last executing test programs: 2m53.876513385s ago: executing program 1 (id=674): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4a800, 0x0) ioctl$BLKCRYPTOIMPORTKEY(r0, 0xc0401289, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r5, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec777000) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) tkill(r6, 0x17) ptrace$peeksig(0x4209, r6, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0)) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000100000040ac1414bb00000000000000000000000000000400000000000a00600000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040", @ANYRES32=0xee01], 0xb8}}, 0x4000) 2m53.822558689s ago: executing program 1 (id=676): r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x210002, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x10, 0xd, &(0x7f0000000100)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfce}, 0x94) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @broadcast}]}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {r1}}, './file0\x00'}) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x1b) ioctl$TCSETS(r4, 0x8925, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000002240)={0x1, r3}) 2m53.798333755s ago: executing program 1 (id=678): r0 = getpid() syz_pidfd_open(r0, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x2000}}) read$FUSE(r2, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0xffffffffffffffbd) llistxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r2, &(0x7f0000002580)="5536182daefa2fc6ee10a1b2d4e27cff3c3e628d4656f7b27979e371b15b420c01ae674ddb8fff7b2bc41e7c5927065cd32f2ff7908ef7dd74cdc82f3799ab12edbbfd0b8f6d2194d7f72aec3a136e25c7bf733436bf6cbfc94431ad053a2ec4ccac5aaada8a41ac38c0e1849e599dce84e431ac501db105b4484146b338c0ae9124877ccb8273c7fbb32603251e2d66c71398a7a715bcbe5c9d87e41af55f837e2931c4c1b6b7bbc30dfedfe6e61a39e28f66bbe56496745fbe03f6035183257edac4b0fe3087e7f3e79c2152a07341f3ae9ec68e78875b6e12b5a2a1abbcca4d7963be818a7a31290cad5a025ccd05b609c7ac49ea85d49f354c1e76091a917966665e77471005a46a195b290c01bb7ddf4709e94543471d87a0a5047d3631b00862e1e9a00c60b83371cc16ba087463122a892a1b21786fe3d450c7ba97799d88126f09a698a421242e9c67c981ebc576f57ba3df22e0071db74fa22e97b0fbe589894931a4c4e0eda8bb9533c4ce503fba218d0ae43ab4b4d0c705e04442d093ca5299ae8499c6db904bda6c68105bc2a1cd8e16067215476e573745d1e99daa73400567a9978dd7bffb21429479ace30c95afdfaebd7faf74343cd58e14ce6d2fada5a1c665049eeaa717ee681666c8b63c6d54e66df86144f85d80dcaa3ae7a13b58d5f2b607029efbbf8593afc75e0ce0a875a5fbedecb425a22624a0bb8e2fd06212a1fdafb92430d309f8f68504484fb1246f3d7b0893d3dc9d0b6c8d7476b6aea871eb4f32c283e22435fccb221484409cc28a6609dd869b99547fc81b2e517809a5b77783f9fc11b5fe584b9f64c0fec35d3db21ae30d0b8b88d722dea4a376d2a610f0a9d08b311e2ed3ef5d72d0e040e41d3dc45e5a17d740c67db88d95b18c8610fed3302aef0c3c1871ff8a5ae1908bf9668f0bc8e5867f56cc59cd303bafabde6a4034a96ba66b98a910dfaaff712673dcbf84c5354f066126068de620f08be67e6034138dd9a312f9ff197fca56a77bad46e59edfd79dfa3aee4582bfe01ce2201f6569178be7a4bdd28e495114944e538ee7b8f11e0812d9f822cd9760316809eccb9b0bbc5f0630224a1534f88600bbb2af2882562e76d149b44780380b62241829e5734fdfff1a2b3a052f3504dffe04d4632e9fef82762fe1950fbaceeb961464dfe2699f0a898fc8783cfdde45ecc3a16f052c4777beb1fddb080fc802a8cc760d1a0d4606b669e78ee9ba1ac398914ed5096850dedc513e5c71eca19d51af9075151f4ca3d8a841b7b1d205f5f3d223f7e48685daa0836f93017935ad1d942c7392667145ccc1d4700f5d8fb2fc218fd6d70357667d339a28dba3360761857b19f9f91e56a0e0281af1042a409a4e2839f3d21b73a5c352b22e4ff06e563e92c00b48e7f8bcdbbbd398c65331298f779dafe875854e301394b0faac2126138908fa8598b4f5e58ed1ac451eb0187e20077099d12d745fcff0b7fb5e8b9fa65ac617ea6c953e8786229b67a604c46810876650f919e6bc6792db22ec0be29cff94e9c24eb6e1830f890bb4b6bcd74b39060506095b99b95f2a8addfb8dfe11f47479fd23cc7c0701ae00774c430b3b9f52ab2579d47a2c2095365aa569f55a1431f93e651c01f0d67ff9337708a72e352c0e699f14bf07f9b9c056897c78edcf34ade3dfd17a04446d565fb6e7c701a237fe1a3d932371654a43b56e7f5ccdadc0f506d746c3f0047b69c0c174cbbfe092f139c09c0e2e76d9a777142813cb78174630ea8d73301e3343b94856fe610777468a9fb4518a0cf68243a4bd715e38e3431a811f962edb1306d76d89e0aad9be5800e7bebb82ccaec2382c9c114c91aee013acca2d8ddf99465e760bd185453a9eb4e5a78383094603b749c6242ad227124ef4b7ec7506b8a76f714099c954f0b2f2d427af0451a7ea3d1dbfa8a3e644c3640d397de3ce942311deb73fad3a76cba773f416314e81e70bda715b342113a18a249300b43250cb3b3aa46ecabe42d0e8c1dc4be286e539c71f0d1c0b0e1795ae7428a3887f36b79e9c76401a5dd460f45b9d8277e04c7c1e615fb33d0fbc444421f3fd0bff4e045d790610aaa2b62945e4b398024c75680b5e12235c35f5b23ddd99454fe527acad6d08fb37c35d9ecc0a8b10e2c31fac786666eb2ad499ddb7d06c7526fb1c5412f6a0df003410e69b81fe523057b6b73cdecf0e5bc4d3b87757889fe49dbdb3ec79c7eb3a868480fc87528e80400de837cccd4a6345508386ada1833f57a20c56e973569bc7821088d343e80009b7b35390975323d24e764aa6c90d3dd5fdec08ed363dc9ab57de949282994cd3858f829c7e5e9a745261383db27c9c53e9e98e109fda6cbb88649ba40b5067470d73b7839940125ea8041f9fa25f5b6c919aef84f7595511141e9f090ee103b20a13b22c9a88348ed6d284c0d7a58326e0c4c9626d9a5390bae2be199b201ea136a9aac76e6125db9bf58f61e6a46f8145a9df1305415989435f51529da03f09a67e3629e6f6cb6b70407d9d848f554f1a7e63602e678e62d3b41b4bf4ddda713ed2c291536d8cc12a16bde144ef56acc17778b1aa8eeeeeb60c781365b615be4435c7158d926351cdb46b89fa82acb384c7318dcb2e51db8bdb223aff2c8f36d9e6b1135ad18f7e0b9d91a76972c3140f8e21dc71422de12a4f5d08624bdaeb983619a5ff82cf788c6b8a5fbf0f78e61ae4058d6e03a3d5130646dfc13686e356a1325434caac94ced659529181561fee7ce4f7e1e7945f119ad8474ea6b00257ceb7af2d9b3f9ad5782cd986f1b097d61bf26a6c48c3ab597e4678d609f3050eec9f3bbea1bc67314407521950526e6d71e34e35392067ac84b66badc82a54bb0dc8ed2f1050711ef2d47af5252075c0441aad6900539fcc649c1b1ffc70a1cc39e0c2136c764ba718d50f4800dc29769c4bc9a2fd0f43eb6ffb717a473ccb14ccd58bd506c4e4a0f4ea1158b59b3d6bf1a2d010c456c1f099bff69add46cc60fd2d9779f603ebb943ab8eb02627ac8aebdd52f25b069f64a61e90fa9ac979cb4c6cf0ebcd070099a1a6e6a747e8989e84afe090390953f988f2dcee405086ce51b1d2d8d249f45899b4e862008d28efad8aa5abd0912fa456aa9d3a918a0dd3420d7c4b04b9e3d65c41a1548b7caeef5fbcededf64697786a0bae73d2c5352658b871c806bd150c91bbf8f4735dddee9cfd3e152b5d44cbcce912a2809760e225b9018fa498c86ccb2359cb0834bcefab92c0468522648fbefbe25cf8d82b897371b5369e8f2972502574c0a3235066969c4d5d67fc312d6631702f66a113d22063ba2ac7d9ab387ad1e115e9c98275f3e0dacd2e8f0843f24687b297bf42bca11b89c6db2fc7026d364486ef2d614bc45d5cff0758d69fd48ea06b8a97667e4d7d30bf7f1c30b62287637f50468bf144fd177fdabcbd0d12b50c9cbd052dcd66993c72f48bd6086412ed5f9af3d44dffdf7c012aadd5cf7bd3b314f236660fa1c0e4773a4e9ccc36fd130ffda59a9bf41f7fbf79e5e3333365a3ed2e7714e50805bc70bc6fd20203cacbbeecb8e01a2ce626756cdbd01c53717c2e7b56b47e21f13209c2bf2b1b251e7a93f8a085dcc61d9ae82303a962441372ff7c0b8b8ba75bbf5b861ff7ddbc9781d40c90ae467bdeddfdf949e9a8b8c9fb7db3a9323d05d15bef19ce2e7634b84ac082d50e84b66f99f34b2f852fefe67faa403e848f3de110eb1d9faefa176c3cacd20c7f87d74e858a1a7bfc2c9e895541f691f99a2b8771c8755300ee74e3d6a048b30d02ca16202ecfc207a0b29302aabc1c5b57c7d0d31d43be5cb1f7230dc238fb701e7037aa00c9b57c6fc85baccaa56754d27b975872051566187b0983d93b9ec052edf3b33f7ddab343eac6f7aed97771e708e40a4cc6797f85d91a0debd5c6169895e895f67a10685af5e0b80b0e728731cbffbff8be603469d03bd47dbca4456108c79c029af16482c5c2590c1e0673c7e943699ea107d906a3e667fe7b2afaeb489548b6a11d9862e86a0b549a42b607ffeda6e3ba0f567b63b0be6edb9098cf3a44e6864c5e99fa5f475acb57e2b7343eb7fe3e8c139b515348b188defd2d3021fd27950d822f6df5f9c93584fd95f3f88c85231943ed4d511249f96447f7903779e4d8c4a680661fe5133d415b862e668441e8077bfb827293a9eb733e914f37a19e01ad4b014ef87ed5a5817ab8123af9fd863090b8e9a50ce29cf706b2182fd79660cbdbb53ba71b750e71a21d0ed01db3335cad91d5cb4d4648f46468b6e51f63e4088386913ae6b6cbf103947c32d25a8a825118cd6ce23f53ffe3c087114700e9a5932faf3d844fc6b323b3e722ed3ed75037bd9a7fd9d256b2b9a168e66802e284853a0d6b47d39675900f02f005050425731f9c2cb329f70d7a5ce2ee256212bf8b2ba9ece0df39c58f0fbac06c4da946787abf19dadb536bddbf7e51d89f22413575e064c6482d936a89d48be159aeb5055feb0577ced6c5334411d1d58a7e6d02eca6164d90fda39685fd619269fea7f21db51f6aa6961250e03c9e00788c178dabeb68f13dea29f8cdcf30478dbca15c4519bb342ba8b201019061bf8317022dbc5673fb4ed92ef1a1dea0a1a00cb3cbca291f7ebcbec27ea5e824f04b82f5644d4368cdf8026550bc2f86b83da6a265357eb548a9eec6622204b3dcd22440fec0e12819ade4ba53b53b1e6ab906fe0cacabb9c15e8b657475a0dad62dbcb1037aa8617787abce24a0aa4cf1b5c85c030a14277832a95d8b29a4ea86fb80148ece147ce4bf386995ac28e1ad1e2072f3f4fce5c05d9bdd0af118815d6ee89aabfa3f8173e6fa59dfa4a8c1ba7641291b3c18c6ccc4c3588d56d169d397facb4e67485610cc68197b3a43fe78b9458dc47e5057d5bc6b8e3b65bf414818b65d41ed7cfd7a35fe79c9851ef39c3e059fb3dffe331a791ce75728efcd58dd9b3ed1c93b128469afa648f4f91de6e39d5bef7a0e69bdf5b2202682d857847a64b33432ea0f33bbfd1948ad0b6c66d853fef1e6c0d712b86c40f79ff4d125baebf2a4b32dfc8bed2a697f745cfeb16303b4f8e866ee0bb6a5eb6c6ce513b5cb84e2b44854c72ed0cf2e838245be8d098a6943d845f5a8c07c1036da86cab0d5be4ce29545fade4323acf2085b7645107dd12d5b3af7bb37be1b291cbd6fe297c4b4a2a23280358711be91f21305c035bf1f57467a1853c999b3fb478b11c49cfac66429a76099633a54689047d66fd8bd6eebea94fc8007d9e2765e2969608a78d0b96d6b30360e81fb9df5262c8ff15f2fd7000756d8cda1db3847d6f793bf803b159344c57b480c87702cb3d1260692a19ebdceb2e05a2fe2eb5ac5cfa76551a04795915bfaba9849a623e46ac1832157d0ea5255b5cacd4efa844b0ce5f2f0e1a9dc4fb115fce2640ec6d03c5fe15b4837bd6e6127349f2b6b0fd61c82c96531714f5b623ce4e4978c4a0c86b3c17f50acdd67d283ec934ed36ba7360a10ffeeb7864113eeaa25cccc66613e0757782381614b8da3cd0a85cef7bc384969517c920e8454a5a0f112d1653b2828e895d0614e5bf4dec0ec863432cce9337ce7c29affa7f29fff97bd54a6947cc68df8fed17850209242c1c67d0d7aced2efec4b3c006678bcb8716e8e9e40d78781fd6cc5b5522b8ed2ec8cecb677849b778c0a2a17817a3dd2278080e109906dd4e99b772d5911893fa09ade4296876921d1e009e714df7e4973ab1d2e593d88ecf2151e97ec66176549d3af66652c8377e162454ce7cc8ab34397d31978e84aea92a3c0a8106a2a31e33a8dfe942819fa1f2c1272d0f3cbd7dae820642cbc00202455ab7fb81857ef050a1965a291001874b38397ed9a8e8106dcfcdfd80d0f5d0ef0d5775e53cc5aeb1d6bc13886f8f3491cd6af5dd77ace3689fa2bf56e9b4d1e4964f8fd8f0a4a8b5d7fb678f0f3adcb4a19b5168ac5aeee6f087af15af3bde52a9be0f550b21b10ce98da70445284d9db9416732e63b6efb3ced984c0df50c11aa677f822af7ad39b8b4c0d236e4b36a00ff73587b39f917d7effbb37b95a96e350a430d544d68623c80bf2cd2d689b4dc41e8ef374c393092a2619055f268fbdcb9de494e6582be90a4798bac801bcac8389c823759860e7c9d692f41ee2a6b9624da3c09a2c8e7cdeaa100ba8ca25a737046d8bb237b9546641cfbb2eac9bbee9e125b14dfabac642e634d32151c06ceb3ddbb3d3f038ab2efdd063152270449ed5eca2655cd0016147ebbd00003eb8cd25297350afbffae43cfd9867543b81da4510850b1afaa199d0477837017e9098bf5b3973efe218a88b3d2bb172fe77278088997758fdc1dbb0b1fb6af2ab9db1ddf3e3fbd8e8dd35f918779ccba75b3cdfa317fc6e3cbeaa8b11ce2a30cc53292bcb9dc2a18ca400c674360c041c97ee6aec1448a025c6b04ae9efb3a01d31e3f897cfd5dc94dac95c88b95a26676cc6153e203535891116a5f4ebf54c71cbbe3215a04c57c7ba874a1e203bc66d8161d5b556f661244d9d405a2e6baaedd0d0e4c7e093c2ac0e5ee83b7ddf91669dd59016f7cb53d19896fcc838dc008da4a5fdc0a4fac1a6d7f49b24bcc01467df04d8a3f3181cc4e811942a53daf784b59186a17756a8f3a41ad93035a893a4ff60dd8f54a533e94cf87864169287804df3aa38dc5ce6021a06c58d48985c562a0f51d8b32879f9fb7d4a1d3d442626810f151b161b7e35f9a0b3bec05979e381140f31c03ee6f5549e6e7f116be5e87e0a9ab71ee632f837e9a0f9ad1b4979304c26bad6e84eff0b5b79b667e3d74e354d04f5b2c237102e41a1a4dcac99cbb911d9484aebe6ab2cb539a1db3e3302fb833a44a2d725e858ea9a65d43bb7661842b655c51a1ff25207956e8c6c71667c79975d69f6889fa34c59771488028e3d7500ba0cb71ae5751a51b568e67bdf2abb63838aba5e5cfbbeaf02285f6cbe58428a92a6fc25abb01f8d55ecbd7cc0ea69cdfb188b79048dbea488493681b0e70234463ca3e425d24e2ae4d800ce3adb04ce69428b5f884f8dc83392c22e456a2e195b86d717ac45003a99ae9a59c94167eb04aba3612528f94dad3360b46bc456fbb78072eb7f96418c71bec09831b0a63e83816ffde0d9909c06e765a666c2c41b20c339e0d39107311830ae9ad912f0a85f2ec5ca66a79798a568dae14f76b6d59e6c0bc0f9ebdff29c0fce58367c9705bd4323d3c3e125cdb13da6e58f3fdb2751401014e393e3fc688f04080a90430e531767a7c4f3187ccb7b90880955e766aba6091c4e8fed36482bb5a63372350dd08fe84bf5afd1a30a0f8f4de7a640fa84b9c0447073a0b39bf875d0377c8a572adefec3e033fb3dad91b22bfe22c01f23f27ab0c6a1ce19d2f4f4235281cbca15dafe50f383ba89a8c46a666b106c1ac534955df71f4c560010934fd3eb68eebd55487defa1e024f75ac30139cd190bde1dc8684936bc23a1882ae469fc4af8730d29658f996f71c219526497918e359228b55849d952f4b2996fe5f45a6cfdf87da93bfada579479b18d05c4e964c85b88a7bfc6e4f2b5d6e98e00635e8bd2ebb9eb40b99a9e9db2f688b2d94b8cc8c5fb2a1928624fa5df1c228e6499d992453772084bcd33dda984d97e3857b6fee43c6666b3206ccfe3af52debea4ee060c6edd194b90309213f5c4805f454c7e57bc759377aae9727e484391486be0849c5cdfa99c5a0d0687d6afdce97a32e01d45fef015e7c869ca190219a778b91d881a7b595313fb462e5bf78260c78285d6ccf5e4c50ed56ff28e3f49912773f0a58093f259b5cf4e7f607c51a81576fa95b97bf32d0e2e3511b5d784eba29a15246a97ccf608db456cd70adacc6c31913416f24f38dec3544ac2e88c409b5ff7771d873ea8d7a1868775c8b5502273c784cf945680fb14f143140b56462cd46874ffeacde7bf329fe8369df9c4b95a42535ea56ad6fa260f5c738eb9627f890f4a34f80bf3b8fe568d44c3895029b5f9557f17469a53fe4c0d581eb29029ff162ca906cd0e4bb81138be91a254752bf849232ed7042a82cda1e14dfbfdf74a09c17a9039749c789ab0242ed2d0249231c4ad70c23c805676968bdeb96c2d8886f784ecc3e42e6493e45aa20b6e8ede65c49136c9e9414a4371e3012bf596d55315be17ea9396b1df7f82db27f0d121f8aa66c40365fa686a46f430b4cd336da0d9937d5c26284bdcc6c4e0d5a6acc1be089e1a5d6ec422ad3961fb5c5c9836466c3366e6d3f2686b19b529549cacb6252b0d7a7f5df42ea2961ac59ba0b911311ccc4d83f8611f0c4b071544236037b2863d673303a4e3d428131b07f60eb2cd507dc43503456ce829aed8254bf0b51b38008d42e445acb0effc2ab7e4bc26ad76ffba1220f2e878fe9b5de39bf4f25a9ed468cdb100008ffac6bef401df4817b23463e771a3c834c32993274689c01004eb94b89bc44257b7d2b3936caab6d86937b5bb8f705d00fb6f091711222b6dc25eeaa0e350fe484337396162c86bf7d3a1ab82591ad35d393664617041142c0f8b528e947c092f28c3142493d056bd548910615e7300f041f5d01a2f00138ae5d7849244ef9215f5c9dd874e60ca4ad883f86e71690a510831e35c24de1e0d1261172bf4a8625af958febb7b109c5ca5bfffd4342c43ad02136c6eb117b4a6ea98c07a91279731c1228b01e6be755c1c1d095d3cdfe950ac32eee77327a0e7e342ccfc13c69ab6ab113b18c1abe72d39c03e351986cb3326b8b17ada5884aa7d0a553b0d35e32b8c09f1a4106f5d675a88a1508de4a0e9c598c082ae5b229b75579e39e297b225a852e3f6a7d0990a45fdf68771991acf9b7a5c04bc21a40c57817d500e8ebc6b5919219a4110395817c92bf9eb9c623606d4d98ed68dc0b51a0278b0addce8753f86316158bb4bd6a7a0c4c72b0d17b9545695e54826021a6ac44b4de1b4ea977b20af3c47b8860b0ed29a68c1a883777097d54b162cc58edc0f4de1afbbad7c340a5cd9f2f93133cb2a4babc2a688e2ddd580ef8d9d0846c269c265ce9d978aa233c73aa11eb78d3a67f4e7a3dd035ef5a1f832ada87c7dfa377b77215f8c23b1a78e4a7faa6d0c1a4a28a0ef7b32b36bd566d8c478d0133ab43f9c2a4829624eec535234eb89a177ca8d4e9d2d422f33a24d15044822e4a4c1bca5f470b8c8fde09fb69160297218398da27f4e80dbd480782ee75cecd20ad23fdbcc1d4a0acbc63241c1e2cf1a0b12949e42f707ba06b6fdbd8f336bd72d7f96ddf9ec2b5cfcc4c8da6e1ea573e97eeaea537511ac9fd2ae78eb18cb50c13b595f8b6d65ce8c08e9028fffff6b512080dbbd3fb5e5068538c05f73254969f9727db9bff0c6aeaaf83713812499308792a7fc8318e6b2996bcd1b072641be1eb8e028cbd6b0a5f1fa13bfe35b5cd0d2ca21d9cf8ed97f724ef73ab5a99d65befa38d636f2f827d229479377f25501f3a6ece12cb095549503b2299db7806d32751d4851d62b0c6a91e2e961d475d33a8874c96df52c75bb5a0569e892743937451f75345e0351bfa334d37aa43f01ad1ff984dec164faebc713de31470db5e536a0681a042ced0f9839d9ce89259349075961985171c27c410c99458d4c25614ea1d4252293c4f85b0d2ded9ac560cfd024c199d5f0f4bd47763690ba1bca88b8cc81059bb9fe82c955488523114db8c2caf8a63c0049e90ca524330b57edcf718f6a7aab0efe282079d198cc3c1294f35d1a1bf5f69a8838cfc5d4363f9ca9383f83e4f9576de3fac48866ddcde282e5e4ee3f852a063bd6423ac1fdc6201b1facd6c36609fa2faf96afc1c0b76fff27bce059ad6390fd1e3f735806ce654ed555a78ea8e59fb16ff5ac5ad183aab9de37c3d033b3018d591e7ff1a896de969f561260f797603df5fc232076ccdc2e1fe9fc789253a54af151dd50f89e777c2541591101720c893647bd4b3e6257de85251c9bcd700154e85db2a9e2c4d9d2e531a18bfaa05d16ce75f823e60416b3afebce16555536120d5f554fd13e861d74c4947a62d2d09473d8d75f03d354572b371b02e16f3976b1b0b235582ee38d938fe843b107c77c2acd88f34e1669816eb3867134b1c5fce5afad3c70f9bca972ed494577f2ba6362a6ee6b4720bd86938bb49490982a1b5ce6dd54b79f093ce27051530e1233f03d6641392d4fe7a1f7dcec8ba86d8f32f00f0ad50a29b1e17de07bd0205c0d893532c198f23656f7f5d178c0745b7e0b7e8afdd29c8fa1639a06039980d9a5fba11801db4e7868a9b77925a03a770aae3430b1ccbddb8bd766f51fef71ba25cf9184c9cfa6f9921d69066d09a656080f3c5fe475ccab94cdfccd76f3c7dada9236d1be861eb5fe6247ae9f97b7705bb71c375e8b98203c5bd224202c1aa714da47e0daf98fd3eca617f9a255df5dbe98a7520a1e6db9b88af893521f2ecf7fd2b08a7f3c5aeb77ebe6f52739b473840889c41315407477b82242d9a805f9aa200a129c4701d1c88ccd34871f356caf02da9937a88612a9755315914f4e8e1bf471a46c00650457cc06db168e5457fb3f9662994d901a1f58306156979aa795afacc1a7d6111cbea53e97fb71c7bbe44558fb06f8d78ee08e3678b5d218e13f79cf06f1da9f7e128647884589c487147b3edbdaffa16f9388568d3c8caa34a6b944e4f171842cdbb293474fcd5201b7440e05ddcf9e0b476773119516ef45077705e8bab5f877657205bf9eaaa7c86734b1b6c3661dfd4b9eb8590f962e17ad51b44058d558744e5b44cf9db280bff1062b2431d298064f11e7700ba4c8ece6f4df659d4880c4983db0152f1f903023672f6234620134bd5d1d888022da128a527d82e8fa1a562827a4f1592efe3b0bb78060626e8688ef3d5162afe9f1060123dbb1f93b7bdb6ad4ad6e1772bf8705cca424d9c42e4992eb5bef1ec7961bd4260d1e55e863fa9c8e0cb6d28b495fa37b5f59fd18cfcec6319288dd7363821e47ec46664e1994157319eb0d466b42fd9b5fac5ba979a9baf4f699dc539bf77852e18014074f88108b654219e4f9396696c94eb9fb9b360e59920f187029608bed76d09dd006f4033d384cd109726d51850202ba564599dbff7808591f834cc4084db29111de86a70217defa490e39c6e281650d15b1e44bb55164be0f6da58e838bf5f4d7cc2a23b818557ab1fad0fb2253c4da6af41591940b2608f6fa6bc25939ede95317ff96050bbc1f389235caa78adc0d801a56b2fb4cc41e73d5131552985b5af241722e0637f3b88e46b09ea875e5cf66f534666368ff8e46413e5ab557236134afa63478e18328d33b1a235deb2034955cdbb2bfd0e55fd885f380ae8efca1feea985a946519a712df1384f9e024efec61c30a6989aa3b5bd486366f3fccadc0add175c1cf0d2730ab97370eb47bcda4226ee140edbcd9b38b8ee913587125cb185adb4df18e80df2b0ea6e3e87dc8755fe6823ab5ee1feaebb1e6208cf3dd5ad5581f2388be92", 0x2000, &(0x7f0000004dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002280)={0x18, 0x0, 0x2, {0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r2, &(0x7f00000022c0)={0x50, 0x0, r3, {0x7, 0x9, 0x0, 0x2321810, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50) ptrace$poke(0x5, r1, &(0x7f0000000080), 0x0) sched_setscheduler(r1, 0x0, &(0x7f0000000000)=0x1ff) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f000059e000/0x5000)=nil, 0x5000, 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001200)={0x60000010}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB="24ab9f361a8fb53c29434629e4230cd3be481a98eaa8c73548e5ab773f89e7db127d743a03aae756693fee49386fbf3bfd5820893dcb6e5eb07711959c44c49ae66eed751450a543319e5fdc0714e03d4539ac5f", @ANYRES16=r5, @ANYBLOB="010028bd7000010000000f00000008000300", @ANYRES32=r6, @ANYBLOB="0500330001000000"], 0x24}}, 0x80) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r8, 0x4, 0x42000) write$P9_RLOCK(r8, &(0x7f00000001c0)={0x8, 0x35, 0x1}, 0x8) read$FUSE(r8, &(0x7f00000040c0)={0x2020}, 0x2020) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002400)=@gettaction={0x85, 0x32, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x0, 0x4, 0x8}]}, 0x54}, 0x1, 0xf0ffffffffffff, 0x0, 0x80}, 0x84) 2m52.640529446s ago: executing program 1 (id=683): r0 = syz_mount_image$vfat(&(0x7f0000001140), &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa18c56, &(0x7f0000001580)={[{@fat=@gid}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '865'}}, {@shortname_win95}, {@uni_xlateno}, {@utf8}, {@uni_xlateno}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@shortname_win95}, {@utf8no}]}, 0x7f, 0x2c1, &(0x7f0000001640)="$eJzs3c2KI1UUAOBT6Up3WoXOwpUIFujCVTMzvkAHaWEwK6UWutHB6QFJwkAHAv5gelbuBVe+gzsfwAcQxDdw4XLEnbMQS5Kqyl+nezqS7hmG79vUSd17bt17uf1DICefvj7o3X84fPDo69+j1UqicRRH8SSJdjSidhYAwIvkSVHEX0XpaX13l16ljeucFwBwfa7893/nxqYEAFyzDz/6+P1Ot3v8QZa1IgbfjvIkymvZ3nkQn0c/TuJWHMQ/EcVMGb9yt3scaZbVbwaM9iOPGHzyS/W68zhimn87DqK1ml+/o5BNxVuD8SifPHlybcZLSUSnSMoud+IgXo0omlENUl7eu9s9vpOdz498N95+84dq/v+exGEcxG+fxcPox/3pEPP8b25n2bvF939/Va4gj0jGo3xv2m+u8B8QAAAAAAAAAAAAAAAAAAAAAABbc5jNtBfr59TVAA8PV9vTPOLPQZ0/rw90FNP6QFWFn/FCfZ1bWZbVZXxGeTPK+j5pvJZG+qzWDQAAAAAAAAAAAAAAAAAAAM+T4Rdf9u71+yenS8HPxSTYv7TPapAu3Kk/1v/0rPVB78eIzbOuEsRONbV+cu4RSd20wYA/XdC0VwbViGeXj7O/7qHRuGgP036Uk/9u8014Y9MFXj1oz6dan67evSRmO39W7e5yVmv9IVk4dfUxPB0mGxzIYs3W7VyYtbulTdh9+f+m78e6psmKm7PNXM5qrWxmcxL8ur2flBXJ9n7pAAAAAAAAAAAAAAAAAAAAa80/9Bt/nGt89EymBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3bv79/7Mg2qt3VoNxlTy907i8897pcM1j2/HO9Pr4RhcLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAC+u/AAAA///Qo07w") syz_open_dev$vcsu(&(0x7f0000001180), 0x60, 0x600) (async) r1 = syz_open_dev$vcsu(&(0x7f0000001180), 0x60, 0x600) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) (async) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xc, {"a2e3ad214fc752f91b25060987f70e06d038e7ff7fc6e5539b325d078b089b3b08386e090890e0878f0e1ac6e7049b334d959b429a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31303b305d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c0428918246d9e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1ccab2689bee59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae23034202210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ecdf5e08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) write$P9_RLERRORu(r1, &(0x7f0000001380)={0x18, 0x7, 0x1, {{0xb, 'uni_xlate=0'}, 0x5}}, 0x18) syz_open_dev$ttys(0xc, 0x2, 0x0) r2 = socket(0x2b, 0x80801, 0x1) listen(r2, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x10}, 0x50) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x10}, 0x50) syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x800, 0x1, 0x82}, &(0x7f0000000180), &(0x7f0000000140), &(0x7f0000000100)) (async) r3 = syz_io_uring_setup(0x34b8, &(0x7f0000000540)={0x0, 0xc3b1, 0x800, 0x1, 0x82}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) r7 = socket$igmp6(0xa, 0x3, 0x2) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001200)=ANY=[@ANYBLOB="440000000001050500000000000000000a00009f300001802c00018014000300ff0200000000000000000000000000011400040000000000000000000000ffffac1e000186e7fd92b05f3231d39465b21c8eb7"], 0x44}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590) (async) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r9, 0x56) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000001280)='./file0\x00', &(0x7f00000001c0), 0x1000802, &(0x7f0000000500)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=', @ANYRESDEC=0x0]) (async) mount$tmpfs(0x0, &(0x7f0000001280)='./file0\x00', &(0x7f00000001c0), 0x1000802, &(0x7f0000000500)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=', @ANYRESDEC=0x0]) chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r10, 0x0) preadv(r10, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) (async) preadv(r10, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) syz_emit_ethernet(0xd2, &(0x7f0000001940)={@broadcast, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "2e5cea", 