last executing test programs: 4.952235142s ago: executing program 1 (id=2): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB="540304"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x20, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 3.532410762s ago: executing program 0 (id=6): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f00000002c0)=0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) ioctl$TCSETSW2(r1, 0x5408, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r2, 0x3, 0xff39, 0x3) 3.090636274s ago: executing program 0 (id=7): openat$iommufd(0xffffffffffffff9c, 0x0, 0x774abb1dc22a86b4, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x42, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000bc0)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a3193f93b5e3e40cff645d93afca045741f99af1cba5b3b6dd6c2", 0x108}], 0x1}}], 0x1, 0x4000001) r1 = dup(r0) read$FUSE(r1, &(0x7f0000003680)={0x2020}, 0x2020) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) pselect6(0x40, &(0x7f0000000600)={0x0, 0x10000000000000}, 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0) 3.065393172s ago: executing program 3 (id=4): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) syz_io_uring_submit(r3, r4, &(0x7f0000000480)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, 0x0, 0x64, 0x183000, 0x23456}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.704735388s ago: executing program 0 (id=8): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x774abb1dc22a86b4, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x42, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000bc0)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a3193f93b5e3e40cff645d93afca045741f99af1cba5b3b6dd6c2", 0x108}], 0x1}}], 0x1, 0x4000001) r1 = dup(r0) shutdown(r1, 0x1) 2.462328042s ago: executing program 0 (id=9): openat$iommufd(0xffffffffffffff9c, 0x0, 0x774abb1dc22a86b4, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000bc0)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a3193f93b5e3e40cff645d93afca045741f99af1cba5b3b6dd6c2", 0x108}], 0x1}}], 0x1, 0x4000001) dup(r0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) pselect6(0x40, &(0x7f0000000600)={0x0, 0x10000000000000}, 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0) 2.222455853s ago: executing program 0 (id=10): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmsg$alg(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(r3, &(0x7f0000000600), 0xfec8) recvmmsg(r3, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140), 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0xfffffffffffffe63, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 1.80245181s ago: executing program 2 (id=3): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f00000002c0)=0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r1, 0x3, 0xff39, 0x3) 1.759369807s ago: executing program 3 (id=11): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000004000000000000000000000300000000030000000300000000000101010000000000000800000000010000000100000506000000010000000200000000000000005f"], 0x0, 0x58, 0x0, 0xa}, 0x28) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}], 0x0, 0x1}, 0x20) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) r6 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000001840)={r7, @in6={{0xa, 0x4e22, 0x1, @private1, 0x4}}}, 0x84) 346.363342ms ago: executing program 0 (id=12): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f00000001c0)={0x24, 0x14, 0x105, 0x70bc2a, 0x2ddfdb7b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "053e3e71ed07348ace"}]}, 0x24}, 0x1, 0x0, 0x0, 0x8086}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r4 = fsopen(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x0, 0xe, 0x60a00, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, r1, 0x4, 0x5, 0x4, 0x7}, 0x50) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 126.184338ms ago: executing program 1 (id=13): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000380)="948b6d931664c79071e43238a2d7bc7f0457697653fc9b6305c3ea178d91cf38e70fda3ba08238100b20ee4583aa0ff9efcd6f43d692e9bd7a2ceb2b95517d992d80adc01ecca9e32ced12da431595e80ede9a509a699b49ee3e8315e5add06b9cfd8057b2e096140ec1800a11171bccaa1cb7b8eda692682af1dace81e8555306232b19f27a706411d8b77fe6e9438e5d63851700c310fbdfb04900e53077f7a8a71a0b844aa0b52209398dcd22fc20bc112c1f", 0xb4, 0x4004051, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1801, 0x4) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 0s ago: executing program 3 (id=14): r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[], 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000080)=@v2={0x2, @adiantum, 0x3, '\x00', @b}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts. [ 82.641535][ T5849] cgroup: Unknown subsys name 'net' [ 82.748844][ T5849] cgroup: Unknown subsys name 'cpuset' [ 82.758408][ T5849] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.429791][ T5849] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.288988][ T5864] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.297503][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.305362][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.313544][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.315974][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.321567][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.336109][ T5865] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.343862][ T5865] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.355215][ T5865] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.369998][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.391845][ T5865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.412588][ T5865] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.425031][ T5865] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.427009][ T5182] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.440935][ T5182] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.449475][ T5182] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.457825][ T5182] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.469373][ T5182] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.477727][ T5182] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.478426][ T5865] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.490179][ T5182] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.508139][ T5182] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.516177][ T5182] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.524238][ T5182] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.532864][ T5182] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.207944][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 88.332646][ T5870] chnl_net:caif_netlink_parms(): no params data found [ 88.426664][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 88.522046][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 88.534270][ T5869] chnl_net:caif_netlink_parms(): no params data found [ 88.590201][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.597536][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.605226][ T5870] bridge_slave_0: entered allmulticast mode [ 88.613283][ T5870] bridge_slave_0: entered promiscuous mode [ 88.673626][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.680907][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.688574][ T5870] bridge_slave_1: entered allmulticast mode [ 88.696394][ T5870] bridge_slave_1: entered promiscuous mode [ 88.703573][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.710954][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.718366][ T5859] bridge_slave_0: entered allmulticast mode [ 88.726832][ T5859] bridge_slave_0: entered promiscuous mode [ 88.773160][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.780453][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.787774][ T5859] bridge_slave_1: entered allmulticast mode [ 88.795819][ T5859] bridge_slave_1: entered promiscuous mode [ 88.880570][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.887941][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.895473][ T5868] bridge_slave_0: entered allmulticast mode [ 88.902702][ T5868] bridge_slave_0: entered promiscuous mode [ 88.926529][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.939668][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.963273][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.970757][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.978100][ T5868] bridge_slave_1: entered allmulticast mode [ 88.986119][ T5868] bridge_slave_1: entered promiscuous mode [ 89.042981][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.057575][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.111644][ T5870] team0: Port device team_slave_0 added [ 89.161830][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.169414][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.177206][ T5860] bridge_slave_0: entered allmulticast mode [ 89.184567][ T5860] bridge_slave_0: entered promiscuous mode [ 89.193549][ T5870] team0: Port device team_slave_1 added [ 89.230246][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.243176][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.252798][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.260615][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.268042][ T5869] bridge_slave_0: entered allmulticast mode [ 89.275786][ T5869] bridge_slave_0: entered promiscuous mode [ 89.283298][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.291216][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.298717][ T5860] bridge_slave_1: entered allmulticast mode [ 89.306714][ T5860] bridge_slave_1: entered promiscuous mode [ 89.328440][ T5859] team0: Port device team_slave_0 added [ 