last executing test programs: 12.103872635s ago: executing program 0 (id=197): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg0\x00'}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 10.861094893s ago: executing program 0 (id=200): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4000880}, 0x448d0) 10.4163566s ago: executing program 0 (id=201): rename(&(0x7f0000000000)='./file1\x00', 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x30b340, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20) sendmsg$inet(r3, 0x0, 0x3) 9.930636678s ago: executing program 1 (id=203): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) r2 = syz_io_uring_setup(0x6042, &(0x7f00000000c0)={0x0, 0xa9ee, 0x1, 0x3, 0x8002ae}, &(0x7f0000000140), &(0x7f0000000280)) io_uring_enter(r2, 0x3516, 0x2, 0x0, 0x0, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x70}}, 0x4) sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x80489439, &(0x7f0000000340)) 8.802405425s ago: executing program 1 (id=205): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(0x0, r3) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r5, &(0x7f0000000200)={0x0, 0x1f, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4, 0x709}, 0x14}}, 0x0) 8.642216357s ago: executing program 3 (id=206): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0xfff, @remote}, 0x1c, 0x0, 0x0, 0x0, 0x2e8}}], 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000001}) 6.582786119s ago: executing program 1 (id=208): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg0\x00'}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 6.545276169s ago: executing program 3 (id=209): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x181900, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140)=0xe) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) socket$inet_mptcp(0x2, 0x1, 0x106) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.413479217s ago: executing program 1 (id=212): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x161121) dup(r0) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r3) pselect6(0x40, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x400000000000, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48) readv(r2, &(0x7f0000000180)=[{&(0x7f00000004c0)=""/130, 0x82}], 0x1) 5.018880803s ago: executing program 2 (id=213): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) r2 = syz_io_uring_setup(0x6042, &(0x7f00000000c0)={0x0, 0xa9ee, 0x1, 0x3, 0x8002ae}, &(0x7f0000000140), &(0x7f0000000280)) io_uring_enter(r2, 0x3516, 0x2, 0x0, 0x0, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x70}}, 0x4) sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x80489439, &(0x7f0000000340)) 3.84537166s ago: executing program 1 (id=214): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) syz_usb_connect(0x2, 0x48, &(0x7f00000000c0)={{0x12, 0x1, 0x141, 0x93, 0xb9, 0x5b, 0x20, 0x6cd, 0x112, 0xd05, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x36, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x14, 0x77, 0x4, 0x7, 0xb8, 0x9e, 0x4, [], [{{0x9, 0x5, 0x9, 0x0, 0x200, 0x4, 0x0, 0x3}}, {{0x9, 0x5, 0x7, 0x10, 0x3ff, 0x4c, 0x2, 0x3}}, {{0x9, 0x5, 0x8, 0x4, 0x3ff, 0x9, 0xa, 0x9}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x0, 0x7, 0x1}}]}}]}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={0x0, 0x48}}, 0x0) 3.745351203s ago: executing program 0 (id=215): openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x6ee80, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r0, 0x0, &(0x7f00000000c0)) 3.733003803s ago: executing program 2 (id=216): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(0x0, r3) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r5, &(0x7f0000000200)={0x0, 0x1f, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4, 0x709}, 0x14}}, 0x0) 3.576504295s ago: executing program 3 (id=217): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) openat$full(0xffffff9c, 0x0, 0x109080, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280), 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x1000f) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000001, 0x50, 0xffffffffffffffff, 0x0) modify_ldt$write2(0x11, 0x0, 0x0) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028050100fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4ffe9, 0x3) 3.476559847s ago: executing program 0 (id=218): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0xfff, @remote}, 0x1c, 0x0, 0x0, 0x0, 0x2e8}}], 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0xd0fb1000) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000001}) 1.795260452s ago: executing program 0 (id=219): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x85}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300), 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x80000001, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.794480592s ago: executing program 2 (id=220): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg0\x00'}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 1.756147333s ago: executing program 3 (id=221): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file2\x00', 0xc0ed4040, &(0x7f00000000c0)={[{@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@journal_dev={'journal_dev', 0x3d, 0x714}}, {@grpid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@jqfmt_vfsv1}]}, 0xf5, 0x47a, &(0x7f0000000ac0)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sendfile(r3, r2, 0x0, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0xfc, 0x6a7, &(0x7f00000006c0)="$eJzs3c1vHGcdB/DvrDd2Ni3BSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXFRWiHq8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ2117trZ90kXpt+PtHs88zzzDzzm9+87IsVTYDPrctn0ryfIpfPvHKnnF+/N7e8fm/uZqf+ajPJVJK1pKw2khT/brfbHyWXkmJjmKKvHPDB0vzrn3y6/vfOXLOequUbO63Xp15ura95rds2k2SiLh/BlvGuPPJ4xUbkl5KcrksYu0NJ2lv86C9Pb/T0aA1b+/CexAg8WUXnfXPAdHKkvtDLzwHdd97G3kY3uqkRl+v/BAEAAAAHTfUduDnQvKXliw/yIHeKo3sYFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxoa5vP/y/qqdGtz6ToPv9/sm5LXd9fXtjd4vefVBwAAAAAAAAAsIdeeJAHuZOj3fl2Uf3N/8Vq5kT1+lTezu0sZiVncycLWc1qVnI+yXTPQJN3FlZXp7pzO615YdiaKxceEmh36NZj2GkAAAAAAAAA+P/zs1ze/Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsB0Uy0SlS3O1pnk6jmeRwksmyYS35uFs/yO6POwAAAADYA1PJgyRHu/PtIieSPFv9BnA4b+dWVrOU1SxnMVer3wU63/ob6/fmltfvzd0sp8Fxv/PPXYVRjZjObw/Dt3yqWqKVa1mqWs7mSt7Mcq6mUa1ZOlXH0x21L667ZUzFt2svjxbZ1bos9/z9uhzw3q52dju7/DFlui6rjEwks3VsZTaOdY/M8CO0y6MzXY16aCP359PYCPZE35Ymt+7M1pxvDtnYaXtH6rLcn19tl/Ox6GTiv+2OxVzoOfue3TnnyVf/8Lsfztb1/bNLo5moy3b12ho8J+Z6MvHcKJm4vnzrxvVrt88ctEwMmK0ycXJj/nK+nx/kTGbyWlaylB9nIatZzEy+V9UW6oNf9Fzy22Tq0pa51x4WyWR9hnYO1u5ierFa92iW8mrezNUs5qXq34Wcz8u5mIuZ7znCJ3c+wtVV3xi86ivtLwwN/vTX6korya/rcn8o83qsJ6+bZ/1sle9jW1o2s3R8hCwNuTfupPnlulJu4+cPu5Huqf5MnO/JxDM7Z+I31W3l9vKtGyvXF94abXPH368r5XX0y2Rm/9xIyvPleHmwqrmpLWdH2ffMRt/WfJV9Jzb6GgN9J/PHNJvdrSxlbdsrdbL+DDc40oWq77mhfXNV36mevmGftwDY9458/chk6x+tv7Y+bP2idb31yuHvTn1z6vnJHPrToW81Zye+0ni++H0+zE83v/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACf3e133r2xsLy8uNJXabfb7308vGvESvd5NZ9x9f5K96lQIyycmb89leqZZQNdE2lXz+x79HhGrnzp6WSvtrV/K/9pt9t1S7HNMr/9c3+ipjKm1NXP+WuPOXXlOT+2rY/tlgTskXOrN986d/udd7+xdHPhjcU3Fm/NX7w4Pzt/8aW5c9eWlhdnO6/jjhJ4Ejbf9McdCQAAAAAAAAAAADCqx/x/BtaGdY17HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICD7fKZNO+nyPnZs7Pl/Pq9ueVy6tY3l2wmaSQpfpIUHyWX0pky3TNcsd12Pliaf/2TT9f/1e6ox6uWb+y03mjW6ikzSSY65d3HNd6VutyiP+Bip10oNlYoE3a6mzgYt/8FAAD//6d3DhU=") r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0x20}) socket$kcm(0x10, 