0x9c, 0x3c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], {0x0, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "ec9623abcc4bd2ceffa36fadcd9330abb76fa7040ef919fc7b0f9b0da2e9e929", "6e35f0c80882f70000c08862205573dd2a5eb2f85b00", "da1274d5285d85f9776ed87dab0d73f66c063c8bc0ea74bd2ef59e05", {"b69bcf4bd1856a7a3a60c503f240ae8f"}}}}}}}}, 0x0) (async) syz_emit_ethernet(0xd2, &(0x7f0000001940)={@broadcast, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "2e5cea", 0x9c, 0x3c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], {0x0, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "ec9623abcc4bd2ceffa36fadcd9330abb76fa7040ef919fc7b0f9b0da2e9e929", "6e35f0c80882f70000c08862205573dd2a5eb2f85b00", "da1274d5285d85f9776ed87dab0d73f66c063c8bc0ea74bd2ef59e05", {"b69bcf4bd1856a7a3a60c503f240ae8f"}}}}}}}}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) syz_io_uring_submit(r4, r5, r6, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x48, 0x0, r3}) (async) syz_io_uring_submit(r4, r5, r6, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x48, 0x0, r3}) io_uring_enter(r3, 0x1, 0x1, 0x1, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000001340)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001300)={&(0x7f0000001a80)={0x240, 0x1, 0x1, 0x102, 0x0, 0x0, {0x1, 0x0, 0x5}, [@CTA_NAT_DST={0x7c, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @remote}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @private=0xa010101}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}, @CTA_NAT_PROTO={0x4}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7}, @CTA_LABELS={0x14, 0x16, 0x1, 0x0, [0x3a8, 0x10000000, 0x1, 0x1]}, @CTA_NAT_DST={0x20, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x11}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x63c}, @CTA_SEQ_ADJ_ORIG={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xe1}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}]}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x36}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xeb4b}, @CTA_FILTER={0x4c, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x4}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x401}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x2a}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0xc8}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x80}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x40}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x280}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xc81}, @CTA_FILTER_ORIG_FLAGS={0x8}]}, @CTA_STATUS_MASK={0x8}, @CTA_LABELS_MASK={0x1c, 0x17, [0xa, 0x7, 0x8, 0xfffffff9, 0x0, 0x40]}, @CTA_SEQ_ADJ_ORIG={0x24, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x68}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x99}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x40000000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x841}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0xfffffffd}, @CTA_TUPLE_REPLY={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x8}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_STATUS={0x8}]}, 0x240}, 0x1, 0x0, 0x0, 0x4000110}, 0x8804) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000001940)={{0x1, 0x1, 0x18, r0, {0x5fa}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}) 2m52.284156053s ago: executing program 1 (id=688): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) sendmsg$nl_route_sched_retired(r1, 0x0, 0x40000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 2m51.545048366s ago: executing program 1 (id=691): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = gettid() sched_setscheduler(r1, 0x2, &(0x7f0000000400)=0x8000) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000100)=0x4, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0x3, 0x2) r6 = accept(r3, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f00000002c0)=0x80) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x1, 0x3, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_TUPLE_MASTER={0x10, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x24}}, 0x40801) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r4, &(0x7f00000000c0)={@val={0x8, 0x800}, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @empty, @random="fabfa839e995", @multicast2}}, 0x20) 2m51.483181475s ago: executing program 32 (id=691): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = gettid() sched_setscheduler(r1, 0x2, &(0x7f0000000400)=0x8000) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000100)=0x4, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0x3, 0x2) r6 = accept(r3, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f00000002c0)=0x80) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x1, 0x3, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_TUPLE_MASTER={0x10, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x24}}, 0x40801) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r4, &(0x7f00000000c0)={@val={0x8, 0x800}, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @empty, @random="fabfa839e995", @multicast2}}, 0x20) 2m42.718910432s ago: executing program 5 (id=781): socket$inet_sctp(0x2, 0x1, 0x84) r0 = syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000040)={0x17e, {"b6b1449af50700000000f904008000", "00000026021006000000840200000e8b", "00000900ff7f000400"}, 0x0, 0x2}) ioctl$DVB_DEMUX_DMX_START(r0, 0x6f29) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20) 2m42.706126457s ago: executing program 5 (id=782): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x50480240, 0x0, 0x61c6, 0x7, 0xa15, 0x0, 0x0, 0x1, 0x100002}}, 0x50) ioctl$UBLK_U_CMD_END_USER_RECOVERY(0xffffffffffffffff, 0xc0207511, &(0x7f00000003c0)={0x0, 0xffff, 0x0, 0x0, 0xffffffffffffffff}) getpid() msgctl$IPC_SET(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000320007ff2cbd7000fedbdf2503"], 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) r5 = socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r5) sendto$inet6(r4, 0x0, 0x0, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='cdg', 0x3) sendmmsg$sock(r4, &(0x7f0000004600)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000006c0)="0e", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000001a00)="02", 0x1}], 0x1}}], 0x2, 0x0) 2m41.632396221s ago: executing program 5 (id=796): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x1f, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="180500000000000000000000000000001800000020696c2500000000002020207b0af8ff00000700bd510000000000000701000000feffffb702000008000000b70300000000000085000000b300000095"], &(0x7f00000002c0)='GPL\x00', 0x1, 0xde, &(0x7f0000003e40)=""/222, 0x41100, 0x73}, 0x94) 2m41.458928144s ago: executing program 5 (id=798): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x10d402, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x200000, &(0x7f0000000240)={[{@noauto_da_alloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x553, &(0x7f0000000980)="$eJzs3U1vG0UfAPD/Ok7f0udpKlUVcECReqCo1GkSXorEoRwRVFSCe7GSbVTFqavYqZpQifZAL1xQhYQQlRAfgDvHii/Ap+iBShWqIjhwMVpnnbqNnbiJ27j495M2mdkdZ3Y8O+MZj50NYGhNZD8KEa9GxLdJxJG2Y8XID06sp1t7dGM225JoND77M4kk39dKn+S/x/LIKxHx29cRpwqb862trC6UK5V0KY9P1hevTtZWVk9fXizPp/PplemZmbPvzEy//967fSvrmxf+/uHTex+d/ebE2ve/PDh6J4lzcTg/1l6OXbjZHpmIifw5GY1zTyWc6kNmgyTZ6xNgR0bydj4aWR9wJEbyVg/8930VEQ1gSCXaPwyp1jigNbfv0zz4pfHww/UJ0ObyF9ffG4kDzbnRobXkiZlRNt8d70P+WR6//nH3TrZF/96HANjWzVsRcaZY3Nz/JXn/t3NnekjzdB76P3hx7mXjn7c6jX8KG+Of6DD+GevQdndi+/ZfeNCHbLrKxn8fdBz/bixajY/ksf81x3yjyaXLlTTr2/4fESdjdH8W32o95+za/Ua3Y+3jv2zL8m+NBfPzeFDc/+Rj5sr18m7K3O7hrYjXOo5/k436TzrUf/Z8XOgxj+Pp3de7Hdu+/M9X4+eINzrW/+MVrWTr9cnJ5vUw2boqNvvr9vHfu+W/1+XP6v/Q1uUfT9rXa2vPnsdPB/5Jux3b6fW/L/m8Gd6X77terteXpiL2JZ9s3j/9+LGteCt9Vv6TJ7bu/zpd/wcj4osey3/72O2uSQeh/ueeqf6fPXD/4y9/7JZ/b/X/djN0Mt/TS//X6wnu5rkDAAAAAACAQVOIiMORFEob4UKhVFr/fMexOFSoVGv1U5eqy1fmovld2fEYLbRWusfaPg8xlX8ethWffio+ExFHI+K7kYPNeGm2Wpnb68IDAAAAAAAAAAAAAAAAAADAgBjr9P3/1v9bH9njkwOeP7f8huG1bfvvx52egIHk9R+Gl/YPw0v7h+Gl/cPwKq7fzxgYQl7/YXhp/zC8tH8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqwvnz2dbY+3RjdksPndtZXmheu30XFpbKC0uz5Zmq0tXS/PV6nwlLc1WF7f7e5Vq9erUdCxfn6yntfpkbWX14mJ1+Ur94uXF8nx6MR19IaUCAAAAAAAAAAAAAAAAAACAl0ttZXWhXKmkSwICOwoUB+M0BPoc2OueCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe+zcAAP//eIg3rQ==") llistxattr(&(0x7f0000000100)='./file1\x00', 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x9) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) mkdirat(r0, &(0x7f0000000000)='./file7\x00', 0x1dd) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r5) sendmsg$NFC_CMD_DEP_LINK_DOWN(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250500000008000100a1"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40048c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x103) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file7\x00', 0x2) 2m41.165258471s ago: executing program 5 (id=805): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0xa0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$USBDEVFS_RESETEP(r2, 0x80045503, &(0x7f0000000000)={0xc}) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r3, 0x29, 0x38, 0x0, 0x64) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000600)={0x23e3, 0x0, 0xd, 0x2}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$sock_inet_SIOCDARP(r4, 0x8953, &(0x7f0000000300)={{0x2, 0x0, @rand_addr=0x64010100}, {0x1, @random="7a72e62594e4"}, 0x16, {0x2, 0x4e22, @private=0xfffffffe}, 'syz_tun\x00'}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x2, 0x4) syz_extract_tcp_res(&(0x7f00000001c0)={0x41424344}, 0x5, 0x1) syz_extract_tcp_res(&(0x7f0000000200)={0x41424344, 0x41424344}, 0x1, 0xfffff800) syz_emit_ethernet(0x113e, &(0x7f0000000d00)={@random="c3ad7f0ceb48", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @void, {@ipv4={0x800, @tcp={{0x3b, 0x4, 0x2, 0x2, 0x1130, 0x66, 0x0, 0x4, 0x6, 0x0, @multicast2, @private=0xa010102, {[@generic={0x83, 0x8, "54a8aaa78f92"}, @timestamp_addr={0x44, 0x34, 0x2b, 0x1, 0x8, [{@remote, 0x5}, {@empty, 0x3}, {@local, 0x3}, {@private=0xa010100, 0x3}, {@multicast1, 0x10}, {@multicast1, 0x3}]}, @noop, @cipso={0x86, 0x2e, 0x2, [{0x5, 0xd, "0cc926fe1ed21c25c751a7"}, {0x6, 0x5, "63cdf5"}, {0x0, 0x10, "f738ed39eb6b3428d46a6431ea9e"}, {0x2, 0x6, "b4d9160f"}]}, @noop, @ssrr={0x89, 0x2b, 0x57, [@remote, @multicast2, @multicast2, @dev={0xac, 0x14, 0x14, 0x26}, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @private=0xa010101, @loopback, @multicast2]}, @timestamp_prespec={0x44, 0x14, 0x59, 0x3, 0x1, [{@multicast1, 0x7f}, {@dev={0xac, 0x14, 0x14, 0x17}, 0x6}]}, @noop, @timestamp_prespec={0x44, 0x2c, 0x3c, 0x3, 0xa, [{@dev={0xac, 0x14, 0x14, 0x3a}, 0x3}, {@rand_addr=0x64010100, 0x9}, {@rand_addr=0x64010102, 0x4}, {@local, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x52d512f}]}]}}, {{0x4e20, 0x4e22, r5, r6, 0x0, 0x0, 0x11, 0x1, 0x6, 0x0, 0x0, {[@sack={0x5, 0x16, [0xd, 0x0, 0x5, 0x147, 0x400000]}, @mptcp=@add_addr={0x1e, 0xf, 0x0, 0xf, 0x4, @local, 0x9, "64cb45a5f3"}, @timestamp={0x8, 0xa, 0x6, 0xd5}]}}, {"8816892cff27678e976506524a2d6ccda133ead310845aa4f41116f9fec25350e18bf6d7fc1d26f85b178cdc2d341a09b620d2b84348c2053bcd21d5365bd27d6ff69577e87d1a37f5802124b8281b4201b4713c3f1a9b3e4b72562cf8652a03e3c91552c78e40a003bcb8c2e93f3365b0fea5771ef5f86545b7a5a13d99867a1cf23ed5eadf969d98c7509fd0de203f9a71ef6306b124a9f701eb3aca91d567560091d7de8ee8a25b2d7dee3845b156f3c517607a6e4cff111d82d20539bbdcce0a49c21595b7a7258c9c04035267a7b5c83e7a69961e5762391fa2a7e30c770088bbbc35efea3231c0d9ff357a74c3dafa5ab04d2eb485f010347e2b086d2df144c4c6ec95d2f1471e86519334156b44550cee2b746d3fe4145c3f408319d802c9075437426ef95880ce77aff4ab0729f79a11ae010b8d357e2d3268d4a89088f6edbacde71a9ad91f55691175d49e19f87dfd7516ad9cb8e57c54f487c7d516dd081ac89050e1011030985fc5537bf8ca1c4f5164369107232d58a77861929e723fd92f4f49ea3243b193c9a699653da70b9e609cd47c5dee9b15bad09d67c2990bed7736b761539c28d42bafe5604e0d2d31fc5943f4e03cc9338ce232dfea2fc1919fe89c65bf2ca69fd9e1c770ed27cf2029a6c063d7e1857959f59fd9e9457d0d86799f770609ddfbd2a62d3b62699dbf2dc27e35ddbb9a5df3d9a5713eee211f51a5b03fb4a311ba6533d4492372ded72698975ced2c1507e5e5f601b6f6a248eb714ae7770911cf175deb6b411a7196a20c8e2cfcefc97a14a5e9f16abfa5d4710d1806e859bad193cda0ee357cc55dc46d88475f69f6ddf344555cb4a2257c25dca54501bf38c6826054680800b0199e233444f3180a2e5bb2153507efa1196c785c91a893ff5a8cc18217b3702b8221f25585b75419e7ee9c24095cd21ef31b7bd3cafc7f12533dd5129e1c34d64a07127402d3aac9203956b3c92a645ff5c03cf947b199feb372bf47e2dd8fa7df86984ee21d64cee338605be4622cfcbaffbf44582a278156577a34394ad9a983bfab229778f144a78ca70e833cf4407b4d1564d9625baad3a3a5309937564f9b8e9ea4c25c377516f42110a3546d35f46ddd40bce88a3019594c8cacc9f5700bde0ac8ad2096acb8b223d5ebf3fcd7a7868c3ec0ecd6eefef58968c4ecc46ff303259308161cd8e6d901fa9232fa42b1f2975fd066e6bb8a1109af9ab2c09150f1921b89595efe784a9b3957321054e85b0c1c8dc5c18fba2307ba3e2ca200501b77059210d5c5682f34510a0da12af86a3c8c2fa40cbe2b5cc33a3d02d9cf9409c9178caf78d306db04aa287b244e9edb58f47513034328e58dd2ac9447b3b159f6ce006adef1a52bd452e5551c69d62fcf828126cef8978ad2c5988b6dca5c57d43ba147c63c3b26f4e2f7d356c620b9760c7634a1c56f5772085c916a263dd5910945152c8e36b5d5841ac8f8e7ee842a0463ef03d74ff7bc92feca238d5e9b2d41189e6d038a0ef92576f14703f7847e81ceb7fe917e5ee05f385590bc056904c21c7b8633e2d89bfaa7b20de3c198b46547ac28d73e1aae4b1e0410d1694a89f34cfc7ceda06f080a669054097cc13c7a92926a2d15d636077a72a4a7f7f4e938197c8f3ca45f0cf824fed276725e337deeeccba75836cf228787d3feef66f284ec999ae9b270b21fefe02756f570af0e194be73f56672f6db3292c3eecc20f9de78d1e329edbfbc2d99b35602029b58877946a397d66aeeb0556809f8bc8855439d640b5e633afdc226aaa61e5d72a9e3820591a7a113993fe2ba9a0ce322e78e020fdc1ffc50a3c32c0f15fe67acfd8bade13df01f6fcb762aa70d86d86d20d21c8bde710af53a1f42ac6de8d1ddf866b3f1fc35a05433370509acac2a2a716fac0fca51e256c639b2c950c0a1bcede25772559d687083532fd01a971603c76c17f213fcc5f2a529f8c39053e478b46dbd62c9547edfcb4d45c005fe8878aea9b293e23e038ab22fa764a4b2d8333aa25ef6b8d312dc8d0e4e86ec57a98f13c940bc4b1815a31615481c984f186c5c2ead25424fbbb204dd1af717848878b3868774a6089f2a0869fc47e1599f9de9c62a81dd855a5953aef7b9c857b982f48984d59d368b1b8b8f9a781790ac755b4f946946b12aa6eecdefc3a3e6aaeefb74eb1f460f57ebc620f2379477b2726a48ce46325a78c98b6d07974a2b8dc48d04399cfb90bd548e20c7e1346083d085333f0c05571e275eb2c62f42335615981cd327c5aea4ee73a06c616ba8438af1e4a9b856cfd912dc9f40653d3e19b2414f451065c0fab0c23fe2be5ef2d9c659f65c556713788f1281cc31998a06c88a3e448d9b7a3401273a51b5ff7e4660859a299bbbd82c097e3778b334fb532454f25ab234d65cd287083f1cc305e2efd39e8bde203cc2fa54f66655332cf7a7912bf67bff59404c687dd26b8ee3a84021ecbd2a56036bff91af8436b750a8332f819f2e5c137629dba39c2f20ee3ae151d3464f4b20937d43f3fcda571e0fc4b414e943046dcc5c95dcc06522fae19bd080336f04ac725ec6f8b3b6166098bc40e32aa170201a34f715206da94cb6e65bf64aed24c20b9c14e398d1e9e0f8d92422973a6a78820bf9756d7c3dafb600091a1264cf76c23e1e566af67e5edb3b1903e475d843207ce6089e566394eb174dff2083008520c636ecd6e03537600a9866723ac67208a29e653e3a1a7b680f3f3e3030c34bce77383c340e6219a8c7d03199e3edae2ee2333100c973d6a84116ac74b05fad56e025b6d849b3e909aa5beb80afcaf62f78144dba06a92795ac155e9ecfc07e290b99ae3de86a075c46f9d4809f68598e1e1f391438f99f93d2d57e8847f16ef003382a3a7886ca6d5eaaa28f916760c3a9929c1095296f7a6bf3614a3b82b01fc129b0c3e7e9ab73a5225804d967a3c67ac8b330951fa5fe82827b74f826ca796dd3fecee8c552cfbb7fd0dbd813afed872bbf6ba06286664428b89bedeb851f60d9e9391152e89ea184e42968642762886f109dff7e30c14573d74a26d0511cabe9fdafd881e169681b878c2c13cde9bee6fede1b40c907e54dc7728781d49957656484707d7090f01c026605ef782a3217a49dafa6b5a4aaac79f9f0a3c6b10b7183a63e079d98f9805bccda715a6e19100865374c9dbf53a0a830f7b343854209e08f5380bff02fda59ec2a39f47f5035eb643d66a077d1e113604c7784530c5587fc49244cb3f8d53030bd2e5e31870b67470d7e69ba30ed2670bfce2a5b289008e153c211171b87f9dd4994d2fc784efc1c52cb81fb9591df825adcc3a3582a5cf9f7f5b7e91e041199c11bacf45511602dffc70044218eb61016f8a72d318b2899b2be725b2a59020b904bb7d1b54daa4e6c0c44846f21b8533e04e676297112c6a45016fd12289e88ba46ea8613b10a5b492548d7b56e5674a0fe1f6a0ea27fd0b80c49923c17e501dcf003e082dcc2d0c22023809a0a3e77357ca1a6489882ab1bfe71e0cdae90efd233c433a7141fea09d2e2b4d6e8b0dedd6fa21094f5f6e8aa6eac9847ca22e30769bbe613b7382aa9dee8bf2f5e1a9aaf66087bb78c69f9d6470f7848137b075dea9676964d6651701fcc9dcaa549e0906a754e673de3a0fae68814062c7dc64ba5fd927f665a0f9a8b67bd2c7a16b99db7bdde86268ce4766a17d8e57a227eeab46ad1b2914e85f387899ace9c9c699b300bb02c8f4be8a4ca345eeec41e577777cc50cfcdabbdb32238de5e8b933d9e406b890b66018238178ff9b6b73681bad1db614eecb1b7d65a5ea97f8d9d96af84c0586a028ff3109be4f447963a3e8850eba685be0e20334e628dbaf4a3c2fd620f74ba7c15e433aabed5058e3396eb5cdf2a05592672194ccfb76494f8b7b02350602d94b3e86beb3c5ac06e74dce29b4960f793d41239636691e61f4caa64dc03135b883bb8a81a6fe8db21c4108a17903a835c2a19909bfbba14c20d7bbb14aba1e829e3a4691db8c61e26622461eac89e6e6f931afd88a5dbb4be6d75898f3b4fac6ff5bd904a7b8797765640f392271e14719aba4b26e1f9ba08da6ee66f0777374a8d87aa404b826ffecd4987f96192bb83c649571e74653c1544de25a1d2e4e0c8beff8fc43954564868ecc2614ce3c7f782644dba03159b8639816e7e75338b9be6a9bd9e336cad91175ea25c892569da207fba10d016730db651273f7e1d21ae47c0eea5998ce6ccf0341ea543b4b264ba71e0883f1e06bdd161abc1d308ab282fdad23039d1e0031db2feaab9642137effd1da4c2e1c926d315cb01f5480377648c1e72f5a2b9db11199a78cc95e02e590dd8dbab09e309a8f99d3bcde8c315f74608128cb958b5a1dfaf7f5842b60803ed774bc29faedef53f8403fb6d9455583d799a20fda5d79164df35754ef6d49a9f9c89099ae5a21105b6fc0deeaa8e7b71015a9f2a0d351038598cd5adc49dabfda776de0627b9ef5da3fd37d8c09f34c13fef227a91b9eb90841344525b4ac8597af77155ce7cf20694804fd30a44ebf8de6582f88fbe052435d95037c4ca11da213728f1f939fab28ebe0ca5a4b5b2d549fe7fceea91553dd8f3803deacd6c0ae31783e81889fa8e847a2e4f2ac3e6e2896081e5c53d4f9c33772311e56ce0062520d9b96f8d99cd47cef32366a12b009902a90a8803556b66a6a88b061197a7da80f0b0975dae1e8b99ed870206029ca887a0b08826a084567c65d341f9881082d7d9f15e516d62030fef85e779e07fd8a3a682fe13abe7dadd74f2f1686791a0e03c171ce281f640e248d0d7229d32b9fc61d4cca9c29b2d4726914ad4981c1cfd04b3ec0aa0cb5cf53ecdc7a832051b503cfc2c89ee41487c8b964853ba2259d5bae728ff2f652fbf52e0c2410868a3e67f18dc14bdf5a8bbae5454a50f272fb05f4d016a2cfb834d4097825251bc1a6cb988f0c68372abf040c8397b0f19e3be53bbe43f6f7adfabd87106a9ccfbcf1c6bda208166ccefd15df646ad3834ac9c861d7c0ecebe1ab8aabeadcc069d94689d874a86ec3c29c0e45d0d9720e52179191c183e648caae4c3da295de2765d640de77d8791bcb3cf5eafebcc77f324d7a5a77e69884c46297500fb61c46a40ccb9c9f47c046c0ccc6400bdc7770e24ab956fa9d13976e9d025887a65f48604a682e5e23e0c1c6f0d8838ff2020660e550654ee65a36fc6eb3ff9a7421aa02e99b66d799dea503ab547f4c5db95b950ddefebcb21c9725543da1ffb909123bc8ad360ceba540eaaa4fe59c55cd094e1bd8164baed1a64e1b6aa48e2c0260081ceea5c7211a2768868fb05352e500932f872e142d024377fd3d901676e3c3ef91628e565dfcfe39e240e23cbcef337e340723a572287fb5d2fb4684b22a6069a3f9515db812304877ae07f78cf9637c4bd6a96c135397afa36668902b06c6ad39137f3bd7d7c3d702b22ae979558c59dd15c266178162636d21e7973c2af0153a6cd7ae4be05cbc3794b5a6ddb77f98b2a8619478e495c2affffdab1e8d80000ddb62d730f4ca01d925b2b9a120dcf0705572a33804c87b65c848a3f01ccd8fdbf059e7b9ee9f9dc2cce71f33f52ad88089b04ced70ffd502a3b2f6eb65b7e5cf760edff6709a44fca36db8853223213e891e04340a094f0e375c57c529f8a9143924e1e8d8837bc1857e52d7adc330d8682d66712dcff7bc736c2bd67336b597fe4af6b21116cb40b7a116511809"}}}}}}, 0x0) 2m40.587120063s ago: executing program 5 (id=810): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000a7ff10010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@remote, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@loopback, {0x0, 0x192, 0x6, 0x3, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0x81, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB="b40a485183a56abdd3bdf215c15b01cc8c63b37e28e88fa2d175c6d7b19ff16085a7384373b46c666df8949b2dffd17003c6b8adb8e064cb5a15981e9bd82b89d39fcc296961e7dc757d9999606104913ba8ee2b01b553501b69348dbe60bf65bb1fa485d5c68e3d06676dce9b76ffe9057ed8096f5ef6521af931f73e164069f0664773720f693697ba07ef", @ANYRES16, @ANYRESDEC=r1], 0x140}, 0x1, 0x0, 0x0, 0x20040840}, 0x844) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c) 2m40.397325676s ago: executing program 33 (id=810): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000a7ff10010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@remote, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@loopback, {0x0, 0x192, 0x6, 0x3, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0x81, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB="b40a485183a56abdd3bdf215c15b01cc8c63b37e28e88fa2d175c6d7b19ff16085a7384373b46c666df8949b2dffd17003c6b8adb8e064cb5a15981e9bd82b89d39fcc296961e7dc757d9999606104913ba8ee2b01b553501b69348dbe60bf65bb1fa485d5c68e3d06676dce9b76ffe9057ed8096f5ef6521af931f73e164069f0664773720f693697ba07ef", @ANYRES16, @ANYRESDEC=r1], 0x140}, 0x1, 0x0, 0x0, 0x20040840}, 0x844) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c) 3.569172807s ago: executing program 2 (id=2455): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000001400038008000140000000000800024000000000540000001100010000000000000000000000000a04e85089841671d19c3db1c7bde0406d22868a985175129ca31459f815908ce194199f1644b6a9e288b3dfe8d03fbd9af07ef96227c8480f5a3037c09fd14e8991ee6f55102b6bc09dd42b9dd3dd38d1bbf524a73a6cd0036a1bc69d115b79a228567b3cb1c81491120cd784cf71290704fe3c30d4bc1dcf0dfee904a55c1d3efea6b2c55f0e04f9564a623459f9dc660108d47016e04a9370d563a9a1825a3bb30a831522ea8179894c5a5dd45ed3abfb3e61c88e6c1f022f3318be4f01"], 0x68}}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x19, &(0x7f0000000380)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0xe0, 0x18, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0xc0, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x0, 0x2, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xccc}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x108}}, 0x0) 3.440694405s ago: executing program 6 (id=2460): connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) lseek(0xffffffffffffffff, 0x147f, 0x4b2007a31a20740e) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) fallocate(r0, 0x0, 0x9, 0x10001) copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0xae8, 0x863, 0x0) 3.389545599s ago: executing program 2 (id=2462): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, 0x0, 0x0) prlimit64(0x0, 0x8, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)=0x17, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000002c0)=0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)) 3.371701543s ago: executing program 6 (id=2463): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000001080)) 3.257193646s ago: executing program 6 (id=2464): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=@newsa={0xf0, 0x16, 0x633, 0x0, 0x80000000, {{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@broadcast, 0x4d2, 0x32}, @in6=@loopback, {}, {0x5, 0xffffffffffffffff, 0x0, 