last executing test programs: 21.297023516s ago: executing program 4 (id=141): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) listen(r0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x69) listen(r1, 0x0) 20.94939106s ago: executing program 4 (id=142): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x40081) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2}, 0x4}) close_range(r0, 0xffffffffffffffff, 0x0) 19.907475421s ago: executing program 4 (id=150): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0) 19.146377982s ago: executing program 4 (id=155): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000e00)='./file0\x00', 0x200000, &(0x7f0000000f40)={[{@grpjquota}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x85c5}}, {@nojournal_checksum}, {@sysvgroups}]}, 0xfe, 0x584, &(0x7f0000001000)="$eJzs3U1rG0cfAPD/ynbivDxPHAih7aEYcmhKGjm2+5JCD+mxtKGB9p4Ke2OC5ShYcojdQJJDc+mlhEIpDZR+gN57DP0CPfcDBNpAKMG0h15UVl7Zii1ZjqNGbvT7wdozOyvNjGZnNKNdoQAG1nj2pxDxckR8lUQcaUkbjjxxfO241cc3ZrItiXr9kz+SSPJ9zeOT/P+hPPJSRPz8RcSpwtZ8q8sr86VyOV3M4xO1hasT1eWV05cXSnPpXHplanr67FvTU+++83bP6vr6hb++/fj+B2e/PLH6zY8Pj95N4lwcztNa6/EMbrVGxmM8f01G4tymAyd7kNlekvS7AOzKUN7PRyIbA47EUN7rgRffzYioAwMq0f9hQDXnAc21/Tbr4Bdyiffo/bUF0Nb6D699NhKjjbXRwdXkiZVR9mKM9SD/LI+ffr93N9uid59DAHR163ZEnBke3jr+Jfn4t3tndnDM5jyMf/D83M/mP2+0m/8U1uc/0Wb+c6hN392N7v2/8LAH2XSUzf/eazv/Xb9oNTaUx/7XmPONJJcul9NsbPt/RJyMkf1ZfLvrOWdXH9Q7pbXO/7Ity785F8zL8XB4/5OPmS3VSs9S51aPbke80nb+m6y3f9Km/bPX48IO8zie3nu1U1r3+rd1YIdZd1X/IeK1tu2/sdxJtr8+OdE4HyaaZ8VWf945/kun/DfP/yOP96p+3WTtf3D7+o8lrddrq0+fx/ejf6ed0nZ7/u9LPm2E9+X7rpdqtcXJiH3JR1v3T208thlvHp/V/+SJ7ce/JOLXWL8eviY7AT/bYf3vHLvT8dBdnv89k9V/dr39sz3d2n8jkGzZ0z7w4MPPv2s+Wb1ev/l09c/a/81G6GS+Zyfj307KtbuzGQAAAAAAAPauQkQcjqRQXA8XCsXi2v0dx+JgoVyp1k5dqixdmY3Gd2XHYqTQvNJ9pOV+iMn8fthmfGpTfDoijkbE10MHGvHiTKU82+/KAwAAAAAAAAAAAAAAAAAAwB5xKGK03ff/M78N9bt0wL/OT37D4Orc//OUXvzSE7Anef+HwaX/w+DS/2Fw6f8wuPL+P9rvcgDPn/d/GFz6Pwwu/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAB66sL589lWX318YyaLz15bXpqvXDs9m1bniwtLM8WZyuLV4lylMldOizOVhW7PV65Urk5OxdL1iVparU1Ul1cuLlSWrtQuXl4ozaUX05HnUisAAAAAAAAAAAAAAAAAAAD4b6kun4tSuZwuVpdX5gUEnjowvDeK8QIF6rn+FqPfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPgnAAD//7BjNzw=") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000380), &(0x7f0000000100), 0x30, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) 17.447770694s ago: executing program 4 (id=161): r0 = gettid() r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x40, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000040)={0xc0, 0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) tkill(r0, 0x7) 9.530382665s ago: executing program 2 (id=186): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @random="0000000200"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x40, 0x9, 0x1, 0x27}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 9.240884818s ago: executing program 1 (id=187): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x20000) 8.935687384s ago: executing program 0 (id=188): r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)=@newtaction={0x5c, 0x30, 0x0, 0x0, 0x0, {}, [{0x48, 0x1, [@m_skbedit={0x44, 0x0, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x8, 0x6, "3564489b"}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0) 8.775798842s ago: executing program 1 (id=189): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000940)=""/218, 0xda}], 0x1}}], 0x2, 0x10002, 0x0) 8.271550588s ago: executing program 0 (id=191): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00') read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) mount(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x900, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r2 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r2, r1, 0x0, 0x80000000) 8.160301865s ago: executing program 4 (id=192): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000001e40)=0x5) read$dsp(r1, &(0x7f00000001c0)=""/143, 0x8f) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 7.416252428s ago: executing program 32 (id=192): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000001e40)=0x5) read$dsp(r1, &(0x7f00000001c0)=""/143, 0x8f) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 7.351716287s ago: executing program 1 (id=194): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2}, 0x3c) syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0xd, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) 6.988112472s ago: executing program 0 (id=196): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) r3 = socket(0x2b, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r3) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 6.06897958s ago: executing program 2 (id=197): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) 6.020128719s ago: executing program 3 (id=198): r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x200000c, 0x12, r0, 0xba73f000) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xa0}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000500)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) 5.625351697s ago: executing program 3 (id=199): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x1e}]}, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x54, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0xff}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0x2}, @val={0x76, 0x6, {0x4, 0x5, 0x19, 0x9}}}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x1000) 5.377241223s ago: executing program 0 (id=200): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000006380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@debug={'debug', 0x3d, 0x1}}], [], 0x6b}}) 5.319233766s ago: executing program 1 (id=201): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) close(r0) socket$netlink(0x10, 0x3, 0x0) preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 4.317685623s ago: executing program 3 (id=202): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = gettid() r2 = syz_open_procfs(r1, &(0x7f0000000040)='timerslack_ns\x00') creat(&(0x7f0000000300)='./file0\x00', 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000180)={0x30}, 0x30) 4.264424911s ago: executing program 0 (id=203): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x3ff, 0x4) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)='J', 0x1}], 0x1) 3.048684318s ago: executing program 2 (id=204): r0 = fanotify_init(0x20, 0x40000) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x440, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f0000000040)=r1) close_range(r0, 0xffffffffffffffff, 0x0) 2.73584492s ago: executing program 3 (id=205): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000000040)=ANY=[], 0xfd, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==") r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) pwrite64(r0, &(0x7f0000000280)="2fc7", 0x2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) lseek(r0, 0x0, 0x4) sendfile(r0, r0, &(0x7f00000001c0), 0x7fa) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 2.263641445s ago: executing program 2 (id=206): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/213, 0xd5) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @time, 0x0, {}, 0xff}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000640)={0xa, 0x0, 0x6, 0x80}) tkill(r0, 0x7) 1.88326921s ago: executing program 1 (id=207): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x2042, 0x65) 1.243925049s ago: executing program 0 (id=208): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f000000c400)={0x2020}, 0x2020) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x180884c, &(0x7f0000001a40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.153034889s ago: executing program 3 (id=209): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) fchmod(r0, 0xfbffffff) write$FUSE_IOCTL(r0, &(0x7f0000000300)={0x20}, 0x20) 1.073912041s ago: executing program 2 (id=210): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000010004b0400000000000000007a"], 0x54}}, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x4, 0x3, 0x3ff}) 425.827242ms ago: executing program 