89.336342][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.343316][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.369310][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.393852][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.401177][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.408529][ T5869] bridge_slave_1: entered allmulticast mode [ 89.415417][ T53] Bluetooth: hci1: command tx timeout [ 89.421329][ T53] Bluetooth: hci0: command tx timeout [ 89.428764][ T5869] bridge_slave_1: entered promiscuous mode [ 89.464745][ T5859] team0: Port device team_slave_1 added [ 89.471424][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.478826][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.504815][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.515055][ T53] Bluetooth: hci2: command tx timeout [ 89.584659][ T53] Bluetooth: hci4: command tx timeout [ 89.584837][ T5182] Bluetooth: hci3: command tx timeout [ 89.601346][ T5868] team0: Port device team_slave_0 added [ 89.610271][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.622011][ T5868] team0: Port device team_slave_1 added [ 89.630567][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.653683][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.660992][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.687291][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.701536][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.756187][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.768210][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.776085][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.802231][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.827636][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.834873][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.860896][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.921649][ T5869] team0: Port device team_slave_0 added [ 89.931306][ T5869] team0: Port device team_slave_1 added [ 89.938285][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.945382][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.972024][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.040291][ T5859] hsr_slave_0: entered promiscuous mode [ 90.047358][ T5859] hsr_slave_1: entered promiscuous mode [ 90.093019][ T5860] team0: Port device team_slave_0 added [ 90.104792][ T5870] hsr_slave_0: entered promiscuous mode [ 90.111203][ T5870] hsr_slave_1: entered promiscuous mode [ 90.118197][ T5870] debugfs: 'hsr0' already exists in 'hsr' [ 90.124039][ T5870] Cannot create hsr debugfs directory [ 90.132719][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.140487][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.166883][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.180171][ T5860] team0: Port device team_slave_1 added [ 90.217524][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.225088][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.252136][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.278810][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.286184][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.312213][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.354045][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.361374][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.387519][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.468590][ T5868] hsr_slave_0: entered promiscuous mode [ 90.475387][ T5868] hsr_slave_1: entered promiscuous mode [ 90.481555][ T5868] debugfs: 'hsr0' already exists in 'hsr' [ 90.487428][ T5868] Cannot create hsr debugfs directory [ 90.633259][ T5860] hsr_slave_0: entered promiscuous mode [ 90.640327][ T5860] hsr_slave_1: entered promiscuous mode [ 90.646910][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 90.652750][ T5860] Cannot create hsr debugfs directory [ 90.723592][ T5869] hsr_slave_0: entered promiscuous mode [ 90.732517][ T5869] hsr_slave_1: entered promiscuous mode [ 90.738891][ T5869] debugfs: 'hsr0' already exists in 'hsr' [ 90.744669][ T5869] Cannot create hsr debugfs directory [ 91.159477][ T5859] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.172845][ T5859] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.205727][ T5859] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.246331][ T5859] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.311549][ T5870] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.335412][ T5870] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.347556][ T5870] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.359603][ T5870] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.466252][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.482262][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.495158][ T5182] Bluetooth: hci1: command tx timeout [ 91.495874][ T53] Bluetooth: hci0: command tx timeout [ 