0x2, 0x0) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file1\x00', 0x810801, &(0x7f0000000140)=ANY=[], 0x4, 0x208, &(0x7f0000000640)="$eJzslb9rFEEUx78zu7e5BAlaaGFzFgEjmL3dPZU0FrEXhETU8jBjiE5y4XJFEhASbGysxX/EIpWFnVbWFioIFqa0EhyZ2dnb2dzuheX8UeR9IJPvzOybee/tu7cgCOLU8uXzj08vbi2uXAVwBnOYsuvfvPwZ7jz/8ZXXsPLt5uzTw+PnMQBK5XP/hPsDAG+WPGA/PVYp1xqYA3AWwAq40Zq74Lhi9T0whJmvKrcWYHhglx9vqWE0vWkrpGAPe3L10boUkR5iPSR66ACq4P/RAcMqgKa9gjn+be/uPelKoJ8KKTLRUNk9I1t1xbj8Gf+WOG46KdDv6/7zZwd6Htr1yMlfDI7Y6g4Ylq1exBTCMGzZqYid+C/6+fle+tpS9utE0pwsEXXFuYWSLV3h482npdDR/jE3fqm/EmBQKMF/l9Uyof2ob8Vbo1bBCeeIyX1mx1eYWxIXjg7fjVp9/a/pnUyYxgXA3Xqpy+bDjJS3S63OF1YuVfxksgqsLIm0fzAfuOz0J9/5KrQHG1vt7d29hfWN7ppYE5tJ0rkRXYui60nb9OZ0HNP/mqY/zTjnNyqeDViAne5g0I93gEE/Hs6TdHQ67vLr3ndjw03/45j/qVT2eTFhZx9KVryD2T9u/ms171U6TxAEQRAEQRAEQRAEQRAEUYsWGN7PDqeqHD+5Y7Z/BwAA//81gVqd") r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r6, &(0x7f00000000c0), 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1) unlink(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 433.833703ms ago: executing program 2 (id=222): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)="0d18", 0x2}], 0x1}}], 0x1, 0x40091) recvfrom$inet(r0, 0x0, 0x0, 0x10001, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) recvfrom$inet(r0, 0x0, 0x0, 0x123, 0x0, 0x0) 353.237565ms ago: executing program 3 (id=223): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000480)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0684113, &(0x7f0000000080)={0x1, 0xfffff800, 0x1, 0xa, 0x8, 0x3, 0x0, 0xe, 0x9, 0x40, 0xffffffff, 0x2}) 137.455848ms ago: executing program 2 (id=224): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x161121) dup(r0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r2 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x4}) userfaultfd(0x80801) pselect6(0x40, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff, 0x4, 0x5, 0x0, 0x400000000000, 0x80, 0x10000, 0xfffffffffffffffd}, 0x0, 0x0) 137.197758ms ago: executing program 1 (id=225): socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x4000800) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb93, &(0x7f00000017c0)="$eJzs3M1vVOUaAPDnnH5Ce2m5ubn3QkxsYhCjcSiUaMIKXBs10QVLxnZKmg4fdmpiGxYF9+rCGBckhj/BxL24cGXiAheKfwExEkN0Ay5qznyUQmfaAjO8UH6/5J3zvvPOzPM8czJz3pPMmQCeWRPFTR6xLyJOZRFjzfvziBis94YjVhqPu3PrwnTRslhdffePLLKIuH3rwnTrtbLmdqQ5GI6Ia29k8e+PN8atLS3Pl6vVykJzfGjxzPlDtaXlV+fOlE9XTlfOHp16/ejUa1NTXaz1xvn3v3zup7devHTlk8m3v9jzQxbHY7Q5t76ObpmIieZ7eK/+iCh3O1gifc16snX3Zf0JEwIAYFP5ujXcf2Ms+uLu4m0svv85aXIAAABAV6z2RawCAAAAO1zm/B8AAAB2uNbvAG7fujDdaml/kfB43TwREeON+lvXNzdm+mOlvh2OgYjY/efQPc/LGk97ZBNFpG9+rBQtenQd8mZWLkbE/9vt/6xe/3j9Ku6i/izWX9abR8RkF+JP3Dd+muo/3oX4qesH4Nl09UTjQLbx+JevrX+izfGvv82x62GkPv611n93Nqz/7tbf16b+Yv33zjZj7P/75Wud5tav/05++utMEb/YPlJRD+DmxYj9/e3qz9bqzzrUf2qbMUamb1zuNFfUX9Tbao+7/tUrEQeiff0t2Wb/T3Rodq5amWzcdohx4LuTBzvFX7//i1bEb50LPA7F/t/dof6t9v/5bcYY/9/v+zrNbV1//ttg9l691/ovpY/Ki4sLhyMGszc33n9k81xaj2m9RlH/Sy9s/vlvV3/xnbDSfB+Kc4GLzW0xvnRfzJEDR75++Pp7q6h/5iH3/2fbjPHVt5c/6DSXun4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAng55RIxGlpfW+nleKkWMRMR/YndePVdbfGX23IdnZ4q5iPEYyGfnqpXJiBhrjLNifLjevzs+ct94KiL2RsTnY7vq49L0uepM6uIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYMxIRo5HlpYjII+KvsTwvlVJnBQAAAHTdeOoEAAAAgJ5z/g8AAAA7n/N/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAemzv81evZxGxcmxXvRUGm3MDSTMDei1PnQCQTF/91pEenkX9qRMAknHkB7It5oc7zgx1PRcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnlwH9129nkXEyrFd9VYYbM4NJM0M6LU8dQJAMn2pEwCS6U+dAJCMc3wg22J+uOPMUNdzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODJNVpvWV6KiLzez/NSKeJfETEeA9nsXLUyGRF7IuKXsYGhYnw4ddIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0XW1peb5crVYWdHR0dmBnsPlJf9CnJ/5iAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgidrS8ny5Wq0s1FJnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKRWW1qeL1erlYUedlLXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAOv8EAAD//yzoArU=") lseek(r3, 0x7f, 0x2) getdents64(r3, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x4c, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x3}, @broadcast, @device_a, @initial, {0x7, 0xf95}, @value=@ver_80211n={0x0, 0x59cf, 0x0, 0x1, 0x0, 0x3, 0x1}}, 0x1, 0x3, 0x25c, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 100.104489ms ago: executing program 3 (id=226): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) fanotify_init(0x10, 0x400) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_netdev_private(r1, 0x89f8, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0) ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"}) ioctl$TIOCPKT(r4, 0x5420, 0x0) ioctl$TCSETS(r4, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"}) ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r5 = socket(0x2, 0x80805, 0x0) r6 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000100)={r7, 0x7fff}, 0xc) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) 0s ago: executing program 2 (id=227): r0 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0xfffffffffffffe00]}, 0x8, 0xc0800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000000040)={0x2, 0x0, 0x1}, 0xc) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe9) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000280)=""/40, 0x0) syz_emit_ethernet(0x7e, 0x0, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000200)={0x1, 0x0, {0x4, 0x46a, 0x1007, 0x1, 0x1, 0x3, 0x2, 0x3}}) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001ac0)={r3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200", [0x0, 0x2]}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. [ 81.185869][ T5777] cgroup: Unknown subsys name 'net' [ 81.294770][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.988839][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.371667][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.377555][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.386809][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.388209][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.397391][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.403083][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.408839][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.416470][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.422998][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.430144][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.437728][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.451332][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.458841][ T5798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.458968][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.475671][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.483557][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.493040][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.501021][ T5798] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.508983][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.518811][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.529422][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.541254][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.549207][ T5804] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.556743][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.020738][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 86.144272][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.176086][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.230366][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.237943][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.245900][ T5787] bridge_slave_0: entered allmulticast mode [ 86.253916][ T5787] bridge_slave_0: entered promiscuous mode [ 86.274456][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.305569][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.312759][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.320359][ T5787] bridge_slave_1: entered allmulticast mode [ 86.327987][ T5787] bridge_slave_1: entered promiscuous mode [ 86.416276][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.456517][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.492606][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.500546][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.508143][ T5788] bridge_slave_0: entered allmulticast mode [ 86.515282][ T5788] bridge_slave_0: entered promiscuous mode [ 86.541050][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.548365][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.556411][ T5790] bridge_slave_0: entered allmulticast mode [ 86.563530][ T5790] bridge_slave_0: entered promiscuous mode [ 86.571242][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.579005][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.586975][ T5788] bridge_slave_1: entered allmulticast mode [ 86.594179][ T5788] bridge_slave_1: entered promiscuous mode [ 86.632072][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.639576][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.647127][ T5790] bridge_slave_1: entered allmulticast mode [ 86.654175][ T5790] bridge_slave_1: entered promiscuous mode [ 86.684160][ T5787] team0: Port device team_slave_0 added [ 86.706712][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.750481][ T5787] team0: Port device team_slave_1 added [ 86.774183][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.786518][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.814231][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.822002][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.830164][ T5789] bridge_slave_0: entered allmulticast mode [ 86.837605][ T5789] bridge_slave_0: entered promiscuous mode [ 86.861795][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.883965][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.891451][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.899792][ T5789] bridge_slave_1: entered allmulticast mode [ 86.907393][ T5789] bridge_slave_1: entered promiscuous mode [ 86.941532][ T5788] team0: Port device team_slave_0 added [ 86.960602][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.967733][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.993982][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.021496][ T5788] team0: Port device team_slave_1 added [ 87.061227][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.068567][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.094971][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.173382][ T5790] team0: Port device team_slave_0 added [ 87.183518][ T5790] team0: Port device team_slave_1 added [ 87.217401][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.224404][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.255824][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.278095][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.357177][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.364201][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.398877][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.414853][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.453759][ T5787] hsr_slave_0: entered promiscuous mode [ 87.461978][ T5787] hsr_slave_1: entered promiscuous mode [ 87.478813][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.489786][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.518945][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.541619][ T5804] Bluetooth: hci1: command tx timeout [ 87.579696][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.588083][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.614497][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.625530][ T5804] Bluetooth: hci3: command tx timeout [ 87.631319][ T5804] Bluetooth: hci0: command tx timeout [ 87.637007][ T50] Bluetooth: hci2: command tx timeout [ 87.661937][ T5789] team0: Port device team_slave_0 added [ 87.670823][ T5789] team0: Port device team_slave_1 added [ 87.765769][ T5788] hsr_slave_0: entered promiscuous mode [ 87.772265][ T5788] hsr_slave_1: entered promiscuous mode [ 87.780518][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.788604][ T5788] Cannot create hsr debugfs directory [ 87.811196][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.818267][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.844479][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.861515][ T5790] hsr_slave_0: entered promiscuous mode [ 87.869558][ T5790] hsr_slave_1: entered promiscuous mode [ 87.876574][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.884209][ T5790] Cannot create hsr debugfs directory [ 87.916624][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.923716][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.949931][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.167651][ T5789] hsr_slave_0: entered promiscuous mode [ 88.175685][ T5789] hsr_slave_1: entered promiscuous mode [ 88.182062][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.190262][ T5789] Cannot create hsr debugfs directory [ 