3 (id=211): r0 = gettid() pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x200}}, 0x20}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x7fff, 0x0) tkill(r0, 0x7) 150.913522ms ago: executing program 1 (id=212): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00'}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x1a8000, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x3000}, {0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, 0xfe}, {0x0, 0x10000, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, 0x2, 0x0, 0x2}, {0x0, 0xeeee8000}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x140030, 0xa, 0x8000, 0x3000, [0x0, 0x0, 0x2]}) 0s ago: executing program 2 (id=213): ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000200)={0x0, 'pimreg0\x00', {0x3}, 0x46}) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts. [ 172.791302][ T5786] cgroup: Unknown subsys name 'net' [ 172.921501][ T5786] cgroup: Unknown subsys name 'cpuset' [ 172.937329][ T5786] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 218.086850][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 219.070390][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.078458][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 223.111622][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 223.123413][ T5808] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 223.132952][ T5808] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 223.163140][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 223.186215][ T5811] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 223.195547][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 223.206026][ T5811] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 223.215182][ T5811] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 223.227928][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 223.240021][ T5811] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 223.242375][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 223.250826][ T5811] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 223.257881][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 223.263062][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 223.276926][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 223.279286][ T5811] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 223.285378][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 223.304019][ T5813] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 223.304529][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 223.312525][ T5813] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 223.329260][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 223.331313][ T5099] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 223.342261][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 223.349787][ T5099] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 223.409015][ T5808] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 223.444570][ T5808] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 223.505801][ T5808] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 223.705410][ T5808] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 223.764902][ T5808] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 223.783692][ T5808] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 224.287406][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 225.129814][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 225.272712][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.280457][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.288394][ T5807] bridge_slave_0: entered allmulticast mode [ 225.298971][ T5807] bridge_slave_0: entered promiscuous mode [ 225.330325][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.338206][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.346143][ T5807] bridge_slave_1: entered allmulticast mode [ 225.355416][ T5807] bridge_slave_1: entered promiscuous mode [ 225.365655][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 225.451361][ T5808] Bluetooth: hci1: command tx timeout [ 225.457021][ T5808] Bluetooth: hci0: command tx timeout [ 225.468828][ T5811] Bluetooth: hci2: command tx timeout [ 225.471809][ T51] Bluetooth: hci3: command tx timeout [ 225.517248][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 225.608634][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 225.644152][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.677426][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.852049][ T5099] Bluetooth: hci4: command tx timeout [ 225.928807][ T5807] team0: Port device team_slave_0 added [ 225.980040][ T5807] team0: Port device team_slave_1 added [ 226.298032][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.305423][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.333317][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.349762][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.357755][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.367875][ T5812] bridge_slave_0: entered allmulticast mode [ 226.376937][ T5812] bridge_slave_0: entered promiscuous mode [ 226.502082][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.509275][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.535806][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.548000][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.556611][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.564406][ T5812] bridge_slave_1: entered allmulticast mode [ 226.573461][ T5812] bridge_slave_1: entered promiscuous mode [ 226.617676][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.626538][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.634471][ T5803] bridge_slave_0: entered allmulticast mode [ 226.643507][ T5803] bridge_slave_0: entered promiscuous mode [ 226.753485][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.761406][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.769066][ T5803] bridge_slave_1: entered allmulticast mode [ 226.778005][ T5803] bridge_slave_1: entered promiscuous mode [ 226.791520][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.799189][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.807214][ T5818] bridge_slave_0: entered allmulticast mode [ 226.816246][ T5818] bridge_slave_0: entered promiscuous mode [ 226.894660][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.902506][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.910141][ T5818] bridge_slave_1: entered allmulticast mode [ 226.919039][ T5818] bridge_slave_1: entered promiscuous mode [ 226.938741][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.101539][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.163959][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.238244][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.248126][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.258235][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.266041][ T5809] bridge_slave_0: entered allmulticast mode [ 227.275178][ T5809] bridge_slave_0: entered promiscuous mode [ 227.398754][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.441941][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.449661][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.457572][ T5809] bridge_slave_1: entered allmulticast mode [ 227.466052][ T5809] bridge_slave_1: entered promiscuous mode [ 227.492422][ T5807] hsr_slave_0: entered promiscuous mode [ 227.501798][ T5807] hsr_slave_1: entered promiscuous mode [ 227.536868][ T5099] Bluetooth: hci0: command tx timeout [ 227.542719][ T51] Bluetooth: hci2: command tx timeout [ 227.548162][ T5808] Bluetooth: hci1: command tx timeout [ 227.548265][ T5808] Bluetooth: hci3: command tx timeout [ 227.571439][ T5812] team0: Port device team_slave_0 added [ 227.586802][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.734733][ T5812] team0: Port device team_slave_1 added [ 227.806497][ T5803] team0: Port device team_slave_0 added [ 227.851909][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.916242][ T5818] team0: Port device team_slave_0 added [ 227.930679][ T5803] team0: Port device team_slave_1 added [ 227.938803][ T5808] Bluetooth: hci4: command tx timeout [ 227.945355][ T5818] team0: Port device team_slave_1 added [ 227.961364][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.021007][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.028179][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.054667][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.187382][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.194625][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.221085][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.235119][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.242548][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.269045][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.369274][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.376543][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.403760][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.418628][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.426064][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.452720][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.496653][ T5809] team0: Port device team_slave_0 added [ 228.538579][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.546034][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.572548][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.677208][ T5809] team0: Port device team_slave_1 added [ 228.791561][ T5812] hsr_slave_0: entered promiscuous mode [ 228.800441][ T5812] hsr_slave_1: entered promiscuous mode [ 228.809199][ T5812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.817014][ T5812] Cannot create hsr debugfs directory [ 228.860431][ T5803] hsr_slave_0: entered promiscuous mode [ 228.871219][ T5803] hsr_slave_1: entered promiscuous mode [ 228.879250][ T5803] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.887102][ T5803] Cannot create hsr debugfs directory [ 228.961587][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.968754][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.995425][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.112095][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.119243][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.146303][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.318434][ T5818] hsr_slave_0: entered promiscuous mode [ 229.327637][ T5818] hsr_slave_1: entered promiscuous mode [ 229.336906][ T5818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.344915][ T5818] Cannot create hsr debugfs directory [ 229.610957][ T5808] Bluetooth: hci3: command tx timeout [ 229.614999][ T5099] Bluetooth: hci0: command tx timeout [ 229.616787][ T5808] Bluetooth: hci2: command tx timeout [ 229.622185][ T5099] Bluetooth: hci1: command tx timeout [ 229.652379][ T5809] hsr_slave_0: entered promiscuous mode [ 229.661777][ T5809] hsr_slave_1: entered promiscuous mode [ 229.670363][ T5809] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.678228][ T5809] Cannot create hsr debugfs directory [ 229.872569][ T5807] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 229.904276][ T5807] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 229.997858][ T5807] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 230.017277][ T5808] Bluetooth: hci4: command tx timeout [ 230.037631][ T5807] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 230.636834][ T5803] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 230.658115][ T5803] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 230.679658][ T5803] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 230.757634][ T5803] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 230.937066][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 230.961225][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 231.064037][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 231.102079][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 231.140650][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 231.169230][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 231.197585][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 231.239482][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 231.385471][ T5809] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 231.447129][ T5809] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 231.478054][ T5809] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 231.522528][ T5809] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 231.696314][ T5808] Bluetooth: hci2: command tx timeout [ 231.702634][ T5811] Bluetooth: hci1: command tx timeout [ 231.708253][ T5811] Bluetooth: hci0: command tx timeout [ 231.715504][ T5099] Bluetooth: hci3: command tx timeout [ 231.957134][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.106518][ T5808] Bluetooth: hci4: command tx timeout [ 232.276144][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.362666][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.420240][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.498164][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.515028][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.544794][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.552542][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.666018][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.711545][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.735064][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.742624][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.762408][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.769818][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.788233][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.795759][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.887196][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.894937][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.922717][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.930378][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.033905][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.148323][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.156157][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.171665][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.179289][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.308126][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.429749][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.437541][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.626542][ T3482] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.634296][ T3482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.769306][ T5809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 233.780620][ T5809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 235.398644][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.430084][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.835212][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.017143][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.042022][ T5803] veth0_vlan: entered promiscuous mode [ 236.061103][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.174190][ T5803] veth1_vlan: entered promiscuous mode [ 236.189203][ T5818] veth0_vlan: entered promiscuous mode [ 236.342185][ T5818] veth1_vlan: entered promiscuous mode [ 236.549380][ T5812] veth0_vlan: entered promiscuous mode [ 236.662640][ T5809] veth0_vlan: entered promiscuous mode [ 236.715867][ T5803] veth0_macvtap: entered promiscuous mode [ 236.742371][ T5812] veth1_vlan: entered promiscuous mode [ 236.759659][ T5818] veth0_macvtap: entered promiscuous mode [ 236.803127][ T5809] veth1_vlan: entered promiscuous mode [ 236.819948][ T5803] veth1_macvtap: entered promiscuous mode [ 236.841689][ T5818] veth1_macvtap: entered promiscuous mode [ 237.045227][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.096198][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.107143][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.121654][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.183978][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.200672][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.211942][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.226175][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.296613][ T5812] veth0_macvtap: entered promiscuous mode [ 237.318112][ T5809] veth0_macvtap: entered promiscuous mode [ 237.347926][ T5803] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.357911][ T5803] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.367211][ T5803] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.377334][ T5803] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.404381][ T5809] veth1_macvtap: entered promiscuous mode [ 237.415862][ T5812] veth1_macvtap: entered promiscuous mode [ 237.469436][ T5818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.478636][ T5818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.489442][ T5818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.498669][ T5818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.585501][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.597687][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.608476][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.619204][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.633734][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.729642][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.740827][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.751067][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.761799][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.776208][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.788292][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.799151][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.811263][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.823072][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.833357][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.844169][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.858723][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.995723][ T5812] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.006565][ T5812] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.019987][ T5812] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.029521][ T5812] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.089675][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.102879][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.113131][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.123929][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.135183][ T5809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.146667][ T5809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.161107][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.443034][ T5809] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.452374][ T5809] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.463729][ T5809] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.473184][ T5809] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.686508][ T5807] veth0_vlan: entered promiscuous mode [ 238.809030][ T5807] veth1_vlan: entered promiscuous mode [ 239.178046][ T5807] veth0_macvtap: entered promiscuous mode [ 239.244965][ T5807] veth1_macvtap: entered promiscuous mode [ 239.424368][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.435216][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.445359][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.457069][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.467617][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.479842][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.490558][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.501440][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.515614][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.638055][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.649020][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.659386][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.670214][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.682424][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.698129][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.709792][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.720627][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.734990][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.839596][ T5807] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.848957][ T5807] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.858167][ T5807] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.868813][ T5807] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.995178][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.003453][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.328507][ T4592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.337467][ T4592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.546828][ T4592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.556247][ T4592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.790134][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.798328][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.833656][ T4592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.841848][ T4592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.843236][ T5803] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 244.968660][ T4592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.979359][ T4592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.670543][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.682632][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.817944][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.826224][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.927859][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.942180][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.136049][ T3482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.147351][ T3482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.649861][ T29] audit: type=1326 audit(1732623053.242:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5992 comm="syz.3.6" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73bd579 code=0x0 [ 247.053325][ T5924] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 247.251070][ T5924] usb 3-1: Using ep0 maxpacket: 32 [ 247.334580][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.346231][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.356656][ T5924] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 247.366110][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.563903][ T5924] usb 3-1: config 0 descriptor?? [ 247.668448][ T5924] hub 3-1:0.0: USB hub found [ 247.871431][ T5924] hub 3-1:0.0: 1 port detected [ 248.325396][ T6018] syzkaller0: entered allmulticast mode [ 248.432611][ T6018] syzkaller0 (unregistering): left allmulticast mode [ 248.740624][ T6023] input: syz0 as /devices/virtual/input/input5 [ 248.847159][ T5924] hub 3-1:0.0: activate --> -90 [ 249.313908][ T5857] usb 3-1: USB disconnect, device number 2 [ 249.521226][ T5924] usb 3-1-port1: config error [ 251.050316][ T29] audit: type=1326 audit(1732623057.542:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6041 comm="syz.4.25" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x0 [ 251.383942][ T6046] loop2: detected capacity change from 0 to 512 [ 251.744082][ T6046] Quota error (device loop2): v2_read_file_info: Number of blocks too big for quota file size (2103296 > 6144). [ 251.759272][ T6046] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 251.812326][ T6046] EXT4-fs (loop2): mount failed [ 253.109035][ T6050] syz.0.29 (6050) used greatest stack depth: 4680 bytes left [ 254.971860][ T5924] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 255.131231][ T5924] usb 1-1: Using ep0 maxpacket: 8 [ 255.402152][ T5924] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 255.413325][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.422288][ T5924] usb 1-1: Product: syz [ 255.426690][ T5924] usb 1-1: Manufacturer: syz [ 255.431614][ T5924] usb 1-1: SerialNumber: syz [ 255.551754][ T5924] usb 1-1: config 0 descriptor?? [ 255.911460][ T5924] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 256.426791][ T6094] loop2: detected capacity change from 0 to 128 [ 256.703699][ T5924] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 256.730240][ T5924] usb 1-1: USB disconnect, device number 2 [ 257.549298][ T6105] bridge0: entered promiscuous mode [ 257.595346][ T6105] bond_slave_0: entered promiscuous mode [ 257.601486][ T6105] bond_slave_1: entered promiscuous mode [ 257.640565][ T6103] bond_slave_0: left promiscuous mode [ 257.646351][ T6103] bond_slave_1: left promiscuous mode [ 257.652460][ T6103] bridge0: left promiscuous mode [ 258.077129][ T6112] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 258.182090][ T5857] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 258.232586][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.240440][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.248400][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.256327][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.264175][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.274444][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.282970][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.290653][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.298496][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.306305][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.314214][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.322026][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.329712][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.337579][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.345367][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.353150][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.360951][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.368691][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.378478][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.386870][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.394666][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.402455][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.410149][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.417983][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.425737][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.433637][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.441422][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.449167][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.456954][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.464775][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.472631][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.482547][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.490954][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 258.620314][ T5924] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 258.671225][ T5857] usb 1-1: Using ep0 maxpacket: 16 [ 258.781170][ T5857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 258.851632][ T5924] kernel read not supported for file inotify (pid: 5924 comm: kworker/1:6) [ 259.010105][ T5857] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 259.019714][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.028464][ T5857] usb 1-1: Product: syz [ 259.033000][ T5857] usb 1-1: Manufacturer: syz [ 259.037834][ T5857] usb 1-1: SerialNumber: syz [ 259.041620][ T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 259.083775][ T5857] usb 1-1: config 0 descriptor?? [ 259.163680][ T5857] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 259.173420][ T5857] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 259.388014][ T25] usb 5-1: config 0 has no interfaces? [ 259.394076][ T25] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 259.405180][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.474856][ T25] usb 5-1: config 0 descriptor?? [ 259.763470][ T5857] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 260.023795][ T5863] usb 5-1: USB disconnect, device number 2 [ 260.141788][ T6135] trusted_key: syz.2.61 sent an empty control message without MSG_MORE. [ 260.436260][ T5857] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 260.444903][ T5857] em28xx 1-1:0.0: board has no eeprom [ 260.561382][ T5857] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 260.569641][ T5857] em28xx 1-1:0.0: dvb set to bulk mode. [ 260.581138][ T5863] em28xx 1-1:0.0: Binding DVB extension [ 260.701650][ T5857] usb 1-1: USB disconnect, device number 3 [ 260.708965][ T5857] em28xx 1-1:0.0: Disconnecting em28xx [ 261.071276][ T5863] em28xx 1-1:0.0: Registering input extension [ 261.118179][ T5857] em28xx 1-1:0.0: Closing input extension [ 261.203276][ T5857] em28xx 1-1:0.0: Freeing device [ 261.215513][ T6148] syzkaller1: entered promiscuous mode [ 261.221198][ T6150] loop4: detected capacity change from 0 to 128 [ 261.227752][ T6148] syzkaller1: entered allmulticast mode [ 261.431130][ T6150] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 261.615814][ T6150] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 261.782378][ T6150] ext2 filesystem being mounted at /15/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 261.814777][ C1] vkms_vblank_simulate: vblank timer overrun [ 262.422011][ T5807] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 262.741046][ T29] audit: type=1326 audit(1732623069.332:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6161 comm="syz.1.70" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd7579 code=0x0 [ 262.921045][ T5924] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 263.046288][ T6173] loop4: detected capacity change from 0 to 1024 [ 263.111661][ T5924] usb 1-1: Using ep0 maxpacket: 16 [ 263.189916][ T5924] usb 1-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 263.199563][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.208116][ T5924] usb 1-1: Product: syz [ 263.216087][ T5924] usb 1-1: Manufacturer: syz [ 263.225331][ T5924] usb 1-1: SerialNumber: syz [ 263.259322][ T6173] hfsplus: bad catalog entry type [ 263.332409][ T5924] usb 1-1: config 0 descriptor?? [ 263.360432][ T5924] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 263.530332][ T1131] hfsplus: b-tree write err: -5, ino 4 [ 263.571067][ T5924] gp8psk: usb in 128 operation failed. [ 263.590412][ T5924] gp8psk: usb in 137 operation failed. [ 263.599515][ T5924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 263.652958][ T5924] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 263.663937][ T5924] usb 1-1: media controller created [ 263.749731][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 264.129910][ T5924] gp8psk_fe: Frontend revision 1 attached [ 264.136091][ T5924] usb 1-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 264.144766][ T5924] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 264.352290][ T5924] gp8psk: usb in 138 operation failed. [ 264.358148][ T5924] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 264.368963][ T5924] gp8psk: found Genpix USB device pID = 201 (hex) [ 264.523101][ T5924] usb 1-1: USB disconnect, device number 4 [ 264.938864][ T5924] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 266.332506][ T6212] ALSA: seq fatal error: cannot create timer (-22) [ 269.379777][ T6292] netlink: 12 bytes leftover after parsing attributes in process `syz.1.94'. [ 269.617145][ T5863] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 269.804992][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88802167aa00: rx timeout, send abort [ 269.815703][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff88802167aa00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 269.834099][ T6293] ------------[ cut here ]------------ [ 269.839768][ T6293] refcount_t: underflow; use-after-free. [ 269.854528][ T6293] WARNING: CPU: 0 PID: 6293 at lib/refcount.c:28 refcount_warn_saturate+0x2cb/0x370 [ 269.866657][ T6293] Modules linked in: [ 269.870934][ T6293] CPU: 0 UID: 0 PID: 6293 Comm: syz.3.93 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 