last executing test programs: 2m3.449830389s ago: executing program 4 (id=1594): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setreuid(0x0, 0x0) 2m3.354696739s ago: executing program 4 (id=1597): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) pipe2$9p(&(0x7f00000001c0), 0x0) 2m3.295783195s ago: executing program 4 (id=1598): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000203030100000000000000000400000a0800010001"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000000203010100000000000000110400001a"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x20, 0x1, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x5ffffff}}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x8) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58) syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000210557510110f3020fda9010203010902240001de0d000809041f0b02511bdcfc09058e03000203070909050e", @ANYRES64], 0x0) 2m1.448475214s ago: executing program 4 (id=1645): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) 2m1.311596079s ago: executing program 4 (id=1646): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f00000062c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001200010101000000000000000000000008000000", @ANYRES32, @ANYBLOB="0c000080080031001caff8c2"], 0x28}}, 0x0) 2m1.237131156s ago: executing program 4 (id=1648): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x804) rt_sigtimedwait(&(0x7f0000000040)={[0x4c]}, 0x0, 0x0, 0x8) 2m1.069497173s ago: executing program 32 (id=1648): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x804) rt_sigtimedwait(&(0x7f0000000040)={[0x4c]}, 0x0, 0x0, 0x8) 50.290889142s ago: executing program 1 (id=2764): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 50.196509202s ago: executing program 1 (id=2767): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) 50.108061691s ago: executing program 1 (id=2771): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x8400, 0x0) ioctl$RNDADDTOENTCNT(r3, 0x40045201, &(0x7f0000000080)=0xfff) 50.012781501s ago: executing program 1 (id=2774): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) 49.738667109s ago: executing program 1 (id=2787): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket(0x8000000010, 0x2, 0x0) write(r3, &(0x7f00000006c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000100039815fa2c53c2864800008d5e63efbe737f96705e670929f4af6002b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b2941b94b661304fd5d60789b89d3ef3d99f30910a5bba2e177312e082bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b21067693da9a9c2dbb8b8f5566791cf190201ded815b2ccd243f395ed94e0ad91", 0xfc) 48.787720446s ago: executing program 1 (id=2807): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x4) 48.705818115s ago: executing program 33 (id=2807): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x4) 889.448759ms ago: executing program 3 (id=3738): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) 720.820026ms ago: executing program 5 (id=3744): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0xfffffeff, @empty, 0x4000000}, 0x1c) connect$inet6(r2, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @private2, 0x4}, 0x1c) 720.125076ms ago: executing program 3 (id=3745): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x10, 0x2e, 0x1, 0x70bd2a}, 0x10}], 0x1}, 0x0) 679.75968ms ago: executing program 0 (id=3747): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 652.592883ms ago: executing program 6 (id=3748): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=""/227, 0xe3}, {&(0x7f0000000240)=""/207, 0xcf}, {&(0x7f00000019c0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/147, 0x93}], 0x4}, 0xe}], 0x1, 0x40000000, 0x0) 622.703616ms ago: executing program 3 (id=3749): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = syz_io_uring_setup(0x3a6c, &(0x7f0000000000)={0x0, 0x2904, 0x10, 0x0, 0x107}, &(0x7f0000000100), &(0x7f0000000140)) syz_io_uring_setup(0x420b, &(0x7f0000000080)={0x0, 0xff7ffffd, 0x20, 0x1, 0x8000000, 0x0, r3}, 0x0, 0x0) 613.471277ms ago: executing program 2 (id=3750): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6(0x10, 0x3, 0x0) write(r3, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 589.56511ms ago: executing program 5 (id=3751): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) getsockname$unix(0xffffffffffffffff, 0x0, 0x0) 563.035232ms ago: executing program 0 (id=3752): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x3, 0x3, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0) 531.932535ms ago: executing program 6 (id=3753): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r1, 0x0, 0x0, 0x40000) 494.518069ms ago: executing program 2 (id=3754): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) chmod(0x0, 0x24c) 467.651302ms ago: executing program 0 (id=3755): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) setsockopt$inet_opts(r2, 0x0, 0xd, 0x0, 0x0) 466.924432ms ago: executing program 3 (id=3756): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000003340), 0x40040, 0x0) read$FUSE(r3, &(0x7f00000034c0)={0x2020}, 0x2020) 462.006893ms ago: executing program 5 (id=3757): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000100)={'sit0\x00', 0x0, 0x47, 0x8, 0x3, 0x8, {{0x5, 0x4, 0x2, 0x1b, 0x14, 0x66, 0x0, 0x81, 0x29, 0x0, @loopback, @broadcast}}}}) 416.908337ms ago: executing program 6 (id=3758): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x8080) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = epoll_create(0x6) epoll_pwait2(r2, &(0x7f0000000080)=[{}], 0x1, &(0x7f0000000100)={0x0, 0x989680}, 0x0, 0x0) 376.694791ms ago: executing program 0 (id=3759): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffe) keyctl$invalidate(0x15, r3) 371.947542ms ago: executing program 3 (id=3760): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0xf) wait4(r2, 0x0, 0x2, 0x0) tkill(r2, 0x3) 364.322063ms ago: executing program 2 (id=3761): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) read(r3, 0x0, 0x0) 340.674845ms ago: executing program 6 (id=3762): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x184) r2 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x18) symlinkat(&(0x7f0000000000)='.\x00', r3, &(0x7f0000000140)='./file0\x00') 308.090628ms ago: executing program 5 (id=3763): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@loopback={0xfec0ffffffffffff}, 0x46, r3}) 263.582543ms ago: executing program 2 (id=3764): rt_sigaction(0xd, &(0x7f0000000080)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x94000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1}) r2 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x3, r2, 0x0, 0x0) request_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0) 261.733113ms ago: executing program 0 (id=3765): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) 218.913038ms ago: executing program 5 (id=3766): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xc000, 0x0) 172.777312ms ago: executing program 6 (id=3767): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, &(0x7f00000000c0)={0x6, 'bridge_slave_1\x00', {0x6af5}, 0x556}) 159.104794ms ago: executing program 3 (id=3768): socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}}, 0x0) 142.615385ms ago: executing program 2 (id=3769): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d4e, 0x103) 75.668522ms ago: executing program 6 (id=3770): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) syz_clone(0x80001000, 0x0, 0x0, 0x0, 0x0, 0x0) 68.997053ms ago: executing program 5 (id=3771): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) timer_create(0x1, &(0x7f00000001c0)={0x0, 0x34, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) 43.535785ms ago: executing program 0 (id=3772): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x4000000000000002]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) setresuid(0xee00, 0xee01, 0x0) 0s ago: executing program 2 (id=3773): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, 0x0, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): T4189] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.024387][ T4189] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.033101][ T4189] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.046607][ T4192] device veth0_vlan entered promiscuous mode [ 56.053286][ T4182] device veth0_vlan entered promiscuous mode [ 56.073259][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.081937][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.090159][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.099338][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.112779][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.123586][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.135558][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.146404][ T4192] device veth1_vlan entered promiscuous mode [ 56.154369][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.162714][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.172678][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.181276][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.189677][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.199734][ T4182] device veth1_vlan entered promiscuous mode [ 56.211588][ T4188] device veth0_macvtap entered promiscuous mode [ 56.239333][ T4188] device veth1_macvtap entered promiscuous mode [ 56.256636][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.272683][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.283821][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.302735][ T4192] device veth0_macvtap entered promiscuous mode [ 56.309779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.318465][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.327488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.335733][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.344212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.352810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.361537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.369873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.378677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.387526][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.406924][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.418727][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.429844][ T4181] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.439309][ T4181] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.448333][ T4181] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.457033][ T4181] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.470146][ T4192] device veth1_macvtap entered promiscuous mode [ 56.494561][ T4182] device veth0_macvtap entered promiscuous mode [ 56.507702][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.518771][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.528759][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.539201][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.549956][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.562336][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.571250][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.592403][ T4182] device veth1_macvtap entered promiscuous mode [ 56.603702][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.614650][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.624492][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.632606][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.642269][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.650841][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.664544][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.676988][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.687413][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.698039][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.708165][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.718644][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.729632][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.744825][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.758903][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.768912][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.779376][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.790181][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.808031][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.819106][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.829557][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.840183][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.850082][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.861705][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.871552][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.882339][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.894150][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.902500][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.911712][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.920204][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.928759][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.937308][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.946119][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.958190][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.971830][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.982021][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.993203][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.003047][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.013475][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.025061][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.035651][ T4192] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.045036][ T4192] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.054189][ T4192] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.063096][ T4192] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.076283][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.092299][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.102326][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.112989][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.123004][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.134250][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.144207][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.154835][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.166473][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.179315][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.188175][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.197386][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.206355][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.216436][ T4224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.231143][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.239945][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.242303][ T4224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.255529][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.264754][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.285952][ T4182] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.295467][ T4247] Bluetooth: hci2: command 0x040f tx timeout [ 57.297081][ T4182] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.311386][ T23] Bluetooth: hci1: command 0x040f tx timeout [ 57.317408][ T23] Bluetooth: hci3: command 0x040f tx timeout [ 57.321619][ T4247] Bluetooth: hci0: command 0x040f tx timeout [ 57.327041][ T4182] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.338039][ T4182] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.348455][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.372569][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.380496][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.388239][ T4172] Bluetooth: hci4: command 0x040f tx timeout [ 57.399848][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.474262][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.499877][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.538933][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.577319][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.595464][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.638320][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.689266][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.697959][ T4224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.726405][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.729189][ T4224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.757549][ T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.779609][ T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.793612][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.802940][ T4224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.818236][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.836346][ T4224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.845114][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.856543][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.900626][ T4276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.926774][ T4276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.970084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.213675][ T4320] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.403480][ T4331] loop2: detected capacity change from 0 to 512 [ 58.480960][ T4331] EXT4-fs (loop2): Ignoring removed oldalloc option [ 58.597453][ T4331] EXT4-fs (loop2): 1 truncate cleaned up [ 58.703047][ T4331] EXT4-fs (loop2): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback. [ 58.971177][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 59.068470][ T4331] ======================================================= [ 59.068470][ T4331] WARNING: The mand mount option has been deprecated and [ 59.068470][ T4331] and is ignored by this kernel. Remove the mand [ 59.068470][ T4331] option from the mount to silence this warning. [ 59.068470][ T4331] ======================================================= [ 59.309095][ T4192] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 59.365192][ T4192] EXT4-fs (loop2): Remounting filesystem read-only [ 59.372498][ T4172] Bluetooth: hci0: command 0x0419 tx timeout [ 59.384337][ T4172] Bluetooth: hci3: command 0x0419 tx timeout [ 59.393704][ T4172] Bluetooth: hci2: command 0x0419 tx timeout [ 59.428138][ T4172] Bluetooth: hci1: command 0x0419 tx timeout [ 59.453708][ T13] Bluetooth: hci4: command 0x0419 tx timeout [ 59.462596][ T4192] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 234881024 (level 0) [ 59.503360][ T4192] EXT4-fs (loop2): Remounting filesystem read-only [ 59.638224][ T4372] netlink: 108 bytes leftover after parsing attributes in process `syz.4.35'. [ 59.755836][ T4374] netlink: 24 bytes leftover after parsing attributes in process `syz.1.33'. [ 60.029457][ T4376] netlink: 260 bytes leftover after parsing attributes in process `syz.2.28'. [ 60.239620][ T4405] loop2: detected capacity change from 0 to 512 [ 60.284092][ T4405] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 60.320952][ T4405] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 60.372971][ T4405] EXT4-fs (loop2): 1 truncate cleaned up [ 60.387654][ T4405] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.440265][ T26] audit: type=1800 audit(1763299007.848:2): pid=4405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.46" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 60.540763][ T4172] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 60.780789][ T4172] usb 1-1: Using ep0 maxpacket: 8 [ 60.901055][ T4172] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 60.921805][ T4422] netlink: 44 bytes leftover after parsing attributes in process `syz.1.53'. [ 60.936533][ T4172] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 60.946716][ T4422] netlink: 43 bytes leftover after parsing attributes in process `syz.1.53'. [ 60.971890][ T4422] netlink: 'syz.1.53': attribute type 5 has an invalid length. [ 60.989921][ T4172] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 61.000820][ T4422] netlink: 43 bytes leftover after parsing attributes in process `syz.1.53'. [ 61.010334][ T4172] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 61.039159][ T4172] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 61.100510][ T4172] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.320293][ T4440] binder: Unknown parameter 'contextÌ' [ 61.390872][ T4172] usb 1-1: GET_CAPABILITIES returned 0 [ 61.398614][ T4172] usbtmc 1-1:16.0: can't read capabilities [ 61.630310][ T4172] usb 1-1: USB disconnect, device number 2 [ 61.791042][ T4460] netlink: 12 bytes leftover after parsing attributes in process `syz.1.71'. [ 61.926363][ T4471] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 62.244784][ T4488] netlink: 20 bytes leftover after parsing attributes in process `syz.1.85'. [ 63.220505][ T4553] IPv6: NLM_F_CREATE should be specified when creating new route [ 63.598134][ T4570] syz.3.122 uses obsolete (PF_INET,SOCK_PACKET) [ 63.725960][ T4230] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 63.936266][ T4566] loop0: detected capacity change from 0 to 32768 [ 64.030542][ T4566] JBD2: Ignoring recovery information on journal [ 64.140266][ T4566] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 64.149642][ T4230] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 64.199687][ T4230] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 64.225753][ T4230] usb 5-1: config 1 has no interface number 0 [ 64.235619][ T4230] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.471956][ T4230] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 64.500954][ T4230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.520898][ T4230] usb 5-1: Product: syz [ 64.525078][ T4230] usb 5-1: Manufacturer: syz [ 64.540459][ T4603] loop1: detected capacity change from 0 to 64 [ 64.540712][ T4230] usb 5-1: SerialNumber: syz [ 64.591210][ T4188] ocfs2: Unmounting device (7,0) on (node local) [ 64.631889][ T4230] usb 5-1: selecting invalid altsetting 1 [ 64.647400][ T4603] hfs: get root inode failed [ 64.860904][ T4230] cdc_ncm 5-1:1.1: bind() failure [ 64.899589][ T4230] usb 5-1: USB disconnect, device number 2 [ 65.483327][ T4645] device veth0 entered promiscuous mode [ 65.510264][ T4647] netlink: 92 bytes leftover after parsing attributes in process `syz.1.155'. [ 65.514504][ T4644] device veth0 left promiscuous mode [ 67.177077][ T4717] netlink: 32 bytes leftover after parsing attributes in process `syz.1.187'. [ 67.662226][ T26] audit: type=1326 audit(1763299015.078:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.1.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0fe24c6c9 code=0x7fc00000 [ 67.715462][ T26] audit: type=1326 audit(1763299015.098:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.1.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0fe24c6c9 code=0x7fc00000 [ 67.848085][ T4762] overlayfs: failed to resolve '/ [ 67.848085][ T4762] ': -2 [ 67.930620][ T4765] loop0: detected capacity change from 0 to 512 [ 68.014842][ T4765] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 68.040871][ T4765] EXT4-fs (loop0): inline encryption not supported [ 68.092248][ T4765] EXT4-fs (loop0): Test dummy encryption mode enabled [ 68.099059][ T4765] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 68.137910][ T4765] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 68.231631][ T4765] EXT4-fs (loop0): 1 truncate cleaned up [ 68.237301][ T4765] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 68.267881][ T4783] input: syz0 as /devices/virtual/input/input5 [ 68.745522][ T4765] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 68.957208][ T4825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.233'. [ 68.966258][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.975700][ T4825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.995558][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.031804][ T4825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.085684][ T4834] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 69.099156][ T4836] syz.3.235[4836] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.099260][ T4836] syz.3.235[4836] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 69.191325][ T4831] kvm: pic: level sensitive irq not supported [ 69.280597][ T4831] kvm: pic: non byte read [ 69.301242][ T4831] kvm: pic: level sensitive irq not supported [ 69.301297][ T4831] kvm: pic: non byte read [ 69.359863][ T4831] kvm: pic: level sensitive irq not supported [ 69.359920][ T4831] kvm: pic: non byte read [ 69.410557][ T4831] kvm: pic: level sensitive irq not supported [ 69.410615][ T4831] kvm: pic: non byte read [ 69.475282][ T4831] kvm: pic: level sensitive irq not supported [ 69.475335][ T4831] kvm: pic: non byte read [ 69.835063][ T4864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.250'. [ 70.514818][ T4893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.261'. [ 70.534136][ T26] audit: type=1326 audit(1763299017.948:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.1.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0fe24c6c9 code=0x7fc00000 [ 70.977472][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.984064][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.336370][ T4914] netlink: 8 bytes leftover after parsing attributes in process `syz.1.271'. [ 71.867657][ T4955] process 'syz.0.289' launched './file0' with NULL argv: empty string added [ 73.215655][ T4990] loop2: detected capacity change from 0 to 4096 [ 73.233304][ T4990] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 74.647221][ T4192] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 74.693828][ T4192] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 74.738932][ T4192] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22. [ 74.759751][ T5016] netlink: 20 bytes leftover after parsing attributes in process `syz.0.314'. [ 75.223517][ T5048] overlayfs: failed to clone lowerpath [ 75.436756][ T5062] netlink: 'syz.1.336': attribute type 4 has an invalid length. [ 75.685546][ T5077] netlink: 72 bytes leftover after parsing attributes in process `syz.1.341'. [ 75.693323][ T5079] IPv6: syztnl0: Disabled Multicast RS [ 76.075342][ T5105] netlink: 'syz.4.356': attribute type 2 has an invalid length. [ 76.096251][ T1108] cfg80211: failed to load regulatory.db [ 76.299542][ T5118] netlink: 4 bytes leftover after parsing attributes in process `syz.4.363'. [ 76.552517][ T5129] netlink: 'syz.4.368': attribute type 16 has an invalid length. [ 76.560282][ T5129] netlink: 64122 bytes leftover after parsing attributes in process `syz.4.368'. [ 76.792556][ T5136] binder: BINDER_SET_CONTEXT_MGR already set [ 76.824623][ T5136] binder: 5134:5136 ioctl 4018620d 2000000001c0 returned -16 [ 76.950511][ T5144] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 76.984230][ T5148] netlink: 96 bytes leftover after parsing attributes in process `syz.1.377'. [ 77.216303][ T5161] binder: Unknown parameter 'contextÌ' [ 77.852008][ T5177] overlayfs: missing 'lowerdir' [ 79.004663][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 79.014004][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 79.360553][ T5202] loop4: detected capacity change from 0 to 512 [ 79.456314][ T5202] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 79.524597][ T5210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.403'. [ 79.580508][ T5210] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 79.580756][ T5202] EXT4-fs (loop4): 1 truncate cleaned up [ 79.594080][ T5202] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 79.607303][ T5210] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 79.617338][ T5210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.626354][ T5210] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.652882][ T26] audit: type=1800 audit(1763299027.077:6): pid=5202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.402" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 79.884029][ T5224] netlink: 'syz.4.408': attribute type 4 has an invalid length. [ 80.622124][ T5227] loop0: detected capacity change from 0 to 16 [ 80.702571][ T5227] erofs: (device loop0): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version [ 80.979923][ T5237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.413'. [ 81.675282][ T5265] netlink: 'syz.3.426': attribute type 16 has an invalid length. [ 81.709498][ T5265] netlink: 64122 bytes leftover after parsing attributes in process `syz.3.426'. [ 82.807311][ T5301] loop0: detected capacity change from 0 to 512 [ 82.911960][ T5301] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 83.088337][ T5301] EXT4-fs (loop0): 1 truncate cleaned up [ 83.103496][ T5301] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 83.128906][ T26] audit: type=1800 audit(1763299030.547:7): pid=5301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.440" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 83.489373][ T5309] netlink: 'syz.0.442': attribute type 16 has an invalid length. [ 83.536025][ T5309] netlink: 64122 bytes leftover after parsing attributes in process `syz.0.442'. [ 83.724532][ T5324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.449'. [ 84.390457][ T5348] netlink: 104 bytes leftover after parsing attributes in process `syz.4.460'. [ 84.539829][ T5355] loop4: detected capacity change from 0 to 16 [ 84.659432][ T5355] erofs: (device loop4): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version [ 85.078522][ T5372] binder: Unknown parameter 'contextÌ' [ 85.096866][ T5367] netlink: 52 bytes leftover after parsing attributes in process `syz.3.470'. [ 85.661497][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #240!!! [ 85.788662][ T5408] binder: Unknown