0xc1}, {0x4, 0x2}, 0x6, 0x2, 0xa, 0x4, 0x18, 0x19}}, 0xf0}}, 0x0) 3.256789734s ago: executing program 6 (id=2466): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) 3.176147435s ago: executing program 6 (id=2469): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, 0x0, 0x10000) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_create(0x7, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r4 = syz_clone(0x2080, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r4, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) 1.077056685s ago: executing program 3 (id=2484): mremap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000006000/0x1000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) capset(0x0, 0x0) r1 = syz_clone(0x0, 0x0, 0x1d, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) mount(0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(r1, 0x0) pread64(r3, 0x0, 0x0, 0x8) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ac95ff9afd96e6c0"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) 1.076606051s ago: executing program 2 (id=2485): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x1000000, &(0x7f0000000080)={[{@jqfmt_vfsv1}, {@jqfmt_vfsv1}, {@errors_remount}, {@sb={'sb', 0x3d, 0x1}}]}, 0xfe, 0x7b9, &(0x7f0000000f80)="$eJzs3c9rG1ceAPDvyHb8I1nshWV3czMsZAMhcpz1JrvQQ0oPpdBAoD03MbJiUstWsOQQG0MTSqGXQlt6KLSXnPsjvfXaH9BT+1/0UBLSxglN6aG4jDSyFVtybMe23PrzgfG892bk977zZjRPmkETwIE1nP7JRRyNiLeTiMGsPImInlqqO+Jcfb1HS4t9EVFIYnn5pZ+S2joPlxYL0fSa1OEs88+I+OqNiBO59fVW5hemxkul4myWH6lOXx2pzC+cvDI9PlmcLM6cGR0bO332v2fP7FysP3+3cOTuO8//+9Nzv77+j9tvfZ3EuTiSLWuOY6cMx3C2TXrSTfiY53a6sg5LOt0AtiU9NLvqR3kcjcHoqqXa6N/LlgEAu+W1iFgGAA6YxPkfAA6YxvcAD5cWC42ps99I7K17z0ZEXz3+R9lUX9KdXbPrq10HHXiYPHZlJImIoR2ofzgiPvz8lWNdWT5th2tpwF64cTMiLg0Nr3//T9bds7BVpzZauNxbmw2vKT5o5x/opC/S8c//Wo3/civjn2gx/umtH7t/f9r62x7/K4Or3J2nrWMj6fjvmfq9bWvGfys3rQ11Zbm/1JrVk1y+UiqeyrZBKs2P1lKtR27HH/z2oF392fjv43S6/+6rH6X1p/PVNXJ3unsff83EeLX7m6cJusm9mzGQJdfEn6z0f9Jm/Hthk3W88P83P2i3LI0/jbcxrY9/dy3fijjWsv9X+zLZ8P7EkdruMNLYKVr47Pv3B9rV39z/6ZTWn853PtLW7t2MGLg/GEmyug3qS1biH0qa79esbL2Ob28Nftlu2ZPjb7n/jx9KXq6lD2Vl18er1dnRiEPJi+vLT6++tpFvrJ/Gf/xfrY//erWt9//0M+GlTcbffffHT7Yf/+5K45/YeP9f0/99WfFqyZMStx9NdbWrf3P9P1ZLHc9K0v5/Ulybadf29mYAAAAAAAAAAAAAAAAAAAAAAAAA2LpcRByJJJdfSedy+Xz9Gd5/i4FcqVypnrhcnpuZiNqzsoeiJ9f4qcvBpt9DHc1+srWRP70m/5+I+GtEvNfbX8vnC+XSRKeDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM4TbP/0/90Nvp1gEAu6av0w0AAPac8z8AHDxbO//371o7AIC94/M/ABw8mz7/X9rddgAAe8fnfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbZhfPn02n5l6XFQpqfuDY/N1W+dnKiWJnKT88V8oXy7NX8ZLk8WSrmC+Xptv/oRn1WKpevjsXM3PWRarFSHanML1ycLs/NVC9emR6fLF4s9uxZZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACweZX5hanxUqk4+6dI3FgNbIf/c39H4xrYH5u3KdEd+6IZ+zrRG/uiGdtMNL9L9HfgnQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgj+H3AAAA//+0Bxg2") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x40) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x1000804, &(0x7f0000000840)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c73686f72746e616d653d6d697865642c696f636861727365743d6b6f69382d722c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c636f6465706167653d3737352c636865636b3d7374726963742c757466383d302c6e6f6e756d7461696c3d302c696f636861727365743d69736f383835392d362c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c706f73697861636c2c6673636f6e746578743d756e636f6e66696e65645f752c736d61636b6673666c6f6f723d2f2c005180f4e7b2da8c3f2fe272df26ff9ca497387fc9af57e51670999e8bc199be03b478bd734a1ad4517930c37f173275bdc3477cead3e348e86c54d3ca19a73e96d5a4291dd83fea6bbb7174e668baf7433889e34758bb3912cc9bc2a7ba3aa69a690fb8eb216f6b745f04820178e7f761ffed80089b4de7af9454bd3090b041d1f2dcc5c701e57f46d7d89b1aa4c23f1d50d917e60289798c1f369da19dc49d2561339d7d350c1f5d5aacc33f3556cf815b7daf9d797e9fc3c697f6ce491f3a74e248fded5ff32bd81ee1cd00a1d65c4e0eafef812fb1fe9a44b8821caa94e146f937602e632be3541c334742"], 0xff, 0x28e, &(0x7f0000000f40)="$eJzs3c9qY1UcB/DfzZ820UWycCVCL+jCVWl9ghapIBYEJQt1ocWmIE0otBDwD8aufAKfwFfwNdyIL+ADOMxuuihzh5vcpJnJTUs606bMfD6b/jjnfO/9nZOErnLz3Xv948OTs6PzX/6LRiOJyk7sxEUS7ajExG9R6t9H5eMAwAN3kWXxOBtbL11RX5CsVe60MQDgzsz+/191LwDA/fjyq68/293f3/siTRsR/d8HnSTGf8fzu0fxQ/SiG1vRisuIbGpcf/Lp/l7U0lw7PugPB5082f/27+L6u/9HjPLb0Yp2eX47HZvJDwederxV3H+nF93P/4xWvFOe/6gkH521+PD9mf43oxX/fB8n0YvDordJ/tftNP04++PJz9/ko3k+GQ4669N1xerqvb4wAAAAAAAAAAAAAAAAAAAAAAC81jbTqfbzz9+pXo7mN+fmk9n8oucDDWeez7OVpmlWpK6uX4t3a1Fbza4BAAAAAAAAAAAAAAAAAADgYTn78afjg16ve1parBerrltTVky+1l8yFU+XuM6NxcayqagWrfWSiOXuVS+SNy+ulk7FwsNs5v10T5Na5COVWxz4fJFMR5qzUxsxvlc+0hwXMyMv/aI0YlRMtnp8kMQNqUbZm2Su+GvpfrL5t18j32h5au3FkWaxg5LFzWvuvvb2rY4uay2YSiKiPj3M669Tf3Ufq9EnBQAAAAAAAAAAAAAAAAAAuGdXX/otmTxfQUMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAJXv/+/RDEswovWZNW8qEUxsuItAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AZ4FgAA//8YB15i") socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3004006, &(0x7f0000000240)={[{@user_xattr}, {@abort}, {@resuid}, {@user_xattr}, {@discard}, {@errors_remount}, {@debug}, {@noinit_itable}, {@nomblk_io_submit}, {@nodelalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}]}, 0x1, 0x56d, &(0x7f0000000540)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIsVdOJlLt9YfE7yYl6LDgd7P0mZlNF1Gk861Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoinhTOelJm6VJk3Vpm5rPB872vjknfc+Tc56X982bkAD61kj6Ty7iuYj4Mok4UrdvMLKdIyvHLT2+OZluSSwvf/hHEkn2WO34JPv/YFb5f0T88nnEqdz6dssLizMTxWJhLquPVmavjZYXFk9fmZ2YLkwXro6Nj597fXzsrTff6Fqsr1z865sP7r977osTS1//9PDo3STOx6FsX30cz+BWfWUkRrLXZCjONxx4tguN9ZJkp0+ATRnI8nwo0j7gSAxkWQ/8930WEctAn0rkP/Sp2jigNrfv0jx413j0zsoEaH38gyvvjcS+6tzowFLyxMwone8Od6H9tI2ff793N92ie+9DALR163ZEnBkcXN//JVn/t3lnOjimsQ39H2yf++n459Vm45/c6vgnmox/DjbJ3c1on/+5hw2H7OlCs6vS8d/bTce/q4tWwwNZ7XB1zDeUXL5SLKR92/8i4mQM7U3rG63nnFt6sNxqX/34L93S9mtjwew8Hg7uffI5UxOViWeJud6j2xHPNx3/JqvXP2ly/dPX42KHbRwv3Hux1b728W+t5e8jXm56/ddWtJKN1ydHq/fDaO2uWO/PO8d/bdX+TsefXv8DK/H/nU0JG+MfTurXa8tP38Z3+/4ptNq32ft/T/JRtVzrDG5MVCpzZyP2JO+vf3xs7bm1eu34NP6TJzbu/5rd//sj4uMO479z7McXNh//1krjn9r4/m+4/k9fePDep9+2ar+z6/9atXQye6ST/q/TE3yW1w4AAAAAAAB6TS4iDkWSy6+Wc7l8fuXzHcfiQK5YKldOXS7NX52K6ndlh2MoV1vpPrL2eYjqcutw3ecjxhrq4xFxNCK+GthfrecnS8WpnQ4eAAAAAAAAAAAAAAAAAAAAesTBFt//T/02sNNnB2w5P/kN/att/nfjl56AntQm/1/6ZLtOBNh2xv/Qv+Q/9C/5D/1L/kP/kv/Qv+Q/9C/5DwAAAAAAAAAAAAAAAAAAAAAAAAAAAF118cKFdFteenxzMq1PXV+YnyldPz1VKM/kZ+cn85OluWv56VJpuljIT5Zm2/29Yql07exYzN8YrRTKldHywuKl2dL81cqlK7M/HI4oDG1LVAAAAAAAAAAAAAAAAAAAALC7lBcWZyaKxcKcQrWwN3riNHZRYbA3TqM/CxFb1sRO90wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsObfAAAA//9IKziJ") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x25104000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) connect$unix(r3, &(0x7f0000000180)=@file={0x1, './file2\x00'}, 0x6e) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e3, &(0x7f0000000000)) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) 1.04284272s ago: executing program 3 (id=2486): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000041}, 0x0) 973.239892ms ago: executing program 3 (id=2488): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, 0x0, 0x0) 908.914367ms ago: executing program 6 (id=2489): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x40481, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d07, &(0x7f0000000000)={0xfffffffe, 0xc}) 571.133515ms ago: executing program 34 (id=2489): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x40481, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d07, &(0x7f0000000000)={0xfffffffe, 0xc}) 562.716828ms ago: executing program 0 (id=2491): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) 562.399155ms ago: executing program 3 (id=2492): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc534, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x84, "", [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x77, 0x98, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x1, 0x3, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000100)={0x20, 0x21, 0x29, {0x29, 0x21, "7d611870cced50a6dc9b9baae6e4fb07347310bcb53837f15d7c0201458010d302afc5dfce714d"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 501.161414ms ago: executing program 0 (id=2493): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/nf_conntrack\x00') lseek(r1, 0x800000004, 0x0) 500.925639ms ago: executing program 0 (id=2494): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r0, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) fstatfs(r1, &(0x7f0000001640)=""/4096) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x4d) fallocate(r2, 0x0, 0x37e9, 0x2f92) 455.985199ms ago: executing program 0 (id=2496): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3d, 0x1000, 0x3a, 0x0, 0xff, 0x100}, 0x1c) 361.227917ms ago: executing program 4 (id=2497): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000800), 0x200, 0x0) ioctl$RTC_PIE_OFF(r0, 0x7006) 360.933706ms ago: executing program 0 (id=2498): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, 0x0, 0x0, 0x3, 0x0) r2 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000140), 0x1e) 360.814651ms ago: executing program 4 (id=2499): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000100)=0x6, 0x4) 339.65857ms ago: executing program 0 (id=2500): syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) r0 = syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000440)={0x24, 0x0, &(0x7f00000002c0)=ANY=[], 0x0, 0x0}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r2 = socket$pptp(0x18, 0x1, 0x2) openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x8a281, 0x0) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1) readv(r3, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/75, 0x4b}], 0x1) close_range(r1, 0xffffffffffffffff, 0x200000000000000) 307.354168ms ago: executing program 4 (id=2501): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000f80)={0x78, 0x2, 0x2, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_EXPECT_HELP_NAME={0xf, 0x6, 'tftp-20000\x00'}, @CTA_EXPECT_MASK={0x54, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000004}, 0x4844) 241.14679ms ago: executing program 4 (id=2502): socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="a00000001f0001"], 0xa0}, 0x1, 0x0, 0x0, 0x40180}, 0x0) 240.787765ms ago: executing program 4 (id=2503): r0 = socket$tipc(0x1e, 0x5, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000000), &(0x7f0000000040)=0x4) 237.680449ms ago: executing program 4 (id=2504): r0 = syz_usb_connect$uac3(0x3, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003000000403512100040000102030109028a000301046008080b0001012430010904000000010130000a2401f5260005000000132403050004030306070000000400010004000924050602"], &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) fchown(0xffffffffffffffff, r2, r3) syz_usb_control_io$uac3(r0, &(0x7f00000002c0)={0x14, &(0x7f0000000000)=ANY=[], 0x0}, 0x0) 171.022969ms ago: executing program 2 (id=2505): open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x190) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x0) fcntl$setlease(r0, 0x400, 0x1) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/4\x00') truncate(&(0x7f0000000000)='./file0\x00', 0x9) pread64(r1, &(0x7f0000002140)=""/17, 0x11, 0x0) 130.982258ms ago: executing program 2 (id=2506): ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x5c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@binder={0x73622a85, 0x100, 0x2}, @fd, @fd}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}, @request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0}) 49.187543ms ago: executing program 2 (id=2507): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x14, 0x1e, 0x9, 0x6, 0x25dddbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000090}, 0x4000) mremap(&(0x7f0000424000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 20.873645ms ago: executing program 3 (id=2508): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002080), 0x400, 0x0) ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f00000020c0)) 0s ago: executing program 3 (id=2509): mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f00000004c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xbd\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U\bji{\xab\x97\xaf9l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x95\xd2G\xe4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e4b\xc4\xd8\x10\xbdbYJ\x1d\xbd\xf0\x87\xb4\xa4\xaax\xdf\x85t5\x8b_\t\xc5\x13\xf1j\x11\'\xea\x12Bu\xb1\xef\'5z\x1cZ\x94\x9ac\x0e\x0e\xf7\xe5\xb0g\x8c\xaa\xbb\xdbG\x80K\x16\x94\xceo)\x9c\xbc\xad\xe6yF\xfa\x1d\x103\xf5\x9a5\xf2\xeb\xf4\xdb\x90L\x0eD\xa6\xa8\xdci\xfc\xd0\xef\xa1A\x9f\r\xde\xe8(\x9f\x10,\xd1\tLZ\x90\x05\x90I#\xde\x15\xe3\xf7H\xccV\xd4N\xf9\x9e\xfcD\xbd|\'\xd3\x85w\xae\xc8^\xbfC\x0fa!E\x00]3\xf8\x05\xa0\x90h\x8d\xd3ZZ\xdf[`\xe9\xb4R\xb2\xfc/\xda\x8c\x9c\x87\'j\xf2\xd1\xb6\x88\x874;\x11\x1b\xf2^\xdevD\xa5#\xf1&\x80HKg|?\xc8', 0x2) ftruncate(r1, 0xffff) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r3 = memfd_create(&(0x7f00000004c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xbd\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U\bji{\xab\x97\xaf9l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x95\xd2G\xe4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e4b\xc4\xd8\x10\xbdbYJ\x1d\xbd\xf0\x87\xb4\xa4\xaax\xdf\x85t5\x8b_\t\xc5\x13\xf1j\x11\'\xea\x12Bu\xb1\xef\'5z\x1cZ\x94\x9ac\x0e\x0e\xf7\xe5\xb0g\x8c\xaa\xbb\xdbG\x80K\x16\x94\xceo)\x9c\xbc\xad\xe6yF\xfa\x1d\x103\xf5\x9a5\xf2\xeb\xf4\xdb\x90L\x0eD\xa6\xa8\xdci\xfc\xd0\xef\xa1A\x9f\r\xde\xe8(\x9f\x10,\xd1\tLZ\x90\x05\x90I#\xde\x15\xe3\xf7H\xccV\xd4N\xf9\x9e\xfcD\xbd|\'\xd3\x85w\xae\xc8^\xbfC\x0fa!E\x00]3\xf8\x05\xa0\x90h\x8d\xd3ZZ\xdf[`\xe9\xb4R\xb2\xfc/\xda\x8c\x9c\x87\'j\xf2\xd1\xb6\x88\x874;\x11\x1b\xf2^\xdevD\xa5#\xf1&\x80HKg|?\xc8', 0x2) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000140)={r3, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000f, 0x11, r4, 0x0) syz_clone(0x9062111, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$addseals(r1, 0x409, 0x7) getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001300)={0x2020}, 0x2020) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.257555][ T9760] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.273432][ T9766] loop2: detected capacity change from 0 to 256 [ 184.273886][ T9766] vfat: Unknown parameter 'obj_user' [ 184.404864][ T9776] loop2: detected capacity change from 0 to 512 [ 184.406607][ T9776] vfat: Unknown parameter 'ÿÿÿÿ' [ 184.469252][ T9782] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1346'. [ 184.475182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 184.484037][ T9782] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1346'. [ 184.513324][ T9785] loop2: detected capacity change from 0 to 256 [ 184.609508][ T9787] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 184.609541][ T9787] FAT-fs (loop2): Filesystem has been set read-only [ 185.015287][ T9797] Injecting memory failure for pfn 0x10fd86 at process virtual address 0x20001000 [ 185.020302][ T9797] Memory failure: 0x10fd86: Sending SIGBUS to syz.6.1350:9797 due to hardware memory corruption [ 185.020378][ T9797] Memory failure: 0x10fd86: recovery action for dirty LRU page: Recovered [ 185.020395][ T9797] Injecting memory failure for pfn 0x104f03 at process virtual address 0x20002000 [ 185.020450][ T9797] Memory failure: 0x104f03: Sending SIGBUS to syz.6.1350:9797 due to hardware memory corruption [ 185.020470][ T9797] Memory failure: 0x104f03: recovery action for dirty LRU page: Recovered [ 185.020479][ T9797] Injecting memory failure for pfn 0x116a52 at process virtual address 0x20003000 [ 185.020515][ T9797] Memory failure: 0x116a52: Sending SIGBUS to syz.6.1350:9797 due to hardware memory corruption [ 185.020532][ T9797] Memory failure: 0x116a52: recovery action for dirty LRU page: Recovered [ 185.236207][ T9802] nfs4: Bad value for 'source' [ 185.318583][ T9805] syzkaller1: entered promiscuous mode [ 185.318616][ T9805] syzkaller1: entered allmulticast mode [ 185.372778][ T9806] FAULT_INJECTION: forcing a failure. [ 185.372778][ T9806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.375429][ T9806] CPU: 0 UID: 0 PID: 9806 Comm: syz.3.1353 Not tainted syzkaller #0 PREEMPT [ 185.375450][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 185.375457][ T9806] Call trace: [ 185.375461][ T9806] show_stack+0x2c/0x3c (C) [ 185.375485][ T9806] __dump_stack+0x30/0x40 [ 185.375498][ T9806] dump_stack_lvl+0xd8/0x12c [ 185.375509][ T9806] dump_stack+0x1c/0x28 [ 185.375518][ T9806] should_fail_ex+0x41c/0x590 [ 185.375528][ T9806] should_fail+0x14/0x24 [ 185.375536][ T9806] should_fail_usercopy+0x20/0x30 [ 185.375545][ T9806] _copy_from_iter+0x188/0x1064 [ 185.375555][ T9806] tun_get_user+0x3ec/0x35f0 [ 185.375566][ T9806] tun_chr_write_iter+0xfc/0x168 [ 185.375576][ T9806] vfs_write+0x51c/0xa0c [ 185.375587][ T9806] ksys_write+0x12c/0x228 [ 185.375596][ T9806] __arm64_sys_write+0x7c/0x90 [ 185.375606][ T9806] invoke_syscall+0x98/0x244 [ 185.375616][ T9806] el0_svc_common+0xec/0x23c [ 185.375625][ T9806] do_el0_svc+0x4c/0x5c [ 185.375635][ T9806] el0_svc+0x64/0x260 [ 185.375643][ T9806] el0t_64_sync_handler+0x48/0x148 [ 185.375650][ T9806] el0t_64_sync+0x198/0x19c [ 185.496861][ T9818] loop2: detected capacity change from 0 to 256 [ 185.497415][ T9818] vfat: Unknown parameter 'obj_user' [ 185.515230][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 185.600791][ T9821] loop2: detected capacity change from 0 to 7 [ 185.602647][ T9821] Dev loop2: unable to read RDB block 7 [ 185.603825][ T9821] loop2: unable to read partition table [ 185.604819][ T9821] loop2: partition table beyond EOD, truncated [ 185.606214][ T9821] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 185.636161][ T9825] loop2: detected capacity change from 0 to 512 [ 185.637691][ T9825] ext4: Unknown parameter 'fowner>00000000000000000000' [ 186.356496][ T9837] loop2: detected capacity change from 0 to 7 [ 186.358080][ T9837] Dev loop2: unable to read RDB block 7 [ 186.358315][ T9837] loop2: AHDI p1 p2 p3 [ 186.358332][ T9837] loop2: partition table partially beyond EOD, truncated [ 186.358511][ T9837] loop2: p1 start 1601398130 is beyond EOD, truncated [ 186.358523][ T9837] loop2: p2 start 1702059890 is beyond EOD, truncated [ 186.514216][ T4339] Dev loop2: unable to read RDB block 7 [ 186.514251][ T4339] loop2: AHDI p1 p2 p3 [ 186.514273][ T4339] loop2: partition table partially beyond EOD, truncated [ 186.514387][ T4339] loop2: p1 start 1601398130 is beyond EOD, truncated [ 186.514413][ T4339] loop2: p2 start 1702059890 is beyond EOD, truncated [ 186.539518][ T9844] netlink: 256 bytes leftover after parsing attributes in process `syz.6.1364'. [ 186.565203][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 187.356719][ T1595] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.356767][ T1595] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.605177][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 188.635229][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 189.675184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 189.693085][ T9879] loop3: detected capacity change from 0 to 512 [ 189.693995][ T9879] ext4: Unknown parameter 'fowner>00000000000000000000' [ 190.494420][ T9892] loop4: detected capacity change from 0 to 512 [ 190.494818][ T9892] EXT4-fs: Ignoring removed i_version option [ 190.497314][ T9892] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 190.512123][ T9892] EXT4-fs (loop4): 1 truncate cleaned up [ 190.513727][ T9892] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.715215][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 190.969478][ T9909] xt_CT: No such helper "syz0" [ 191.377120][ T9930] 8021q: adding VLAN 0 to HW filter on device bond2 [ 191.378280][ T9930] A link change request failed with some changes committed already. Interface syzkaller0 may have been left with an inconsistent configuration, please check. [ 191.735386][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.755215][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 192.044099][ T9958] loop3: detected capacity change from 0 to 256 [ 192.044604][ T9958] vfat: Unknown parameter 'obj_user' [ 192.234216][ T9970] loop3: detected capacity change from 0 to 512 [ 192.234628][ T9970] EXT4-fs: Ignoring removed i_version option [ 192.238332][ T9970] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 192.242682][ T9970] EXT4-fs (loop3): 1 truncate cleaned up [ 192.243143][ T9970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.280395][ T9974] loop6: detected capacity change from 0 to 512 [ 192.283453][ T9974] ext4: Unknown parameter 'fowner>00000000000000000000' [ 192.805214][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 193.132326][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.227489][T10000] syzkaller1: entered promiscuous mode [ 193.227524][T10000] syzkaller1: entered allmulticast mode [ 193.371569][T10003] loop4: detected capacity change from 0 to 256 [ 193.401543][T10003] vfat: Unknown parameter 'obj_user' [ 193.681772][T10011] Injecting memory failure for pfn 0x109aa8 at process virtual address 0x20001000 [ 193.683663][T10011] Memory failure: 0x109aa8: Sending SIGBUS to syz.4.1416:10011 due to hardware memory corruption [ 193.684027][T10011] Memory failure: 0x109aa8: recovery action for dirty LRU page: Recovered [ 193.684044][T10011] Injecting memory failure for pfn 0x105857 at process virtual address 0x20002000 [ 193.684099][T10011] Memory failure: 0x105857: Sending SIGBUS to syz.4.1416:10011 due to hardware memory corruption [ 193.684121][T10011] Memory failure: 0x105857: recovery action for dirty LRU page: Recovered [ 193.684132][T10011] Injecting memory failure for pfn 0x10bcfb at process virtual address 0x20003000 [ 193.684169][T10011] Memory failure: 0x10bcfb: Sending SIGBUS to syz.4.1416:10011 due to hardware memory corruption [ 193.684187][T10011] Memory failure: 0x10bcfb: recovery action for dirty LRU page: Recovered [ 193.742196][T10015] 9p: Bad value for 'rfdno' [ 193.832553][T10024] loop2: detected capacity change from 0 to 512 [ 193.834206][T10024] EXT4-fs: Ignoring removed i_version option [ 193.839227][T10024] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 193.845215][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 193.857905][T10024] EXT4-fs (loop2): 1 truncate cleaned up [ 193.860544][T10024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.734665][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.767986][T10043] loop2: detected capacity change from 0 to 7 [ 194.768552][T10043] Dev loop2: unable to read RDB block 7 [ 194.768568][T10043] loop2: unable to read partition table [ 194.768628][T10043] loop2: partition table beyond EOD, truncated [ 194.768637][T10043] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 194.875191][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 