91.517294][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.529754][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.575944][ T53] Bluetooth: hci2: command tx timeout [ 91.654686][ T53] Bluetooth: hci4: command tx timeout [ 91.655024][ T5182] Bluetooth: hci3: command tx timeout [ 91.679778][ T5860] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.703600][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.716599][ T5860] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.727499][ T5860] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.739671][ T5860] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.823236][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.845288][ T5869] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.857092][ T5869] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.869353][ T5869] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.889955][ T5869] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.923312][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.942658][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.950008][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.977049][ T1028] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.984164][ T1028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.047915][ T5870] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.119879][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.127150][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.171464][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.178729][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.259408][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.311310][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.366914][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.442643][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.449848][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.460671][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.467859][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.484064][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.521982][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.529191][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.563326][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.588642][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.600630][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.607850][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.672046][ T5869] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.723865][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.731112][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.746100][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.753297][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.926117][ T5859] veth0_vlan: entered promiscuous mode [ 92.950462][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.976530][ T5859] veth1_vlan: entered promiscuous mode [ 93.202127][ T5859] veth0_macvtap: entered promiscuous mode [ 93.212564][ T5870] veth0_vlan: entered promiscuous mode [ 93.242147][ T5859] veth1_macvtap: entered promiscuous mode [ 93.263735][ T5870] veth1_vlan: entered promiscuous mode [ 93.369950][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.422118][ T5870] veth0_macvtap: entered promiscuous mode [ 93.443871][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.477255][ T5870] veth1_macvtap: entered promiscuous mode [ 93.518336][ T1330] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.529256][ T1330] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.552336][ T1330] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.562153][ T1028] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.581159][ T5182] Bluetooth: hci0: command tx timeout [ 93.581475][ T53] Bluetooth: hci1: command tx timeout [ 93.601350][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.616127][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.664128][ T53] Bluetooth: hci2: command tx timeout [ 93.681844][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.701622][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.729427][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.736534][ T53] Bluetooth: hci4: command tx timeout [ 93.736632][ T53] Bluetooth: hci3: command tx timeout [ 93.771686][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.773595][ T1330] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.792047][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.823504][ T1330] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.835600][ T1028] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.882272][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.918346][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.934792][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.052729][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.113702][ T5868] veth0_vlan: entered