parameter 'contextÌ' [ 85.917013][ T5414] netlink: 24 bytes leftover after parsing attributes in process `syz.4.491'. [ 86.037510][ T5417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.493'. [ 86.191903][ T5417] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.294913][ T5417] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.445660][ T5417] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.559301][ T5417] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.685432][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 86.889842][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 86.899158][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 87.234088][ T5430] kvm [5429]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 87.603292][ T5456] loop4: detected capacity change from 0 to 256 [ 87.692342][ T5456] FAT-fs (loop4): Directory bread(block 64) failed [ 87.709750][ T5456] FAT-fs (loop4): Directory bread(block 65) failed [ 87.740286][ T5456] FAT-fs (loop4): Directory bread(block 66) failed [ 87.770814][ T5456] FAT-fs (loop4): Directory bread(block 67) failed [ 87.792158][ T5461] loop2: detected capacity change from 0 to 16 [ 87.798674][ T5456] FAT-fs (loop4): Directory bread(block 68) failed [ 87.828141][ T5456] FAT-fs (loop4): Directory bread(block 69) failed [ 87.854622][ T5456] FAT-fs (loop4): Directory bread(block 70) failed [ 87.879289][ T5456] FAT-fs (loop4): Directory bread(block 71) failed [ 87.900822][ T5456] FAT-fs (loop4): Directory bread(block 72) failed [ 87.913199][ T5467] fuseblk: Bad value for 'user_id' [ 87.917606][ T5456] FAT-fs (loop4): Directory bread(block 73) failed [ 87.947723][ T5461] erofs: (device loop2): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version [ 88.107995][ T26] audit: type=1800 audit(1763299035.527:8): pid=5456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.510" name="bus" dev="loop4" ino=1048592 res=0 errno=0 [ 88.658106][ T5492] kvm: pic: non byte write [ 88.929847][ T5508] loop1: detected capacity change from 0 to 512 [ 89.032887][ T5512] netlink: 'syz.2.534': attribute type 1 has an invalid length. [ 89.052583][ T5508] EXT4-fs (loop1): Ignoring removed oldalloc option [ 89.103891][ T5508] EXT4-fs (loop1): 1 truncate cleaned up [ 89.120790][ T5508] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback. [ 89.198732][ T4182] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 89.274652][ T4182] EXT4-fs (loop1): Remounting filesystem read-only [ 89.318835][ T4182] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 234881024 (level 0) [ 89.358802][ T5527] netlink: 8 bytes leftover after parsing attributes in process `syz.0.541'. [ 89.367672][ T5527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.375542][ T5527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.384987][ T5527] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.392932][ T4182] EXT4-fs (loop1): Remounting filesystem read-only [ 89.411341][ T5527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.680066][ T5563] capability: warning: `syz.0.556' uses deprecated v2 capabilities in a way that may be insecure [ 91.107438][ T26] audit: type=1326 audit(1763299038.527:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5588 comm="syz.4.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138e3bd6c9 code=0x7ffc0000 [ 91.196038][ T26] audit: type=1326 audit(1763299038.527:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5588 comm="syz.4.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f138e3bd6c9 code=0x7ffc0000 [ 91.247401][ T26] audit: type=1326 audit(1763299038.527:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5588 comm="syz.4.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f138e3bd6c9 code=0x7ffc0000 [ 91.407290][ T5609] netlink: 388 bytes leftover after parsing attributes in process `syz.3.576'. [ 91.616216][ T5621] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 92.521164][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 92.530064][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #108!!! [ 92.539048][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #108!!! [ 93.753373][ T5700] netlink: 536 bytes leftover after parsing attributes in process `syz.4.616'. [ 93.783106][ T5700] netlink: 52 bytes leftover after parsing attributes in process `syz.4.616'. [ 94.905700][ T5717] loop4: detected capacity change from 0 to 32768 [ 95.050797][ T4172] Bluetooth: hci4: command 0x0405 tx timeout [ 95.078454][ T5717] XFS (loop4): Mounting V5 Filesystem [ 95.224042][ T5717] XFS (loop4): Ending clean mount [ 95.380240][ T4181] XFS (loop4): Unmounting Filesystem [ 95.576741][ T5786] netlink: 'syz.3.653': attribute type 27 has an invalid length. [ 95.600613][ T5786] netlink: 'syz.3.653': attribute type 4 has an invalid length. [ 95.631768][ T5786] netlink: 144 bytes leftover after parsing attributes in process `syz.3.653'. [ 97.333067][ T5899] mmap: syz.2.705 (5899) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 98.858987][ T26] audit: type=1326 audit(1763299046.277:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5962 comm="syz.2.732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x0 [ 99.022335][ T5975] device sit0 entered promiscuous mode [ 99.070982][ T5975] netlink: 'syz.4.736': attribute type 1 has an invalid length. [ 99.109397][ T5975] netlink: 1 bytes leftover after parsing attributes in process `syz.4.736'. [ 99.935767][ T6039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 100.092926][ T6047] netlink: 388 bytes leftover after parsing attributes in process `syz.2.767'. [ 101.453398][ T6080] loop1: detected capacity change from 0 to 512 [ 102.139350][ T6080] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 102.356850][ T6080] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.493275][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.792'. [ 102.517725][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.792'. [ 102.751550][ T6128] Zero length message leads to an empty skb [ 103.203858][ T6153] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 103.233752][ T6166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.817'. [ 103.244307][ T6153] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 103.248672][ T6160] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 103.273010][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.817'. [ 106.054583][ T6220] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 106.806100][ T6253] kvm: pic: non byte write [ 106.826481][ T6253] kvm: pic: non byte write [ 106.850852][ T6253] kvm: pic: non byte write [ 106.855479][ T6253] kvm: pic: non byte write [ 106.871820][ T6253] kvm: pic: non byte write [ 106.886512][ T6253] kvm: pic: non byte write [ 106.915443][ T6253] kvm: pic: non byte write [ 106.920133][ T6253] kvm: pic: non byte write [ 106.935117][ T6253] kvm: pic: non byte write [ 106.960872][ T6253] kvm: pic: non byte write [ 107.149521][ T6275] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 107.190997][ T6275] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 107.216058][ T6290] loop1: detected capacity change from 0 to 128 [ 107.323846][ T6290] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 107.400848][ T6290] ext4 filesystem being mounted at /145/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 108.138855][ T6335] netlink: 132 bytes leftover after parsing attributes in process `syz.1.892'. [ 109.133763][ T150] Bluetooth: hci5: Frame reassembly failed (-84) [ 109.159098][ T150] Bluetooth: hci5: Frame reassembly failed (-84) [ 109.323423][ T6371] tmpfs: Unknown parameter 'no' [ 110.535585][ T6404] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 110.573377][ T6404] overlayfs: missing 'lowerdir' [ 111.210718][ T4172] Bluetooth: hci5: command 0x1003 tx timeout [ 111.216860][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 114.089991][ T7] Bluetooth: hci5: command 0x1001 tx timeout [ 114.110905][ T4193] Bluetooth: hci5: sending frame failed (-49) [ 114.117951][ T4172] Bluetooth: hci3: command 0x0406 tx timeout [ 114.233736][ T6521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.969'. [ 114.857055][ T6558] ax25_connect(): syz.0.988 uses autobind, please contact jreuter@yaina.de [ 115.122852][ T6572] loop0: detected capacity change from 0 to 16 [ 115.240026][ T6572] cramfs: Error -3 while decompressing! [ 115.260807][ T6572] cramfs: ffffffff961ed0a8(27)->ffff888052b60000(4096) [ 115.275939][ T6580] netlink: 12 bytes leftover after parsing attributes in process `syz.4.999'. [ 115.292050][ T6572] cramfs: Error -3 while decompressing! [ 115.297609][ T6572] cramfs: ffffffff961ed0c3(16)->ffff888052f2a000(4096) [ 115.322587][ T6572] cramfs: Error -3 while decompressing! [ 115.348998][ T6572] cramfs: ffffffff961ed0a8(27)->ffff888052b60000(4096) [ 115.375362][ T26] audit: type=1800 audit(1763299318.797:13): pid=6572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.995" name="file3" dev="loop0" ino=348 res=0 errno=0 [ 115.599477][ T6595] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 115.631290][ T6595] overlayfs: missing 'lowerdir' [ 116.069340][ T6627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1018'. [ 116.100153][ T6627] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 116.118776][ T6630] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1021'. [ 116.137539][ T6627] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 116.150322][ T6627] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 116.170915][ T7] Bluetooth: hci5: command 0x1009 tx timeout [ 116.267703][ T6635] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1023'. [ 119.334716][ T6731] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1068'. [ 119.355415][ T26] audit: type=1800 audit(1763299322.777:14): pid=6691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1046" name="/" dev="fuse" ino=5 res=0 errno=0 [ 119.516818][ T6743] loop1: detected capacity change from 0 to 256 [ 119.601520][ T6743] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 119.671129][ T6743] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.613718][ T6797] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1099'. [ 120.622886][ T6797] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1099'. [ 120.669202][ T6797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1099'. [ 120.695759][ T6797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1099'. [ 121.573623][ T6841] loop0: detected capacity change from 0 to 256 [ 121.646011][ T6841] FAT-fs (loop0): Directory bread(block 64) failed [ 121.678887][ T6841] FAT-fs (loop0): Directory bread(block 65) failed [ 121.697331][ T6841] FAT-fs (loop0): Directory bread(block 66) failed [ 121.720154][ T6849] netlink: 'syz.2.1124': attribute type 12 has an invalid length. [ 121.734655][ T6841] FAT-fs (loop0): Directory bread(block 67) failed [ 121.760778][ T6841] FAT-fs (loop0): Directory bread(block 68) failed [ 121.797762][ T6841] FAT-fs (loop0): Directory bread(block 69) failed [ 121.821125][ T6841] FAT-fs (loop0): Directory bread(block 70) failed [ 121.829438][ T6841] FAT-fs (loop0): Directory bread(block 71) failed [ 121.858062][ T6841] FAT-fs (loop0): Directory bread(block 72) failed [ 121.878348][ T6841] FAT-fs (loop0): Directory bread(block 73) failed [ 122.063770][ T26] audit: type=1800 audit(1763299325.487:15): pid=6841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1120" name="bus" dev="loop0" ino=1048612 res=0 errno=0 [ 122.337696][ T6884] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1142'. [ 123.197956][ T6942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1168'. [ 123.227990][ T6942] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 123.259723][ T6942] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.464439][ T26] audit: type=1326 audit(1763299326.887:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6955 comm="syz.0.1174" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x0 [ 124.077669][ T6995] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1191'. [ 124.107117][ T6995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1191'. [ 124.131707][ T6995] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1191'. [ 125.532818][ T7025] __nla_validate_parse: 1 callbacks suppressed [ 125.532834][ T7025] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1206'. [ 125.589128][ T7025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1206'. [ 125.620764][ T7025] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1206'. [ 125.644388][ T7025] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1206'. [ 125.943818][ T7046] 9p: Unknown Cache mode m [ 125.980872][ T7048] netlink: 'syz.1.1214': attribute type 1 has an invalid length. [ 126.058077][ T7048] 8021q: adding VLAN 0 to HW filter on device bond1 [ 126.120590][ T7060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1220'. [ 126.174067][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1214'. [ 126.919780][ T7072] netlink: 'syz.3.1225': attribute type 28 has an invalid length. [ 127.528089][ T7098] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1232'. [ 128.400575][ T7111] netlink: 'syz.0.1241': attribute type 4 has an invalid length. [ 128.428027][ T7111] netlink: 'syz.0.1241': attribute type 5 has an invalid length. [ 128.476589][ T7111] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1241'. [ 129.746415][ T7144] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1256'. [ 129.766220][ T7148] netlink: 'syz.4.1258': attribute type 4 has an invalid length. [ 129.787492][ T7148] netlink: 'syz.4.1258': attribute type 21 has an invalid length. [ 129.795692][ T7148] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1258'. [ 131.224202][ T7248] mmap: syz.0.1299 (7248): VmData 49209344 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 131.384363][ T7261] __nla_validate_parse: 2 callbacks suppressed [ 131.384377][ T7261] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1303'. [ 131.437523][ T7264] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1305'. [ 131.775552][ T7281] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 131.881651][ T7285] sctp: [Deprecated]: syz.2.1313 (pid 7285) Use of int in max_burst socket option deprecated. [ 131.881651][ T7285] Use struct sctp_assoc_value instead [ 132.042608][ T7291] loop0: detected capacity change from 0 to 256 [ 132.953882][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.960195][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.999758][ T7296] loop2: detected capacity change from 0 to 512 [ 133.176629][ T7296] EXT4-fs (loop2): inline encryption not supported [ 133.241535][ T7296] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 133.374632][ T7307] loop0: detected capacity change from 0 to 256 [ 133.374645][ T7296] EXT4-fs (loop2): 1 truncate cleaned up [ 133.374665][ T7296] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,inlinecrypt,. Quota mode: none. [ 133.434663][ T7296] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1318: bg 0: block 255: padding at end of block bitmap is not set [ 133.460714][ T7296] EXT4-fs (loop2): Remounting filesystem read-only [ 133.495613][ T7274] ODEBUG: Out of memory. ODEBUG disabled [ 134.254269][ T4225] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 134.325864][ T26] audit: type=1326 audit(1763299337.747:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.4.1334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f138e3bd6c9 code=0x0 [ 134.552760][ T4225] usb 2-1: Using ep0 maxpacket: 16 [ 134.662973][ T7374] overlayfs: failed to clone lowerpath [ 134.682019][ T4225] usb 2-1: config 222 has an invalid interface number: 31 but max is 0 [ 134.690317][ T4225] usb 2-1: config 222 has no interface number 0 [ 134.706500][ T4225] usb 2-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 134.727479][ T4225] usb 2-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 134.748335][ T4225] usb 2-1: config 222 interface 31 has no altsetting 0 [ 134.948491][ T7392] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1351'. [ 134.980979][ T4225] usb 2-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 135.000411][ T4225] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.017855][ T4225] usb 2-1: Product: syz [ 135.026553][ T4225] usb 2-1: Manufacturer: syz [ 135.036737][ T4225] usb 2-1: SerialNumber: syz [ 135.071464][ T7326] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 135.165123][ T7404] netlink: 'syz.3.1356': attribute type 4 has an invalid length. [ 135.173156][ T7404] netlink: 'syz.3.1356': attribute type 5 has an invalid length. [ 135.181358][ T7404] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.1356'. [ 135.440995][ T4225] ldusb 2-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 135.473735][ T4225] usb 2-1: USB disconnect, device number 2 [ 135.552901][ T4225] ldusb 2-1:222.31: LD USB Device #0 now disconnected [ 136.399744][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1367'. [ 136.504244][ T7439] netlink: 'syz.1.1369': attribute type 4 has an invalid length. [ 136.530789][ T7439] netlink: 'syz.1.1369': attribute type 5 has an invalid length. [ 136.549604][ T7442] syz.3.1371 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 136.570376][ T7439] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1369'. [ 137.006516][ T7477] netlink: 'syz.2.1386': attribute type 4 has an invalid length. [ 137.047421][ T7477] netlink: 'syz.2.1386': attribute type 5 has an invalid length. [ 137.061227][ T7477] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1386'. [ 138.213507][ T7500] loop1: detected capacity change from 0 to 128 [ 138.330829][ T4225] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 138.665034][ T7500] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 138.750884][ T4225] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 138.775775][ T4225] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 138.784993][ T7493] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1392'. [ 138.794110][ T4225] usb 1-1: config 220 interface 0 has no altsetting 0 [ 139.833280][ T7509] loop1: detected capacity change from 0 to 2048 [ 139.850921][ T4225] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 139.860079][ T4225] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.869791][ T4225] usb 1-1: Product: syz [ 139.881219][ T4225] usb 1-1: Manufacturer: syz [ 139.893857][ T26] audit: type=1326 audit(1763299343.317:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7518 comm="syz.2.1402" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x0 [ 139.916205][ T4225] usb 1-1: SerialNumber: syz [ 140.000616][ T7509] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 140.016761][ T7509] ext4 filesystem being mounted at /235/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.260878][ T4225] usb 1-1: Found UVC 0.00 device syz (8086:0b07) [ 140.269211][ T4225] usb 1-1: No valid video chain found. [ 140.318050][ T4225] usb 1-1: USB disconnect, device number 3 [ 140.658340][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 140.680543][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 140.697965][ T7569] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.713262][ T7569] device bridge_slave_0 left promiscuous mode [ 140.720878][ T7569] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.744106][ T7569] device bridge_slave_1 left promiscuous mode [ 140.750466][ T7569] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.766583][ T7569] bond0: (slave bond_slave_0): Releasing backup interface [ 140.785804][ T7569] bond0: (slave bond_slave_1): Releasing backup interface [ 140.821430][ T7569] team0: Port device team_slave_0 removed [ 140.843079][ T7569] team0: Port device team_slave_1 removed [ 140.850830][ T13] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 140.940386][ T7569] syz.2.1427 (7569) used greatest stack depth: 20968 bytes left [ 141.189270][ T7602] loop4: detected capacity change from 0 to 1024 [ 141.221720][ T13] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB3, skipping [ 141.238830][ T13] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 141.277653][ T7602] EXT4-fs (loop4): Ignoring removed orlov option [ 141.306904][ T7602] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 141.312842][ T13] usb 2-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 141.342924][ T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.375857][ T13] usb 2-1: config 0 descriptor?? [ 141.402915][ T7616] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1437'. [ 141.430820][ T7616] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1437'. [ 141.434244][ T13] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 141.474650][ T7616] tipc: Invalid UDP bearer configuration [ 141.474687][ T7616] tipc: Enabling of bearer rejected, failed to enable media [ 141.600090][ T7602] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback. [ 141.663294][ T4172] usb 2-1: USB disconnect, device number 3 [ 142.433610][ T7648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1449'. [ 142.974503][ T7679] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1459'. [ 143.013880][ T7678] netlink: 'syz.2.1460': attribute type 11 has an invalid length. [ 143.611915][ T7734] loop2: detected capacity change from 0 to 1024 [ 143.768802][ T7734] EXT4-fs (loop2): Ignoring removed orlov option [ 143.857569][ T7734] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 144.247267][ T7734] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback. [ 144.729358][ T7780] loop0: detected capacity change from 0 to 128 [ 145.247093][ T7754] loop1: detected capacity change from 0 to 32768 [ 145.395984][ T7754] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1493 (7754) [ 145.525635][ T7754] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 145.569147][ T7754] BTRFS info (device loop1): turning off barriers [ 145.591790][ T7754] BTRFS info (device loop1): setting nodatasum [ 145.598423][ T7754] BTRFS info (device loop1): enabling auto defrag [ 145.666020][ T7754] BTRFS info (device loop1): disabling tree log [ 145.691379][ T7801] loop4: detected capacity change from 0 to 256 [ 145.705347][ T7754] BTRFS info (device loop1): using free space tree [ 145.725570][ T7754] BTRFS info (device loop1): has skinny extents [ 146.044244][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1513'. [ 146.086192][ T7754] BTRFS info (device loop1): enabling ssd optimizations [ 146.145622][ T7831] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1516'. [ 146.359155][ T4172] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 146.557546][ T7854] loop4: detected capacity change from 0 to 4096 [ 146.576618][ T7854] EXT4-fs (loop4): Test dummy encryption mode enabled [ 146.626655][ T4172] usb 3-1: Using ep0 maxpacket: 16 [ 146.702623][ T7854] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,block_validity,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 146.771855][ T4172] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 146.783326][ T4172] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 146.794522][ T4172] usb 3-1: config 0 has no interface number 0 [ 146.801130][ T4172] usb 3-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 146.810274][ T4172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.823378][ T4172] usb 3-1: config 0 descriptor?? [ 146.863927][ T7879] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1533'. [ 146.876547][ T4172] usb 3-1: Found UVC 0.00 device (0bd3:0555) [ 146.891513][ T4172] usb 3-1: No valid video chain found. [ 146.982959][ T7854] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 147.000619][ T7854] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.1527: Invalid inode bitmap blk 17645240769277055999 in block_group 0 [ 147.019134][ T7876] EXT4-fs error (device loop4): __ext4_get_inode_loc:4327: comm syz.4.1527: Invalid inode table block 17725141040191475193 in block_group 0 [ 147.037183][ T7890] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1536'. [ 147.090229][ T7881] EXT4-fs error (device loop4): __ext4_get_inode_loc:4327: comm syz.4.1527: Invalid inode table block 17725141040191475193 in block_group 0 [ 147.110368][ T7861] usb 3-1: USB disconnect, device number 2 [ 147.212973][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 147.530748][ T4234] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 147.770885][ T4234] usb 1-1: Using ep0 maxpacket: 16 [ 147.890875][ T4234] usb 1-1: config 222 has an invalid interface number: 31 but max is 0 [ 147.899474][ T4234] usb 1-1: config 222 has no interface number 0 [ 147.941324][ T4234] usb 1-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 147.965442][ T4234] usb 1-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 148.001520][ T4234] usb 1-1: config 222 interface 31 has no altsetting 0 [ 148.160830][ T4234] usb 1-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 148.181671][ T4234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.876609][ T4234] usb 1-1: Product: syz [ 148.881824][ T4234] usb 1-1: Manufacturer: syz [ 148.886430][ T4234] usb 1-1: SerialNumber: syz [ 148.913964][ T7902] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 149.267180][ T4234] ldusb 1-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 150.066337][ T4234] usb 1-1: USB disconnect, device number 4 [ 150.105895][ T4234] ldusb 1-1:222.31: LD USB Device #0 now disconnected [ 150.520012][ T8016] loop0: detected capacity change from 0 to 1024 [ 150.604248][ T8016] EXT4-fs (loop0): Ignoring removed orlov option [ 150.635312][ T8016] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 150.757126][ T8016] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,errors=remount-ro,debug_want_extra_isize=0x0000000000000080,orlov,nolazytime,quota,nomblk_io_submit,. Quota mode: writeback. [ 151.030696][ T4234] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 151.293371][ T4234] usb 5-1: Using ep0 maxpacket: 16 [ 151.420936][ T4234] usb 5-1: config 222 has an invalid interface number: 31 but max is 0 [ 151.441154][ T4234] usb 5-1: config 222 has no interface number 0 [ 151.447481][ T4234] usb 5-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 151.491053][ T4234] usb 5-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 151.521601][ T4234] usb 5-1: config 222 interface 31 has no altsetting 0 [ 151.615940][ T8083] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1621'. [ 151.637327][ T8083] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1621'. [ 151.690886][ T4234] usb 5-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 151.709113][ T4234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.727789][ T4234] usb 5-1: Product: syz [ 151.744959][ T4234] usb 5-1: Manufacturer: syz [ 151.749743][ T4234] usb 5-1: SerialNumber: syz [ 151.791038][ T8035] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 151.996298][ T8107] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 152.094250][ T4234] ldusb 5-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 152.131002][ T4234] usb 5-1: USB disconnect, device number 3 [ 152.153457][ T4234] ldusb 5-1:222.31: LD USB Device #0 now disconnected [ 152.178111][ T8081] loop0: detected capacity change from 0 to 32768 [ 152.308740][ T26] audit: type=1800 audit(1763299355.727:19): pid=8081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1620" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 152.543274][ T8129] bridge0: port 3(erspan0) entered blocking state [ 152.595013][ T8129] bridge0: port 3(erspan0) entered disabled state [ 152.625422][ T8129] device erspan0 entered promiscuous mode [ 152.653957][ T8129] bridge0: port 3(erspan0) entered blocking state [ 152.660749][ T8129] bridge0: port 3(erspan0) entered forwarding state [ 152.780733][ T4181] syz-executor (4181) used greatest stack depth: 20128 bytes left [ 152.840510][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1647'. [ 152.969474][ T8141] netlink: 'syz.3.1651': attribute type 4 has an invalid length. [ 153.352221][ T8164] loop0: detected capacity change from 0 to 1024 [ 153.403273][ T8164] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.423012][ T8164] ext4 filesystem being mounted at /307/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 153.664385][ T8153] chnl_net:caif_netlink_parms(): no params data found [ 153.685184][ T26] audit: type=1326 audit(1763299357.107:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8175 comm="syz.0.1665" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2fa3a856c9 code=0x0 [ 153.817835][ T8153] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.829769][ T8153] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.848298][ T8153] device bridge_slave_0 entered promiscuous mode [ 153.857808][ T8153] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.894264][ T8153] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.908908][ T8153] device bridge_slave_1 entered promiscuous mode [ 153.929377][ T8185] loop1: detected capacity change from 0 to 1024 [ 153.993970][ T8153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.008967][ T8185] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000003,abort,,errors=continue. Quota mode: none. [ 154.036497][ T8153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.057778][ T8185] EXT4-fs error (device loop1): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.1.1668: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 154.120796][ T8153] team0: Port device team_slave_0 added [ 154.127963][ T8185] EXT4-fs error (device loop1) in ext4_delete_inline_entry:1790: Corrupt filesystem [ 154.139255][ T8153] team0: Port device team_slave_1 added [ 154.180209][ T8153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.201288][ T8153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.227867][ T8153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.260350][ T8153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.268725][ T8153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.339034][ T8153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.440342][ T8153] device hsr_slave_0 entered promiscuous mode [ 154.469853][ T8153] device hsr_slave_1 entered promiscuous mode [ 154.484986][ T8153] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.527341][ T8153] Cannot create hsr debugfs directory [ 154.758546][ T4710] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.867832][ T4710] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.928126][ T4710] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.996829][ T4710] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.308845][ T7861] Bluetooth: hci1: command 0x0409 tx timeout [ 155.339904][ T8153] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 155.420892][ T8153] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 155.436561][ T8222] loop2: detected capacity change from 0 to 32768 [ 155.448128][ T8242] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1691'. [ 155.495169][ T8222] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1684 (8222) [ 155.509292][ T8153] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 155.521782][ T8153] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 155.570736][ T8222] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 155.589918][ T8222] BTRFS info (device loop2): turning off barriers [ 155.610473][ T8222] BTRFS info (device loop2): setting nodatasum [ 155.640920][ T8222] BTRFS info (device loop2): enabling auto defrag [ 155.692086][ T8222] BTRFS info (device loop2): disabling tree log [ 155.698361][ T8222] BTRFS info (device loop2): using free space tree [ 155.769772][ T8222] BTRFS info (device loop2): has skinny extents [ 155.877028][ T8153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.949562][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.984501][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.003214][ T8153] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.033376][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.055879][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.092504][ T4341] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.099585][ T4341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.109642][ T8222] BTRFS info (device loop2): enabling ssd optimizations [ 156.131448][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.148986][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.198470][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.228770][ T4341] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.235926][ T4341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.244579][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.254161][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.281354][ T8304] netlink: 'syz.1.1703': attribute type 4 has an invalid length. [ 156.372728][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.432848][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.480601][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.501632][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.551280][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.577663][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.592180][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.653177][ T8153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.697813][ T8153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.729610][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.741695][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.763523][ T8337] 9p: Unknown access argument a [ 157.370346][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.509500][ T4276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.679034][ T4710] device hsr_slave_0 left promiscuous mode [ 157.744747][ T8328] Bluetooth: hci1: command 0x041b tx timeout [ 157.763386][ T4710] device hsr_slave_1 left promiscuous mode [ 157.770000][ T4710] device bridge_slave_1 left promiscuous mode [ 157.788915][ T4710] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.818602][ T4710] device bridge_slave_0 left promiscuous mode [ 157.830986][ T4710] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.878409][ T8374] 9p: Unknown access argument a [ 157.895970][ T4710] device veth1_macvtap left promiscuous mode [ 157.911034][ T4710] device veth0_macvtap left promiscuous mode [ 157.918618][ T4710] device veth1_vlan left promiscuous mode [ 158.486152][ T4710] team0 (unregistering): Port device team_slave_1 removed [ 159.133999][ T4710] team0 (unregistering): Port device team_slave_0 removed [ 159.146997][ T4710] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 159.161229][ T4710] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.262547][ T4710] bond0 (unregistering): Released all slaves [ 159.320041][ T8153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.778496][ T7858] Bluetooth: hci1: command 0x040f tx timeout [ 160.017365][ T4708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.075547][ T4708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.119919][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.303944][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 160.623961][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 160.813864][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 160.849993][ T8153] device veth0_vlan entered promiscuous mode [ 160.903426][ T8153] device veth1_vlan entered promiscuous mode [ 161.048186][ T4708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.067087][ T4708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.098864][ T8153] device veth0_macvtap entered promiscuous mode [ 161.109364][ T8153] device veth1_macvtap entered promiscuous mode [ 161.185356][ T8153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.207970][ T26] audit: type=1326 audit(1763299620.624:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.244577][ T8153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.286789][ T8153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.300689][ T26] audit: type=1326 audit(1763299620.654:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.317989][ T8499] loop2: detected capacity change from 0 to 2048 [ 161.355824][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 161.375622][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 161.400741][ T26] audit: type=1326 audit(1763299620.654:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.444384][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 161.464409][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 161.478567][ T8499] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.496459][ T26] audit: type=1326 audit(1763299620.654:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.529302][ T8153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.583140][ T8153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.598946][ T26] audit: type=1326 audit(1763299620.654:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.645874][ T8153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.675710][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 161.692793][ T26] audit: type=1326 audit(1763299620.654:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.710759][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 161.744457][ T26] audit: type=1326 audit(1763299620.654:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.786320][ T8153] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.807507][ T8153] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.831661][ T8153] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.843982][ T26] audit: type=1326 audit(1763299620.654:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 161.872976][ T8326] Bluetooth: hci1: command 0x0419 tx timeout [ 161.877190][ T8153] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.934623][ T8524] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1782'. [ 161.941291][ T26] audit: type=1326 audit(1763299620.654:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 162.082174][ T4269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.090302][ T4269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.096898][ T26] audit: type=1326 audit(1763299620.654:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8493 comm="syz.0.1769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 162.155639][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 162.195373][ T4969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.222967][ T4969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.277104][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 164.971816][ T8592] netlink: 'syz.5.1800': attribute type 4 has an invalid length. [ 165.033393][ T8592] netlink: 17 bytes leftover after parsing attributes in process `syz.5.1800'. [ 167.468029][ T8665] fuse: Bad value for 'fd' [ 168.175087][ T8735] 9pnet: Insufficient options for proto=fd [ 170.815362][ T8777] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1859'. [ 173.166496][ T8868] loop2: detected capacity change from 0 to 128 [ 173.225082][ T8868] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 173.292988][ T8868] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 174.392481][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1916'. [ 174.418589][ T8933] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 174.462693][ T8933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1916'. [ 174.624431][ T8940] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1921'. [ 175.519082][ T7858] Bluetooth: hci0: command 0x0406 tx timeout [ 175.526036][ T7858] Bluetooth: hci2: command 0x0406 tx timeout [ 175.536158][ T7858] Bluetooth: hci3: command 0x0406 tx timeout [ 175.595085][ T7858] Bluetooth: hci4: command 0x0406 tx timeout [ 175.966171][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1938'. [ 176.037477][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1938'. [ 176.275473][ T9008] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 176.299568][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 176.299580][ T26] audit: type=1326 audit(1763299635.714:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.2.1945" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x0 [ 176.754419][ T9045] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 176.763098][ T9045] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 176.770519][ T9045] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 177.000901][ T8326] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 177.291225][ T8326] usb 2-1: Using ep0 maxpacket: 32 [ 177.540800][ T8326] usb 2-1: unable to get BOS descriptor or descriptor too short [ 177.630933][ T8326] usb 2-1: config 7 has an invalid interface number: 128 but max is 0 [ 177.639262][ T8326] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 177.670667][ T8326] usb 2-1: config 7 has no interface number 0 [ 177.687112][ T8326] usb 2-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping [ 177.711613][ T8326] usb 2-1: config 7 interface 128 altsetting 2 endpoint 0x87 has invalid wMaxPacketSize 0 [ 177.731883][ T8326] usb 2-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 177.777872][ T8326] usb 2-1: config 7 interface 128 has no altsetting 0 [ 177.992881][ T8326] usb 2-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 178.023682][ T8326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.036170][ T8326] usb 2-1: Product: syz [ 178.042569][ T8326] usb 2-1: Manufacturer: syz [ 178.047674][ T8326] usb 2-1: SerialNumber: syz [ 178.101146][ T9038] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 178.163283][ T9096] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1988'. [ 178.503313][ T8326] usb 2-1: MIDIStreaming interface descriptor not found [ 178.567669][ T8326] usb 2-1: USB disconnect, device number 4 [ 178.698804][ T4173] udevd[4173]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 179.975421][ T9180] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 180.033014][ T4344] Bluetooth: hci5: Frame reassembly failed (-84) [ 180.595125][ T9212] netlink: 756 bytes leftover after parsing attributes in process `syz.3.2036'. [ 180.676420][ T9218] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2037'. [ 180.686015][ T9218] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2037'. [ 180.695921][ T9218] tc_dump_action: action bad kind [ 180.803057][ T9224] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.810537][ T9224] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.876801][ T9224] device bridge_slave_1 left promiscuous mode [ 180.904735][ T9224] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.917603][ T4344] tipc: Subscription rejected, illegal request [ 180.945175][ T9224] device bridge_slave_0 left promiscuous mode [ 180.961616][ T9224] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.287871][ T9247] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2053'. [ 181.410965][ T9259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2057'. [ 181.514135][ T9265] 8021q: adding VLAN 0 to HW filter on device bond2 [ 181.522905][ T9265] bond1: (slave bond2): Enslaving as an active interface with an up link [ 181.555431][ T9259] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2057'. [ 181.567414][ T9259] 8021q: adding VLAN 0 to HW filter on device bond1 [ 181.869584][ T9284] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2067'. [ 182.010869][ T8326] Bluetooth: hci5: command 0x1003 tx timeout [ 182.017071][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 182.377608][ T26] audit: type=1326 audit(1763299641.794:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.441040][ T26] audit: type=1326 audit(1763299641.824:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.508170][ T26] audit: type=1326 audit(1763299641.824:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.575583][ T26] audit: type=1326 audit(1763299641.824:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.648705][ T26] audit: type=1326 audit(1763299641.824:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.720674][ T26] audit: type=1326 audit(1763299641.824:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.807001][ T26] audit: type=1326 audit(1763299641.824:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.850100][ T9335] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2082'. [ 182.859518][ T26] audit: type=1326 audit(1763299641.824:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.918681][ T26] audit: type=1326 audit(1763299641.824:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 182.971216][ T26] audit: type=1326 audit(1763299641.834:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.3.