195.925174][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 196.503605][T10104] Injecting memory failure for pfn 0x1138f3 at process virtual address 0x20001000 [ 196.511550][T10104] Memory failure: 0x1138f3: Sending SIGBUS to syz.4.1445:10104 due to hardware memory corruption [ 196.511613][T10104] Memory failure: 0x1138f3: recovery action for dirty LRU page: Recovered [ 196.511626][T10104] Injecting memory failure for pfn 0x16ed03 at process virtual address 0x20002000 [ 196.511702][T10104] Memory failure: 0x16ed03: Sending SIGBUS to syz.4.1445:10104 due to hardware memory corruption [ 196.511722][T10104] Memory failure: 0x16ed03: recovery action for dirty LRU page: Recovered [ 196.511731][T10104] Injecting memory failure for pfn 0x109c24 at process virtual address 0x20003000 [ 196.512640][T10104] Memory failure: 0x109c24: Sending SIGBUS to syz.4.1445:10104 due to hardware memory corruption [ 196.512670][T10104] Memory failure: 0x109c24: recovery action for dirty LRU page: Recovered [ 196.662404][T10106] loop2: detected capacity change from 0 to 7 [ 196.664841][T10106] Dev loop2: unable to read RDB block 7 [ 196.664885][T10106] loop2: AHDI p1 p2 p3 [ 196.664904][T10106] loop2: partition table partially beyond EOD, truncated [ 196.665015][T10106] loop2: p1 start 1601398130 is beyond EOD, truncated [ 196.665038][T10106] loop2: p2 start 1702059890 is beyond EOD, truncated [ 196.929316][T10133] loop2: detected capacity change from 0 to 7 [ 196.929921][T10133] loop2: [POWERTEC] p1 p2 [ 196.930003][T10133] loop2: p1 start 8192 is beyond EOD, truncated [ 196.930015][T10133] loop2: p2 start 2037579776 is beyond EOD, truncated [ 196.955365][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 197.032840][T10137] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1457'. [ 197.032888][T10137] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1457'. [ 197.253298][T10151] 9p: Bad value for 'wfdno' [ 197.405607][T10163] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1465'. [ 197.515324][T10167] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1466'. [ 197.776175][ T4710] Bluetooth: hci2: unexpected event for opcode 0x0c56 [ 197.842656][T10175] Injecting memory failure for pfn 0x115087 at process virtual address 0x20001000 [ 197.847169][T10175] Memory failure: 0x115087: Sending SIGBUS to syz.2.1469:10175 due to hardware memory corruption [ 197.847496][T10175] Memory failure: 0x115087: recovery action for dirty LRU page: Recovered [ 197.847584][T10175] Injecting memory failure for pfn 0x11bb5c at process virtual address 0x20002000 [ 197.847728][T10175] Memory failure: 0x11bb5c: Sending SIGBUS to syz.2.1469:10175 due to hardware memory corruption [ 197.847751][T10175] Memory failure: 0x11bb5c: recovery action for dirty LRU page: Recovered [ 197.847761][T10175] Injecting memory failure for pfn 0x128b83 at process virtual address 0x20003000 [ 197.847795][T10175] Memory failure: 0x128b83: Sending SIGBUS to syz.2.1469:10175 due to hardware memory corruption [ 197.847813][T10175] Memory failure: 0x128b83: recovery action for dirty LRU page: Recovered [ 197.903450][T10184] loop2: detected capacity change from 0 to 512 [ 197.905076][T10184] ext4: Unknown parameter 'fowner>00000000000000000000' [ 197.995237][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 198.047750][T10193] loop2: detected capacity change from 0 to 256 [ 198.050610][T10193] vfat: Unknown parameter 'obj_user' [ 199.035718][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 199.675165][ T4710] Bluetooth: hci4: command 0x0406 tx timeout [ 199.999018][T10231] Injecting memory failure for pfn 0x113ec1 at process virtual address 0x20001000 [ 200.003798][T10231] Memory failure: 0x113ec1: Sending SIGBUS to syz.6.1488:10231 due to hardware memory corruption [ 200.006992][T10231] Memory failure: 0x113ec1: recovery action for dirty LRU page: Recovered [ 200.008627][T10231] Injecting memory failure for pfn 0x1050d2 at process virtual address 0x20002000 [ 200.010280][T10231] Memory failure: 0x1050d2: Sending SIGBUS to syz.6.1488:10231 due to hardware memory corruption [ 200.010332][T10231] Memory failure: 0x1050d2: recovery action for dirty LRU page: Recovered [ 200.010346][T10231] Injecting memory failure for pfn 0x16ffea at process virtual address 0x20003000 [ 200.010394][T10231] Memory failure: 0x16ffea: Sending SIGBUS to syz.6.1488:10231 due to hardware memory corruption [ 200.010414][T10231] Memory failure: 0x16ffea: recovery action for dirty LRU page: Recovered [ 200.075225][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 200.391541][T10241] loop3: detected capacity change from 0 to 512 [ 200.393144][T10241] ext4: Unknown parameter 'fowner>00000000000000000000' [ 200.538756][T10259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1492'. [ 200.541500][T10253] Injecting memory failure for pfn 0x111ab6 at process virtual address 0x20001000 [ 200.548811][T10253] Memory failure: 0x111ab6: Sending SIGBUS to syz.6.1496:10253 due to hardware memory corruption [ 200.550783][T10253] Memory failure: 0x111ab6: recovery action for dirty LRU page: Recovered [ 200.552233][T10253] Injecting memory failure for pfn 0x111afd at process virtual address 0x20002000 [ 200.554182][T10253] Memory failure: 0x111afd: Sending SIGBUS to syz.6.1496:10253 due to hardware memory corruption [ 200.557211][T10253] Memory failure: 0x111afd: recovery action for dirty LRU page: Recovered [ 200.557260][T10253] Injecting memory failure for pfn 0x111afc at process virtual address 0x20003000 [ 200.557357][T10253] Memory failure: 0x111afc: Sending SIGBUS to syz.6.1496:10253 due to hardware memory corruption [ 200.557384][T10253] Memory failure: 0x111afc: recovery action for dirty LRU page: Recovered [ 200.801416][T10264] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1498'. [ 200.802400][T10264] veth0_to_bridge: entered allmulticast mode [ 200.838468][T10253] loop2: detected capacity change from 0 to 7 [ 200.842928][T10253] Dev loop2: unable to read RDB block 7 [ 200.842963][T10253] loop2: unable to read partition table [ 200.843052][T10253] loop2: partition table beyond EOD, truncated [ 200.843070][T10253] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 200.931412][T10270] loop6: detected capacity change from 0 to 1024 [ 200.967669][T10270] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 200.988938][T10270] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1499'. [ 201.076647][T10281] netlink: 'syz.0.1503': attribute type 4 has an invalid length. [ 201.092475][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 201.115196][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 201.194521][T10296] loop2: detected capacity change from 0 to 7 [ 201.196563][T10296] Dev loop2: unable to read RDB block 7 [ 201.196585][T10296] loop2: unable to read partition table [ 201.196657][T10296] loop2: partition table beyond EOD, truncated [ 201.196669][T10296] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 201.422188][T10319] loop4: detected capacity change from 0 to 4096 [ 201.440547][T10319] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.561613][T10326] overlayfs: failed to resolve './file1': -2 [ 201.720572][T10324] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 201.721576][T10324] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 201.721590][T10324] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 202.155198][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 203.195198][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 203.711731][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.762542][ T50] Bluetooth: hci2: unexpected event for opcode 0x0c56 [ 203.772127][T10343] Injecting memory failure for pfn 0x1185d4 at process virtual address 0x20001000 [ 203.834096][T10343] Memory failure: 0x1185d4: Sending SIGBUS to syz.6.1526:10343 due to hardware memory corruption [ 203.836199][T10343] Memory failure: 0x1185d4: recovery action for dirty LRU page: Recovered [ 203.836217][T10343] Injecting memory failure for pfn 0x1060da at process virtual address 0x20002000 [ 203.844637][T10343] Memory failure: 0x1060da: Sending SIGBUS to syz.6.1526:10343 due to hardware memory corruption [ 203.844698][T10343] Memory failure: 0x1060da: recovery action for dirty LRU page: Recovered [ 203.844730][T10343] Injecting memory failure for pfn 0x1108f4 at process virtual address 0x20003000 [ 204.156919][T10343] Memory failure: 0x1108f4: Sending SIGBUS to syz.6.1526:10343 due to hardware memory corruption [ 204.158865][T10343] Memory failure: 0x1108f4: recovery action for dirty LRU page: Recovered [ 204.235191][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 204.502739][T10371] Injecting memory failure for pfn 0x17a8f0 at process virtual address 0x20ffe000 [ 204.509863][T10371] Memory failure: 0x17a8f0: Sending SIGBUS to syz.6.1534:10371 due to hardware memory corruption [ 204.511653][T10371] Memory failure: 0x17a8f0: recovery action for dirty LRU page: Recovered [ 204.513330][T10371] Injecting memory failure for pfn 0x21959e at process virtual address 0x20fff000 [ 204.515303][T10371] Memory failure: 0x21959e: Sending SIGBUS to syz.6.1534:10371 due to hardware memory corruption [ 204.518162][T10371] Memory failure: 0x21959e: recovery action for already poisoned page: Failed [ 204.890130][T10377] Injecting memory failure for pfn 0x10df35 at process virtual address 0x20001000 [ 204.895281][T10377] Memory failure: 0x10df35: Sending SIGBUS to syz.6.1537:10377 due to hardware memory corruption [ 204.895346][T10377] Memory failure: 0x10df35: recovery action for dirty LRU page: Recovered [ 204.895368][T10377] Injecting memory failure for pfn 0x106cd9 at process virtual address 0x20002000 [ 204.895626][T10377] Memory failure: 0x106cd9: Sending SIGBUS to syz.6.1537:10377 due to hardware memory corruption [ 204.895658][T10377] Memory failure: 0x106cd9: recovery action for dirty LRU page: Recovered [ 204.895674][T10377] Injecting memory failure for pfn 0x107520 at process virtual address 0x20003000 [ 204.903710][T10383] loop3: detected capacity change from 0 to 256 [ 204.904075][T10383] vfat: Unknown parameter 'shoshortname' [ 204.908772][T10377] Memory failure: 0x107520: Sending SIGBUS to syz.6.1537:10377 due to hardware memory corruption [ 204.910671][T10377] Memory failure: 0x107520: recovery action for dirty LRU page: Recovered [ 204.938543][T10377] loop2: detected capacity change from 0 to 7 [ 204.940175][T10377] Dev loop2: unable to read RDB block 7 [ 204.940210][T10377] loop2: AHDI p1 p2 p3 [ 204.940226][T10377] loop2: partition table partially beyond EOD, truncated [ 204.940310][T10377] loop2: p1 start 1601398130 is beyond EOD, truncated [ 204.940330][T10377] loop2: p2 start 1702059890 is beyond EOD, truncated [ 204.974810][T10392] overlayfs: failed to resolve './file0fowner=00000000000000000000': -2 [ 205.033798][T10396] loop6: detected capacity change from 0 to 2048 [ 205.054813][T10400] loop3: detected capacity change from 0 to 512 [ 205.056689][T10398] Injecting memory failure for pfn 0x11af96 at process virtual address 0x20001000 [ 205.059399][T10400] EXT4-fs: Ignoring removed oldalloc option [ 205.059438][T10398] Memory failure: 0x11af96: Sending SIGBUS to syz.0.1545:10398 due to hardware memory corruption [ 205.060611][T10398] Memory failure: 0x11af96: recovery action for dirty LRU page: Recovered [ 205.060632][T10398] Injecting memory failure for pfn 0x124726 at process virtual address 0x20002000 [ 205.060978][T10398] Memory failure: 0x124726: Sending SIGBUS to syz.0.1545:10398 due to hardware memory corruption [ 205.061001][T10398] Memory failure: 0x124726: recovery action for dirty LRU page: Recovered [ 205.061011][T10398] Injecting memory failure for pfn 0x118922 at process virtual address 0x20003000 [ 205.061050][T10398] Memory failure: 0x118922: Sending SIGBUS to syz.0.1545:10398 due to hardware memory corruption [ 205.061068][T10398] Memory failure: 0x118922: recovery action for dirty LRU page: Recovered [ 205.079141][T10396] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.079571][T10400] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 205.087559][T10400] EXT4-fs (loop3): 1 truncate cleaned up [ 205.088054][T10400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.099578][T10396] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 205.105744][T10396] xt_hashlimit: size too large, truncated to 1048576 [ 205.157862][T10410] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1548'. [ 205.178591][T10400] EXT4-fs error (device loop3): mb_free_blocks:2049: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 205.247376][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.275332][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 205.348175][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.373107][T10429] loop2: detected capacity change from 0 to 7 [ 205.378557][T10429] Dev loop2: unable to read RDB block 7 [ 205.378596][T10429] loop2: unable to read partition table [ 205.378689][T10429] loop2: partition table beyond EOD, truncated [ 205.378715][T10429] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 205.824906][T10442] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1557'. [ 205.904372][T10453] loop2: detected capacity change from 0 to 7 [ 205.906643][T10453] Dev loop2: unable to read RDB block 7 [ 205.907731][T10453] loop2: AHDI p1 p2 p3 [ 205.908491][T10453] loop2: partition table partially beyond EOD, truncated [ 205.910181][T10453] loop2: p1 start 1601398130 is beyond EOD, truncated [ 205.911500][T10453] loop2: p2 start 1702059890 is beyond EOD, truncated [ 205.961935][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1565'. [ 205.966512][T10458] bond0: entered promiscuous mode [ 205.966547][T10458] bond_slave_0: entered promiscuous mode [ 205.966629][T10458] bond_slave_1: entered promiscuous mode [ 205.969698][T10458] team0: entered promiscuous mode [ 205.969739][T10458] team_slave_1: entered promiscuous mode [ 205.978702][T10458] hsr1: entered promiscuous mode [ 205.979063][T10458] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 206.028078][T10458] usb usb5: usbfs: process 10458 (syz.4.1565) did not claim interface 0 before use [ 206.100620][T10463] loop6: detected capacity change from 0 to 256 [ 206.101478][T10463] vfat: Unknown parameter 'obj_user' [ 206.315178][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 207.071793][T10490] loop2: detected capacity change from 0 to 7 [ 207.072511][T10490] Dev loop2: unable to read RDB block 7 [ 207.072528][T10490] loop2: AHDI p1 p2 p3 [ 207.072537][T10490] loop2: partition table partially beyond EOD, truncated [ 207.072781][T10490] loop2: p1 start 1601398130 is beyond EOD, truncated [ 207.072794][T10490] loop2: p2 start 1702059890 is beyond EOD, truncated [ 207.355205][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 207.463259][T10500] Injecting memory failure for pfn 0x11425f at process virtual address 0x20001000 [ 207.468558][T10500] Memory failure: 0x11425f: Sending SIGBUS to syz.6.1578:10500 due to hardware memory corruption [ 207.470326][T10500] Memory failure: 0x11425f: recovery action for dirty LRU page: Recovered [ 207.471753][T10500] Injecting memory failure for pfn 0x11425e at process virtual address 0x20002000 [ 207.473149][T10500] Memory failure: 0x11425e: Sending SIGBUS to syz.6.1578:10500 due to hardware memory corruption [ 207.473189][T10500] Memory failure: 0x11425e: recovery action for dirty LRU page: Recovered [ 207.473206][T10500] Injecting memory failure for pfn 0x11425d at process virtual address 0x20003000 [ 207.473251][T10500] Memory failure: 0x11425d: Sending SIGBUS to syz.6.1578:10500 due to hardware memory corruption [ 207.473275][T10500] Memory failure: 0x11425d: recovery action for dirty LRU page: Recovered [ 207.491031][T10500] loop2: detected capacity change from 0 to 7 [ 207.491924][T10500] Dev loop2: unable to read RDB block 7 [ 207.491944][T10500] loop2: AHDI p1 p2 p3 [ 207.491956][T10500] loop2: partition table partially beyond EOD, truncated [ 207.492242][T10500] loop2: p1 start 1601398130 is beyond EOD, truncated [ 207.492257][T10500] loop2: p2 start 1702059890 is beyond EOD, truncated [ 208.201599][T10415] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 208.231128][T10512] loop4: detected capacity change from 0 to 256 [ 208.232757][T10512] vfat: Unknown parameter 'obj_user' [ 208.381758][T10527] loop2: detected capacity change from 0 to 7 [ 208.383585][T10527] Dev loop2: unable to read RDB block 7 [ 208.384706][T10527] loop2: AHDI p1 p2 p3 [ 208.387119][T10527] loop2: partition table partially beyond EOD, truncated [ 208.387314][T10527] loop2: p1 start 1601398130 is beyond EOD, truncated [ 208.387339][T10527] loop2: p2 start 1702059890 is beyond EOD, truncated [ 208.392943][ T4339] Dev loop2: unable to read RDB block 7 [ 208.392973][ T4339] loop2: AHDI p1 p2 p3 [ 208.392993][ T4339] loop2: partition table partially beyond EOD, truncated [ 208.393089][ T4339] loop2: p1 start 1601398130 is beyond EOD, truncated [ 208.393110][ T4339] loop2: p2 start 1702059890 is beyond EOD, truncated [ 208.395247][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 208.423361][T10530] loop2: detected capacity change from 0 to 512 [ 208.424618][T10530] ext4: Unknown parameter 'fowner>00000000000000000000' [ 208.620383][T10534] loop2: detected capacity change from 0 to 7 [ 208.621117][T10534] Dev loop2: unable to read RDB block 7 [ 208.621134][T10534] loop2: unable to read partition table [ 208.621191][T10534] loop2: partition table beyond EOD, truncated [ 208.621199][T10534] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 209.163400][ T50] Bluetooth: hci4: unexpected event for opcode 0x0c56 [ 209.216288][ T4710] Bluetooth: hci4: unexpected event for opcode 0x1408 [ 209.435201][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 210.312255][T10574] bridge0: port 3(wlan1) entered blocking state [ 210.312296][T10574] bridge0: port 3(wlan1) entered disabled state [ 210.312458][T10574] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 210.312993][T10574] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 210.463741][T10582] Injecting memory failure for pfn 0x1324c8 at process virtual address 0x20001000 [ 210.475210][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 210.480880][T10582] Memory failure: 0x1324c8: Sending SIGBUS to syz.6.1600:10582 due to hardware memory corruption [ 210.480954][T10582] Memory failure: 0x1324c8: recovery action for dirty LRU page: Recovered [ 210.480982][T10582] Injecting memory failure for pfn 0x106e9d at process virtual address 0x20002000 [ 210.481073][T10582] Memory failure: 0x106e9d: Sending SIGBUS to syz.6.1600:10582 due to hardware memory corruption [ 210.481098][T10582] Memory failure: 0x106e9d: recovery action for dirty LRU page: Recovered [ 210.481113][T10582] Injecting memory failure for pfn 0x113bcf at process virtual address 0x20003000 [ 210.481150][T10582] Memory failure: 0x113bcf: Sending SIGBUS to syz.6.1600:10582 due to hardware memory corruption [ 210.481173][T10582] Memory failure: 0x113bcf: recovery action for dirty LRU page: Recovered [ 210.497185][T10582] loop2: detected capacity change from 0 to 7 [ 210.555581][T10582] Dev loop2: unable to read RDB block 7 [ 210.557010][T10582] loop2: unable to read partition table [ 210.586483][T10582] loop2: partition table beyond EOD, truncated [ 210.586549][T10582] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 210.591619][ T4339] Dev loop2: unable to read RDB block 7 [ 210.591650][ T4339] loop2: unable to read partition table [ 210.591730][ T4339] loop2: partition table beyond EOD, truncated [ 210.767628][ T4710] Bluetooth: hci0: unexpected event for opcode 0x0c56 [ 210.773208][T10597] overlayfs: failed to clone upperpath [ 211.466853][T10618] loop4: detected capacity change from 0 to 512 [ 211.468372][T10618] EXT4-fs (loop4): Test dummy encryption mode enabled [ 211.474207][T10618] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.1613: inode has both inline data and extents flags [ 211.474251][T10618] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 211.474376][T10618] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.1613: couldn't read orphan inode 15 (err -117) [ 211.474453][T10618] loop4: lost filesystem error report for type 5 error -117 [ 211.474990][T10618] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.515276][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 212.447478][T10625] overlayfs: missing 'lowerdir' [ 212.555199][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 212.651124][T10629] loop6: detected capacity change from 0 to 2048 [ 212.756319][T10629] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.866472][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.881269][T10649] 9p: Bad value for 'rfdno' [ 212.892157][T10651] all: renamed from bridge_slave_0 (while UP) [ 212.895713][T10653] binder: 10650:10653 BC_FREEZE_NOTIFICATION_DONE 6576616c735f6567 not found [ 212.897298][T10653] binder: 10650:10653 ioctl c0306201 20000100 returned -22 [ 212.959198][T10655] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 212.960032][T10655] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 212.960079][T10655] EXT4-fs (loop6): This should not happen!! Data will be lost [ 212.960079][T10655] [ 212.960132][T10655] EXT4-fs (loop6): Total free blocks count 0 [ 212.960166][T10655] EXT4-fs (loop6): Free/Dirty block details [ 212.960210][T10655] EXT4-fs (loop6): free_blocks=2415919504 [ 212.960254][T10655] EXT4-fs (loop6): dirty_blocks=48 [ 212.960286][T10655] EXT4-fs (loop6): Block reservation details [ 212.960318][T10655] EXT4-fs (loop6): i_reserved_data_blocks=3 [ 212.976646][T10655] input: syz0 as /devices/virtual/input/input21 [ 213.172074][T10658] Injecting memory failure for pfn 0x1370cd at process virtual address 0x20001000 [ 213.201857][T10661] loop2: detected capacity change from 0 to 7 [ 213.204397][T10661] Dev loop2: unable to read RDB block 7 [ 213.208446][T10661] loop2: unable to read partition table [ 213.209834][T10661] loop2: partition table beyond EOD, truncated [ 213.211208][T10661] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 213.215599][T10658] Memory failure: 0x1370cd: Sending SIGBUS to syz.0.1625:10658 due to hardware memory corruption [ 213.215648][T10658] Memory failure: 0x1370cd: recovery action for dirty LRU page: Recovered [ 213.215662][T10658] Injecting memory failure for pfn 0x1342b4 at process virtual address 0x20002000 [ 213.224804][T10658] Memory failure: 0x1342b4: Sending SIGBUS to syz.0.1625:10658 due to hardware memory corruption [ 213.226951][T10658] Memory failure: 0x1342b4: recovery action for dirty LRU page: Recovered [ 213.228787][T10658] Injecting memory failure for pfn 0x1370fb at process virtual address 0x20003000 [ 213.231196][T10658] Memory failure: 0x1370fb: Sending SIGBUS to syz.0.1625:10658 