88.385605][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.398676][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.409187][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.424486][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.534150][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.546866][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.565543][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.600363][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.653070][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.681101][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.692817][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.719235][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.788022][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.800343][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.818029][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.831985][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.948420][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.019057][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.054081][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.073284][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.085217][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.092670][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.123639][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.130831][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.180292][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.208566][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.226125][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.233321][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.248968][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.260244][ T2933] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.267444][ T2933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.292169][ T2949] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.299382][ T2949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.340068][ T2949] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.347340][ T2949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.367757][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.431490][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.438661][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.483339][ T2949] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.490569][ T2949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.543993][ T5790] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.560818][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.618645][ T5804] Bluetooth: hci1: command tx timeout [ 89.698046][ T50] Bluetooth: hci0: command tx timeout [ 89.702114][ T5795] Bluetooth: hci2: command tx timeout [ 89.703643][ T5804] Bluetooth: hci3: command tx timeout [ 90.034937][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.051870][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.094497][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.171353][ T5790] veth0_vlan: entered promiscuous mode [ 90.203118][ T5790] veth1_vlan: entered promiscuous mode [ 90.216584][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.236542][ T5787] veth0_vlan: entered promiscuous mode [ 90.280255][ T5787] veth1_vlan: entered promiscuous mode [ 90.341146][ T5788] veth0_vlan: entered promiscuous mode [ 90.360338][ T5788] veth1_vlan: entered promiscuous mode [ 90.382521][ T5790] veth0_macvtap: entered promiscuous mode [ 90.394941][ T5790] veth1_macvtap: entered promiscuous mode [ 90.439165][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.458967][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.471167][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.481087][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.490343][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.503340][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.514278][ T5789] veth0_vlan: entered promiscuous mode [ 90.552302][ T5789] veth1_vlan: entered promiscuous mode [ 90.570843][ T5787] veth0_macvtap: entered promiscuous mode [ 90.602131][ T5787] veth1_macvtap: entered promiscuous mode [ 90.701318][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.712814][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.724917][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.733972][ T5788] veth0_macvtap: entered promiscuous mode [ 90.764904][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.775876][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.790319][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.810941][ T5788] veth1_macvtap: entered promiscuous mode [ 90.828719][ T5789] veth0_macvtap: entered promiscuous mode [ 90.840511][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.862163][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.869822][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.883488][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.893880][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.904596][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.922973][ T5789] veth1_macvtap: entered promiscuous mode [ 90.974145][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.985912][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.996579][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.009970][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.021424][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.039416][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.048402][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.067397][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.079188][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.089332][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.104212][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.116767][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.125934][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.139832][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.150389][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.161208][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.171753][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.182530][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.194956][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.227189][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.242042][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.251995][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.262561][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.272451][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.283243][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.297336][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.321450][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.339214][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.348533][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.357719][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.390572][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.403582][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.412877][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.423260][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.645484][ T2933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.653516][ T2933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.695906][ T5804] Bluetooth: hci1: command tx timeout [ 