.849704][T11197] netlink: 'syz.2.1685': attribute type 29 has an invalid length. [ 464.859363][T11197] netlink: 'syz.2.1685': attribute type 29 has an invalid length. [ 465.165470][T10910] veth0_vlan: entered promiscuous mode [ 465.231832][T10910] veth1_vlan: entered promiscuous mode [ 465.411955][T10910] veth0_macvtap: entered promiscuous mode [ 465.450185][T10910] veth1_macvtap: entered promiscuous mode [ 465.520251][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.553617][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.581940][T10910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.620686][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.647133][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.669997][T10910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.718868][T10910] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.727809][T10910] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.736725][T10910] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.753509][T10910] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.838341][T11213] netlink: 'syz.1.1686': attribute type 29 has an invalid length. [ 465.867240][T11213] netlink: 'syz.1.1686': attribute type 29 has an invalid length. [ 465.934185][T10919] veth0_vlan: entered promiscuous mode [ 465.991531][T10919] veth1_vlan: entered promiscuous mode [ 466.020068][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.038337][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.111166][T10919] veth0_macvtap: entered promiscuous mode [ 466.117719][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.125573][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.186030][T10919] veth1_macvtap: entered promiscuous mode [ 466.250402][T10919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 466.272554][T10919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.283786][T10919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 466.294804][T10919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.313484][T10919] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 466.357583][T10919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.397179][T10919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.417134][T10919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 466.437501][T10919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 466.472709][T10919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 466.523839][T10919] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.563406][T10919] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.597486][T10919] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.606248][T10919] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.877276][ T7062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.902859][ T7062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.993420][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.028760][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.092179][T11238] loop6: detected capacity change from 0 to 512 [ 467.707357][T11253] netlink: 'syz.2.1693': attribute type 29 has an invalid length. [ 467.726552][T11253] netlink: 'syz.2.1693': attribute type 29 has an invalid length. [ 469.109544][T11283] xt_CT: You must specify a L4 protocol and not use inversions on it [ 469.799232][ T5798] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 469.938243][T11289] loop6: detected capacity change from 0 to 128 [ 469.992152][ T5798] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.008246][T11292] validate_nla: 2 callbacks suppressed [ 470.008280][T11292] netlink: 'syz.2.1704': attribute type 10 has an invalid length. [ 470.022875][T11292] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.031645][ T5798] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.060626][T11292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1704'. [ 470.089638][T11289] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 470.099938][ T5798] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 470.164444][ T5798] usb 8-1: New USB device found, idVendor=1b96, idProduct=0007, bcdDevice= 0.00 [ 470.175676][T11289] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 470.232691][ T5798] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.260105][ T5798] usb 8-1: config 0 descriptor?? [ 470.387749][T11289] ------------[ cut here ]------------ [ 470.393760][T11289] WARNING: CPU: 1 PID: 11289 at fs/udf/truncate.c:224 udf_truncate_extents+0xd46/0xeb0 [ 470.404199][T11289] Modules linked in: [ 470.408243][T11289] CPU: 1 PID: 11289 Comm: syz.6.1703 Not tainted 6.6.100-syzkaller #0 [ 470.416444][T11289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 470.426713][T11289] RIP: 0010:udf_truncate_extents+0xd46/0xeb0 [ 470.432789][T11289] Code: 65 48 8b 04 25 28 00 00 00 48 3b 84 24 80 01 00 00 75 70 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4a 4f 8e fe <0f> 0b eb 8e 44 89 e9 80 e1 07 38 c1 0f 8c ec f3 ff ff 4c 89 ef e8 [ 470.452533][T11289] RSP: 0018:ffffc900049df8e0 EFLAGS: 00010287 [ 470.459789][T11289] RAX: ffffffff82f74636 RBX: 1ffff1100b36826f RCX: 0000000000080000 [ 470.467909][T11289] RDX: ffffc9000c9ca000 RSI: 0000000000012d1a RDI: 0000000000012d1b [ 470.475923][T11289] RBP: ffffc900049dfac0 R08: ffff8880197d9e00 R09: 0000000000000002 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 470.484932][T11289] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 470.493192][T11289] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a [ 470.501294][T11289] FS: 00007f441f25f6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 470.510724][T11289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 470.517404][T11289] CR2: 0000555557005808 CR3: 000000006384a000 CR4: 00000000003506e0 [ 470.525424][T11289] Call Trace: [ 470.528886][T11289] [ 470.531889][T11289] ? udf_discard_prealloc+0x570/0x570 [ 470.537628][T11289] ? udf_write_failed+0x178/0x1b0 [ 470.542726][T11289] ? __lock_acquire+0x7c80/0x7c80 [ 470.547855][T11289] ? __rwlock_init+0x90/0x150 [ 470.552585][T11289] ? down_write+0x162/0x1f0 [ 470.557242][T11289] ? do_raw_spin_unlock+0x121/0x230 [ 470.562509][T11289] udf_write_failed+0x180/0x1b0 [ 470.567508][T11289] udf_write_begin+0x21f/0x430 [ 470.572521][T11289] generic_perform_write+0x2fb/0x5b0 [ 470.577926][T11289] ? generic_file_direct_write+0x3e0/0x3e0 [ 470.583809][T11289] ? __mnt_drop_write_file+0xc3/0x100 [ 470.590209][T11289] ? __generic_file_write_iter+0xf7/0x230 [ 470.595990][T11289] ? udf_file_write_iter+0x2b1/0x620 [ 470.601562][T11289] udf_file_write_iter+0x2c0/0x620 [ 470.606749][T11289] vfs_write+0x43b/0x940 [ 470.611103][T11289] ? file_end_write+0x250/0x250 [ 470.616024][T11289] ? __fget_files+0x44a/0x4d0 [ 470.621194][T11289] ? __fdget_pos+0x2a3/0x330 [ 470.625858][T11289] ? ksys_write+0x75/0x250 [ 470.630382][T11289] ksys_write+0x147/0x250 [ 470.634774][T11289] ? __ia32_sys_read+0x90/0x90 [ 470.639660][T11289] ? lockdep_hardirqs_on+0x98/0x150 [ 470.644926][T11289] do_syscall_64+0x55/0xb0 [ 470.649445][T11289] ? clear_bhb_loop+0x40/0x90 [ 470.654173][T11289] ? clear_bhb_loop+0x40/0x90 [ 470.659004][T11289] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 470.664968][T11289] RIP: 0033:0x7f441e38e9a9 [ 470.669516][T11289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.690095][T11289] RSP: 002b:00007f441f25f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 470.698789][T11289] RAX: ffffffffffffffda RBX: 00007f441e5b5fa0 RCX: 00007f441e38e9a9 [ 470.707511][T11289] RDX: 00000000fffffdab RSI: 0000200000000000 RDI: 0000000000000004 [ 470.715537][T11289] RBP: 00007f441e410d69 R08: 0000000000000000 R09: 0000000000000000 [ 470.723944][T11289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 470.732099][T11289] R13: 0000000000000000 R14: 00007f441e5b5fa0 R15: 00007ffcdb918708 [ 470.740186][T11289] [ 470.743257][T11289] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 470.750564][T11289] CPU: 1 PID: 11289 Comm: syz.6.1703 Not tainted 6.6.100-syzkaller #0 [ 470.758753][T11289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 