due to hardware memory corruption [ 213.231252][T10658] Memory failure: 0x1370fb: recovery action for dirty LRU page: Recovered [ 213.296665][T10669] fuse: fd is not a fuse device [ 213.297425][T10669] overlayfs: failed to clone lowerpath [ 213.305925][T10669] overlayfs: failed to clone lowerpath [ 213.306477][T10669] fuse: fd is not a fuse device [ 213.307373][T10669] fuse: fd is not a fuse device [ 213.318459][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1624'. [ 213.435259][ T4710] Bluetooth: hci4: command 0x0406 tx timeout [ 213.508550][T10677] overlayfs: failed to clone upperpath [ 213.521896][ T7722] EXT4-fs warning (device loop6): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 213.522766][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.595196][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 214.196459][T10688] 9p: Bad value for 'rfdno' [ 214.248334][T10693] misc userio: The device must be registered before sending interrupts [ 214.259016][T10695] loop2: detected capacity change from 0 to 7 [ 214.261140][T10695] Dev loop2: unable to read RDB block 7 [ 214.261948][T10695] loop2: unable to read partition table [ 214.262026][T10695] loop2: partition table beyond EOD, truncated [ 214.262047][T10695] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 214.274774][T10692] Injecting memory failure for pfn 0x1055ae at process virtual address 0x20001000 [ 214.289345][T10692] Memory failure: 0x1055ae: Sending SIGBUS to syz.3.1636:10692 due to hardware memory corruption [ 214.289418][T10692] Memory failure: 0x1055ae: recovery action for dirty LRU page: Recovered [ 214.289435][T10692] Injecting memory failure for pfn 0x10cef3 at process virtual address 0x20002000 [ 214.289473][T10692] Memory failure: 0x10cef3: Sending SIGBUS to syz.3.1636:10692 due to hardware memory corruption [ 214.289492][T10692] Memory failure: 0x10cef3: recovery action for dirty LRU page: Recovered [ 214.289501][T10692] Injecting memory failure for pfn 0x1131c4 at process virtual address 0x20003000 [ 214.289529][T10692] Memory failure: 0x1131c4: Sending SIGBUS to syz.3.1636:10692 due to hardware memory corruption [ 214.289546][T10692] Memory failure: 0x1131c4: recovery action for dirty LRU page: Recovered [ 214.316217][T10699] loop4: detected capacity change from 0 to 512 [ 214.317808][T10699] EXT4-fs: Ignoring removed nobh option [ 214.319476][T10699] EXT4-fs: journaled quota format not specified [ 214.346391][T10703] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma? [ 214.354508][T10692] loop2: detected capacity change from 0 to 7 [ 214.358705][T10692] Dev loop2: unable to read RDB block 7 [ 214.358743][T10692] loop2: unable to read partition table [ 214.358815][T10692] loop2: partition table beyond EOD, truncated [ 214.358835][T10692] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 214.367965][T10703] loop4: detected capacity change from 0 to 4096 [ 214.371509][T10703] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1642'. [ 214.585454][T10717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1644'. [ 214.635235][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 214.758305][T10730] loop3: detected capacity change from 0 to 512 [ 214.759921][T10730] ext4: Unknown parameter 'fowner>00000000000000000000' [ 214.894508][T10735] overlayfs: failed to clone upperpath [ 215.675191][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 215.751027][T10744] loop2: detected capacity change from 0 to 7 [ 215.762215][T10744] Dev loop2: unable to read RDB block 7 [ 215.763317][T10744] loop2: unable to read partition table [ 215.764367][T10744] loop2: partition table beyond EOD, truncated [ 215.765476][T10744] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 215.823835][T10753] loop3: detected capacity change from 0 to 128 [ 215.838315][T10753] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 216.152210][T10770] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1662'. [ 216.154072][T10770] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1662'. [ 216.159154][T10770] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1662'. [ 216.254721][ T4758] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 216.502641][T10783] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1664'. [ 216.715195][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 216.768679][T10786] loop2: detected capacity change from 0 to 256 [ 216.769165][T10786] vfat: Unknown parameter 'obj_user' [ 216.960192][ T50] Bluetooth: hci4: unexpected event for opcode 0x0c56 [ 216.967844][T10794] loop2: detected capacity change from 0 to 7 [ 216.968535][T10794] loop2: [POWERTEC] p1 p2 [ 216.968620][T10794] loop2: p1 start 8192 is beyond EOD, truncated [ 216.968694][T10794] loop2: p2 start 2037579776 is beyond EOD, truncated [ 217.040908][T10798] loop2: detected capacity change from 0 to 128 [ 217.050666][T10798] EXT4-fs (loop2): Test dummy encryption mode enabled [ 217.056694][T10798] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 217.500691][T10814] loop4: detected capacity change from 0 to 256 [ 217.505501][T10814] vfat: Unknown parameter 'obj_user' [ 217.506541][T10815] efivarfs: Bad value for 'gid' [ 217.506567][T10815] efivarfs: Bad value for 'gid' [ 217.561156][T10809] Injecting memory failure for pfn 0x165efb at process virtual address 0x20001000 [ 217.571078][T10809] Memory failure: 0x165efb: Sending SIGBUS to syz.3.1674:10809 due to hardware memory corruption [ 217.571750][T10809] Memory failure: 0x165efb: recovery action for dirty LRU page: Recovered [ 217.571766][T10809] Injecting memory failure for pfn 0x1642fe at process virtual address 0x20002000 [ 217.577850][T10809] Memory failure: 0x1642fe: Sending SIGBUS to syz.3.1674:10809 due to hardware memory corruption [ 217.577914][T10809] Memory failure: 0x1642fe: recovery action for dirty LRU page: Recovered [ 217.577931][T10809] Injecting memory failure for pfn 0x10bca4 at process virtual address 0x20003000 [ 217.578008][T10809] Memory failure: 0x10bca4: Sending SIGBUS to syz.3.1674:10809 due to hardware memory corruption [ 217.578028][T10809] Memory failure: 0x10bca4: recovery action for dirty LRU page: Recovered [ 217.651428][ T50] Bluetooth: hci1: unexpected event for opcode 0x0c56 [ 217.755255][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 218.119596][T10849] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1687'. [ 218.171127][ T4762] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 218.248070][T10856] loop2: detected capacity change from 0 to 7 [ 218.251385][T10856] loop2: [POWERTEC] p1 p2 [ 218.251514][T10856] loop2: p1 start 8192 is beyond EOD, truncated [ 218.251539][T10856] loop2: p2 start 2037579776 is beyond EOD, truncated [ 218.344574][T10859] Injecting memory failure for pfn 0x109965 at process virtual address 0x20001000 [ 218.350817][T10859] Memory failure: 0x109965: Sending SIGBUS to syz.2.1697:10859 due to hardware memory corruption [ 218.352910][T10859] Memory failure: 0x109965: recovery action for dirty LRU page: Recovered [ 218.354559][T10859] Injecting memory failure for pfn 0x13624f at process virtual address 0x20002000 [ 218.358789][T10859] Memory failure: 0x13624f: Sending SIGBUS to syz.2.1697:10859 due to hardware memory corruption [ 218.360787][T10859] Memory failure: 0x13624f: recovery action for dirty LRU page: Recovered [ 218.362504][T10859] Injecting memory failure for pfn 0x10dea5 at process virtual address 0x20003000 [ 218.364728][T10859] Memory failure: 0x10dea5: Sending SIGBUS to syz.2.1697:10859 due to hardware memory corruption [ 218.366994][T10859] Memory failure: 0x10dea5: recovery action for dirty LRU page: Recovered [ 218.393048][T10859] loop2: detected capacity change from 0 to 7 [ 218.394399][T10859] Dev loop2: unable to read RDB block 7 [ 218.394440][T10859] loop2: AHDI p1 p2 p3 [ 218.394460][T10859] loop2: partition table partially beyond EOD, truncated [ 218.394693][T10859] loop2: p1 start 1601398130 is beyond EOD, truncated [ 218.394705][T10859] loop2: p2 start 1702059890 is beyond EOD, truncated [ 218.479368][T10867] Injecting memory failure for pfn 0x15c4a8 at process virtual address 0x20001000 [ 218.482154][T10867] Memory failure: 0x15c4a8: Sending SIGBUS to syz.4.1699:10867 due to hardware memory corruption [ 218.482217][T10867] Memory failure: 0x15c4a8: recovery action for dirty LRU page: Recovered [ 218.482236][T10867] Injecting memory failure for pfn 0x11167e at process virtual address 0x20002000 [ 218.482290][T10867] Memory failure: 0x11167e: Sending SIGBUS to syz.4.1699:10867 due to hardware memory corruption [ 218.482318][T10867] Memory failure: 0x11167e: recovery action for dirty LRU page: Recovered [ 218.482334][T10867] Injecting memory failure for pfn 0x13248b at process virtual address 0x20003000 [ 218.482373][T10867] Memory failure: 0x13248b: Sending SIGBUS to syz.4.1699:10867 due to hardware memory corruption [ 218.482402][T10867] Memory failure: 0x13248b: recovery action for dirty LRU page: Recovered [ 218.517006][T10867] loop2: detected capacity change from 0 to 7 [ 218.518702][T10867] Dev loop2: unable to read RDB block 7 [ 218.518730][T10867] loop2: AHDI p1 p2 p3 [ 218.518755][T10867] loop2: partition table partially beyond EOD, truncated [ 218.518839][T10867] loop2: p1 start 1601398130 is beyond EOD, truncated [ 218.518850][T10867] loop2: p2 start 1702059890 is beyond EOD, truncated [ 218.795226][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 218.824418][T10891] loop2: detected capacity change from 0 to 7 [ 218.863819][T10891] Dev loop2: unable to read RDB block 7 [ 218.863864][T10891] loop2: AHDI p1 p2 p3 [ 218.863875][T10891] loop2: partition table partially beyond EOD, truncated [ 218.863990][T10891] loop2: p1 start 1601398130 is beyond EOD, truncated [ 218.864002][T10891] loop2: p2 start 1702059890 is beyond EOD, truncated [ 218.873419][T10889] loop2: detected capacity change from 0 to 7 [ 218.877201][T10889] Dev loop2: unable to read RDB block 7 [ 218.878221][T10889] loop2: unable to read partition table [ 218.879678][T10889] loop2: partition table beyond EOD, truncated [ 218.880856][T10889] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 218.996981][T10886] loop2: detected capacity change from 0 to 7 [ 219.000055][T10886] Dev loop2: unable to read RDB block 7 [ 219.000096][T10886] loop2: unable to read partition table [ 219.000157][T10886] loop2: partition table beyond EOD, truncated [ 219.000175][T10886] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 219.641098][T10922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1716'. [ 219.835177][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 219.991262][T10930] syzkaller0: entered promiscuous mode [ 219.991300][T10930] syzkaller0: entered allmulticast mode [ 220.113613][T10933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1722'. [ 220.177028][T10937] Dev loop2: unable to read RDB block 7 [ 220.177075][T10937] loop2: AHDI p1 p2 p3 [ 220.177087][T10937] loop2: partition table partially beyond EOD, truncated [ 220.177181][T10937] loop2: p1 start 1601398130 is beyond EOD, truncated [ 220.177220][T10937] loop2: p2 start 1702059890 is beyond EOD, truncated [ 220.190968][T10940] Dev loop2: unable to read RDB block 7 [ 220.191001][T10940] loop2: unable to read partition table [ 220.191098][T10940] loop2: partition table beyond EOD, truncated [ 220.191121][T10940] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 220.305821][T10942] Dev loop2: unable to read RDB block 7 [ 220.305866][T10942] loop2: unable to read partition table [ 220.305934][T10942] loop2: partition table beyond EOD, truncated [ 220.305954][T10942] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 220.885187][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 221.043268][T10956] FAULT_INJECTION: forcing a failure. [ 221.043268][T10956] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.043308][T10956] CPU: 0 UID: 0 PID: 10956 Comm: syz.6.1730 Not tainted syzkaller #0 PREEMPT [ 221.043320][T10956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 221.043326][T10956] Call trace: [ 221.043330][T10956] show_stack+0x2c/0x3c (C) [ 221.043349][T10956] __dump_stack+0x30/0x40 [ 221.043361][T10956] dump_stack_lvl+0xd8/0x12c [ 221.043371][T10956] dump_stack+0x1c/0x28 [ 221.043387][T10956] should_fail_ex+0x41c/0x590 [ 221.043404][T10956] should_fail+0x14/0x24 [ 221.043419][T10956] should_fail_usercopy+0x20/0x30 [ 221.043430][T10956] _inline_copy_from_user+0x3c/0x174 [ 221.043439][T10956] copy_msghdr_from_user+0xb8/0x194 [ 221.043447][T10956] ___sys_sendmsg+0x14c/0x224 [ 221.043454][T10956] __sys_sendmsg+0x160/0x214 [ 221.043460][T10956] __arm64_sys_sendmsg+0x80/0x94 [ 221.043468][T10956] invoke_syscall+0x98/0x244 [ 221.043477][T10956] el0_svc_common+0xec/0x23c [ 221.043487][T10956] do_el0_svc+0x4c/0x5c [ 221.043496][T10956] el0_svc+0x64/0x260 [ 221.043504][T10956] el0t_64_sync_handler+0x48/0x148 [ 221.043512][T10956] el0t_64_sync+0x198/0x19c [ 221.156633][T10963] Injecting memory failure for pfn 0x1067aa at process virtual address 0x20001000 [ 221.159225][T10963] Memory failure: 0x1067aa: Sending SIGBUS to syz.6.1733:10963 due to hardware memory corruption [ 221.161119][T10963] Memory failure: 0x1067aa: recovery action for dirty LRU page: Recovered [ 221.162654][T10963] Injecting memory failure for pfn 0x1064cd at process virtual address 0x20002000 [ 221.164308][T10963] Memory failure: 0x1064cd: Sending SIGBUS to syz.6.1733:10963 due to hardware memory corruption [ 221.165404][T10963] Memory failure: 0x1064cd: recovery action for dirty LRU page: Recovered [ 221.165424][T10963] Injecting memory failure for pfn 0x1133f1 at process virtual address 0x20003000 [ 221.165490][T10963] Memory failure: 0x1133f1: Sending SIGBUS to syz.6.1733:10963 due to hardware memory corruption [ 221.165511][T10963] Memory failure: 0x1133f1: recovery action for dirty LRU page: Recovered [ 221.632637][T10968] EXT4-fs (loop4): Test dummy encryption mode enabled [ 221.641163][T10968] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 221.662833][T10963] Dev loop2: unable to read RDB block 7 [ 221.721541][T10963] loop2: unable to read partition table [ 221.723883][T10963] loop2: partition table beyond EOD, truncated [ 221.723949][T10963] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 221.915232][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 222.511043][ T4756] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 222.912116][ T50] Bluetooth: hci3: unexpected event for opcode 0x0c56 [ 222.955182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 223.713577][T11019] set_capacity_and_notify: 5 callbacks suppressed [ 223.713773][T11019] loop2: detected capacity change from 0 to 7 [ 223.714562][T11019] Dev loop2: unable to read RDB block 7 [ 223.714581][T11019] loop2: AHDI p1 p2 p3 [ 223.714590][T11019] loop2: partition table partially beyond EOD, truncated [ 223.716249][T11019] loop2: p1 start 1601398130 is beyond EOD, truncated [ 223.716266][T11019] loop2: p2 start 1702059890 is beyond EOD, truncated [ 223.764332][T11025] binder: 11024:11025 ioctl 4018620d 0 returned -22 [ 223.765584][T11025] binder: 11024:11025 got transaction to invalid handle, 1 [ 223.765600][T11025] binder: 11024:11025 cannot find target node [ 223.765617][T11025] binder: 11024:11025 transaction call to 0:0 failed 10/29201/-22, code 0 size 0-24 line 3236 [ 223.884777][T11030] loop2: detected capacity change from 0 to 7 [ 223.887583][T11030] Dev loop2: unable to read RDB block 7 [ 223.887617][T11030] loop2: unable to read partition table [ 223.887706][T11030] loop2: partition table beyond EOD, truncated [ 223.887742][T11030] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 223.892617][ T4339] Dev loop2: unable to read RDB block 7 [ 223.892648][ T4339] loop2: unable to read partition table [ 223.892941][ T4339] loop2: partition table beyond EOD, truncated [ 223.995194][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 224.039298][T11033] loop2: detected capacity change from 0 to 512 [ 224.111335][T11039] netlink: 'syz.3.1756': attribute type 8 has an invalid length. [ 224.275270][T11033] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 224.280072][T11033] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 224.281737][T11033] System zones: 0-2, 18-18, 34-34 [ 224.294376][T11033] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.1752: iget: bad i_size value: 281474976710656 [ 224.296793][T11033] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 224.297779][T11033] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.1752: couldn't read orphan inode 15 (err -117) [ 224.297821][T11033] loop2: lost filesystem error report for type 5 error -117 [ 224.302816][T11039] loop3: detected capacity change from 0 to 1024 [ 224.305276][ C0] EXT4-fs (loop2): error count since last fsck: 2 [ 224.305290][ C0] EXT4-fs (loop2): initial error at time 224: ext4_orphan_get:1397: inode 15 [ 224.305307][ C0] EXT4-fs (loop2): last error at time 224: ext4_orphan_get:1402 [ 224.311833][T11033] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.325922][T11033] syzkaller1: entered promiscuous mode [ 224.325958][T11033] syzkaller1: entered allmulticast mode [ 224.337779][T11039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 224.374641][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 224.469325][T11025] syz.4.1751 (11025): drop_caches: 2 [ 224.487304][ T4894] binder: undelivered TRANSACTION_ERROR: 29201 [ 224.520593][T11053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1758'. [ 225.035297][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 225.212111][ T4748] Process accounting resumed [ 225.682273][T11081] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1765'. [ 226.085196][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 226.497474][T11098] loop6: detected capacity change from 0 to 512 [ 226.500146][T11098] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 226.509375][T11098] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.1770: bg 0: block 104: invalid block bitmap [ 226.509425][T11098] loop6: lost filesystem error report for type 5 error -117 [ 226.511709][T11098] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 226.511748][T11098] loop6: lost filesystem error report for type 5 error -117 [ 226.516070][T11098] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.1770: invalid indirect mapped block 1 (level 1) [ 226.516097][T11098] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 226.517839][T11098] EXT4-fs (loop6): 1 truncate cleaned up [ 226.518903][T11098] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.520924][T11098] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 226.577645][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.595572][T11101] binder: 11100:11101 ioctl 4018620d 0 returned -22 [ 226.596242][T11101] binder: 11100:11101 got transaction to invalid handle, 1 [ 226.596254][T11101] binder: 11100:11101 cannot find target node [ 226.596268][T11101] binder: 11100:11101 transaction call to 0:0 failed 11/29201/-22, code 0 size 0-24 line 3236 [ 226.728732][T11101] syz.6.1771 (11101): drop_caches: 2 [ 226.739723][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.820995][ T50] Bluetooth: hci4: unexpected event for opcode 0x0c56 [ 226.909395][ T868] binder: undelivered TRANSACTION_ERROR: 29201 [ 227.115195][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 227.352045][T11123] Injecting memory failure for pfn 0x10d5fd at process virtual address 0x20001000 [ 227.353905][T11123] Memory failure: 0x10d5fd: Sending SIGBUS to syz.4.1779:11123 due to hardware memory corruption [ 227.354260][T11123] Memory failure: 0x10d5fd: recovery action for dirty LRU page: Recovered [ 227.354276][T11123] Injecting memory failure for pfn 0x10d5fe at process virtual address 0x20002000 [ 227.354328][T11123] Memory failure: 0x10d5fe: Sending SIGBUS to syz.4.1779:11123 due to hardware memory corruption [ 227.354348][T11123] Memory failure: 0x10d5fe: recovery action for dirty LRU page: Recovered [ 227.354422][T11123] Injecting memory failure for pfn 0x118348 at process virtual address 0x20003000 [ 227.354467][T11123] Memory failure: 0x118348: Sending SIGBUS to syz.4.1779:11123 due to hardware memory corruption [ 227.354488][T11123] Memory failure: 0x118348: recovery action for dirty LRU page: Recovered [ 227.372647][T11123] loop2: detected capacity change from 0 to 7 [ 227.373413][T11123] Dev loop2: unable to read RDB block 7 [ 227.373430][T11123] loop2: unable to read partition table [ 227.373493][T11123] loop2: partition table beyond EOD, truncated [ 227.373738][T11123] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 227.449193][T11126] FAULT_INJECTION: forcing a failure. [ 227.449193][T11126] name failslab, interval 1, probability 0, space 0, times 0 [ 227.449230][T11126] CPU: 0 UID: 0 PID: 11126 Comm: syz.6.1778 Not tainted syzkaller #0 PREEMPT [ 227.449246][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 227.449252][T11126] Call trace: [ 227.449256][T11126] show_stack+0x2c/0x3c (C) [ 227.449276][T11126] __dump_stack+0x30/0x40 [ 227.449288][T11126] dump_stack_lvl+0xd8/0x12c [ 227.449298][T11126] dump_stack+0x1c/0x28 [ 227.449307][T11126] should_fail_ex+0x41c/0x590 [ 227.449318][T11126] should_failslab+0xc4/0x120 [ 227.449327][T11126] __kmalloc_cache_noprof+0x8c/0x624 [ 227.449337][T11126] alloc_pipe_info+0xec/0x420 [ 227.449348][T11126] splice_direct_to_actor+0x63c/0x7a8 [ 227.449357][T11126] do_splice_direct_actor+0x140/0x228 [ 227.449365][T11126] do_splice_direct+0x58/0x70 [ 227.449374][T11126] do_sendfile+0x40c/0x6c0 [ 227.449385][T11126] __arm64_sys_sendfile64+0x1bc/0x284 [ 227.449396][T11126] invoke_syscall+0x98/0x244 [ 227.449407][T11126] el0_svc_common+0xec/0x23c [ 227.449417][T11126] do_el0_svc+0x4c/0x5c [ 227.449427][T11126] el0_svc+0x64/0x260 [ 227.449436][T11126] el0t_64_sync_handler+0x48/0x148 [ 227.449443][T11126] el0t_64_sync+0x198/0x19c [ 227.994919][ T50] Bluetooth: hci4: unexpected event for opcode 0x0c56 [ 228.155179][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 228.216654][T11158] loop2: detected capacity change from 0 to 7 [ 228.218289][T11158] Dev loop2: unable to read RDB block 7 [ 228.219724][T11158] loop2: unable to read partition table [ 228.219835][T11158] loop2: partition table beyond EOD, truncated [ 228.219867][T11158] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 229.195190][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 229.332863][ T50] Bluetooth: hci1: unexpected event for opcode 0x0c56 [ 229.712134][T11208] loop2: detected capacity change from 0 to 7 [ 229.713684][T11208] Dev loop2: unable to read RDB block 7 [ 229.713990][T11208] loop2: unable to read partition table [ 229.714091][T11208] loop2: partition table beyond EOD, truncated [ 229.714104][T11208] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 