91.718645][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.751463][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.775878][ T5804] Bluetooth: hci3: command tx timeout [ 91.776092][ T5795] Bluetooth: hci0: command tx timeout [ 91.781332][ T5804] Bluetooth: hci2: command tx timeout [ 91.809383][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.845974][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.889896][ T2933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.914621][ T2933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.019810][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.054785][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.062441][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.102865][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.212270][ T786] cfg80211: failed to load regulatory.db [ 92.626080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.635399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 92.729881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.174660][ T5885] block device autoloading is deprecated and will be removed. [ 93.232166][ T5905] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5'. [ 93.241711][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.355668][ T5885] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.776104][ T5804] Bluetooth: hci1: command tx timeout [ 93.862676][ T5795] Bluetooth: hci3: command tx timeout [ 93.862686][ T50] Bluetooth: hci2: command tx timeout [ 93.862738][ T5804] Bluetooth: hci0: command tx timeout [ 94.573152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.583918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.736772][ T5836] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 94.971400][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 95.025216][ T5836] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping [ 95.074042][ T5836] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 95.090896][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.121445][ T5836] usb 2-1: Product: syz [ 95.157341][ T5836] usb 2-1: Manufacturer: syz [ 95.185480][ T5836] usb 2-1: SerialNumber: syz [ 95.223338][ T5836] usb 2-1: config 0 descriptor?? [ 95.301108][ T5909] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.315581][ T5909] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.396052][ T5836] usb 2-1: ucan: probing device on interface #0 [ 95.423125][ T5836] usb 2-1: ucan: invalid EP count (1) [ 95.429033][ T5836] usb 2-1: ucan: probe failed; try to update the device firmware [ 95.616308][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.908539][ T5915] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8'. [ 96.124736][ T5836] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 96.437975][ T5836] usb 3-1: config 0 has no interfaces? [ 96.467421][ T5836] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 96.496872][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.515450][ T5836] usb 3-1: Product: syz [ 96.525889][ T5836] usb 3-1: Manufacturer: syz [ 96.530551][ T5836] usb 3-1: SerialNumber: syz [ 96.542372][ T5924] syz.0.11[5924]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 96.568468][ T5836] usb 3-1: config 0 descriptor?? [ 96.582266][ T5924] loop0: detected capacity change from 0 to 128 [ 96.617452][ T5922] mmap: syz.3.10 (5922) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 96.816294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 96.826285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.066278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.781959][ T5928] syz.0.11: attempt to access beyond end of device [ 97.781959][ T5928] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 98.509490][ T5913] loop6: detected capacity change from 0 to 64 [ 98.584061][ T5931] loop0: detected capacity change from 0 to 128 [ 99.642113][ T5933] syz.0.12: attempt to access beyond end of device [ 99.642113][ T5933] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 100.545785][ T787] usb 2-1: USB disconnect, device number 2 [ 100.547826][ T5936] loop0: detected capacity change from 0 to 128 [ 100.632498][ T5938] loop3: detected capacity change from 0 to 128 [ 101.496938][ T5941] syz.0.13: attempt to access beyond end of device [ 101.496938][ T5941] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 104.342422][ T5947] syz.3.14: attempt to access beyond end of device [ 104.342422][ T5947] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 105.700465][ T5946] sched: RT throttling activated [ 106.290395][ T23] usb 3-1: USB disconnect, device number 2 [ 106.478469][ T5957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.16'. [ 106.514125][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 106.614644][ T5964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'. [ 107.293227][ T5950] ALSA: mixer_oss: invalid OSS volume '' [ 107.299019][ T5950] ALSA: mixer_oss: invalid OSS volume '+]OؓOGec9bx'ĮC' [ 107.308015][ T5950] ALSA: mixer_oss: invalid OSS volume '_*[bYcq~lr, priority 0 [ 120.864282][ T6083] syzkaller0: entered promiscuous mode [ 120.987732][ T6083] syzkaller0: entered allmulticast mode [ 121.276759][ T6080] tipc: Resetting bearer [ 121.470963][ T6080] tipc: Disabling bearer [ 122.212895][ T6090] loop3: detected capacity change from 0 to 2048 [ 122.283328][ T6090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 122.611232][ T787] usb 3-1: USB disconnect, device number 3 [ 122.746663][ T6097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.62'. [ 122.845551][ T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 122.928929][ T6102] netlink: 32 bytes leftover after parsing attributes in process `syz.3.65'. [ 122.938245][ T6104] loop2: detected capacity change from 0 to 16 [ 122.939896][ T6104] erofs: Unknown parameter 'vΡe1' [ 123.035502][ T5779] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 123.048188][ T6104] loop2: detected capacity change from 0 to 4096 [ 123.095926][ T6104] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.66: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 123.109204][ T23] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 123.144400][ T6104] EXT4-fs (loop2): get root inode failed [ 123.171043][ T6104] EXT4-fs (loop2): mount failed [ 123.177039][ T23] usb 2-1: config 0 has no interface number 0 [ 123.183204][ T23] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 123.226672][ C1] Unknown status report in ack skb [ 123.255860][ T5779] usb 1-1: Using ep0 maxpacket: 16 [ 123.263583][ T23] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 123.274136][ T5779] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 123.284500][ T23] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 123.300605][ T23] usb 2-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 123.312755][ T23] usb 2-1: config 0 interface 20 has no altsetting 0 [ 123.322150][ T5779] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 123.362922][ T5779] usb 1-1: Product: syz [ 123.383159][ T5779] usb 1-1: Manufacturer: syz [ 123.392902][ T23] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 123.413605][ T5779] usb 1-1: SerialNumber: syz [ 123.417611][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.428412][ T5779] usb 1-1: config 0 descriptor?? [ 123.441485][ T23] usb 2-1: Product: syz [ 123.460721][ T23] usb 2-1: Manufacturer: syz [ 123.475146][ T23] usb 2-1: SerialNumber: syz [ 123.512039][ T23] usb 2-1: config 0 descriptor?? [ 123.737608][ T5779] usb 1-1: USB disconnect, device number 4 [ 123.754328][ T23] keyspan 2-1:0.20: Keyspan 1 port adapter converter detected [ 123.821282][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 87 [ 123.851068][ T23] keyspan 2-1:0.20: unsupported endpoint type 0 [ 123.877826][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 81 [ 123.902005][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 1 [ 123.923416][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 2 [ 123.953640][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 85 [ 123.981526][ T23] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 5 [ 124.012782][ T23] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 124.058382][ T23] usb 2-1: USB disconnect, device number 3 [ 124.097252][ T23] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 124.149928][ T23] keyspan 2-1:0.20: device disconnected [ 124.961761][ T6123] loop1: detected capacity change from 0 to 2048 [ 125.002451][ T6125] tipc: Enabled bearer , priority 0 [ 125.014012][ T6125] syzkaller0: entered promiscuous mode [ 125.058961][ T6125] syzkaller0: entered allmulticast mode [ 125.099614][ T6123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 125.140499][ T6125] tipc: Resetting bearer [ 125.211235][ T6124] tipc: Resetting bearer [ 125.356684][ T6124] tipc: Disabling bearer [ 125.849557][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.73'. [ 126.805580][ T6138] netlink: 32 bytes leftover after parsing attributes in process `syz.0.76'. [ 127.265538][ T5836] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 127.301874][ T6141] loop1: detected capacity change from 0 to 32768 [ 127.493973][ T5836] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 127.517732][ T5836] usb 4-1: config 0 has no interface number 0 [ 127.544311][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 127.574860][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 127.581687][ T6148] loop2: detected capacity change from 0 to 2048 [ 127.600732][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 127.654589][ T5836] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 127.664453][ T6148] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 127.696571][ T5836] usb 4-1: config 0 interface 20 has no altsetting 0 [ 127.714930][ T5836] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 127.740813][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.767256][ T5836] usb 4-1: Product: syz [ 127.771502][ T5836] usb 4-1: Manufacturer: syz [ 127.857080][ T5836] usb 4-1: SerialNumber: syz [ 127.870306][ T5836] usb 4-1: config 0 descriptor?? [ 128.120314][ T5836] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 128.126433][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.84'. [ 128.137721][ T6153] loop1: detected capacity change from 0 to 16 [ 128.161289][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 128.180570][ T5836] keyspan 4-1:0.20: unsupported endpoint type 0 [ 128.196712][ T6153] erofs: Unknown parameter 'vΡe1' [ 128.232414][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 128.251109][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 128.288162][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 128.305718][ T5916] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 128.328424][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 128.356006][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 128.381552][ T5836] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 128.426334][ T5836] usb 4-1: USB disconnect, device number 3 [ 128.469208][ T5836] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 128.519964][ T5836] keyspan 4-1:0.20: device disconnected [ 128.742756][ T6153] loop1: detected capacity change from 0 to 4096 [ 128.860829][ T6153] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #2: comm syz.1.83: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 129.040787][ T6153] EXT4-fs (loop1): get root inode failed [ 129.067912][ T6153] EXT4-fs (loop1): mount failed [ 129.137740][ C0] Unknown status report in ack skb [ 129.959084][ T6172] netlink: 32 bytes leftover after parsing attributes in process `syz.1.90'. [ 130.144203][ T6178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.93'. [ 130.609591][ T5834] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 130.650700][ T6190] loop0: detected capacity change from 0 to 16 [ 130.679652][ T6190] erofs: Unknown parameter 'vΡe1' [ 130.758006][ T5836] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 130.779192][ T6190] loop0: detected capacity change from 0 to 4096 [ 130.800185][ T6190] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #2: comm syz.0.99: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 130.833252][ T5834] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 130.842191][ T5834] usb 4-1: config 0 has no interface number 0 [ 130.854571][ T6190] EXT4-fs (loop0): get root inode failed [ 130.862438][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 130.875433][ T6190] EXT4-fs (loop0): mount failed [ 130.891609][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 130.913444][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 130.928553][ T5834] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 130.944692][ T5834] usb 4-1: config 0 interface 20 has no altsetting 0 [ 130.955424][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 130.956962][ T5834] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 130.971134][ T5836] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 130.981944][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.995357][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 131.002150][ T5834] usb 4-1: Product: syz [ 131.015616][ T5834] usb 4-1: Manufacturer: syz [ 131.015734][ T5836] usb 3-1: Product: syz [ 131.025768][ T5834] usb 4-1: SerialNumber: syz [ 131.045148][ T5836] usb 3-1: Manufacturer: syz [ 131.050243][ T5836] usb 3-1: SerialNumber: syz [ 131.076698][ T5836] usb 3-1: config 0 descriptor?? [ 131.086433][ T5834] usb 4-1: config 0 descriptor?? [ 131.307482][ T5834] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 131.311583][ T9] usb 3-1: USB disconnect, device number 4 [ 131.341183][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 131.362463][ T5834] keyspan 4-1:0.20: unsupported endpoint type 0 [ 131.370622][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.104'. [ 131.382441][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 131.403678][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 131.415165][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 131.424327][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 