470.768851][T11289] Call Trace: [ 470.772163][T11289] [ 470.775139][T11289] dump_stack_lvl+0x16c/0x230 [ 470.779870][T11289] ? show_regs_print_info+0x20/0x20 [ 470.785114][T11289] ? load_image+0x3b0/0x3b0 [ 470.789682][T11289] panic+0x2c0/0x710 [ 470.793653][T11289] ? bpf_jit_dump+0xd0/0xd0 [ 470.798238][T11289] __warn+0x2e0/0x470 [ 470.799521][ T5798] ntrig 0003:1B96:0007.0004: invalid report_size 2432 [ 470.799544][ T5798] ntrig 0003:1B96:0007.0004: item 0 4 1 7 parsing failed [ 470.800391][ T5798] ntrig 0003:1B96:0007.0004: parse failed [ 470.800493][ T5798] ntrig: probe of 0003:1B96:0007.0004 failed with error -22 [ 470.829174][T11289] ? udf_truncate_extents+0xd46/0xeb0 [ 470.834602][T11289] ? udf_truncate_extents+0xd46/0xeb0 [ 470.840031][T11289] report_bug+0x2be/0x4f0 [ 470.844409][T11289] ? udf_truncate_extents+0xd46/0xeb0 [ 470.849818][T11289] ? udf_truncate_extents+0xd46/0xeb0 [ 470.855233][T11289] ? udf_truncate_extents+0xd48/0xeb0 [ 470.860645][T11289] handle_bug+0xcf/0x120 [ 470.864948][T11289] exc_invalid_op+0x1a/0x50 [ 470.869490][T11289] asm_exc_invalid_op+0x1a/0x20 [ 470.874385][T11289] RIP: 0010:udf_truncate_extents+0xd46/0xeb0 [ 470.880415][T11289] Code: 65 48 8b 04 25 28 00 00 00 48 3b 84 24 80 01 00 00 75 70 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4a 4f 8e fe <0f> 0b eb 8e 44 89 e9 80 e1 07 38 c1 0f 8c ec f3 ff ff 4c 89 ef e8 [ 470.900582][T11289] RSP: 0018:ffffc900049df8e0 EFLAGS: 00010287 [ 470.906688][T11289] RAX: ffffffff82f74636 RBX: 1ffff1100b36826f RCX: 0000000000080000 [ 470.914691][T11289] RDX: ffffc9000c9ca000 RSI: 0000000000012d1a RDI: 0000000000012d1b [ 470.922689][T11289] RBP: ffffc900049dfac0 R08: ffff8880197d9e00 R09: 0000000000000002 [ 470.930682][T11289] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 470.938722][T11289] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a [ 470.946717][T11289] ? udf_truncate_extents+0xd46/0xeb0 [ 470.952215][T11289] ? udf_discard_prealloc+0x570/0x570 [ 470.957605][T11289] ? udf_write_failed+0x178/0x1b0 [ 470.962649][T11289] ? __lock_acquire+0x7c80/0x7c80 [ 470.967738][T11289] ? __rwlock_init+0x90/0x150 [ 470.972438][T11289] ? down_write+0x162/0x1f0 [ 470.976977][T11289] ? do_raw_spin_unlock+0x121/0x230 [ 470.982196][T11289] udf_write_failed+0x180/0x1b0 [ 470.987078][T11289] udf_write_begin+0x21f/0x430 [ 470.991878][T11289] generic_perform_write+0x2fb/0x5b0 [ 470.997207][T11289] ? generic_file_direct_write+0x3e0/0x3e0 [ 471.003033][T11289] ? __mnt_drop_write_file+0xc3/0x100 [ 471.008432][T11289] ? __generic_file_write_iter+0xf7/0x230 [ 471.014159][T11289] ? udf_file_write_iter+0x2b1/0x620 [ 471.019468][T11289] udf_file_write_iter+0x2c0/0x620 [ 471.024609][T11289] vfs_write+0x43b/0x940 [ 471.028876][T11289] ? file_end_write+0x250/0x250 [ 471.033747][T11289] ? __fget_files+0x44a/0x4d0 [ 471.038446][T11289] ? __fdget_pos+0x2a3/0x330 [ 471.043062][T11289] ? ksys_write+0x75/0x250 [ 471.047506][T11289] ksys_write+0x147/0x250 [ 471.051853][T11289] ? __ia32_sys_read+0x90/0x90 [ 471.057089][T11289] ? lockdep_hardirqs_on+0x98/0x150 [ 471.062321][T11289] do_syscall_64+0x55/0xb0 [ 471.066751][T11289] ? clear_bhb_loop+0x40/0x90 [ 471.071439][T11289] ? clear_bhb_loop+0x40/0x90 [ 471.076132][T11289] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 471.082050][T11289] RIP: 0033:0x7f441e38e9a9 [ 471.086475][T11289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.106180][T11289] RSP: 002b:00007f441f25f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 471.114708][T11289] RAX: ffffffffffffffda RBX: 00007f441e5b5fa0 RCX: 00007f441e38e9a9 [ 471.122700][T11289] RDX: 00000000fffffdab RSI: 0000200000000000 RDI: 0000000000000004 [ 471.130723][T11289] RBP: 00007f441e410d69 R08: 0000000000000000 R09: 0000000000000000 [ 471.138710][T11289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.146693][T11289] R13: 0000000000000000 R14: 00007f441e5b5fa0 R15: 00007ffcdb918708 [ 471.154693][T11289] [ 471.157961][T11289] Kernel Offset: disabled [ 471.162379][T11289] Rebooting in 86400 seconds..