269.881541][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 269.892812][ T6293] RIP: 0010:refcount_warn_saturate+0x2cb/0x370 [ 269.899302][ T6293] Code: f6 91 e8 98 26 23 fc c6 00 00 c6 05 7f 01 ca 0b 01 90 49 c7 86 80 0c 00 00 00 00 00 00 48 c7 c7 3d 9b 17 91 e8 36 19 2d fb 90 <0f> 0b 90 90 e9 c4 fe ff ff 8b 3a e8 25 33 23 fc f6 c3 01 0f 85 83 [ 269.919429][ T6293] RSP: 0000:ffff8880253a7878 EFLAGS: 00010283 [ 269.926549][ T6293] RAX: ffffffff8159ec01 RBX: 0000000000000000 RCX: 0000000000080000 [ 269.935031][ T6293] RDX: ffffc90009883000 RSI: 0000000000001f3f RDI: 0000000000001f40 [ 269.943460][ T6293] RBP: ffff8880253a7890 R08: ffffffff8159ebdf R09: 0000000000000000 [ 269.959797][ T6293] R10: ffff888024ba74c0 R11: 0000000000000004 R12: 0000000000000000 [ 269.970342][ T6293] R13: ffff888021764cb8 R14: ffff888021764cb8 R15: 0000000000000003 [ 269.978750][ T6293] FS: 0000000000000000(0000) GS:ffff88813fc00000(0063) knlGS:00000000f50a6b40 [ 269.988114][ T6293] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 269.995176][ T6293] CR2: 00007fb084c3c4d3 CR3: 0000000025334000 CR4: 00000000003526f0 [ 270.005810][ T6293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 270.014318][ T6293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 270.022692][ T6293] Call Trace: [ 270.026178][ T6293] [ 270.029300][ T6293] ? show_trace_log_lvl+0x268/0x3d0 [ 270.034971][ T6293] ? sk_skb_reason_drop+0x154/0x480 [ 270.040522][ T6293] ? show_regs+0xb4/0xe0 [ 270.045180][ T6293] ? __warn+0x2c7/0x780 [ 270.057663][ T6293] ? refcount_warn_saturate+0x2cb/0x370 [ 270.066026][ T6293] ? report_bug+0x929/0xbd0 [ 270.071056][ T6293] ? refcount_warn_saturate+0x2cb/0x370 [ 270.076920][ T6293] ? handle_bug+0x6d/0x90 [ 270.081736][ T6293] ? exc_invalid_op+0x1f/0x50 [ 270.086747][ T6293] ? asm_exc_invalid_op+0x1f/0x30 [ 270.092269][ T6293] ? __warn_printk+0x43f/0x470 [ 270.097340][ T6293] ? __warn_printk+0x461/0x470 [ 270.102573][ T6293] ? refcount_warn_saturate+0x2cb/0x370 [ 270.108421][ T6293] ? refcount_warn_saturate+0x2ca/0x370 [ 270.114416][ T6293] sk_skb_reason_drop+0x154/0x480 [ 270.119768][ T6293] j1939_session_put+0x2a0/0x620 [ 270.125191][ T6293] j1939_sk_sendmsg+0x1f2d/0x2740 [ 270.130551][ T6293] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 270.137116][ T6293] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 270.142951][ T6293] __sock_sendmsg+0x30f/0x380 [ 270.147937][ T6293] ____sys_sendmsg+0x877/0xb60 [ 270.161247][ T6293] ___sys_sendmsg+0x28d/0x3c0 [ 270.166252][ T6293] ? kmsan_get_metadata+0x13e/0x1c0 [ 270.174266][ T6293] ? kmsan_get_metadata+0x13e/0x1c0 [ 270.179807][ T6293] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 270.186178][ T6293] ? __rcu_read_unlock+0x7b/0xe0 [ 270.198414][ T6293] ? __fget_files+0x42b/0x500 [ 270.203620][ T6293] ? kmsan_get_metadata+0x13e/0x1c0 [ 270.209152][ T6293] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 270.215490][ T6293] __sys_sendmsg+0x1b6/0x300 [ 270.220420][ T6293] __ia32_compat_sys_sendmsg+0x9d/0xe0 [ 270.226330][ T6293] ia32_sys_call+0x2685/0x4180 [ 270.231648][ T6293] __do_fast_syscall_32+0xb0/0x110 [ 270.237089][ T6293] ? irqentry_exit+0x16/0x60 [ 270.242139][ T6293] do_fast_syscall_32+0x38/0x80 [ 270.247320][ T6293] do_SYSENTER_32+0x1f/0x30 [ 270.258808][ T6293] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 270.278322][ T6293] RIP: 0023:0xf73bd579 [ 270.284961][ T6293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 270.305208][ T6293] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 270.314112][ T6293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 270.322513][ T6293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 270.330903][ T6293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 270.339131][ T6293] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 270.347512][ T6293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 270.364276][ T6293] [ 270.369750][ T6293] ---[ end trace 0000000000000000 ]--- [ 270.849888][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.862476][ T5863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.878858][ T5863] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 270.890260][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.912802][ T5863] usb 3-1: config 0 descriptor?? [ 271.451759][ T5863] holtek_kbd 0003:04D9:A055.0002: collection stack underflow [ 271.459616][ T5863] holtek_kbd 0003:04D9:A055.0002: item 0 0 0 12 parsing failed [ 271.537702][ T5863] holtek_kbd 0003:04D9:A055.0002: probe with driver holtek_kbd failed with error -22 [ 271.703657][ T5863] usb 3-1: USB disconnect, device number 3 [ 271.841514][ T6332] syz.0.100 uses obsolete (PF_INET,SOCK_PACKET) [ 273.099638][ T6351] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 273.592321][ T6353] loop3: detected capacity change from 0 to 1764 [ 274.572824][ T6369] syzkaller0: entered promiscuous mode [ 274.578788][ T6369] syzkaller0: entered allmulticast mode [ 274.648980][ T6369] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 16735 [ 275.455372][ T6388] loop3: detected capacity change from 0 to 256 [ 275.671748][ T6384] serio: Serial port ptm0 [ 276.323925][ T6400] 9pnet: p9_errstr2errno: server reported unknown error 1~T?g`}f0٩ [ 276.441118][ T5863] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 276.632171][ T5863] usb 1-1: Using ep0 maxpacket: 32 [ 276.672919][ T5863] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 276.684741][ T5863] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.694937][ T5863] usb 1-1: config 0 interface 0 has no altsetting 0 [ 276.702088][ T5863] usb 1-1: New USB device found, idVendor=056a, idProduct=00c4, bcdDevice= 0.00 [ 276.711883][ T6407] loop1: detected capacity change from 0 to 256 [ 276.726294][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.779829][ T6407] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 276.824703][ T6407] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 276.835264][ T6407] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 276.843315][ T6407] UDF-fs: Scanning with blocksize 512 failed [ 276.862164][ T6407] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 276.891712][ T5863] usb 1-1: config 0 descriptor?? [ 276.931099][ T6407] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 277.333865][ T6410] netlink: 96 bytes leftover after parsing attributes in process `syz.4.130'. [ 277.377667][ T5863] wacom 0003:056A:00C4.0003: unknown main item tag 0x0 [ 277.410146][ T5863] wacom 0003:056A:00C4.0003: hidraw0: USB HID v0.00 Device [HID 056a:00c4] on usb-dummy_hcd.0-1/input0 [ 277.880844][ T6415] loop1: detected capacity change from 0 to 512 [ 277.888064][ T6398] wacom 0003:056A:00C4.0003: pid 6398 passed too large report [ 277.956017][ T5863] usb 1-1: USB disconnect, device number 5 [ 278.400037][ T6415] Quota error (device loop1): v2_read_file_info: Number of blocks too big for quota file size (2103296 > 6144). [ 278.413093][ T6415] EXT4-fs warning (device loop1): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 278.591869][ T6415] EXT4-fs (loop1): mount failed [ 279.559227][ T6442] input: syz0 as /devices/virtual/input/input10 [ 279.593165][ T5924] kernel read not supported for file /bus/input/devices (pid: 5924 comm: kworker/1:6) [ 280.397837][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 280.523858][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 280.530647][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 282.083376][ T6478] loop4: detected capacity change from 0 to 1024 [ 282.513077][ T6478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.703296][ T6478] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 282.999901][ T6497] bond0: (slave macsec1): Error -34 calling dev_set_mtu [ 283.193464][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.234139][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.290036][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 283.354042][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.442840][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.559823][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 