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 183.117919][ T9356] usb usb9: usbfs: process 9356 (syz.5.2093) did not claim interface 0 before use [ 183.519308][ T9395] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2112'. [ 184.091253][ T8326] Bluetooth: hci5: command 0x1001 tx timeout [ 184.097444][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 186.171002][ T8328] Bluetooth: hci5: command 0x1009 tx timeout [ 186.714122][ T9560] loop2: detected capacity change from 0 to 1024 [ 186.755282][ T9560] EXT4-fs (loop2): Ignoring removed orlov option [ 186.797542][ T9560] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 187.488498][ T9593] loop2: detected capacity change from 0 to 128 [ 190.383137][ T9690] netlink: 'syz.3.2192': attribute type 3 has an invalid length. [ 191.350731][ T4234] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 191.402027][ T9763] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2226'. [ 191.513200][ T9763] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 191.556407][ T9763] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 191.589433][ T9763] bond0 (unregistering): Released all slaves [ 191.595634][ T4234] usb 6-1: Using ep0 maxpacket: 8 [ 191.720866][ T4234] usb 6-1: too many endpoints for config 0 interface 0 altsetting 250: 251, using maximum allowed: 30 [ 191.740673][ T4234] usb 6-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 191.786009][ T4234] usb 6-1: config 0 interface 0 has no altsetting 0 [ 191.804549][ T4234] usb 6-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 191.844986][ T4234] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.869165][ T4234] usb 6-1: config 0 descriptor?? [ 192.220746][ T4234] usbhid 6-1:0.0: can't add hid device: -71 [ 192.226762][ T4234] usbhid: probe of 6-1:0.0 failed with error -71 [ 192.242668][ T4234] usb 6-1: USB disconnect, device number 2 [ 192.594155][ T9807] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2247'. [ 193.312274][ T9859] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 193.407338][ T9865] loop1: detected capacity change from 0 to 256 [ 193.607259][ T9875] fuse: Bad value for 'fd' [ 193.810361][ T26] kauditd_printk_skb: 32 callbacks suppressed [ 193.810376][ T26] audit: type=1326 audit(1763299653.219:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9883 comm="syz.1.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0fe24c6c9 code=0x7ffc0000 [ 193.855007][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.861343][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.891737][ T26] audit: type=1326 audit(1763299653.229:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9883 comm="syz.1.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe0fe24c6c9 code=0x7ffc0000 [ 193.916870][ T26] audit: type=1326 audit(1763299653.229:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9883 comm="syz.1.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0fe24c6c9 code=0x7ffc0000 [ 194.349071][ T9902] netlink: 4100 bytes leftover after parsing attributes in process `syz.0.2294'. [ 194.690170][ T9925] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2304'. [ 195.056883][ T9948] loop5: detected capacity change from 0 to 1024 [ 195.104772][ T9948] EXT4-fs (loop5): Ignoring removed orlov option [ 195.129869][ T9948] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 195.161716][ T26] audit: type=1804 audit(1763299654.579:94): pid=9948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2316" name="/newroot/95/bus/bus" dev="loop5" ino=18 res=1 errno=0 [ 195.331416][ T26] audit: type=1804 audit(1763299654.709:95): pid=9963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2316" name="/newroot/95/bus/bus" dev="loop5" ino=18 res=1 errno=0 [ 195.495778][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2326'. [ 195.699351][ T9987] loop1: detected capacity change from 0 to 256 [ 195.824299][ T9987] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 195.913591][ T9992] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 196.814780][T10042] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2359'. [ 196.854937][T10042] netlink: 59 bytes leftover after parsing attributes in process `syz.1.2359'. [ 196.877499][T10042] netlink: 59 bytes leftover after parsing attributes in process `syz.1.2359'. [ 197.188018][T10065] loop1: detected capacity change from 0 to 1024 [ 197.243733][T10065] EXT4-fs (loop1): Ignoring removed orlov option [ 197.260240][T10065] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 197.294918][ T26] audit: type=1804 audit(1763299656.709:96): pid=10065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2369" name="/newroot/406/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 197.375687][T10040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2358'. [ 197.410996][ T26] audit: type=1804 audit(1763299656.829:97): pid=10075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2369" name="/newroot/406/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 197.432553][T10040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2358'. [ 197.494221][T10077] netlink: 'syz.5.2374': attribute type 6 has an invalid length. [ 197.625536][T10081] 9pnet: Insufficient options for proto=fd [ 197.713687][T10087] 9pnet: Could not find request transport: f [ 197.730532][ T26] audit: type=1326 audit(1763299657.139:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10089 comm="syz.0.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 197.827705][ T26] audit: type=1326 audit(1763299657.189:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10089 comm="syz.0.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 197.843820][T10097] loop5: detected capacity change from 0 to 512 [ 197.886786][ T26] audit: type=1326 audit(1763299657.189:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10089 comm="syz.0.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fa3a856c9 code=0x7ffc0000 [ 197.976107][T10097] EXT4-fs (loop5): Test dummy encryption mode enabled [ 197.994291][T10097] EXT4-fs (loop5): Ignoring removed oldalloc option [ 198.003240][T10104] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2387'. [ 198.017829][T10097] EXT4-fs (loop5): Ignoring removed nobh option [ 198.032891][T10097] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 198.048134][T10097] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 198.086184][T10097] EXT4-fs (loop5): Remounting filesystem read-only [ 198.093630][T10097] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 198.109090][T10097] EXT4-fs (loop5): 1 truncate cleaned up [ 198.125745][T10097] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,quota,debug_want_extra_isize=0x000000000000002e,oldalloc,errors=remount-ro,nobh,. Quota mode: writeback. [ 198.129425][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2388'. [ 198.166247][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2388'. [ 199.895227][T10190] netlink: 'syz.0.2426': attribute type 1 has an invalid length. [ 199.991675][T10196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.106915][T10196] bond0: (slave batadv0): making interface the new active one [ 200.143490][T10196] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 200.168330][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2426'. [ 200.239303][T10190] bond0 (unregistering): (slave batadv0): Releasing active interface [ 200.327749][T10190] bond0 (unregistering): Released all slaves [ 200.434304][T10216] raw_sendmsg: syz.5.2438 forgot to set AF_INET. Fix it! [ 200.435590][T10215] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2437'. [ 201.820448][T10317] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 202.461726][T10369] __nla_validate_parse: 4 callbacks suppressed [ 202.461740][T10369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2508'. [ 202.546146][T10369] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.556156][T10369] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.564428][T10369] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.572776][T10369] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.622651][T10380] device team_slave_0 entered promiscuous mode [ 202.629219][T10380] device team_slave_1 entered promiscuous mode [ 202.637281][T10380] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 202.678556][T10383] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 202.921547][ T4708] Bluetooth: hci5: Frame reassembly failed (-84) [ 202.940358][T10403] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 203.194709][T10427] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2534'. [ 204.143339][T10452] loop2: detected capacity change from 0 to 512 [ 204.185522][T10454] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2544'. [ 204.224942][T10454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2544'. [ 204.239772][T10452] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 204.278237][T10452] ext4 filesystem being mounted at /467/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 204.341819][T10452] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #2: comm syz.2.2542: corrupted inode contents [ 204.371371][T10452] EXT4-fs error (device loop2): ext4_dirty_inode:6054: inode #2: comm syz.2.2542: mark_inode_dirty error [ 204.389090][T10452] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #2: comm syz.2.2542: corrupted inode contents [ 204.404369][T10452] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.2542: mark_inode_dirty error [ 204.970774][ T7858] Bluetooth: hci5: command 0x1003 tx timeout [ 204.978097][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 207.050964][ T8328] Bluetooth: hci5: command 0x1001 tx timeout [ 207.057025][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 209.140838][ T8328] Bluetooth: hci5: command 0x1009 tx timeout [ 213.354180][T10505] overlayfs: failed to clone upperpath [ 213.711016][T10538] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2580'. [ 213.738131][T10538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2580'. [ 213.875692][T10552] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 214.424235][T10591] loop5: detected capacity change from 0 to 4096 [ 214.554307][T10591] EXT4-fs (loop5): Test dummy encryption mode enabled [ 214.661932][T10605] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.136244][T10612] device veth0 entered promiscuous mode [ 215.217991][T10612] bond1: (slave macvlan2): making interface the new active one [ 215.312402][T10591] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption=v1,dioread_nolock,,errors=continue. Quota mode: writeback. [ 215.345167][T10612] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 215.358191][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 215.520578][T10623] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2615'. [ 215.683105][T10636] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 215.887329][T10651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'. [ 216.439409][T10674] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 217.534534][T10707] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 217.563191][T10707] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 217.777720][T10718] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 218.980444][T10763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2675'. [ 219.413752][T10797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2690'. [ 219.540478][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 219.540533][ T26] audit: type=1326 audit(1763299678.956:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.2.2685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x7ffc0000 [ 220.127292][ T26] audit: type=1326 audit(1763299678.956:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.2.2685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x7ffc0000 [ 220.163191][ T26] audit: type=1326 audit(1763299678.956:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.2.2685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f182820b6c9 code=0x7ffc0000 [ 220.289295][ T26] audit: type=1326 audit(1763299678.956:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.2.2685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x7ffc0000 [ 220.312180][ T26] audit: type=1326 audit(1763299678.956:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.2.2685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182820b6c9 code=0x7ffc0000 [ 223.138701][ T26] audit: type=1326 audit(1763299682.556:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10907 comm="syz.1.2742" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe0fe24c6c9 code=0x0 [ 223.442947][T10931] loop2: detected capacity change from 0 to 1024 [ 223.515315][T10931] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 223.530923][T10931] ext4 filesystem being mounted at /513/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.545877][T10931] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.2754: inode has both inline data and extents flags [ 223.715707][T10953] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2761'. [ 223.825208][T10961] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2766'. [ 224.349215][ T6450] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.365135][T11008] loop2: detected capacity change from 0 to 128 [ 224.415418][T11008] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 224.428006][T11008] ext4 filesystem being mounted at /519/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 224.430116][ T6450] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.547994][ T6450] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.561703][ T4230] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 224.562878][T11022] netlink: 'syz.3.2792': attribute type 13 has an invalid length. [ 224.810759][ T4230] usb 6-1: Using ep0 maxpacket: 8 [ 224.842909][T11037] xt_CT: You must specify a L4 protocol and not use inversions on it [ 224.931912][ T4230] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 224.953364][ T4230] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 224.982191][ T4230] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 225.020109][ T4230] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 225.050730][ T4230] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 225.070079][ T4230] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.380777][ T4230] usb 6-1: GET_CAPABILITIES returned 0 [ 225.386393][ T4230] usbtmc 6-1:16.0: can't read capabilities [ 226.049347][T11022] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.059260][T11022] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.068176][T11022] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.077176][T11022] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.329095][ T6450] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.339857][T11064] usb 6-1: USB disconnect, device number 3 [ 226.487273][T11022] syz.3.2792 (11022) used greatest stack depth: 19904 bytes left [ 227.020013][T11054] chnl_net:caif_netlink_parms(): no params data found [ 227.336778][T11054] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.357295][T11054] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.363452][T11089] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2822'. [ 227.389348][T11089] unsupported nlmsg_type 