229.959841][T11220] loop2: detected capacity change from 0 to 128 [ 229.965270][T11220] EXT4-fs (loop2): Test dummy encryption mode enabled [ 229.970065][T11220] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 230.061165][T11216] futex_wake_op: syz.4.1806 tries to shift op by 32; fix this program [ 230.235247][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 230.826239][ T4762] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 231.093358][T11247] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1814'. [ 231.234099][T11253] random: crng reseeded on system resumption [ 231.275211][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 232.315217][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 232.601037][ T50] Bluetooth: hci3: unexpected event for opcode 0x0c56 [ 232.811963][T11303] loop2: detected capacity change from 0 to 8192 [ 232.902389][T11304] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1830'. [ 233.046588][T11314] loop3: detected capacity change from 0 to 256 [ 233.049369][T11314] vfat: Unknown parameter 'obj_user' [ 233.123490][T11317] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1833'. [ 233.208839][ T50] Bluetooth: hci1: unexpected event for opcode 0x0c56 [ 233.323018][T11320] loop4: detected capacity change from 0 to 32768 [ 233.355223][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 233.412313][T11320] loop4: p1 p3 < > [ 233.716605][ T50] Bluetooth: hci1: link tx timeout [ 233.717862][ T50] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 233.876787][ T4698] udevd[4698]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 233.879064][ T4700] udevd[4700]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 234.081848][ T4710] Bluetooth: hci0: unexpected event for opcode 0x0c56 [ 234.086309][T11377] overlayfs: failed to clone upperpath [ 234.395199][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 234.457714][T11390] loop2: detected capacity change from 0 to 7 [ 234.463300][T11390] Dev loop2: unable to read RDB block 7 [ 234.465353][T11390] loop2: AHDI p1 p2 p3 [ 234.465390][T11390] loop2: partition table partially beyond EOD, truncated [ 234.470605][T11390] loop2: p1 start 1601398130 is beyond EOD, truncated [ 234.473156][T11390] loop2: p2 start 1702059890 is beyond EOD, truncated [ 234.617071][T11398] evm: overlay not supported [ 234.693847][T11405] loop2: detected capacity change from 0 to 256 [ 234.695020][T11405] vfat: Unknown parameter 'obj_user' [ 234.764564][T11408] FAULT_INJECTION: forcing a failure. [ 234.764564][T11408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.764604][T11408] CPU: 0 UID: 0 PID: 11408 Comm: syz.6.1861 Not tainted syzkaller #0 PREEMPT [ 234.764623][T11408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 234.764629][T11408] Call trace: [ 234.764632][T11408] show_stack+0x2c/0x3c (C) [ 234.764655][T11408] __dump_stack+0x30/0x40 [ 234.764667][T11408] dump_stack_lvl+0xd8/0x12c [ 234.764677][T11408] dump_stack+0x1c/0x28 [ 234.764687][T11408] should_fail_ex+0x41c/0x590 [ 234.764696][T11408] should_fail+0x14/0x24 [ 234.764704][T11408] should_fail_usercopy+0x20/0x30 [ 234.764713][T11408] simple_read_from_buffer+0xc4/0x238 [ 234.764723][T11408] proc_fail_nth_read+0x1a8/0x248 [ 234.764731][T11408] vfs_read+0x230/0x8c8 [ 234.764740][T11408] ksys_read+0x12c/0x228 [ 234.764750][T11408] __arm64_sys_read+0x7c/0x90 [ 234.764759][T11408] invoke_syscall+0x98/0x244 [ 234.764769][T11408] el0_svc_common+0xec/0x23c [ 234.764779][T11408] do_el0_svc+0x4c/0x5c [ 234.764788][T11408] el0_svc+0x64/0x260 [ 234.764796][T11408] el0t_64_sync_handler+0x48/0x148 [ 234.764804][T11408] el0t_64_sync+0x198/0x19c [ 234.864478][T11409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1858'. [ 234.990563][T11415] loop2: detected capacity change from 0 to 7 [ 235.001729][T11415] Dev loop2: unable to read RDB block 7 [ 235.001767][T11415] loop2: unable to read partition table [ 235.001829][T11415] loop2: partition table beyond EOD, truncated [ 235.001846][T11415] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 235.070587][T11426] loop2: detected capacity change from 0 to 128 [ 235.097702][T11426] loop2: detected capacity change from 0 to 256 [ 235.098052][T11426] vfat: Unknown parameter 'utf' [ 235.173448][T11428] loop2: detected capacity change from 0 to 7 [ 235.179616][T11428] Dev loop2: unable to read RDB block 7 [ 235.179653][T11428] loop2: AHDI p1 p2 p3 [ 235.179663][T11428] loop2: partition table partially beyond EOD, truncated [ 235.179754][T11428] loop2: p1 start 1601398130 is beyond EOD, truncated [ 235.179764][T11428] loop2: p2 start 1702059890 is beyond EOD, truncated [ 235.196524][T11433] loop2: detected capacity change from 0 to 7 [ 235.198814][T11433] Dev loop2: unable to read RDB block 7 [ 235.199700][T11433] loop2: unable to read partition table [ 235.200741][T11433] loop2: partition table beyond EOD, truncated [ 235.201916][T11433] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 235.435183][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 235.601164][T11454] macsec1: entered promiscuous mode [ 235.602307][T11454] dummy0: entered promiscuous mode [ 235.603901][T11454] macsec1: entered allmulticast mode [ 235.604832][T11454] dummy0: entered allmulticast mode [ 235.608995][T11454] dummy0: left allmulticast mode [ 235.625010][ T4894] dummy0: left promiscuous mode [ 235.706578][T11459] loop3: detected capacity change from 0 to 1024 [ 235.707040][T11459] EXT4-fs: inline encryption not supported [ 235.738691][T11459] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 235.755319][ T4710] Bluetooth: hci1: command 0x0405 tx timeout [ 236.254538][T11474] loop2: detected capacity change from 0 to 7 [ 236.258159][T11474] Dev loop2: unable to read RDB block 7 [ 236.259196][T11474] loop2: AHDI p1 p2 p3 [ 236.259995][T11474] loop2: partition table partially beyond EOD, truncated [ 236.261280][T11474] loop2: p1 start 1601398130 is beyond EOD, truncated [ 236.262471][T11474] loop2: p2 start 1702059890 is beyond EOD, truncated [ 236.449666][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 236.473052][T11492] loop3: detected capacity change from 0 to 8 [ 236.475240][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 236.479670][T11492] squashfs: SQUASHFS error: Xattrs in filesystem, these will be ignored [ 236.481144][T11492] unable to read xattr id index table [ 236.487615][T11492] SQUASHFS error: zlib decompression failed, data probably corrupt [ 236.489933][T11492] SQUASHFS error: Failed to read block 0x13e: -5 [ 236.490995][T11492] SQUASHFS error: Unable to read metadata cache entry [13c] [ 236.492173][T11492] SQUASHFS error: Unable to read directory block [13c:26] [ 236.496747][T11492] SQUASHFS error: Unable to read metadata cache entry [13c] [ 236.496775][T11492] SQUASHFS error: Unable to read directory block [13c:26] [ 236.544966][T11496] IPv6: addrconf: prefix option has invalid lifetime [ 236.544995][T11496] IPv6: addrconf: prefix option has invalid lifetime [ 236.564580][T11499] netlink: 'syz.0.1893': attribute type 4 has an invalid length. [ 236.571120][T11499] netlink: 'syz.0.1893': attribute type 4 has an invalid length. [ 236.590584][T11501] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1894'. [ 237.380683][T11518] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1897'. [ 237.515182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 238.545592][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1903'. [ 238.548414][T11540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1903'. [ 238.555365][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 238.555446][ T4710] Bluetooth: hci5: command 0xfc11 tx timeout [ 238.555695][ T50] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 238.728793][T11547] IPv6: addrconf: prefix option has invalid lifetime [ 238.728826][T11547] IPv6: addrconf: prefix option has invalid lifetime [ 238.871688][ T50] Bluetooth: hci3: unexpected event for opcode 0x0c56 [ 238.906467][T11551] tipc: New replicast peer: 255.255.255.255 [ 238.909147][T11551] tipc: Enabled bearer , priority 10 [ 238.911705][T11551] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1908'. [ 238.913426][T11551] tipc: Disabling bearer [ 238.914079][T11556] cgroup: name respecified [ 238.922367][T11556] geneve2: entered promiscuous mode [ 239.021439][T11560] loop2: detected capacity change from 0 to 512 [ 239.066912][T11563] loop3: detected capacity change from 0 to 512 [ 239.069637][T11563] EXT4-fs: inline encryption not supported [ 239.077860][T11563] EXT4-fs (loop3): ea_inode feature is not supported for Hurd [ 239.083283][T11563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1914'. [ 239.189635][T11571] netlink: 'syz.2.1913': attribute type 29 has an invalid length. [ 239.595187][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 240.039508][T11591] loop3: detected capacity change from 0 to 4096 [ 240.054248][T11598] syzkaller1: entered promiscuous mode [ 240.054285][T11598] syzkaller1: entered allmulticast mode [ 240.059235][T11591] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.081758][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.120059][T11601] ipvlan2: entered promiscuous mode [ 240.120128][T11601] ipvlan2: entered allmulticast mode [ 240.120137][T11601] batadv0: entered allmulticast mode [ 240.121695][T11601] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 240.363125][T11608] Injecting memory failure for pfn 0x1348b8 at process virtual address 0x20f0f000 [ 240.367537][T11608] Memory failure: 0x1348b8: recovery action for clean LRU page: Recovered [ 240.369238][T11608] Injecting memory failure for pfn 0x181077 at process virtual address 0x20f10000 [ 240.370801][T11608] Memory failure: 0x181077: recovery action for clean LRU page: Recovered [ 240.486406][T11616] bond2 (unregistering): Released all slaves [ 240.635220][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 240.924176][T11632] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1935'. [ 241.069212][T11643] loop2: detected capacity change from 0 to 7 [ 241.081857][T11643] Dev loop2: unable to read RDB block 7 [ 241.081893][T11643] loop2: AHDI p1 p2 p3 [ 241.082477][T11643] loop2: partition table partially beyond EOD, truncated [ 241.083096][T11643] loop2: p1 start 1601398130 is beyond EOD, truncated [ 241.083129][T11643] loop2: p2 start 1702059890 is beyond EOD, truncated [ 241.114740][T11647] loop3: detected capacity change from 0 to 2048 [ 241.127752][T11647] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.675211][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 241.848476][T11656] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 242.045333][T11656] EXT4-fs (loop3): Remounting filesystem read-only [ 242.164418][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.181073][T11660] xt_hashlimit: size too large, truncated to 1048576 [ 242.183117][T11660] xt_hashlimit: max too large, truncated to 1048576 [ 242.185893][T11660] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1941'. [ 242.412815][T11680] nbd: must specify a size in bytes for the device [ 242.715182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 243.272732][T11699] syzkaller1: entered promiscuous mode [ 243.272773][T11699] syzkaller1: entered allmulticast mode [ 243.603449][T11709] loop2: detected capacity change from 0 to 512 [ 243.617041][T11709] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.755196][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 243.852985][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.862022][T11744] Injecting memory failure for pfn 0x1228ac at process virtual address 0x20000000 [ 243.878002][T11744] Memory failure: 0x1228ac: Sending SIGBUS to syz.0.1966:11744 due to hardware memory corruption [ 243.878086][T11744] Memory failure: 0x1228ac: recovery action for dirty LRU page: Recovered [ 243.878118][T11744] Injecting memory failure for pfn 0x21959e at process virtual address 0x20001000 [ 243.878139][T11744] Memory failure: 0x21959e: Sending SIGBUS to syz.0.1966:11744 due to hardware memory corruption [ 243.878149][T11744] Memory failure: 0x21959e: recovery action for already poisoned page: Failed [ 244.341987][T11763] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1975'. [ 244.377777][T11768] loop2: detected capacity change from 0 to 7 [ 244.379019][T11768] Dev loop2: unable to read RDB block 7 [ 244.379390][T11768] loop2: unable to read partition table [ 244.379479][T11768] loop2: partition table beyond EOD, truncated [ 244.379501][T11768] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 244.442105][T11772] loop3: detected capacity change from 0 to 256 [ 244.443808][T11772] vfat: Unknown parameter 'obj_user' [ 244.682980][T11797] loop2: detected capacity change from 0 to 7 [ 244.688736][T11797] Dev loop2: unable to read RDB block 7 [ 244.688770][T11797] loop2: unable to read partition table [ 244.688845][T11797] loop2: partition table beyond EOD, truncated [ 244.688854][T11797] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 244.733098][T11793] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 244.795177][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 245.013206][T11819] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1997'. [ 245.052713][T11823] binder: 11822:11823 ioctl 4018620d 0 returned -22 [ 245.057806][T11823] binder: 11822:11823 got transaction to invalid handle, 1 [ 245.057842][T11823] binder: 11822:11823 cannot find target node [ 245.057862][T11823] binder: 11822:11823 transaction call to 0:0 failed 12/29201/-22, code 0 size 0-24 line 3236 [ 245.066179][T11826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2000'. [ 245.074823][T11823] syz.2.1999 (11823): drop_caches: 2 [ 245.723605][ T4748] binder: undelivered TRANSACTION_ERROR: 29201 [ 245.835191][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 245.854816][T11851] loop6: detected capacity change from 0 to 256 [ 245.857871][T11851] vfat: Unknown parameter 'obj_user' [ 245.998893][T11857] netlink: 'syz.0.2010': attribute type 10 has an invalid length. [ 246.002910][T11857] team0: Device nlmon0 is of different type [ 246.070833][T11863] loop6: detected capacity change from 0 to 1024 [ 246.071861][T11863] EXT4-fs: Invalid want_extra_isize 3 [ 246.087746][T11865] binder: 11864:11865 ioctl 4018620d 0 returned -22 [ 246.089590][T11865] binder: 11864:11865 got transaction to invalid handle, 1 [ 246.090653][T11865] binder: 11864:11865 cannot find target node [ 246.091699][T11865] binder: 11864:11865 transaction call to 0:0 failed 13/29201/-22, code 0 size 0-24 line 3236 [ 246.094463][T11865] syz.3.2015 (11865): drop_caches: 2 [ 246.171583][ T4748] binder: undelivered TRANSACTION_ERROR: 29201 [ 246.374194][T11884] futex_wake_op: syz.4.2023 tries to shift op by -1; fix this program [ 246.402263][T11888] loop3: detected capacity change from 0 to 256 [ 246.402710][T11888] vfat: Unknown parameter 'obj_user' [ 246.875197][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 247.019591][T11910] binder: 11909:11910 ioctl 4018620d 0 returned -22 [ 247.024850][T11910] binder: 11909:11910 got transaction to invalid handle, 1 [ 247.024892][T11910] binder: 11909:11910 cannot find target node [ 247.024909][T11910] binder: 11909:11910 transaction call to 0:0 failed 14/29201/-22, code 0 size 0-24 line 3236 [ 247.031762][T11910] syz.4.2032 (11910): drop_caches: 2 [ 247.178466][ T26] binder: undelivered TRANSACTION_ERROR: 29201 [ 247.353726][T11938] netlink: 'syz.6.2043': attribute type 10 has an invalid length. [ 247.371024][T11938] bond0: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 247.475087][ T50] Bluetooth: hci1: unexpected event for opcode 0x0c14 [ 247.915184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 248.119490][T11963] binder: 11962:11963 ioctl 4018620d 0 returned -22 [ 248.122733][T11963] binder: 11962:11963 got transaction to invalid handle, 1 [ 248.122763][T11963] binder: 11962:11963 cannot find target node [ 248.124607][T11963] syz.3.2052 (11963): drop_caches: 2 [ 248.348783][T11966] loop2: detected capacity change from 0 to 7 [ 248.350144][T11966] Dev loop2: unable to read RDB block 7 [ 248.350185][T11966] loop2: unable to read partition table [ 248.350262][T11966] loop2: partition table beyond EOD, truncated [ 248.350286][T11966] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 248.411897][T11974] loop2: detected capacity change from 0 to 7 [ 248.412716][T11974] Dev loop2: unable to read RDB block 7 [ 248.412730][T11974] loop2: AHDI p1 p2 p3 [ 248.412737][T11974] loop2: partition table partially beyond EOD, truncated [ 248.412804][T11974] loop2: p1 start 1601398130 is beyond EOD, truncated [ 248.412813][T11974] loop2: p2 start 1702059890 is beyond EOD, truncated [ 248.423428][T11980] loop3: detected capacity change from 0 to 256 [ 248.423840][T11980] vfat: Unknown parameter 'obj_user' [ 248.798518][ T1595] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.799977][ T1595] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.891577][ T50] Bluetooth: hci0: unexpected event for opcode 0x0c56 [ 248.893799][T11999] overlayfs: failed to resolve './bus': -2 [ 248.955170][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 249.009178][T12011] netlink: 'syz.0.2069': attribute type 2 has an invalid length. [ 249.010451][T12011] Device name cannot be null; rc = [-22] [ 249.852753][ T50] Bluetooth: hci2: unexpected event for opcode 0x0c56 [ 249.855254][T12029] overlayfs: failed to resolve './bus': -2 [ 249.899305][T12033] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2077'. [ 249.905642][T12033] loop4: detected capacity change from 0 to 1024 [ 249.907102][T12033] EXT4-fs: Ignoring removed bh option [ 249.962620][T12033] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.980807][T12040] loop2: detected capacity change from 0 to 7 [ 249.982995][T12040] Dev loop2: unable to read RDB block 7 [ 249.983036][T12040] loop2: unable to read partition table [ 249.983120][T12040] loop2: partition table beyond EOD, truncated [ 249.983150][T12040] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 249.995198][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 250.078026][T12046] syzkaller1: entered promiscuous mode [ 250.079054][T12046] syzkaller1: entered allmulticast mode [ 250.093007][T12037] Injecting memory failure for pfn 0x183201 at process virtual address 0x20001000 [ 250.096205][T12037] Memory failure: 0x183201: recovery action for dirty LRU page: Recovered [ 250.259106][T12056] syzkaller0: entered promiscuous mode [ 250.259150][T12056] syzkaller0: entered allmulticast mode [ 250.783785][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.035248][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 251.960285][T12089] loop2: detected capacity change from 0 to 512 [ 251.964455][T12089] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 251.969250][T12089] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0082] [ 251.969303][T12089] System zones: 1-12 [ 251.986915][T12089] EXT4-fs (loop2): 1 truncate cleaned up [ 251.987374][T12089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.017484][T12098] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2097'. [ 252.017521][T12098] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2097'. [ 252.025637][ T50] Bluetooth: hci2: unexpected event for opcode 0x0c56 [ 252.075222][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 252.229074][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.363159][T12160] loop2: detected capacity change from 0 to 7 [ 252.365532][T12160] Dev loop2: unable to read RDB block 7 [ 252.365566][T12160] loop2: unable to read partition table [ 252.367934][T12160] loop2: partition table beyond EOD, truncated [ 252.367972][T12160] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 252.474743][T12171] loop4: detected capacity change from 0 to 1024 [ 252.498771][T12171] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 252.747223][T12171] EXT4-fs error (device loop4): ext4_map_blocks:833: inode #15: comm syz.4.2108: lblock 0 mapped to illegal pblock 0 (length 6) [ 252.852327][T12189] loop2: detected capacity change from 0 to 7 [ 252.854317][T12189] Dev loop2: unable to read RDB block 7 [ 252.857791][T12189] loop2: AHDI p1 p2 p3 [ 252.858714][T12189] loop2: partition table partially beyond EOD, truncated [ 252.860016][T12189] loop2: p1 start 1601398130 is beyond EOD, truncated [ 252.860506][T12189] loop2: p2 start 1702059890 is beyond EOD, truncated [ 252.869433][T12171] pimreg3: entered allmulticast mode [ 252.873201][T12171] pimreg3: left allmulticast mode [ 253.115206][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 253.162172][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 253.214665][T12199] binder: 12198:12199 tried to acquire reference to desc 0, got 1 instead [ 253.217036][T12199] binder: 12198:12199 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 253.217065][T12199] binder: 12199 RLIMIT_NICE not set [ 253.217088][T12199] binder: 12199 RLIMIT_NICE not set [ 253.324831][T12209] loop2: detected capacity change from 0 to 7 [ 253.327144][T12209] Dev loop2: unable to read RDB block 7 [ 253.327190][T12209] loop2: unable to read partition table [ 253.327260][T12209] loop2: partition table beyond EOD, truncated [ 253.327273][T12209] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 253.381699][T12216] loop6: detected capacity change from 0 to 256 [ 253.382619][T12216] vfat: Unknown parameter 'obj_user' [ 253.540194][T12219] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2120'. [ 254.050149][ T4825] binder_debug: 2 callbacks suppressed [ 254.050190][ T4825] binder: release 12198:12199 transaction 27 out, still active [ 254.050211][ T4825] binder: release 12198:12199 transaction 20 in, still active [ 254.054796][ T4825] binder: undelivered TRANSACTION_COMPLETE [ 254.055919][ T4825] binder: release 12198:12199 transaction 20 out, still active [ 254.057161][ T4825] binder: undelivered TRANSACTION_COMPLETE [ 254.058083][ T4825] binder: send failed reply for transaction 27, target dead [ 254.059348][ T4825] binder: send failed reply for transaction 20, target dead [ 254.107029][T12237] overlayfs: failed to clone upperpath [ 254.155184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 254.199364][T12249] loop2: detected capacity change from 0 to 7 [ 254.218160][T12249] Dev loop2: unable to read RDB block 7 [ 254.218210][T12249] loop2: unable to read partition table [ 254.218293][T12249] loop2: partition table beyond EOD, truncated [ 254.218322][T12249] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 254.302765][T12256] mac80211_hwsim hwsim11 syzkaller0: left promiscuous mode [ 254.302807][T12256] mac80211_hwsim hwsim11 syzkaller0: left allmulticast mode [ 254.704553][T12279] binder: 12278:12279 ioctl 4018620d 0 returned -22 [ 254.708756][T12279] binder: 12278:12279 got transaction to invalid handle, 1 [ 