131.440851][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 131.458954][ T5834] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 131.486216][ T5834] usb 4-1: USB disconnect, device number 4 [ 131.501129][ T5834] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 131.519128][ T5834] keyspan 4-1:0.20: device disconnected [ 133.142460][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.149334][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.635529][ T787] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 134.851186][ T787] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 134.868834][ T787] usb 4-1: config 0 has no interface number 0 [ 134.888741][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 134.910099][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 134.932545][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 134.955408][ T787] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 134.977391][ T787] usb 4-1: config 0 interface 20 has no altsetting 0 [ 135.005679][ T787] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 135.014874][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.036505][ T787] usb 4-1: Product: syz [ 135.040751][ T787] usb 4-1: Manufacturer: syz [ 135.058928][ T787] usb 4-1: SerialNumber: syz [ 135.070220][ T787] usb 4-1: config 0 descriptor?? [ 135.294558][ T787] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 135.325684][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 135.353576][ T787] keyspan 4-1:0.20: unsupported endpoint type 0 [ 135.373073][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 135.388691][ T6253] Zero length message leads to an empty skb [ 135.404989][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 135.431410][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 135.449581][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 135.472272][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 135.491916][ T787] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 135.505865][ T6253] loop2: detected capacity change from 0 to 4096 [ 135.521654][ T787] usb 4-1: USB disconnect, device number 5 [ 135.546272][ T787] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 135.562517][ T787] keyspan 4-1:0.20: device disconnected [ 135.569902][ T6253] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.123: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 135.602454][ T6253] EXT4-fs (loop2): get root inode failed [ 135.615619][ T6253] EXT4-fs (loop2): mount failed [ 137.004150][ T6266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.126'. [ 137.476847][ T23] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 138.344684][ T23] usb 1-1: config 0 has no interfaces? [ 138.365036][ T6283] loop3: detected capacity change from 0 to 4096 [ 138.401479][ T23] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 138.441818][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.468679][ T6283] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #2: comm syz.3.133: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 138.477479][ T23] usb 1-1: Product: syz [ 138.498008][ T23] usb 1-1: Manufacturer: syz [ 138.508855][ T23] usb 1-1: SerialNumber: syz [ 138.532302][ T23] usb 1-1: config 0 descriptor?? [ 138.598152][ T6283] EXT4-fs (loop3): get root inode failed [ 138.603875][ T6283] EXT4-fs (loop3): mount failed [ 138.785421][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 138.997657][ T9] usb 2-1: config 0 has no interfaces? [ 139.006437][ T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 139.052416][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.081568][ T9] usb 2-1: Product: syz [ 139.097608][ T9] usb 2-1: Manufacturer: syz [ 139.114311][ T9] usb 2-1: SerialNumber: syz [ 139.163956][ T9] usb 2-1: config 0 descriptor?? [ 139.355692][ T5843] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 139.391498][ T23] usb 2-1: USB disconnect, device number 4 [ 139.559210][ T5843] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 139.574990][ T5843] usb 4-1: config 0 has no interface number 0 [ 139.593856][ T5843] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 139.636034][ T5843] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 139.675535][ T5843] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 139.715516][ T5843] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 139.726401][ T5843] usb 4-1: config 0 interface 20 has no altsetting 0 [ 139.736788][ T5843] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 139.747190][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.755546][ T5843] usb 4-1: Product: syz [ 139.759875][ T5843] usb 4-1: Manufacturer: syz [ 139.764602][ T5843] usb 4-1: SerialNumber: syz [ 139.776199][ T5843] usb 4-1: config 0 descriptor?? [ 139.995130][ T5843] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 140.021269][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 140.051278][ T5843] keyspan 4-1:0.20: unsupported endpoint type 0 [ 140.069670][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 140.084854][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 140.955500][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 140.964240][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 140.973517][ T5843] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 141.008144][ T5843] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 141.057254][ T5843] usb 4-1: USB disconnect, device number 6 [ 141.070340][ T5843] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 141.096272][ T5843] keyspan 4-1:0.20: device disconnected [ 142.714257][ T6312] loop3: detected capacity change from 0 to 4096 [ 142.776329][ T6312] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #2: comm syz.3.143: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 142.815679][ T6312] EXT4-fs (loop3): get root inode failed [ 142.831749][ T6312] EXT4-fs (loop3): mount failed [ 143.010190][ T5834] usb 1-1: USB disconnect, device number 5 [ 143.384702][ T5836] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 143.642552][ T5836] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 143.700472][ T5836] usb 4-1: config 0 has no interface number 0 [ 143.768373][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 143.885038][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 144.008840][ T5836] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 144.115443][ T5836] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 144.143752][ T5836] usb 4-1: config 0 interface 20 has no altsetting 0 [ 144.202462][ T5836] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 144.240985][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.285229][ T5836] usb 4-1: Product: syz [ 144.312789][ T5836] usb 4-1: Manufacturer: syz [ 144.321898][ T5836] usb 4-1: SerialNumber: syz [ 144.346839][ T5836] usb 4-1: config 0 descriptor?? [ 144.568765][ T5836] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 144.586334][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 