283.676517][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.813373][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 283.916084][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 283.948359][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 284.016984][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 284.043758][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 284.062931][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 284.152443][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 284.194563][ T6508] loop1: detected capacity change from 0 to 1024 [ 284.390882][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 284.969050][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 285.156094][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 285.323519][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 285.523817][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 285.581966][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 287.466556][ T5863] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 287.645883][ T5863] usb 1-1: Using ep0 maxpacket: 32 [ 287.688983][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.700637][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.711325][ T5863] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 287.720904][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.894903][ T5863] usb 1-1: config 0 descriptor?? [ 287.925188][ T5863] hub 1-1:0.0: USB hub found [ 288.072427][ T5924] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 288.135457][ T5863] hub 1-1:0.0: 1 port detected [ 288.201153][ T5807] EXT4-fs error: 135 callbacks suppressed [ 288.201230][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 288.237258][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 288.266811][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.280181][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.291231][ T5924] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 288.304637][ T5924] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 288.314040][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.330829][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 288.366722][ T5924] usb 2-1: config 0 descriptor?? [ 288.442279][ T5807] EXT4-fs warning: 63 callbacks suppressed [ 288.442413][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 288.505293][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 288.670533][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 288.764768][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 288.797685][ T5863] hub 1-1:0.0: activate --> -90 [ 288.974942][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 289.057821][ T5924] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 289.113006][ T5924] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 289.151490][ T25] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 289.269514][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 289.348128][ T5924] usb 2-1: USB disconnect, device number 2 [ 289.377842][ T5863] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 289.385125][ T5863] usb 1-1-port1: connect-debounce failed [ 289.390897][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 289.408630][ T25] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 289.418942][ T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 289.430494][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 289.443647][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 289.455626][ T25] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 289.469051][ T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 289.478480][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.509980][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 289.540374][ T5862] usb 1-1: USB disconnect, device number 6 [ 289.569897][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 289.612459][ T5857] usb 1-1: Failed to suspend device, error -71 [ 289.779381][ T5807] EXT4-fs error (device loop4): ext4_empty_dir:3103: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 289.932890][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 289.983326][ T5807] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /34/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 290.105546][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.184577][ T25] usb 4-1: usb_control_msg returned -32 [ 290.190597][ T25] usbtmc 4-1:16.0: can't read capabilities [ 290.201145][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.301717][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.416293][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.538257][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.802860][ T5807] EXT4-fs warning (device loop4): ext4_empty_dir:3105: inode #11: comm syz-executor: directory missing '.' [ 290.830246][ T29] audit: type=1326 audit(1732623097.422:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.0.184" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f31579 code=0x0 [ 290.911462][ T29] audit: type=1400 audit(1732623097.482:6): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6577 comm="syz.0.184" [ 291.019385][ T6584] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 291.176416][ T10] usb 4-1: USB disconnect, device number 2 [ 291.571093][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 291.739155][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 291.783654][ T25] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 291.793395][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.837647][ T25] usb 3-1: config 0 descriptor?? [ 291.966087][ T4038] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.972448][ T5807] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.058826][ T6592] netlink: 'syz.0.188': attribute type 2 has an invalid length. [ 292.074350][ T6592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.188'. [ 292.092699][ T6592] Zero length message leads to an empty skb [ 292.445518][ T4038] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.768351][ T4038] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.980555][ T4038] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.688308][ T25] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 293.698811][ T25] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 293.712519][ T25] asix 3-1:0.0: probe with driver asix failed with error -71 [ 293.751942][ T4038] bridge_slave_1: left allmulticast mode [ 293.757852][ T4038] bridge_slave_1: left promiscuous mode [ 293.764695][ T4038] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.825635][ T25] usb 3-1: USB disconnect, device number 4 [ 293.850023][ T4038] bridge_slave_0: left allmulticast mode [ 293.856234][ T4038] bridge_slave_0: left promiscuous mode [ 293.863009][ T4038] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.538162][ T6610] block nbd0: shutting down sockets [ 294.747693][ T4038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 294.760068][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 294.771261][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 294.783058][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 294.821954][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 294.845910][ T4038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.855870][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 294.870640][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 294.911236][ T4038] bond0 (unregistering): Released all slaves [ 295.007514][ T5861] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 295.379069][ T5861] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 295.387767][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 295.399765][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 295.411076][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 295.422772][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 295.436122][ T5861] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 295.447650][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.668963][ T5861] usb 3-1: config 0 descriptor?? [ 295.702818][ T6615] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 296.137547][ T4038] hsr_slave_0: left promiscuous mode [ 296.173130][ T4038] hsr_slave_1: left promiscuous mode [ 296.194324][ T4038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.203055][ T4038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.241990][ T4038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.250143][ T4038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.277806][ T5861] plantronics 0003:047F:FFFF.0005: unknown main item tag 0xd [ 296.346008][ T5861] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 296.527040][ T5861] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 296.630118][ T4038] veth1_macvtap: left promiscuous mode [ 296.637579][ T4038] veth0_macvtap: left promiscuous mode [ 296.643742][ T4038] veth1_vlan: left promiscuous mode [ 296.649318][ T4038] veth0_vlan: left promiscuous mode [ 296.919587][ T5857] usb 3-1: USB disconnect, device number 5 [ 297.005610][ T51] Bluetooth: hci1: command tx timeout [ 297.556035][ T4038] team0 (unregistering): Port device team_slave_1 removed [ 297.715720][ T4038] team0 (unregistering): Port device team_slave_0 removed [ 298.741354][ T6650] loop3: detected capacity change from 0 to 2048 [ 298.818858][ T6650] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 298.929423][ T6650] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 299.055136][ T51] Bluetooth: hci1: command tx timeout [ 299.121955][ T6612] chnl_net:caif_netlink_parms(): no params data found [ 299.675396][ T6663] ======================================================= [ 299.675396][ T6663] WARNING: The mand mount option has been deprecated and [ 299.675396][ T6663] and is ignored by this kernel. Remove the mand [ 299.675396][ T6663] option from the mount to silence this warning. [ 299.675396][ T6663] ======================================================= [ 300.016292][ T6667] evm: overlay not supported [ 300.731331][ T6612] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.739082][ T6612] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.740450][ T6681] ===================================================== [ 300.746974][ T6612] bridge_slave_0: entered allmulticast mode [ 300.750088][ T6612] bridge_slave_0: entered promiscuous mode [ 300.754248][ T6681] BUG: KMSAN: uninit-value in io_nop+0x549/0x8a0 [ 300.770929][ T6612] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.778526][ T6681] io_nop+0x549/0x8a0 [ 300.779903][ T6612] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.785296][ T6681] io_issue_sqe+0x420/0x2130 [ 300.791349][ T6612] bridge_slave_1: entered allmulticast mode [ 300.795668][ T6681] io_submit_sqes+0x11bc/0x2f80 [ 300.804673][ T6612] bridge_slave_1: entered promiscuous mode [ 300.806714][ T6681] __se_sys_io_uring_enter+0x423/0x4aa0 [ 300.820471][ T6681] __ia32_sys_io_uring_enter+0x11d/0x1a0 [ 300.826804][ T6681] ia32_sys_call+0xd59/0x4180 [ 300.831988][ T6681] __do_fast_syscall_32+0xb0/0x110 [ 300.837323][ T6681] do_fast_syscall_32+0x38/0x80 [ 300.843881][ T6681] do_SYSENTER_32+0x1f/0x30 [ 300.848760][ T6681] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.855497][ T6681] [ 300.857246][ T6682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.211'. [ 300.857876][ T6681] Uninit was created at: [ 300.858055][ T6681] __alloc_pages_noprof+0x9a7/0xe00 [ 300.884590][ T6681] alloc_pages_mpol_noprof+0x299/0x990 [ 300.890241][ T6681] alloc_pages_noprof+0x1bf/0x1e0 [ 300.895710][ T6681] allocate_slab+0x320/0x12e0 [ 300.900582][ T6681] ___slab_alloc+0x12ef/0x35e0 [ 300.905686][ T6681] kmem_cache_alloc_bulk_noprof+0x486/0x1330 [ 300.912047][ T6681] __io_alloc_req_refill+0x84/0x5b0 [ 300.917484][ T6681] io_submit_sqes+0x9a2/0x2f80 [ 300.922620][ T6681] __se_sys_io_uring_enter+0x423/0x4aa0 [ 300.928364][ T6681] __ia32_sys_io_uring_enter+0x11d/0x1a0 [ 300.934355][ T6681] ia32_sys_call+0xd59/0x4180 [ 300.939272][ T6681] __do_fast_syscall_32+0xb0/0x110 [ 300.944754][ T6681] do_fast_syscall_32+0x38/0x80 [ 300.949828][ T6681] do_SYSENTER_32+0x1f/0x30 [ 300.954793][ T6681] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.961443][ T6681] [ 300.963892][ T6681] CPU: 0 UID: 0 PID: 6681 Comm: syz.2.213 Tainted: G W 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 300.985733][ T6681] Tainted: [W]=WARN [ 300.989666][ T6681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 301.004565][ T6681] ===================================================== [ 301.012111][ T6681] Disabling lock debugging due to kernel taint [ 301.018390][ T6681] Kernel panic - not syncing: kmsan.panic set ... SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 301.024957][ T6681] CPU: 0 UID: 0 PID: 6681 Comm: syz.2.213 Tainted: G B W 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 301.036925][ T6681] Tainted: [B]=BAD_PAGE, [W]=WARN [ 301.042071][ T6681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 301.052297][ T6681] Call Trace: [ 301.055720][ T6681] [ 301.058774][ T6681] dump_stack_lvl+0x216/0x2d0 [ 301.063685][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.069757][ T6681] dump_stack+0x1e/0x30 [ 301.074128][ T6681] panic+0x4e2/0xcf0 [ 301.078239][ T6681] ? kmsan_get_metadata+0x51/0x1c0 [ 301.083615][ T6681] kmsan_report+0x2c7/0x2d0 [ 301.088358][ T6681] ? __msan_warning+0x95/0x120 [ 301.093350][ T6681] ? io_nop+0x549/0x8a0 [ 301.097670][ T6681] ? io_issue_sqe+0x420/0x2130 [ 301.102625][ T6681] ? io_submit_sqes+0x11bc/0x2f80 [ 301.107908][ T6681] ? __se_sys_io_uring_enter+0x423/0x4aa0 [ 301.113812][ T6681] ? __ia32_sys_io_uring_enter+0x11d/0x1a0 [ 301.119807][ T6681] ? ia32_sys_call+0xd59/0x4180 [ 301.124879][ T6681] ? __do_fast_syscall_32+0xb0/0x110 [ 301.130375][ T6681] ? do_fast_syscall_32+0x38/0x80 [ 301.135604][ T6681] ? do_SYSENTER_32+0x1f/0x30 [ 301.140481][ T6681] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.147201][ T6681] ? mod_objcg_state+0x898/0xe00 [ 301.152318][ T6681] ? kmsan_get_metadata+0x13e/0x1c0 [ 301.157742][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.163776][ T6681] ? __memcg_slab_post_alloc_hook+0xbdd/0x1540 [ 301.170142][ T6681] ? kmsan_get_metadata+0x13e/0x1c0 [ 301.175557][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.181602][ T6681] __msan_warning+0x95/0x120 [ 301.186391][ T6681] io_nop+0x549/0x8a0 [ 301.190546][ T6681] ? __pfx_io_nop+0x10/0x10 [ 301.195197][ T6681] io_issue_sqe+0x420/0x2130 [ 301.199951][ T6681] ? kmsan_get_metadata+0x13e/0x1c0 [ 301.205363][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.211407][ T6681] io_submit_sqes+0x11bc/0x2f80 [ 301.216454][ T6681] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 301.223015][ T6681] __se_sys_io_uring_enter+0x423/0x4aa0 [ 301.228750][ T6681] ? futex_wait+0x2bf/0x360 [ 301.233429][ T6681] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 301.239968][ T6681] ? kmsan_get_metadata+0x13e/0x1c0 [ 301.245387][ T6681] ? do_futex+0x341/0x4a0 [ 301.249871][ T6681] ? kmsan_get_metadata+0x13e/0x1c0 [ 301.255279][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.261320][ T6681] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 301.267443][ T6681] __ia32_sys_io_uring_enter+0x11d/0x1a0 [ 301.273281][ T6681] ia32_sys_call+0xd59/0x4180 [ 301.278178][ T6681] __do_fast_syscall_32+0xb0/0x110 [ 301.283497][ T6681] ? irqentry_exit+0x16/0x60 [ 301.288276][ T6681] do_fast_syscall_32+0x38/0x80 [ 301.293324][ T6681] do_SYSENTER_32+0x1f/0x30 [ 301.298027][ T6681] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 301.304577][ T6681] RIP: 0023:0xf742d579 [ 301.308779][ T6681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 301.328582][ T6681] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa [ 301.337172][ T6681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002d3e [ 301.345292][ T6681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 301.353393][ T6681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 301.361524][ T6681] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 301.369649][ T6681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 301.377791][ T6681] [ 301.381201][ T6681] Kernel Offset: disabled [ 301.385599][ T6681] Rebooting in 86400 seconds..