254.710384][T12279] binder: 12278:12279 cannot find target node [ 254.711518][T12279] binder: 12278:12279 transaction call to 0:0 failed 28/29201/-22, code 0 size 0-24 line 3236 [ 254.718026][T12280] loop4: detected capacity change from 0 to 2048 [ 254.719642][T12279] syz.6.2138 (12279): drop_caches: 2 [ 254.732843][T12280] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.806842][ T4825] binder: undelivered TRANSACTION_ERROR: 29201 [ 255.195245][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 255.284123][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.792265][T12330] random: crng reseeded on system resumption [ 255.824496][T12331] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2144'. [ 256.235207][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 256.279925][T12340] loop2: detected capacity change from 0 to 7 [ 256.284229][T12340] Dev loop2: unable to read RDB block 7 [ 256.285471][T12340] loop2: unable to read partition table [ 256.286538][T12340] loop2: partition table beyond EOD, truncated [ 256.287747][T12340] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 256.643173][T12360] loop2: detected capacity change from 0 to 7 [ 256.644624][T12360] Dev loop2: unable to read RDB block 7 [ 256.644870][T12360] loop2: AHDI p1 p2 p3 [ 256.644884][T12360] loop2: partition table partially beyond EOD, truncated [ 256.645546][T12360] loop2: p1 start 1601398130 is beyond EOD, truncated [ 256.645562][T12360] loop2: p2 start 1702059890 is beyond EOD, truncated [ 256.951044][T12365] Dev loop2: unable to read RDB block 7 [ 256.951077][T12365] loop2: unable to read partition table [ 256.951147][T12365] loop2: partition table beyond EOD, truncated [ 256.951171][T12365] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 257.275230][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 257.531220][ T30] audit: type=1326 audit(257.520:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.531331][ T30] audit: type=1326 audit(257.520:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.560630][T12393] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2172'. [ 257.564041][ T30] audit: type=1326 audit(257.540:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.569870][ T30] audit: type=1326 audit(257.540:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.573570][ T30] audit: type=1326 audit(257.540:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.577673][ T30] audit: type=1326 audit(257.540:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=425 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.577696][ T30] audit: type=1326 audit(257.540:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb1977860 code=0x7ffc0000 [ 257.577713][ T30] audit: type=1326 audit(257.540:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb1977860 code=0x7ffc0000 [ 257.577730][ T30] audit: type=1326 audit(257.540:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 257.577746][ T30] audit: type=1326 audit(257.540:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12392 comm="syz.6.2172" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=426 compat=0 ip=0xffffb1977b68 code=0x7ffc0000 [ 258.102328][T12400] set_capacity_and_notify: 1 callbacks suppressed [ 258.102374][T12400] loop2: detected capacity change from 0 to 7 [ 258.103808][T12400] Dev loop2: unable to read RDB block 7 [ 258.103824][T12400] loop2: unable to read partition table [ 258.103890][T12400] loop2: partition table beyond EOD, truncated [ 258.103900][T12400] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 258.123374][T12402] loop2: detected capacity change from 0 to 7 [ 258.126225][T12402] Dev loop2: unable to read RDB block 7 [ 258.127607][T12402] loop2: unable to read partition table [ 258.128653][T12402] loop2: partition table beyond EOD, truncated [ 258.130071][T12402] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 258.175921][ T50] Bluetooth: hci4: Malformed HCI Event [ 258.310761][T12417] loop2: detected capacity change from 0 to 256 [ 258.315275][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 258.317708][T12417] vfat: Unknown parameter 'obj_user' [ 258.356568][T12419] loop2: detected capacity change from 0 to 7 [ 258.358614][T12419] Dev loop2: unable to read RDB block 7 [ 258.359704][T12419] loop2: AHDI p1 p2 p3 [ 258.361108][T12419] loop2: partition table partially beyond EOD, truncated [ 258.363196][T12419] loop2: p1 start 1601398130 is beyond EOD, truncated [ 258.364601][T12419] loop2: p2 start 1702059890 is beyond EOD, truncated [ 258.748101][T12428] binder: 12427:12428 ioctl 4018620d 0 returned -22 [ 258.748672][T12428] binder: 12427:12428 got transaction to invalid handle, 1 [ 258.750723][T12428] syz.4.2184 (12428): drop_caches: 2 [ 258.764469][T12429] loop2: detected capacity change from 0 to 7 [ 258.767882][T12429] Dev loop2: unable to read RDB block 7 [ 258.767920][T12429] loop2: unable to read partition table [ 258.767993][T12429] loop2: partition table beyond EOD, truncated [ 258.768004][T12429] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 258.774999][T12431] loop2: detected capacity change from 0 to 1024 [ 258.812552][T12431] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 258.821413][T12439] EXT4-fs (loop2): shut down requested (0) [ 258.824858][T12431] EXT4-fs (loop2): shut down requested (0) [ 259.297153][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 259.355204][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 259.633551][T12467] loop2: detected capacity change from 0 to 7 [ 259.634147][T12467] Dev loop2: unable to read RDB block 7 [ 259.634241][T12467] loop2: AHDI p1 p2 p3 [ 259.634259][T12467] loop2: partition table partially beyond EOD, truncated [ 259.634548][T12467] loop2: p1 start 1601398130 is beyond EOD, truncated [ 259.634571][T12467] loop2: p2 start 1702059890 is beyond EOD, truncated [ 259.691504][T12469] loop2: detected capacity change from 0 to 7 [ 259.699197][T12469] Dev loop2: unable to read RDB block 7 [ 259.699235][T12469] loop2: unable to read partition table [ 259.699317][T12469] loop2: partition table beyond EOD, truncated [ 259.699346][T12469] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 259.762976][T12474] loop2: detected capacity change from 0 to 7 [ 259.773315][T12474] Dev loop2: unable to read RDB block 7 [ 259.773360][T12474] loop2: unable to read partition table [ 259.773449][T12474] loop2: partition table beyond EOD, truncated [ 259.773481][T12474] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 259.777214][T12476] fuse: Bad value for 'fd' [ 259.788090][T12478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2198'. [ 259.791228][T12478] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2198'. [ 259.963830][T12491] netlink: 'syz.4.2203': attribute type 2 has an invalid length. [ 260.245958][T12500] lo speed is unknown, defaulting to 1000 [ 260.246013][T12500] lo speed is unknown, defaulting to 1000 [ 260.247703][T12500] lo speed is unknown, defaulting to 1000 [ 260.248742][T12500] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 260.250929][T12500] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 260.280747][T12500] lo speed is unknown, defaulting to 1000 [ 260.281182][T12500] lo speed is unknown, defaulting to 1000 [ 260.281541][T12500] lo speed is unknown, defaulting to 1000 [ 260.281871][T12500] lo speed is unknown, defaulting to 1000 [ 260.282732][T12500] lo speed is unknown, defaulting to 1000 [ 260.283109][T12500] lo speed is unknown, defaulting to 1000 [ 260.395252][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 260.403434][T12520] loop2: detected capacity change from 0 to 7 [ 260.405294][T12520] Dev loop2: unable to read RDB block 7 [ 260.406649][T12520] loop2: unable to read partition table [ 260.406742][T12520] loop2: partition table beyond EOD, truncated [ 260.406776][T12520] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 260.437077][T12526] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 260.440920][T12526] EXT4-fs (loop2): 1 truncate cleaned up [ 260.441468][T12526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.481744][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.544709][T12535] syzkaller0: entered promiscuous mode [ 260.550033][T12535] syzkaller0: entered allmulticast mode [ 260.569060][T12535] simple: basic_1 [ 260.569089][T12535] simple: basic_2 [ 260.569109][T12535] simple: basic_3 [ 260.569120][T12535] simple: basic_4 [ 260.569130][T12535] simple: basic_5 [ 260.569140][T12535] simple: basic_6 [ 260.569149][T12535] simple: basic_7 [ 260.569158][T12535] simple: basic_8 [ 260.569166][T12535] simple: basic_9 [ 260.569174][T12535] simple: basic_10 [ 260.569182][T12535] simple: basic_11 [ 260.569190][T12535] simple: basic_12 [ 260.569197][T12535] simple: basic_13 [ 260.569205][T12535] simple: basic_14 [ 260.569212][T12535] simple: basic_15 [ 260.569220][T12535] simple: basic_16 [ 260.569228][T12535] simple: basic_17 [ 260.569237][T12535] 0: reclassify loop, rule prio 0, protocol 800 [ 260.602697][T12540] syzkaller1: entered promiscuous mode [ 260.603967][T12540] syzkaller1: entered allmulticast mode [ 260.972901][T12545] Dev loop2: unable to read RDB block 7 [ 260.972937][T12545] loop2: unable to read partition table [ 260.973030][T12545] loop2: partition table beyond EOD, truncated [ 260.973049][T12545] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 261.161709][T12549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2221'. [ 261.239540][T12558] Dev loop2: unable to read RDB block 7 [ 261.239578][T12558] loop2: unable to read partition table [ 261.239643][T12558] loop2: partition table beyond EOD, truncated [ 261.239653][T12558] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 261.416938][T12572] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.435230][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 261.461636][T12577] syzkaller1: entered promiscuous mode [ 261.462733][T12577] syzkaller1: entered allmulticast mode [ 261.471288][T12577] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2232'. [ 261.669954][T12582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2229'. [ 261.684443][T12580] Dev loop2: unable to read RDB block 7 [ 261.684483][T12580] loop2: AHDI p1 p2 p3 [ 261.684492][T12580] loop2: partition table partially beyond EOD, truncated [ 261.684565][T12580] loop2: p1 start 1601398130 is beyond EOD, truncated [ 261.684574][T12580] loop2: p2 start 1702059890 is beyond EOD, truncated [ 261.895535][T12591] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 261.900816][T12591] EXT4-fs (loop6): Remounting filesystem read-only [ 262.219953][T12599] Dev loop2: unable to read RDB block 7 [ 262.219998][T12599] loop2: unable to read partition table [ 262.220072][T12599] loop2: partition table beyond EOD, truncated [ 262.220095][T12599] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 262.299200][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.428600][T12623] syzkaller1: entered promiscuous mode [ 262.429574][T12623] syzkaller1: entered allmulticast mode [ 262.475260][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 262.537790][T12642] vfat: Unknown parameter 'obj_user' [ 262.876538][T12670] loop4: p1 < > p2 p4 < p5 > [ 262.876570][T12670] loop4: partition table partially beyond EOD, truncated [ 262.876700][T12670] loop4: p1 start 4294901760 is beyond EOD, truncated [ 262.876723][T12670] loop4: p2 size 983040 extends beyond EOD, truncated [ 262.881546][T12670] loop4: p5 size 983040 extends beyond EOD, truncated [ 262.909480][T12673] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2254'. [ 263.515222][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 263.886420][T12687] set_capacity_and_notify: 8 callbacks suppressed [ 263.888736][T12687] loop4: detected capacity change from 0 to 8 [ 263.891973][T12687] squashfs: SQUASHFS error: Xattrs in filesystem, these will be ignored [ 263.893604][T12687] unable to read xattr id index table [ 263.895065][T12687] SQUASHFS error: zlib decompression failed, data probably corrupt [ 263.896521][T12687] SQUASHFS error: Failed to read block 0x9b: -5 [ 263.897711][T12687] SQUASHFS error: Unable to read metadata cache entry [99] [ 263.899099][T12687] SQUASHFS error: Unable to read inode 0x127 [ 264.518277][T12714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2277'. [ 264.520282][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2277'. [ 264.555198][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 264.604026][T12716] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2277'. [ 264.606344][T12716] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2277'. [ 265.393538][T12727] loop3: detected capacity change from 0 to 1024 [ 265.407052][T12727] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.412002][T12727] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.2281: missing EA_INODE flag [ 265.416868][T12727] EXT4-fs (loop3): Remounting filesystem read-only [ 265.431161][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.595184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 265.759846][T12738] loop3: detected capacity change from 0 to 2048 [ 265.786906][T12738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.314436][T12747] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 266.409381][T12747] EXT4-fs (loop3): Remounting filesystem read-only [ 266.629066][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.635237][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 267.675201][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 268.385065][T12801] loop2: detected capacity change from 0 to 7 [ 268.387501][T12801] Dev loop2: unable to read RDB block 7 [ 268.388638][T12801] loop2: unable to read partition table [ 268.389819][T12801] loop2: partition table beyond EOD, truncated [ 268.391024][T12801] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 268.424183][T12809] loop3: detected capacity change from 0 to 256 [ 268.429241][T12809] vfat: Unknown parameter 'obj_user' [ 268.437741][T12811] binder: 12810:12811 ioctl 4018620d 0 returned -22 [ 268.451442][T12811] binder: 12810:12811 got transaction to invalid handle, 1 [ 268.451469][T12811] binder_debug: 3 callbacks suppressed [ 268.451780][T12811] binder: 12810:12811 cannot find target node [ 268.451816][T12811] binder: 12810:12811 transaction call to 0:0 failed 30/29201/-22, code 0 size 0-24 line 3236 [ 268.654725][ T9] binder: undelivered TRANSACTION_ERROR: 29201 [ 268.699089][T12819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2310'. [ 268.715204][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 268.792881][T12824] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2311'. [ 269.490009][T12837] FAULT_INJECTION: forcing a failure. [ 269.490009][T12837] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.490042][T12837] CPU: 0 UID: 0 PID: 12837 Comm: syz.3.2316 Tainted: G L syzkaller #0 PREEMPT [ 269.490056][T12837] Tainted: [L]=SOFTLOCKUP [ 269.490059][T12837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 269.490064][T12837] Call trace: [ 269.490067][T12837] show_stack+0x2c/0x3c (C) [ 269.490085][T12837] __dump_stack+0x30/0x40 [ 269.490097][T12837] dump_stack_lvl+0xd8/0x12c [ 269.490106][T12837] dump_stack+0x1c/0x28 [ 269.490116][T12837] should_fail_ex+0x41c/0x590 [ 269.490126][T12837] should_fail+0x14/0x24 [ 269.490134][T12837] should_fail_usercopy+0x20/0x30 [ 269.490143][T12837] _inline_copy_from_user+0x3c/0x174 [ 269.490152][T12837] copy_msghdr_from_user+0xb8/0x194 [ 269.490159][T12837] ___sys_sendmsg+0x14c/0x224 [ 269.490166][T12837] __sys_sendmsg+0x160/0x214 [ 269.490173][T12837] __arm64_sys_sendmsg+0x80/0x94 [ 269.490180][T12837] invoke_syscall+0x98/0x244 [ 269.490190][T12837] el0_svc_common+0xec/0x23c [ 269.490200][T12837] do_el0_svc+0x4c/0x5c [ 269.490209][T12837] el0_svc+0x64/0x260 [ 269.490218][T12837] el0t_64_sync_handler+0x48/0x148 [ 269.490225][T12837] el0t_64_sync+0x198/0x19c [ 269.755203][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 270.795192][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 271.684543][T12886] loop2: detected capacity change from 0 to 7 [ 271.688808][T12886] Dev loop2: unable to read RDB block 7 [ 271.688837][T12886] loop2: AHDI p1 p2 p3 [ 271.688845][T12886] loop2: partition table partially beyond EOD, truncated [ 271.689904][T12886] loop2: p1 start 1601398130 is beyond EOD, truncated [ 271.689918][T12886] loop2: p2 start 1702059890 is beyond EOD, truncated [ 271.733777][T12891] binder: 12890:12891 ioctl 4018620d 0 returned -22 [ 271.734291][T12891] binder: 12890:12891 got transaction to invalid handle, 1 [ 271.734304][T12891] binder: 12890:12891 cannot find target node [ 271.734318][T12891] binder: 12890:12891 transaction call to 0:0 failed 31/29201/-22, code 0 size 0-24 line 3236 [ 271.734480][T12891] FAULT_INJECTION: forcing a failure. [ 271.734480][T12891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 271.734496][T12891] CPU: 0 UID: 0 PID: 12891 Comm: syz.2.2331 Tainted: G L syzkaller #0 PREEMPT [ 271.734507][T12891] Tainted: [L]=SOFTLOCKUP [ 271.734510][T12891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 271.734515][T12891] Call trace: [ 271.734518][T12891] show_stack+0x2c/0x3c (C) [ 271.734537][T12891] __dump_stack+0x30/0x40 [ 271.734547][T12891] dump_stack_lvl+0xd8/0x12c [ 271.734557][T12891] dump_stack+0x1c/0x28 [ 271.734567][T12891] should_fail_ex+0x41c/0x590 [ 271.734576][T12891] should_fail+0x14/0x24 [ 271.734584][T12891] should_fail_usercopy+0x20/0x30 [ 271.734593][T12891] _copy_from_iter+0x188/0x1064 [ 271.734603][T12891] proc_sys_call_handler+0x240/0x48c [ 271.734614][T12891] proc_sys_write+0x2c/0x3c [ 271.734623][T12891] do_iter_readv_writev+0x48c/0x6f8 [ 271.734635][T12891] vfs_writev+0x2a8/0x630 [ 271.734642][T12891] do_writev+0x134/0x2a8 [ 271.734648][T12891] __arm64_sys_writev+0x80/0x94 [ 271.734658][T12891] invoke_syscall+0x98/0x244 [ 271.734668][T12891] el0_svc_common+0xec/0x23c [ 271.734677][T12891] do_el0_svc+0x4c/0x5c [ 271.734687][T12891] el0_svc+0x64/0x260 [ 271.734695][T12891] el0t_64_sync_handler+0x48/0x148 [ 271.734702][T12891] el0t_64_sync+0x198/0x19c [ 271.806251][ T26] binder: undelivered TRANSACTION_ERROR: 29201 [ 271.835415][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 272.322389][T12896] loop4: detected capacity change from 0 to 1024 [ 272.353342][T12896] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.369225][T12896] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #11: comm syz.4.2335: missing EA_INODE flag [ 272.373186][T12900] batman_adv: batadv0: Adding interface: dummy0 [ 272.374310][T12900] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 272.379819][T12900] batman_adv: batadv0: Interface activated: dummy0 [ 272.389986][T12896] EXT4-fs (loop4): Remounting filesystem read-only [ 272.397576][T12907] binder: 12906:12907 ioctl 4018620d 0 returned -22 [ 272.398087][T12900] batadv0: mtu less than device minimum [ 272.399991][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.401761][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.403384][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.405004][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.406667][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.408287][T12900] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 272.418895][T12907] binder: 12906:12907 got transaction to invalid handle, 1 [ 272.418921][T12907] binder: 12906:12907 cannot find target node [ 272.418942][T12907] binder: 12906:12907 transaction call to 0:0 failed 32/29201/-22, code 0 size 0-24 line 3236 [ 272.441330][ T4756] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.444966][T12907] syz.3.2337 (12907): drop_caches: 2 [ 272.575068][T12925] syzkaller0: entered promiscuous mode [ 272.575906][T12925] syzkaller0: entered allmulticast mode [ 272.577340][T12925] simple: basic_1 [ 272.577351][T12925] simple: basic_2 [ 272.577356][T12925] simple: basic_3 [ 272.577361][T12925] simple: basic_4 [ 272.577365][T12925] simple: basic_5 [ 272.577370][T12925] simple: basic_6 [ 272.577374][T12925] simple: basic_7 [ 272.577379][T12925] simple: basic_8 [ 272.577387][T12925] simple: basic_9 [ 272.577400][T12925] simple: basic_10 [ 272.577406][T12925] simple: basic_11 [ 272.577416][T12925] simple: basic_12 [ 272.577420][T12925] simple: basic_13 [ 272.577425][T12925] simple: basic_14 [ 272.577430][T12925] simple: basic_15 [ 272.577434][T12925] simple: basic_16 [ 272.577439][T12925] simple: basic_17 [ 272.870350][ T26] binder: undelivered TRANSACTION_ERROR: 29201 [ 272.953570][T12934] loop2: detected capacity change from 0 to 256 [ 272.955565][T12934] vfat: Unknown parameter 'obj_user' [ 273.024759][T12931] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000 [ 273.147891][T12941] loop2: detected capacity change from 0 to 7 [ 273.148260][T12941] Dev loop2: unable to read RDB block 7 [ 273.148275][T12941] loop2: unable to read partition table [ 273.148334][T12941] loop2: partition table beyond EOD, truncated [ 273.148343][T12941] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 273.163922][T12943] syzkaller1: entered promiscuous mode [ 273.163957][T12943] syzkaller1: entered allmulticast mode [ 273.298285][T12953] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2350'. [ 273.396619][T12963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2357'. [ 273.397627][T12966] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 273.397645][T12966] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 273.414649][T12970] loop2: detected capacity change from 0 to 2048 [ 273.450423][T12970] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 273.512643][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.546915][T12982] lo speed is unknown, defaulting to 1000 [ 273.621854][T12993] syzkaller1: entered promiscuous mode [ 273.621892][T12993] syzkaller1: entered allmulticast mode [ 273.656356][T12997] loop2: detected capacity change from 0 to 7 [ 273.665646][T12997] Dev loop2: unable to read RDB block 7 [ 273.668802][T12997] loop2: AHDI p1 p2 p3 [ 273.669664][T12997] loop2: partition table partially beyond EOD, truncated [ 273.671637][T12997] loop2: p1 start 1601398130 is beyond EOD, truncated [ 273.672942][T12997] loop2: p2 start 1702059890 is beyond EOD, truncated [ 273.773417][T13009] binder: 13008:13009 BC_REQUEST_FREEZE_NOTIFICATION invalid ref 16777216 [ 273.773455][T13009] binder: 13008:13009 ioctl c0306201 20000540 returned -22 [ 273.773927][T13009] tmpfs: Bad value for 'mpol' [ 273.830364][T13013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2371'. [ 274.160280][T13022] overlayfs: missing 'lowerdir' [ 274.172871][T13024] FAULT_INJECTION: forcing a failure. [ 274.172871][T13024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.177924][T13024] CPU: 1 UID: 0 PID: 13024 Comm: syz.6.2376 Tainted: G L syzkaller #0 PREEMPT [ 274.177952][T13024] Tainted: [L]=SOFTLOCKUP [ 