promiscuous mode [ 94.152413][ T5869] veth0_vlan: entered promiscuous mode [ 94.176651][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.191944][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.239786][ T5869] veth1_vlan: entered promiscuous mode [ 94.276799][ T5868] veth1_vlan: entered promiscuous mode [ 94.293354][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.303185][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.354237][ T5869] veth0_macvtap: entered promiscuous mode [ 94.391785][ T5869] veth1_macvtap: entered promiscuous mode [ 94.413127][ T5868] veth0_macvtap: entered promiscuous mode [ 94.447340][ T5868] veth1_macvtap: entered promiscuous mode [ 94.454964][ T5977] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 94.513690][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.528148][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.592863][ T5860] veth0_vlan: entered promiscuous mode [ 94.606919][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.632735][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.668990][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.689065][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.741432][ T5860] veth1_vlan: entered promiscuous mode [ 94.770947][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.794591][ T5977] usb 2-1: Using ep0 maxpacket: 16 [ 94.813135][ T5977] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 94.852938][ T5983] trusted_key: syz.0.1 sent an empty control message without MSG_MORE. [ 95.022680][ T5977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 95.118030][ T5977] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 95.163196][ T5977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.211356][ T5977] usb 2-1: Product: syz [ 95.234345][ T5977] usb 2-1: Manufacturer: syz [ 95.276578][ T5977] usb 2-1: SerialNumber: syz [ 95.428222][ T5977] usb 2-1: config 0 descriptor?? [ 95.445521][ T5977] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 95.459690][ T5977] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 95.468943][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.507333][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.539789][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.592884][ T1028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.611663][ T1028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.627401][ T5985] loop0: detected capacity change from 0 to 16 [ 95.633730][ T69] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.654241][ T69] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.657983][ T5985] erofs (device loop0): mounted with root inode @ nid 36. [ 95.673187][ T5182] Bluetooth: hci1: command tx timeout [ 95.673208][ T53] Bluetooth: hci0: command tx timeout [ 95.735438][ T53] Bluetooth: hci2: command tx timeout [ 95.742630][ T69] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.754554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 95.784596][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 95.801630][ T5985] erofs (device loop0): readahead error at folio 12 @ nid 36 [ 95.809450][ T5985] erofs (device loop0): readahead error at folio 9 @ nid 36 [ 95.814681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 95.817352][ T5985] erofs (device loop0): readahead error at folio 6 @ nid 36 [ 95.832506][ T5985] erofs (device loop0): readahead error at folio 4 @ nid 36 [ 95.840775][ T5985] syz.0.6: attempt to access beyond end of device [ 95.840775][ T5985] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 95.855083][ T5985] syz.0.6: attempt to access beyond end of device [ 95.855083][ T5985] loop0: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 95.868698][ T5985] syz.0.6: attempt to access beyond end of device [ 95.868698][ T5985] loop0: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 95.883500][ T5985] syz.0.6: attempt to access beyond end of device [ 95.883500][ T5985] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 95.897148][ T5985] syz.0.6: attempt to access beyond end of device [ 95.897148][ T5985] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 95.911897][ T53] Bluetooth: hci3: command tx timeout [ 95.912281][ T5182] Bluetooth: hci4: command tx timeout [ 95.936849][ T69] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.059590][ T5860] veth0_macvtap: entered promiscuous mode [ 96.087397][ T5860] veth1_macvtap: entered promiscuous mode [ 96.123781][ T5977] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 96.132555][ T1028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.161749][ T5977] em28xx 2-1:0.0: Config register raw data: 0x00 [ 96.162530][ T1028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.219527][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.767764][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.817540][ T1330] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.838368][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.872710][ T5986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.883377][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.998703][ T5986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.030568][ T5986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.185927][ T983] cfg80211: failed to load regulatory.db [ 97.240815][ T4559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.260317][ T4559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.380634][ T6006] loop2: detected capacity change from 0 to 16 [ 97.417779][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.439185][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.442072][ T6006] erofs (device loop2): mounted with root inode @ nid 36. [ 97.712120][ T6006] erofs (device loop2): readahead error at folio 12 @ nid 36 [ 98.445891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.455054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.463862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.474000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.484156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.492971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.733399][ T43] usb 2-1: USB disconnect, device number 2 [ 98.799586][ T6013] mmap: syz.3.11 (6013) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 98.821289][ T6006] erofs (device loop2): readahead error at folio 9 @ nid 36 [ 98.829649][ T6006] erofs (device loop2): readahead error at folio 6 @ nid 36 [ 98.837362][ T6006] erofs (device loop2): readahead error at folio 4 @ nid 36 [ 98.845842][ T6006] syz.2.3: attempt to access beyond end of device [ 98.845842][ T6006] loop2: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 98.847477][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.861430][ T6006] syz.2.3: attempt to access beyond end of device [ 98.861430][ T6006] loop2: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 98.883098][ T6006] syz.2.3: attempt to access beyond end of device [ 98.883098][ T6006] loop2: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 98.896983][ T6006] syz.2.3: attempt to access beyond end of device [ 98.896983][ T6006] loop2: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 98.911255][ T6006] syz.2.3: attempt to access beyond end of device [ 98.911255][ T6006] loop2: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 98.985762][ T43] em28xx 2-1:0.0: Disconnecting em28xx [ 99.102033][ T43] ================================================================== [ 99.110157][ T43] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0 [ 99.118631][ T43] Read of size 4 at addr ffff88802832c4f0 by task kworker/1:1/43 [ 99.126385][ T43] [ 99.128754][ T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 99.128781][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.128797][ T43] Workqueue: usb_hub_wq hub_event [ 99.128841][ T43] Call Trace: [ 99.128850][ T43] [ 99.128860][ T43] dump_stack_lvl+0x189/0x250 [ 99.128889][ T43] ? rcu_is_watching+0x15/0xb0 [ 99.128920][ T43] ? __kasan_check_byte+0x12/0x40 [ 99.128952][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.128976][ T43] ? rcu_is_watching+0x15/0xb0 [ 99.129007][ T43] ? lock_release+0x4b/0x3e0 [ 99.129038][ T43] ? __virt_addr_valid+0x1c8/0x5c0 [ 99.129062][ T43] ? __virt_addr_valid+0x4a5/0x5c0 [ 99.129087][ T43] print_report+0xca/0x240 [ 99.129107][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 99.129136][ T43] kasan_report+0x118/0x150 [ 99.129168][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 99.129202][ T43] media_devnode_unregister+0xe2/0xf0 [ 99.129233][ T43] media_device_unregister+0x37c/0x400 [ 99.129262][ T43] ? em28xx_audio_fini+0x59/0x1b0 [ 99.129291][ T43] em28xx_release_resources+0xac/0x240 [ 99.129327][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 99.129362][ T43] usb_unbind_interface+0x26e/0x910 [ 99.129392][ T43] ? __pfx_usb_unbind_interface+0x10/0x10 [ 99.129418][ T43] device_release_driver_internal+0x4d9/0x800 [ 99.129458][ T43] bus_remove_device+0x34d/0x410 [ 99.129488][ T43] device_del+0x511/0x8e0 [ 99.129524][ T43] ? __pfx_device_del+0x10/0x10 [ 99.129554][ T43] ? kobject_put+0x446/0x480 [ 99.129580][ T43] usb_disable_device+0x3e9/0x8a0 [ 99.129608][ T43] usb_disconnect+0x330/0x950 [ 99.129632][ T43] hub_event+0x1cf5/0x4a20 [ 99.129677][ T43] ? do_raw_spin_lock+0x121/0x290 [ 99.129702][ T43] ? register_lock_class+0x51/0x320 [ 99.129739][ T43] ? __pfx_hub_event+0x10/0x10 [ 99.129762][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 99.129797][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 99.129828][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 99.129858][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 99.129889][ T43] process_scheduled_works+0xae1/0x17b0 [ 99.129928][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 99.129959][ T43] worker_thread+0x8a0/0xda0 [ 99.129986][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 99.130014][ T43] ? __kthread_parkme+0x7b/0x200 [ 99.130033][ T43] kthread+0x711/0x8a0 [ 99.130051][ T43] ? __pfx_worker_thread+0x10/0x10 [ 99.130076][ T43] ? __pfx_kthread+0x10/0x10 [ 99.130094][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 99.130118][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.130143][ T43] ? __pfx_kthread+0x10/0x10 [ 99.130161][ T43] ret_from_fork+0x47c/0x820 [ 99.130186][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 99.130212][ T43] ? __switch_to_asm+0x39/0x70 [ 99.130234][ T43] ? __switch_to_asm+0x33/0x70 [ 99.130255][ T43] ? __pfx_kthread+0x10/0x10 [ 99.130273][ T43] ret_from_fork_asm+0x1a/0x30 [ 99.130303][ T43] [ 99.130309][ T43] [ 99.424125][ T43] Allocated by task 5977: [ 99.428459][ T43] kasan_save_track+0x3e/0x80 [ 99.433158][ T43] __kasan_kmalloc+0x93/0xb0 [ 99.437791][ T43] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 99.443191][ T43] __media_device_register+0x58/0x280 [ 99.448594][ T43] em28xx_usb_probe+0x1764/0x2a20 [ 99.453661][ T43] usb_probe_interface+0x665/0xc30 [ 99.458875][ T43] really_probe+0x26d/0x9e0 [ 99.463407][ T43] __driver_probe_device+0x18c/0x2f0 [ 99.468720][ T43] driver_probe_device+0x4f/0x430 [ 99.473758][ T43] __device_attach_driver+0x2ce/0x530 [ 99.479228][ T43] bus_for_each_drv+0x24e/0x2e0 [ 99.484113][ T43] __device_attach+0x2b8/0x400 [ 99.488904][ T43] bus_probe_device+0x185/0x260 [ 99.493804][ T43] device_add+0x7b6/0xb50 [ 99.498149][ T43] usb_set_configuration+0x1a87/0x20e0 [ 99.503617][ T43] usb_generic_driver_probe+0x8d/0x150 [ 99.509090][ T43] usb_probe_device+0x1c1/0x390 [ 99.513954][ T43] really_probe+0x26d/0x9e0 [ 99.518461][ T43] __driver_probe_device+0x18c/0x2f0 [ 99.523762][ T43] driver_probe_device+0x4f/0x430 [ 99.528790][ T43] __device_attach_driver+0x2ce/0x530 [ 99.534186][ T43] bus_for_each_drv+0x24e/0x2e0 [ 99.539134][ T43] __device_attach+0x2b8/0x400 [ 99.543914][ T43] bus_probe_device+0x185/0x260 [ 99.548786][ T43] device_add+0x7b6/0xb50 [ 99.553144][ T43] usb_new_device+0xa39/0x16f0 [ 99.557916][ T43] hub_event+0x2958/0x4a20 [ 99.562335][ T43] process_scheduled_works+0xae1/0x17b0 [ 99.567895][ T43] worker_thread+0x8a0/0xda0 [ 99.572506][ T43] kthread+0x711/0x8a0 [ 99.576587][ T43] ret_from_fork+0x47c/0x820 [ 99.581205][ T43] ret_from_fork_asm+0x1a/0x30 [ 99.585992][ T43] [ 99.588320][ T43] Freed by task 43: [ 99.592125][ T43] kasan_save_track+0x3e/0x80 [ 99.596813][ T43] __kasan_save_free_info+0x46/0x50 [ 99.602019][ T43] __kasan_slab_free+0x5b/0x80 [ 99.606799][ T43] kfree+0x199/0x6d0 [ 99.610707][ T43] media_devnode_release+0x61/0xa0 [ 99.615828][ T43] device_release+0x99/0x1c0 [ 99.620422][ T43] kobject_put+0x228/0x480 [ 99.624851][ T43] media_devnode_unregister+0x6d/0xf0 [ 99.630262][ T43] media_device_unregister+0x37c/0x400 [ 99.635732][ T43] em28xx_release_resources+0xac/0x240 [ 99.641203][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 99.646505][ T43] usb_unbind_interface+0x26e/0x910 [ 99.651715][ T43] device_release_driver_internal+0x4d9/0x800 [ 99.657836][ T43] bus_remove_device+0x34d/0x410 [ 99.662793][ T43] device_del+0x511/0x8e0 [ 99.667139][ T43] usb_disable_device+0x3e9/0x8a0 [ 99.672174][ T43] usb_disconnect+0x330/0x950 [ 99.676852][ T43] hub_event+0x1cf5/0x4a20 [ 99.681277][ T43] process_scheduled_works+0xae1/0x17b0 [ 99.686840][ T43] worker_thread+0x8a0/0xda0 [ 99.691444][ T43] kthread+0x711/0x8a0 [ 99.695520][ T43] ret_from_fork+0x47c/0x820 [ 99.700128][ T43] ret_from_fork_asm+0x1a/0x30 [ 99.704902][ T43] [ 99.707229][ T43] The buggy address belongs to the object at ffff88802832c000 [ 99.707229][ T43] which belongs to the cache kmalloc-2k of size 2048 [ 99.721373][ T43] The buggy address is located 1264 bytes inside of [ 99.721373][ T43] freed 2048-byte region [ffff88802832c000, ffff88802832c800) [ 99.735347][ T43] [ 99.737684][ T43] The buggy address belongs to the physical page: [ 99.744115][ T43] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28328 [ 99.752880][ T43] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 99.761387][ T43] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 99.768946][ T43] page_type: f5(slab) [ 99.772945][ T43] raw: 00fff00000000040 ffff88801a842000 ffffea000085b000 dead000000000002 [ 99.782057][ T43] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 99.790738][ T43] head: 00fff00000000040 ffff88801a842000 ffffea000085b000 dead000000000002 [ 99.799430][ T43] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 99.808109][ T43] head: 00fff00000000003 ffffea0000a0ca01 00000000ffffffff 00000000ffffffff [ 99.816790][ T43] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 99.825464][ T43] page dumped because: kasan: bad access detected [ 99.831888][ T43] page_owner tracks the page as allocated [ 99.837608][ T43] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 50, tgid 50 (kworker/u8:3), ts 14157751672, free_ts 0 [ 99.857850][ T43] post_alloc_hook+0x240/0x2a0 [ 99.862634][ T43] get_page_from_freelist+0x21e4/0x22c0 [ 99.868197][ T43] __alloc_frozen_pages_noprof+0x181/0x370 [ 99.874020][ T43] alloc_pages_mpol+0x232/0x4a0 [ 99.878889][ T43] allocate_slab+0x8a/0x330 [ 99.883413][ T43] ___slab_alloc+0xbd1/0x13f0 [ 99.888118][ T43] __slab_alloc+0x55/0xa0 [ 99.892462][ T43] __kmalloc_noprof+0x471/0x7f0 [ 99.897338][ T43] scsi_alloc_target+0x138/0xbc0 [ 99.902285][ T43] __scsi_scan_target+0x15b/0xd10 [ 99.907317][ T43] scsi_scan_host_selected+0x372/0x690 [ 99.912780][ T43] do_scan_async+0x124/0x760 [ 99.917412][ T43] async_run_entry_fn+0xa5/0x3f0 [ 99.922360][ T43] process_scheduled_works+0xae1/0x17b0 [ 99.927917][ T43] worker_thread+0x8a0/0xda0 [ 99.932516][ T43] kthread+0x711/0x8a0 [ 99.936586][ T43] page_owner free stack trace missing [ 99.941962][ T43] [ 99.944284][ T43] Memory state around the buggy address: [ 99.949914][ T43] ffff88802832c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.957981][ T43] ffff88802832c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.966051][ T43] >ffff88802832c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.974285][ T43] ^ [ 99.982009][ T43] ffff88802832c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.990121][ T43] ffff88802832c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.998218][ T43] ================================================================== [ 100.672909][ T6018] loop3: detected capacity change from 0 to 128 [ 101.057779][ T43] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 101.065035][ T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 101.074266][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.084536][ T43] Workqueue: usb_hub_wq hub_event [ 101.089602][ T43] Call Trace: [ 101.092908][ T43] [ 101.096292][ T43] dump_stack_lvl+0x99/0x250 [ 101.100920][ T43] ? __asan_memcpy+0x40/0x70 [ 101.105549][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.110788][ T43] ? __pfx__printk+0x10/0x10 [ 101.115445][ T43] vpanic+0x237/0x6d0 [ 101.119465][ T43] ? __pfx_vpanic+0x10/0x10 [ 101.123990][ T43] ? preempt_schedule+0xae/0xc0 [ 101.128947][ T43] ? __pfx_preempt_schedule+0x10/0x10 [ 101.134333][ T43] panic+0xb9/0xc0 [ 101.138072][ T43] ? __pfx_panic+0x10/0x10 [ 101.142510][ T43] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 101.148431][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 101.153999][ T43] check_panic_on_warn+0x89/0xb0 [ 101.159058][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 101.164636][ T43] end_report+0x78/0x160 [ 101.168905][ T43] kasan_report+0x129/0x150 [ 101.173427][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 101.179002][ T43] media_devnode_unregister+0xe2/0xf0 [ 101.184415][ T43] media_device_unregister+0x37c/0x400 [ 101.189988][ T43] ? em28xx_audio_fini+0x59/0x1b0 [ 101.195032][ T43] em28xx_release_resources+0xac/0x240 [ 101.200612][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 101.205949][ T43] usb_unbind_interface+0x26e/0x910 [ 101.211257][ T43] ? __pfx_usb_unbind_interface+0x10/0x10 [ 101.216987][ T43] device_release_driver_internal+0x4d9/0x800 [ 101.223088][ T43] bus_remove_device+0x34d/0x410 [ 101.228059][ T43] device_del+0x511/0x8e0 [ 101.232443][ T43] ? __pfx_device_del+0x10/0x10 [ 101.237330][ T43] ? kobject_put+0x446/0x480 [ 101.241938][ T43] usb_disable_device+0x3e9/0x8a0 [ 101.247065][ T43] usb_disconnect+0x330/0x950 [ 101.251754][ T43] hub_event+0x1cf5/0x4a20 [ 101.256199][ T43] ? do_raw_spin_lock+0x121/0x290 [ 101.261256][ T43] ? register_lock_class+0x51/0x320 [ 101.266497][ T43] ? __pfx_hub_event+0x10/0x10 [ 101.271277][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 101.277358][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.282660][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 101.288426][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 101.294160][ T43] process_scheduled_works+0xae1/0x17b0 [ 101.299731][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 101.305756][ T43] worker_thread+0x8a0/0xda0 [ 101.310370][ T43] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.316712][ T43] ? __kthread_parkme+0x7b/0x200 [ 101.321658][ T43] kthread+0x711/0x8a0 [ 101.325738][ T43] ? __pfx_worker_thread+0x10/0x10 [ 101.330868][ T43] ? __pfx_kthread+0x10/0x10 [ 101.335466][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.340682][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.345894][ T43] ? __pfx_kthread+0x10/0x10 [ 101.350497][ T43] ret_from_fork+0x47c/0x820 [ 101.355103][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 101.360282][ T43] ? __switch_to_asm+0x39/0x70 [ 101.365059][ T43] ? __switch_to_asm+0x33/0x70 [ 101.369931][ T43] ? __pfx_kthread+0x10/0x10 [ 101.374537][ T43] ret_from_fork_asm+0x1a/0x30 [ 101.379407][ T43] [ 101.382771][ T43] Kernel Offset: disabled [ 101.387207][ T43] Rebooting in 86400 seconds..