40 [ 227.391360][T11054] device bridge_slave_0 entered promiscuous mode [ 227.423178][ T6450] bridge0: port 3(erspan0) entered disabled state [ 227.432421][ T6450] device erspan0 left promiscuous mode [ 227.438051][ T6450] bridge0: port 3(erspan0) entered disabled state [ 227.451165][ T8328] Bluetooth: hci0: command 0x0409 tx timeout [ 227.490659][T11054] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.497836][T11054] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.541729][T11054] device bridge_slave_1 entered promiscuous mode [ 227.624355][T11054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.643886][T11159] cgroup: Name too long [ 227.676051][T11054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.809051][T11054] team0: Port device team_slave_0 added [ 227.846323][T11054] team0: Port device team_slave_1 added [ 227.946508][T11181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2855'. [ 227.958841][T11054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.966877][T11054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.049680][T11054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.095992][T11054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.116553][T11054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.208112][T11054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.309533][ T6450] device hsr_slave_0 left promiscuous mode [ 228.316010][ T6450] device hsr_slave_1 left promiscuous mode [ 228.350266][ T6450] device bridge_slave_1 left promiscuous mode [ 228.367571][ T6450] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.389579][ T6450] device bridge_slave_0 left promiscuous mode [ 228.425844][ T6450] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.467146][ T6450] device veth1_macvtap left promiscuous mode [ 228.474100][ T6450] device veth0_macvtap left promiscuous mode [ 228.480158][ T6450] device veth1_vlan left promiscuous mode [ 228.489363][ T6450] device veth0_vlan left promiscuous mode [ 228.651655][ T6450] bond1 (unregistering): Released all slaves [ 228.788760][T11238] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2876'. [ 228.837716][ T6450] team0 (unregistering): Port device team_slave_1 removed [ 228.868301][ T6450] team0 (unregistering): Port device team_slave_0 removed [ 228.894601][ T6450] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.924130][ T6450] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.988513][ T26] audit: type=1326 audit(1763299688.406:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.038855][ T6450] bond0 (unregistering): Released all slaves [ 229.039942][ T26] audit: type=1326 audit(1763299688.406:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.074134][ T26] audit: type=1326 audit(1763299688.406:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.100402][ T26] audit: type=1326 audit(1763299688.406:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.132350][ T26] audit: type=1326 audit(1763299688.406:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.155391][ T26] audit: type=1326 audit(1763299688.406:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.178300][ T26] audit: type=1326 audit(1763299688.406:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.203157][ T26] audit: type=1326 audit(1763299688.406:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.229985][ T26] audit: type=1326 audit(1763299688.406:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.307081][ T26] audit: type=1326 audit(1763299688.406:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f05916c9 code=0x7ffc0000 [ 229.385212][T11054] device hsr_slave_0 entered promiscuous mode [ 229.413879][T11054] device hsr_slave_1 entered promiscuous mode [ 229.531287][ T8326] Bluetooth: hci0: command 0x041b tx timeout [ 229.600792][T11272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2902'. [ 229.609724][T11272] device bridge_slave_1 left promiscuous mode [ 229.634585][T11272] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.652025][T11272] device bridge_slave_0 left promiscuous mode [ 229.658442][T11272] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.966987][T11054] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 230.015344][T11054] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 230.048632][T11054] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 230.121009][T11054] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 230.207951][T11308] loop2: detected capacity change from 0 to 1024 [ 230.318110][T11320] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2910'. [ 230.379658][T11308] EXT4-fs (loop2): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000002,nombcache,,errors=continue. Quota mode: none. [ 230.402717][T11308] ext4 filesystem being mounted at /540/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 230.550764][T11054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.600038][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.624438][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 230.636650][T11054] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.705590][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.719882][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.751654][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.758750][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.791933][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.856233][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.895307][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.929657][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.936779][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.999137][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.008287][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.046017][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.072089][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.091645][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.130770][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.161133][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 231.187527][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 231.211242][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.236129][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 231.264809][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 231.290289][T11054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 231.478845][T11376] xt_CT: No such helper "pptp" [ 231.611052][ T7859] Bluetooth: hci0: command 0x040f tx timeout [ 231.704203][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.729496][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.760420][T11054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.042434][T11417] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2940'. [ 232.220087][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 232.238965][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 232.300807][ T4293] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 232.311801][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 232.326099][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 232.346650][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 232.365817][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 232.391964][T11054] device veth0_vlan entered promiscuous mode [ 232.423728][T11054] device veth1_vlan entered promiscuous mode [ 232.485147][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 232.519418][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 232.555821][T11054] device veth0_macvtap entered promiscuous mode [ 232.562184][ T4293] usb 3-1: Using ep0 maxpacket: 8 [ 232.614139][T11054] device veth1_macvtap entered promiscuous mode [ 232.664406][T11054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.691745][ T4293] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 232.704908][ T4293] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 232.713557][T11054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.734075][ T4293] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 232.745306][T11054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.757381][ T4293] usb 3-1: config 250 has no interface number 0 [ 232.764326][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 232.770812][ T4293] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 232.780266][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 232.783559][ T4293] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 232.805930][ T4293] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 232.818046][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 232.826530][ T4293] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 232.839025][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 232.847067][ T4293] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 232.872291][T11054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.897847][T11054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.907770][ T4293] usb 3-1: config 250 interface 228 has no altsetting 0 [ 232.951900][T11054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.962251][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 232.999888][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 233.035964][T11054] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.061180][ T4293] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 233.070262][ T4293] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 233.078659][T11054] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.100317][T11054] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.109139][ T4293] usb 3-1: Product: syz [ 233.116997][ T4293] usb 3-1: SerialNumber: syz [ 233.123513][T11054] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.201794][ T4293] hub 3-1:250.228: bad descriptor, ignoring hub [ 233.208105][ T4293] hub: probe of 3-1:250.228 failed with error -5 [ 233.267810][T11461] TCP: TCP_TX_DELAY enabled [ 233.321168][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.362205][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.416331][ T4710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.425547][ T4293] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 233.438913][ T4710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.443410][T11468] binder: Bad value for 'max' [ 233.454651][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 233.477268][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 233.733573][ T4293] usb 3-1: reset high-speed USB device number 3 using dummy_hcd [ 233.735019][ T7859] Bluetooth: hci0: command 0x0419 tx timeout [ 233.999864][T11496] device syzkaller0 entered promiscuous mode [ 234.721757][T11555] tmpfs: Bad value for 'huge' [ 234.998275][T11576] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2990'. [ 235.503904][ T4293] usb 3-1: USB disconnect, device number 3 [ 235.532053][ T4293] usblp0: removed [ 236.196852][T11652] netlink: 'syz.2.3018': attribute type 6 has an invalid length. [ 237.970181][T11717] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3042'. [ 238.024846][T11718] netlink: 452 bytes leftover after parsing attributes in process `syz.3.3042'. [ 238.485107][T11745] netlink: 'syz.2.3051': attribute type 1 has an invalid length. [ 238.506623][T11748] overlayfs: failed to clone lowerpath [ 238.532412][T11745] 8021q: adding VLAN 0 to HW filter on device bond1 [ 238.603999][T11751] 8021q: adding VLAN 0 to HW filter on device bond1 [ 238.686632][T11751] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 238.714287][T11751] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 238.766251][T11745] bond1: (slave vlan2): Enslaving as an active interface with a down link [ 239.095364][T11783] loop2: detected capacity change from 0 to 128 [ 239.195707][T11787] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3065'. [ 239.233392][T11783] FAT-fs (loop2): Directory bread(block 414) failed [ 239.244709][T11783] FAT-fs (loop2): Directory bread(block 415) failed [ 239.258688][T11787] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3065'. [ 239.282282][T11783] FAT-fs (loop2): Directory bread(block 416) failed [ 239.288907][T11783] FAT-fs (loop2): Directory bread(block 417) failed [ 239.299854][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3065'. [ 239.310424][T11783] FAT-fs (loop2): Directory bread(block 418) failed [ 239.321161][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3065'. [ 239.330331][T11783] FAT-fs (loop2): Directory bread(block 419) failed [ 239.355431][T11783] FAT-fs (loop2): Directory bread(block 420) failed [ 239.370677][T11783] FAT-fs (loop2): Directory bread(block 421) failed [ 239.800267][T11818] capability: warning: `syz.3.3080' uses 32-bit capabilities (legacy support in use) [ 241.321551][T11870] netlink: 120 bytes leftover after parsing attributes in process `syz.5.3103'. [ 241.497222][T11883] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3110'. [ 242.017952][T11933] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3127'. [ 242.109787][T11936] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3129'. [ 242.964340][T11950] netlink: 172 bytes leftover after parsing attributes in process `syz.5.3134'. [ 242.998127][T11949] tc_dump_action: action bad kind [ 243.030926][T11956] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3135'. [ 243.871002][T12012] 9pnet: Could not find request transport: 0xffffffffffffffff [ 245.297584][T12093] loop6: detected capacity change from 0 to 32768 [ 245.784275][T12093] XFS (loop6): Mounting V5 Filesystem [ 246.387753][T12093] XFS (loop6): Ending clean mount [ 246.484261][T12093] XFS (loop6): Quotacheck needed: Please wait. [ 247.094771][T12093] XFS (loop6): Quotacheck: Done. [ 247.151914][T12162] netlink: 628 bytes leftover after parsing attributes in process `syz.5.3216'. [ 247.219326][T12167] overlayfs: failed to clone upperpath [ 247.437526][T11054] XFS (loop6): Unmounting Filesystem [ 247.940545][T12212] overlayfs: failed to clone lowerpath [ 248.401377][T12241] cgroup: subsys name conflicts with all [ 248.563638][ T4293] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 248.981036][ T4293] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 248.994211][ T4293] usb 6-1: config 0 has no interface number 0 [ 249.015877][ T4293] usb 6-1: config 0 interface 41 has no altsetting 0 [ 249.210873][ T4293] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 249.223315][ T4293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.252458][ T4293] usb 6-1: Product: syz [ 249.262325][ T4293] usb 6-1: Manufacturer: syz [ 249.271659][ T4293] usb 6-1: SerialNumber: syz [ 249.294701][ T4293] usb 6-1: config 0 descriptor?? [ 250.600738][ T4293] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 250.620696][ T4293] CoreChips: probe of 6-1:0.41 failed with error -71 [ 250.643298][ T4293] usb 6-1: USB disconnect, device number 4 [ 250.658265][T12324] netlink: 528 bytes leftover after parsing attributes in process `syz.6.3272'. [ 251.086175][ T5531] tipc: Subscription rejected, illegal request [ 251.255985][T12370] loop5: detected capacity change from 0 to 512 [ 251.311569][T12370] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 251.338460][T12370] EXT4-fs (loop5): inline encryption not supported [ 251.384142][T12370] EXT4-fs (loop5): Test dummy encryption mode enabled [ 251.428277][T12370] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 251.465853][T12370] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 251.536120][T12370] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 251.559117][T12370] System zones: 1-12 [ 251.593922][T12370] EXT4-fs (loop5): 1 truncate cleaned up [ 251.601119][T12370] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,,errors=continue. Quota mode: none. [ 253.165455][T12435] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 253.343156][T12451] x_tables: duplicate underflow at hook 1 [ 253.472372][T12455] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3322'. [ 253.473100][T12458] binder: Bad value for 'stats' [ 253.623540][T12468] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 254.528352][T12534] netlink: 'syz.5.3348': attribute type 15 has an invalid length. [ 254.545655][T12534] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3348'. [ 254.844904][T12557] binder: 12556:12557 ioctl c0306201 200000000100 returned -14 [ 255.303451][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.309758][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.316048][T12597] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3369'. [ 255.947161][T12648] device syzkaller0 entered promiscuous mode [ 256.154187][T12662] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3396'. [ 256.186944][T12662] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3396'. [ 257.539523][T12701] overlayfs: failed to clone lowerpath [ 257.602153][ T4341] tipc: Subscription rejected, illegal request [ 258.412546][T12754] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3439'. [ 258.585661][T12727] fuse: Bad value for 'fd' [ 258.980540][T12780] netlink: 'syz.3.3450': attribute type 1 has an invalid length. [ 259.873755][T12828] cgroup: Unknown subsys name 'audit' [ 259.943361][T12830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3473'. [ 259.950761][ T8326] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 260.200639][ T8326] usb 7-1: Using ep0 maxpacket: 16 [ 260.321974][ T8326] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.340680][ T8326] usb 7-1: config 0 has no interfaces? [ 260.350967][ T8326] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 260.361486][ T8326] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.376542][ T8326] usb 7-1: config 0 descriptor?? [ 260.627793][T12818] udc-core: couldn't find an available UDC or it's busy [ 260.658562][T12818] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 260.689357][ T7859] usb 7-1: USB disconnect, device number 2 [ 262.266343][T12945] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3529'. [ 263.419617][T12966] loop6: detected capacity change from 0 to 512 [ 263.485990][T12966] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 263.539618][T12971] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3537'. [ 263.554003][T12972] loop2: detected capacity change from 0 to 512 [ 263.585424][T12966] EXT4-fs (loop6): 1 truncate cleaned up [ 263.601206][T12966] EXT4-fs (loop6): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 263.713853][T12972] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3538: inode has both inline data and extents flags [ 263.823083][T12972] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3538: couldn't read orphan inode 15 (err -117) [ 263.903671][T12972] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 264.550292][T13017] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3561'. [ 265.491500][T13086] netlink: 'syz.3.3591': attribute type 12 has an invalid length. [ 265.739139][T13101] overlayfs: failed to clone lowerpath [ 265.814447][T13105] loop5: detected capacity change from 0 to 2048 [ 265.890311][T13105] loop5: p1 < > p4 < > [ 266.078092][T10480] udevd[10480]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 266.096712][T10606] udevd[10606]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 266.171952][T13119] overlayfs: filesystem on './file0' not supported as upperdir [ 266.339850][T13127] netlink: 'syz.3.3610': attribute type 4 has an invalid length. [ 266.422299][T13131] wireguard: wg2: Could not create IPv4 socket [ 267.383699][T13195] netlink: 'syz.6.3641': attribute type 4 has an invalid length. [ 267.957753][T13239] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 267.957753][T13239] The task syz.6.3654 (13239) triggered the difference, watch for misbehavior. [ 268.340089][T13263] netlink: 'syz.0.3672': attribute type 4 has an invalid length. [ 268.835284][T13284] loop5: detected capacity change from 0 to 512 [ 268.934179][T13284] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.3679: inode has both inline data and extents flags [ 268.959630][T13284] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.3679: couldn't read orphan inode 15 (err -117) [ 268.980395][T13284] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 271.227570][T13374] loop2: detected capacity change from 0 to 512 [ 271.353971][T13374] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 271.454734][T13374] EXT4-fs (loop2): 1 truncate cleaned up [ 271.461863][T13374] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none. [ 272.020758][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 272.020773][ T26] audit: type=1800 audit(1763299731.344:152): pid=13374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3718" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 273.895950][T13487] ------------[ cut here ]------------ [ 273.920287][T13487] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 273.952806][T13487] WARNING: CPU: 1 PID: 13487 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550 [ 273.982150][T13487] Modules linked in: [ 274.017684][T13487] CPU: 1 PID: 13487 Comm: syz.3.3768 Not tainted syzkaller #0 [ 274.048299][T13487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 274.080769][T13487] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 274.100676][T13487] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 274.120998][T13487] RSP: 0018:ffffc9000397f248 EFLAGS: 00010246 [ 274.127097][T13487] RAX: d706e2b83ed47200 RBX: 0000000000400000 RCX: 0000000000080000 [ 274.135661][T13487] RDX: ffffc90006211000 RSI: 000000000000698e RDI: 000000000000698f [ 274.144038][T13487] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0 [ 274.153724][T13487] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff88805f838000 [ 274.161888][T13487] R13: ffff88805f839290 R14: ffff888026940da0 R15: ffff88805f83a298 [ 274.169872][T13487] FS: 00007fc8ee7f86c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 274.181950][T13487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 274.188550][T13487] CR2: 00007f2fa3ca72f8 CR3: 0000000024653000 CR4: 00000000003506f0 [ 274.197357][T13487] DR0: 000000000000000a DR1: 0000000000000000 DR2: 0000000000000000 [ 274.207494][T13487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 274.216240][T13487] Call Trace: [ 274.219526][T13487] [ 274.223841][T13487] ? netif_carrier_off+0x1/0xc0 [ 274.228697][T13487] ieee80211_ocb_leave+0x26f/0x320 [ 274.234757][T13487] __cfg80211_leave_ocb+0x219/0x3f0 [ 274.239971][T13487] cfg80211_leave_ocb+0x53/0x70 [ 274.246198][T13487] cfg80211_change_iface+0x4f1/0xeb0 [ 274.256541][T13487] nl80211_set_interface+0x598/0x7d0 [ 274.263196][T13487] ? nl80211_dump_interface+0x5c0/0x5c0 [ 274.268743][T13487] ? mutex_lock_nested+0x17/0x20 [ 274.274535][T13487] genl_rcv_msg+0xbc6/0xf40 [ 274.279049][T13487] ? genl_bind+0x370/0x370 [ 274.285631][T13487] ? verify_lock_unused+0x140/0x140 [ 274.291603][T13487] ? verify_lock_unused+0x140/0x140 [ 274.296819][T13487] ? nl80211_dump_interface+0x5c0/0x5c0 [ 274.303824][T13487] netlink_rcv_skb+0x1e0/0x430 [ 274.308587][T13487] ? genl_bind+0x370/0x370 [ 274.314474][T13487] ? netlink_ack+0xb60/0xb60 [ 274.319068][T13487] ? __lock_acquire+0x7c60/0x7c60 [ 274.325611][T13487] ? preempt_count_add+0x8d/0x190 [ 274.331529][T13487] ? down_read+0x1aa/0x2e0 [ 274.335958][T13487] genl_rcv+0x24/0x40 [ 274.339930][T13487] netlink_unicast+0x774/0x920 [ 274.348272][T13487] netlink_sendmsg+0x8ab/0xbc0 [ 274.353900][T13487] ? netlink_getsockopt+0x560/0x560 [ 274.359099][T13487] ? aa_sock_msg_perm+0x94/0x150 [ 274.365420][T13487] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 274.371486][T13487] ? security_socket_sendmsg+0x7c/0xa0 [ 274.376942][T13487] ? netlink_getsockopt+0x560/0x560 [ 274.384443][T13487] ____sys_sendmsg+0x5a2/0x8c0 [ 274.389233][T13487] ? memset+0x1e/0x40 [ 274.393303][T13487] ? __sys_sendmsg_sock+0x30/0x30 [ 274.398350][T13487] ? import_iovec+0x6f/0xa0 [ 274.402943][T13487] ___sys_sendmsg+0x1f0/0x260 [ 274.407648][T13487] ? __sys_sendmsg+0x250/0x250 [ 274.412484][T13487] ? sock_do_ioctl+0x27c/0x2f0 [ 274.417275][T13487] ? __fdget+0x18b/0x210 [ 274.422446][T13487] __se_sys_sendmsg+0x190/0x250 [ 274.427303][T13487] ? __x64_sys_sendmsg+0x80/0x80 [ 274.432294][T13487] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 274.438296][T13487] ? lockdep_hardirqs_on+0x94/0x140 [ 274.443531][T13487] do_syscall_64+0x4c/0xa0 [ 274.447958][T13487] ? clear_bhb_loop+0x30/0x80 [ 274.452702][T13487] ? clear_bhb_loop+0x30/0x80 [ 274.457388][T13487] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 274.463308][T13487] RIP: 0033:0x7fc8f05916c9 [ 274.467732][T13487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.488106][T13487] RSP: 002b:00007fc8ee7f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 274.496716][T13487] RAX: ffffffffffffffda RBX: 00007fc8f07e7fa0 RCX: 00007fc8f05916c9 [ 274.504843][T13487] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 274.512881][T13487] RBP: 00007fc8f0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 274.520897][T13487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.528892][T13487] R13: 00007fc8f07e8038 R14: 00007fc8f07e7fa0 R15: 00007ffe6f498878 [ 274.537706][T13487] [ 274.540823][T13487] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 274.548116][T13487] CPU: 0 PID: 13487 Comm: syz.3.3768 Not tainted syzkaller #0 [ 274.555574][T13487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 274.565655][T13487] Call Trace: [ 274.568934][T13487] [ 274.571864][T13487] dump_stack_lvl+0x168/0x230 [ 274.576535][T13487] ? show_regs_print_info+0x20/0x20 [ 274.581725][T13487] ? load_image+0x3b0/0x3b0 [ 274.586226][T13487] panic+0x2c9/0x7f0 [ 274.590115][T13487] ? bpf_jit_dump+0xd0/0xd0 [ 274.594613][T13487] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 274.601027][T13487] __warn+0x248/0x2b0 [ 274.605020][T13487] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 274.611440][T13487] report_bug+0x1b7/0x2e0 [ 274.615768][T13487] handle_bug+0x3a/0x70 [ 274.619914][T13487] exc_invalid_op+0x16/0x40 [ 274.624406][T13487] asm_exc_invalid_op+0x16/0x20 [ 274.629248][T13487] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550 [ 274.636266][T13487] Code: 7d 8d f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 40 14 19 8b 4c 89 e6 89 ea e8 95 f1 6f 00 <0f> 0b e9 07 fd ff ff e8 a9 15 49 f8 0f 0b e9 b1 fe ff ff e8 9d 15 [ 274.655859][T13487] RSP: 0018:ffffc9000397f248 EFLAGS: 00010246 [ 274.661915][T13487] RAX: d706e2b83ed47200 RBX: 0000000000400000 RCX: 0000000000080000 [ 274.669882][T13487] RDX: ffffc90006211000 RSI: 000000000000698e RDI: 000000000000698f [ 274.677840][T13487] RBP: 0000000000000004 R08: dffffc0000000000 R09: ffffed10172267b0 [ 274.685827][T13487] R10: ffffed10172267b0 R11: 1ffff110172267af R12: ffff88805f838000 [ 274.693795][T13487] R13: ffff88805f839290 R14: ffff888026940da0 R15: ffff88805f83a298 [ 274.701789][T13487] ? ieee80211_bss_info_change_notify+0x37b/0x550 [ 274.708215][T13487] ? netif_carrier_off+0x1/0xc0 [ 274.713077][T13487] ieee80211_ocb_leave+0x26f/0x320 [ 274.718203][T13487] __cfg80211_leave_ocb+0x219/0x3f0 [ 274.723420][T13487] cfg80211_leave_ocb+0x53/0x70 [ 274.728289][T13487] cfg80211_change_iface+0x4f1/0xeb0 [ 274.733573][T13487] nl80211_set_interface+0x598/0x7d0 [ 274.738853][T13487] ? nl80211_dump_interface+0x5c0/0x5c0 [ 274.744391][T13487] ? mutex_lock_nested+0x17/0x20 [ 274.749324][T13487] genl_rcv_msg+0xbc6/0xf40 [ 274.753841][T13487] ? genl_bind+0x370/0x370 [ 274.758294][T13487] ? verify_lock_unused+0x140/0x140 [ 274.763507][T13487] ? verify_lock_unused+0x140/0x140 [ 274.768743][T13487] ? nl80211_dump_interface+0x5c0/0x5c0 [ 274.774288][T13487] netlink_rcv_skb+0x1e0/0x430 [ 274.779046][T13487] ? genl_bind+0x370/0x370 [ 274.783451][T13487] ? netlink_ack+0xb60/0xb60 [ 274.788030][T13487] ? __lock_acquire+0x7c60/0x7c60 [ 274.793053][T13487] ? preempt_count_add+0x8d/0x190 [ 274.798080][T13487] ? down_read+0x1aa/0x2e0 [ 274.802485][T13487] genl_rcv+0x24/0x40 [ 274.806463][T13487] netlink_unicast+0x774/0x920 [ 274.811223][T13487] netlink_sendmsg+0x8ab/0xbc0 [ 274.815978][T13487] ? netlink_getsockopt+0x560/0x560 [ 274.821167][T13487] ? aa_sock_msg_perm+0x94/0x150 [ 274.826125][T13487] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 274.831408][T13487] ? security_socket_sendmsg+0x7c/0xa0 [ 274.836868][T13487] ? netlink_getsockopt+0x560/0x560 [ 274.842078][T13487] ____sys_sendmsg+0x5a2/0x8c0 [ 274.846838][T13487] ? memset+0x1e/0x40 [ 274.850812][T13487] ? __sys_sendmsg_sock+0x30/0x30 [ 274.855833][T13487] ? import_iovec+0x6f/0xa0 [ 274.860328][T13487] ___sys_sendmsg+0x1f0/0x260 [ 274.865000][T13487] ? __sys_sendmsg+0x250/0x250 [ 274.869765][T13487] ? sock_do_ioctl+0x27c/0x2f0 [ 274.874547][T13487] ? __fdget+0x18b/0x210 [ 274.878800][T13487] __se_sys_sendmsg+0x190/0x250 [ 274.883646][T13487] ? __x64_sys_sendmsg+0x80/0x80 [ 274.888573][T13487] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 274.894557][T13487] ? lockdep_hardirqs_on+0x94/0x140 [ 274.899748][T13487] do_syscall_64+0x4c/0xa0 [ 274.904150][T13487] ? clear_bhb_loop+0x30/0x80 [ 274.908823][T13487] ? clear_bhb_loop+0x30/0x80 [ 274.913514][T13487] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 274.919397][T13487] RIP: 0033:0x7fc8f05916c9 [ 274.923805][T13487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.943416][T13487] RSP: 002b:00007fc8ee7f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 274.951830][T13487] RAX: ffffffffffffffda RBX: 00007fc8f07e7fa0 RCX: 00007fc8f05916c9 [ 274.959793][T13487] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 274.967749][T13487] RBP: 00007fc8f0613f91 R08: 0000000000000000 R09: 0000000000000000 [ 274.975716][T13487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.983684][T13487] R13: 00007fc8f07e8038 R14: 00007fc8f07e7fa0 R15: 00007ffe6f498878 [ 274.991690][T13487] [ 274.994975][T13487] Kernel Offset: disabled [ 274.999583][T13487] Rebooting in 86400 seconds..