274.177956][T13024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 274.177962][T13024] Call trace: [ 274.177966][T13024] show_stack+0x2c/0x3c (C) [ 274.177989][T13024] __dump_stack+0x30/0x40 [ 274.178001][T13024] dump_stack_lvl+0xd8/0x12c [ 274.178011][T13024] dump_stack+0x1c/0x28 [ 274.178021][T13024] should_fail_ex+0x41c/0x590 [ 274.178031][T13024] should_fail+0x14/0x24 [ 274.178039][T13024] should_fail_usercopy+0x20/0x30 [ 274.178048][T13024] _inline_copy_from_user+0x3c/0x174 [ 274.178057][T13024] copy_msghdr_from_user+0xb8/0x194 [ 274.178064][T13024] ___sys_sendmsg+0x14c/0x224 [ 274.178071][T13024] __sys_sendmsg+0x160/0x214 [ 274.178078][T13024] __arm64_sys_sendmsg+0x80/0x94 [ 274.178085][T13024] invoke_syscall+0x98/0x244 [ 274.178095][T13024] el0_svc_common+0xec/0x23c [ 274.178105][T13024] do_el0_svc+0x4c/0x5c [ 274.178114][T13024] el0_svc+0x64/0x260 [ 274.178123][T13024] el0t_64_sync_handler+0x48/0x148 [ 274.178130][T13024] el0t_64_sync+0x198/0x19c [ 274.218151][T13026] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2377'. [ 274.285040][T13032] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2378'. [ 274.343416][T13034] loop2: detected capacity change from 0 to 7 [ 274.344913][T13034] Dev loop2: unable to read RDB block 7 [ 274.347255][T13034] loop2: AHDI p1 p2 p3 [ 274.347293][T13034] loop2: partition table partially beyond EOD, truncated [ 274.347406][T13034] loop2: p1 start 1601398130 is beyond EOD, truncated [ 274.347433][T13034] loop2: p2 start 1702059890 is beyond EOD, truncated [ 274.536844][T13061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2384'. [ 274.586977][T13060] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2387'. [ 274.913539][T13057] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2388'. [ 274.929344][T13069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2390'. [ 274.955227][ C1] net_ratelimit: 16 callbacks suppressed [ 274.955268][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 275.305695][T13082] loop2: detected capacity change from 0 to 7 [ 275.306635][T13082] Dev loop2: unable to read RDB block 7 [ 275.306654][T13082] loop2: unable to read partition table [ 275.306722][T13082] loop2: partition table beyond EOD, truncated [ 275.306731][T13082] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 275.334461][T13086] loop2: detected capacity change from 0 to 7 [ 275.348728][T13086] Dev loop2: unable to read RDB block 7 [ 275.348773][T13086] loop2: AHDI p1 p2 p3 [ 275.348789][T13086] loop2: partition table partially beyond EOD, truncated [ 275.349323][T13086] loop2: p1 start 1601398130 is beyond EOD, truncated [ 275.349350][T13086] loop2: p2 start 1702059890 is beyond EOD, truncated [ 275.422579][T13091] FAULT_INJECTION: forcing a failure. [ 275.422579][T13091] name failslab, interval 1, probability 0, space 0, times 0 [ 275.422617][T13091] CPU: 1 UID: 0 PID: 13091 Comm: syz.4.2398 Tainted: G L syzkaller #0 PREEMPT [ 275.422630][T13091] Tainted: [L]=SOFTLOCKUP [ 275.422634][T13091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 275.422639][T13091] Call trace: [ 275.422642][T13091] show_stack+0x2c/0x3c (C) [ 275.422661][T13091] __dump_stack+0x30/0x40 [ 275.422672][T13091] dump_stack_lvl+0xd8/0x12c [ 275.422682][T13091] dump_stack+0x1c/0x28 [ 275.422691][T13091] should_fail_ex+0x41c/0x590 [ 275.422702][T13091] should_failslab+0xc4/0x120 [ 275.422710][T13091] kmem_cache_alloc_node_noprof+0x94/0x6c8 [ 275.422720][T13091] __alloc_skb+0x1f0/0x610 [ 275.422731][T13091] netlink_alloc_large_skb+0xd4/0x114 [ 275.422742][T13091] netlink_sendmsg+0x4c4/0x948 [ 275.422752][T13091] __sock_sendmsg+0xc8/0x138 [ 275.422761][T13091] ____sys_sendmsg+0x3d0/0x6c8 [ 275.422768][T13091] ___sys_sendmsg+0x198/0x224 [ 275.422775][T13091] __sys_sendmsg+0x160/0x214 [ 275.422782][T13091] __arm64_sys_sendmsg+0x80/0x94 [ 275.422789][T13091] invoke_syscall+0x98/0x244 [ 275.422799][T13091] el0_svc_common+0xec/0x23c [ 275.422809][T13091] do_el0_svc+0x4c/0x5c [ 275.422818][T13091] el0_svc+0x64/0x260 [ 275.422827][T13091] el0t_64_sync_handler+0x48/0x148 [ 275.422834][T13091] el0t_64_sync+0x198/0x19c [ 275.509904][T13095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2399'. [ 275.511790][T13101] loop3: detected capacity change from 0 to 2048 [ 275.534106][T13101] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 275.947331][T13122] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2408'. [ 275.995226][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 276.109214][T13128] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 276.110169][T13128] EXT4-fs (loop3): Remounting filesystem read-only [ 276.403007][ T4758] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.461859][T13134] netlink: 448 bytes leftover after parsing attributes in process `syz.3.2411'. [ 276.559412][T13141] syzkaller1: entered promiscuous mode [ 276.559448][T13141] syzkaller1: entered allmulticast mode [ 276.998110][T13175] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 276.998149][T13175] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 277.035247][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 277.065228][T13173] mac80211_hwsim hwsim9 syzkaller0: left promiscuous mode [ 277.066589][T13173] mac80211_hwsim hwsim9 syzkaller0: left allmulticast mode [ 277.360282][T13197] syzkaller1: entered promiscuous mode [ 277.360372][T13197] syzkaller1: entered allmulticast mode [ 277.459260][T13201] lo speed is unknown, defaulting to 1000 [ 277.537071][T13208] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 277.538675][T13208] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 277.959381][T13226] loop6: detected capacity change from 0 to 128 [ 278.075268][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 278.200227][T13226] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 278.217331][T13226] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 278.366861][T13238] syzkaller1: entered promiscuous mode [ 278.368372][T13238] syzkaller1: entered allmulticast mode [ 278.626805][T13243] overlayfs: missing 'lowerdir' [ 278.827253][T13253] loop6: detected capacity change from 0 to 512 [ 278.876497][T13254] __nla_validate_parse: 4 callbacks suppressed [ 278.876511][T13254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2451'. [ 279.115278][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 279.168593][T13253] EXT4-fs error (device loop6): ext4_orphan_get:1397: inode #15: comm syz.6.2450: inode has both inline data and extents flags [ 279.168675][T13253] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 279.173177][T13253] EXT4-fs error (device loop6): ext4_orphan_get:1402: comm syz.6.2450: couldn't read orphan inode 15 (err -117) [ 279.173230][T13253] loop6: lost filesystem error report for type 5 error -117 [ 279.176826][ C0] EXT4-fs (loop6): error count since last fsck: 2 [ 279.176837][ C0] EXT4-fs (loop6): initial error at time 279: ext4_orphan_get:1397: inode 15 [ 279.176852][ C0] EXT4-fs (loop6): last error at time 279: ext4_orphan_get:1402 [ 279.188138][T13253] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.269321][T13258] Injecting memory failure for pfn 0x182013 at process virtual address 0x20000000 [ 279.277922][T13258] Memory failure: 0x182013: keeping poisoned page in swap cache [ 279.278961][T13258] Memory failure: 0x182013: Sending SIGBUS to syz.6.2450:13258 due to hardware memory corruption [ 279.279093][T13258] Memory failure: 0x182013: recovery action for dirty swapcache page: Delayed [ 279.279343][T13258] Injecting memory failure for pfn 0x18186d at process virtual address 0x20001000 [ 279.289945][T13258] Memory failure: 0x18186d: keeping poisoned page in swap cache [ 279.290035][T13258] Memory failure: 0x18186d: Sending SIGBUS to syz.6.2450:13258 due to hardware memory corruption [ 279.290184][T13258] Memory failure: 0x18186d: recovery action for dirty swapcache page: Delayed [ 279.290408][T13258] Injecting memory failure for pfn 0x18186c at process virtual address 0x20002000 [ 279.294316][T13258] Memory failure: 0x18186c: keeping poisoned page in swap cache [ 279.294381][T13258] Memory failure: 0x18186c: recovery action for clean swapcache page: Recovered [ 279.294424][T13258] Injecting memory failure for pfn 0x18186e at process virtual address 0x20003000 [ 279.305641][T13258] Memory failure: 0x18186e: keeping poisoned page in swap cache [ 279.305901][T13258] Memory failure: 0x18186e: recovery action for clean swapcache page: Recovered [ 279.306051][T13258] Injecting memory failure for pfn 0x18186f at process virtual address 0x20004000 [ 279.389992][T13258] Memory failure: 0x18186f: keeping poisoned page in swap cache [ 279.390219][T13258] Memory failure: 0x18186f: recovery action for clean swapcache page: Recovered [ 279.390634][T13258] Injecting memory failure for pfn 0x17e881 at process virtual address 0x20005000 [ 279.397965][T13258] Memory failure: 0x17e881: keeping poisoned page in swap cache [ 279.398019][T13258] Memory failure: 0x17e881: recovery action for clean swapcache page: Recovered [ 279.398055][T13258] Injecting memory failure for pfn 0x180ea0 at process virtual address 0x20006000 [ 279.406506][T13258] Memory failure: 0x180ea0: keeping poisoned page in swap cache [ 279.406716][T13258] Memory failure: 0x180ea0: recovery action for clean swapcache page: Recovered [ 279.406910][T13258] Injecting memory failure for pfn 0x17fcc8 at process virtual address 0x20007000 [ 279.414183][T13258] Memory failure: 0x17fcc8: keeping poisoned page in swap cache [ 279.415396][T13258] Memory failure: 0x17fcc8: recovery action for clean swapcache page: Recovered [ 279.415736][T13258] Injecting memory failure for pfn 0x18067b at process virtual address 0x20008000 [ 279.418114][T13258] Memory failure: 0x18067b: keeping poisoned page in swap cache [ 279.418158][T13258] Memory failure: 0x18067b: recovery action for clean swapcache page: Recovered [ 279.418193][T13258] Injecting memory failure for pfn 0x182f7e at process virtual address 0x20009000 [ 279.429602][T13258] Memory failure: 0x182f7e: keeping poisoned page in swap cache [ 279.429700][T13258] Memory failure: 0x182f7e: recovery action for clean swapcache page: Recovered [ 279.429908][T13258] Injecting memory failure for pfn 0x182f7f at process virtual address 0x2000a000 [ 279.442721][T13258] Memory failure: 0x182f7f: keeping poisoned page in swap cache [ 279.442933][T13258] Memory failure: 0x182f7f: recovery action for clean swapcache page: Recovered [ 279.442979][T13258] Injecting memory failure for pfn 0x13abd4 at process virtual address 0x2000b000 [ 279.443229][T13258] Memory failure: 0x13abd4: keeping poisoned page in swap cache [ 279.443257][T13258] Memory failure: 0x13abd4: recovery action for clean swapcache page: Recovered [ 279.443851][T13258] Injecting memory failure for pfn 0x17aaa6 at process virtual address 0x2000c000 [ 279.446152][T13258] Memory failure: 0x17aaa6: keeping poisoned page in swap cache [ 279.446190][T13258] Memory failure: 0x17aaa6: recovery action for clean swapcache page: Recovered [ 279.446221][T13258] Injecting memory failure for pfn 0x1827c1 at process virtual address 0x2000d000 [ 279.446619][T13258] Memory failure: 0x1827c1: keeping poisoned page in swap cache [ 279.446646][T13258] Memory failure: 0x1827c1: recovery action for clean swapcache page: Recovered [ 279.446669][T13258] Injecting memory failure for pfn 0x123c11 at process virtual address 0x2000e000 [ 279.447844][T13258] Memory failure: 0x123c11: keeping poisoned page in swap cache [ 279.447932][T13258] Memory failure: 0x123c11: recovery action for clean swapcache page: Recovered [ 279.448159][T13258] Injecting memory failure for pfn 0x13933a at process virtual address 0x2000f000 [ 279.477122][T13258] Memory failure: 0x13933a: keeping poisoned page in swap cache [ 279.477176][T13258] Memory failure: 0x13933a: recovery action for clean swapcache page: Recovered [ 279.477213][T13258] Injecting memory failure for pfn 0x13ad38 at process virtual address 0x20010000 [ 279.480375][T13258] Memory failure: 0x13ad38: keeping poisoned page in swap cache [ 279.480654][T13258] Memory failure: 0x13ad38: recovery action for clean swapcache page: Recovered [ 279.480828][T13258] Injecting memory failure for pfn 0x1819b7 at process virtual address 0x20011000 [ 279.514346][T13258] Memory failure: 0x1819b7: keeping poisoned page in swap cache [ 279.514422][T13258] Memory failure: 0x1819b7: recovery action for clean swapcache page: Recovered [ 279.514457][T13258] Injecting memory failure for pfn 0x13a221 at process virtual address 0x20012000 [ 279.515064][T13258] Memory failure: 0x13a221: keeping poisoned page in swap cache [ 279.515091][T13258] Memory failure: 0x13a221: recovery action for clean swapcache page: Recovered [ 279.516527][T13258] Injecting memory failure for pfn 0x17e72e at process virtual address 0x20013000 [ 279.617510][T13258] Memory failure: 0x17e72e: keeping poisoned page in swap cache [ 279.617579][T13258] Memory failure: 0x17e72e: recovery action for clean swapcache page: Recovered [ 279.918863][ T7722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.920172][T13280] loop2: detected capacity change from 0 to 7 [ 279.921245][T13280] Dev loop2: unable to read RDB block 7 [ 279.921263][T13280] loop2: unable to read partition table [ 279.921326][T13280] loop2: partition table beyond EOD, truncated [ 279.921342][T13280] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 279.989136][T13284] overlayfs: missing 'lowerdir' [ 280.015082][T13286] syzkaller1: entered promiscuous mode [ 280.015260][T13286] syzkaller1: entered allmulticast mode [ 280.055207][ T39] Bluetooth: hci5: Frame reassembly failed (-84) [ 280.056054][ T39] Bluetooth: hci5: Frame reassembly failed (-84) [ 280.056105][ T39] Bluetooth: hci5: Frame reassembly failed (-84) [ 280.056138][ T39] Bluetooth: hci5: Frame reassembly failed (-84) [ 280.056166][ T39] Bluetooth: hci5: Frame reassembly failed (-84) [ 280.155222][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 280.270953][T13313] can0: slcan on ttyS3. [ 280.325960][T13313] can0 (unregistered): slcan off ttyS3. [ 280.778129][T13358] fuse: fd is not a fuse device [ 281.205168][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 282.076219][ T50] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 282.235184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 282.235304][ T4712] Bluetooth: hci0: command 0x0406 tx timeout [ 282.240777][T13302] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 282.242038][T13302] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 282.246341][T13302] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 282.247406][T13302] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 282.249204][T13302] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 282.250348][T13302] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 282.251963][T13302] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 282.252144][T13302] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 282.257859][T13355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.258064][T13355] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.335727][ T7722] bond0: (slave syz_tun): Releasing backup interface [ 282.357513][T13374] loop2: detected capacity change from 0 to 2048 [ 282.377889][T13374] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.528812][ T268] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.738960][T13385] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 282.786529][T13385] EXT4-fs (loop2): Remounting filesystem read-only [ 282.843439][T13390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.847034][T13390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.872287][ T4712] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 282.877797][ T4712] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 282.880499][ T4712] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 282.882739][ T4712] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 282.884331][ T4712] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 282.924803][ T268] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.021325][ T268] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.031941][T13410] cgroup: Unknown subsys name 'cpuset' [ 283.071920][T13393] lo speed is unknown, defaulting to 1000 [ 283.098650][ T268] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.116020][T13420] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'. [ 283.170771][T13427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.170968][T13427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.220758][ T4762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.269947][T13393] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.269997][T13393] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.270155][T13393] bridge_slave_0: entered allmulticast mode [ 283.272363][T13393] bridge_slave_0: entered promiscuous mode [ 283.275203][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 283.278372][T13435] binder: 13434:13435 tried to acquire reference to desc 0, got 1 instead [ 283.280161][T13435] binder: 13434:13435 got transaction with invalid fd, -1 [ 283.281751][T13435] binder: 13435:13434 translate fd failed [ 283.281917][T13435] binder: 13434:13435 transaction call to 13434:0 failed 39/29201/-9, code 0 size 72-24 line 3578 [ 283.284630][ T9] binder: undelivered TRANSACTION_ERROR: 29201 [ 283.429328][T13453] ------------[ cut here ]------------ [ 283.429343][T13453] WARNING: fs/exec.c:119 at path_noexec+0x1a4/0x1d4, CPU#1: syz.3.2509/13453 [ 283.431666][T13453] Modules linked in: [ 283.432279][T13453] CPU: 1 UID: 0 PID: 13453 Comm: syz.3.2509 Tainted: G L syzkaller #0 PREEMPT [ 283.433829][T13453] Tainted: [L]=SOFTLOCKUP [ 283.434525][T13453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 283.436253][T13453] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 283.437438][T13453] pc : path_noexec+0x1a4/0x1d4 [ 283.438234][T13453] lr : path_noexec+0x1a4/0x1d4 [ 283.438961][T13453] sp : ffff800096fb7a50 [ 283.439553][T13453] x29: ffff800096fb7a50 x28: dfff800000000000 x27: ffff0000dd7917c0 [ 283.440806][T13453] x26: 0000000000000011 x25: ffff0000e82a4c80 x24: 0000000020000000 [ 283.441991][T13453] x23: 1fffe0001d054991 x22: 1fffe0001d054998 x21: dfff800000000000 [ 283.443167][T13453] x20: 0000000000000000 x19: ffff0000e82a4cc0 x18: 0000000000000000 [ 283.444301][T13453] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 283.445342][T13453] x14: 0000000000000007 x13: 0000000000000004 x12: 0000000000000000 [ 283.446561][T13453] x11: 0000000000000000 x10: 0000000000080000 x9 : 00000000000000ee [ 283.447669][T13453] x8 : ffff8000a13ba000 x7 : 0000000000000000 x6 : 0000000000000000 [ 283.448824][T13453] x5 : 0000000000000077 x4 : 0000000000000008 x3 : ffff800080c7ce88 [ 283.449976][T13453] x2 : 0000000000000000 x1 : ffff000109bc9d00 x0 : 0000000000000001 [ 283.451002][T13453] Call trace: [ 283.451544][T13453] path_noexec+0x1a4/0x1d4 (P) [ 283.452153][T13453] do_mmap+0x874/0xf0c [ 283.452723][T13453] vm_mmap_pgoff+0x298/0x46c [ 283.453476][T13453] ksys_mmap_pgoff+0x364/0x5b4 [ 283.454073][T13453] __arm64_sys_mmap+0x108/0x120 [ 283.454770][T13453] invoke_syscall+0x98/0x244 [ 283.455524][T13453] el0_svc_common+0xec/0x23c [ 283.456229][T13453] do_el0_svc+0x4c/0x5c [ 283.456829][T13453] el0_svc+0x64/0x260 [ 283.457381][T13453] el0t_64_sync_handler+0x48/0x148 [ 283.458059][T13453] el0t_64_sync+0x198/0x19c [ 283.458757][T13453] irq event stamp: 1244 [ 283.459314][T13453] hardirqs last enabled at (1243): [] el0_svc+0x54/0x260 [ 283.460529][T13453] hardirqs last disabled at (1244): [] el1_brk64+0x20/0x54 [ 283.461786][T13453] softirqs last enabled at (1238): [] fpsimd_restore_current_state+0x39c/0x9c8 [ 283.463249][T13453] softirqs last disabled at (1236): [] fpsimd_restore_current_state+0x44/0x9c8 [ 283.464773][T13453] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 283.471954][ T268] bridge_slave_1: left allmulticast mode [ 283.471988][ T268] bridge_slave_1: left promiscuous mode [ 283.472074][ T268] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.498931][ T268] bridge_slave_0: left allmulticast mode [ 283.498968][ T268] bridge_slave_0: left promiscuous mode [ 283.499060][ T268] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.829880][ T268] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.856519][ T268] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.878093][ T268] bond0 (unregistering): (slave team0): Releasing backup interface [ 283.908019][ T268] bond0 (unregistering): (slave veth0_to_bond): Releasing backup interface [ 283.916415][ T268] bond0 (unregistering): Released all slaves [ 283.919325][T13393] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.919363][T13393] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.919488][T13393] bridge_slave_1: entered allmulticast mode [ 283.919976][T13393] bridge_slave_1: entered promiscuous mode [ 283.921730][ T4394] 8021q: adding VLAN 0 to HW filter on device eth4 [ 284.132079][ T4394] 8021q: adding VLAN 0 to HW filter on device eth5 [ 284.269856][ T4394] 8021q: adding VLAN 0 to HW filter on device eth7 [ 284.280133][ T268] hsr_slave_0: left promiscuous mode [ 284.281097][ T268] hsr_slave_1: left promiscuous mode [ 284.281347][ T268] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.282230][ T268] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.282244][ T268] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.289880][ T268] veth1_macvtap: left promiscuous mode [ 284.289915][ T268] veth0_macvtap: left promiscuous mode [ 284.289951][ T268] veth1_vlan: left promiscuous mode [ 284.289984][ T268] veth0_vlan: left promiscuous mode [ 284.325182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 284.392423][ T268] team0 (unregistering): Port device team_slave_1 removed [ 284.579775][ T4394] 8021q: adding VLAN 0 to HW filter on device eth6 [ 284.696631][ T268] bridge_slave_1: left allmulticast mode [ 284.696664][ T268] bridge_slave_1: left promiscuous mode [ 284.696761][ T268] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.698990][ T268] bridge_slave_0: left allmulticast mode [ 284.699001][ T268] bridge_slave_0: left promiscuous mode [ 284.699062][ T268] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.748611][ T268] bond0 (unregistering): Released all slaves [ 285.355175][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 286.395180][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 287.435181][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 288.475189][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 289.525173][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 290.555182][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 291.595188][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 292.635184][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available