144.619878][ T5836] keyspan 4-1:0.20: unsupported endpoint type 0 [ 144.641423][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 144.670755][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 144.691255][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 144.712286][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 144.735194][ T5836] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 144.755710][ T5836] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 144.780632][ T5836] usb 4-1: USB disconnect, device number 7 [ 144.808296][ T5836] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 144.864950][ T5836] keyspan 4-1:0.20: device disconnected [ 146.067593][ T6350] ptrace attach of "./syz-executor exec"[5790] was attempted by "./syz-executor exec"[6350] [ 146.090640][ T6348] loop0: detected capacity change from 0 to 4096 [ 146.109787][ T6348] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #2: comm syz.0.156: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 146.212225][ T6348] EXT4-fs (loop0): get root inode failed [ 146.240822][ T6348] EXT4-fs (loop0): mount failed [ 148.245435][ T5843] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 148.477879][ T5843] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 148.505720][ T5843] usb 2-1: config 0 has no interface number 0 [ 148.546947][ T5843] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 148.594479][ T5843] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 148.704067][ T5843] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 148.842937][ T5843] usb 2-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 148.979170][ T5843] usb 2-1: config 0 interface 20 has no altsetting 0 [ 149.108152][ T5843] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 149.233998][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.403742][ T5843] usb 2-1: Product: syz [ 149.408323][ T5843] usb 2-1: Manufacturer: syz [ 149.412953][ T5843] usb 2-1: SerialNumber: syz [ 149.437359][ T5843] usb 2-1: config 0 descriptor?? [ 149.728924][ T5843] keyspan 2-1:0.20: Keyspan 1 port adapter converter detected [ 149.753810][ T6380] loop0: detected capacity change from 0 to 4096 [ 149.757214][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 87 [ 149.786419][ T5843] keyspan 2-1:0.20: unsupported endpoint type 0 [ 149.794694][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 81 [ 149.808199][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 1 [ 149.817646][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 2 [ 149.826568][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 85 [ 149.842946][ T5843] keyspan 2-1:0.20: found no endpoint descriptor for endpoint 5 [ 149.854300][ T5843] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 149.879301][ T6380] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #2: comm syz.0.166: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 149.909081][ T5843] usb 2-1: USB disconnect, device number 5 [ 149.950117][ T5843] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 149.978195][ T6380] EXT4-fs (loop0): get root inode failed [ 149.983912][ T6380] EXT4-fs (loop0): mount failed [ 149.994401][ T5843] keyspan 2-1:0.20: device disconnected [ 151.128574][ T6397] loop2: detected capacity change from 0 to 128 [ 153.558701][ T58] kworker/u4:4: attempt to access beyond end of device [ 153.558701][ T58] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 155.324356][ T6419] loop2: detected capacity change from 0 to 4096 [ 155.510723][ T6419] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.179: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 155.567100][ T6419] EXT4-fs (loop2): get root inode failed [ 155.573044][ T6419] EXT4-fs (loop2): mount failed [ 155.941288][ T5834] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 156.011543][ T6431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'. [ 156.137186][ T6433] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'. [ 156.231778][ T5834] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 156.332130][ T5834] usb 4-1: config 0 has no interface number 0 [ 156.456889][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 156.608353][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 156.726598][ T5834] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 156.779805][ T5834] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 156.850228][ T5834] usb 4-1: config 0 interface 20 has no altsetting 0 [ 156.960635][ T5834] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 156.992114][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.019891][ T5834] usb 4-1: Product: syz [ 157.029862][ T5834] usb 4-1: Manufacturer: syz [ 157.034541][ T5834] usb 4-1: SerialNumber: syz [ 157.059117][ T5834] usb 4-1: config 0 descriptor?? [ 157.294218][ T5834] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 157.328279][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 157.340114][ T5834] keyspan 4-1:0.20: unsupported endpoint type 0 [ 157.366030][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 157.373909][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 157.405475][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 157.413381][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 157.467415][ T5834] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 157.540491][ T5834] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 157.643696][ T5834] usb 4-1: USB disconnect, device number 8 [ 157.896091][ T5834] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 158.142979][ T5834] keyspan 4-1:0.20: device disconnected [ 158.739707][ T6453] ALSA: mixer_oss: invalid OSS volume '' [ 158.753081][ T6453] ALSA: mixer_oss: invalid OSS volume 'fU=;ʸgԊ' [ 159.728743][ T6461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 159.805996][ T6465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 161.243676][ T6478] loop1: detected capacity change from 0 to 2048 [ 161.404620][ T6478] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.184271][ T787] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 162.534590][ T787] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 162.543997][ T787] usb 4-1: config 0 has no interface number 0 [ 162.558908][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 162.597395][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 162.630751][ T787] usb 4-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 162.682842][ T787] usb 4-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 162.714215][ T787] usb 4-1: config 0 interface 20 has no altsetting 0 [ 162.750033][ T787] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 162.775921][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.804457][ T787] usb 4-1: Product: syz [ 162.814874][ T787] usb 4-1: Manufacturer: syz [ 162.831025][ T787] usb 4-1: SerialNumber: syz [ 162.853949][ T787] usb 4-1: config 0 descriptor?? [ 162.872736][ T6487] ALSA: mixer_oss: invalid OSS volume '' [ 162.904228][ T6487] ALSA: mixer_oss: invalid OSS volume 'fU=;ʸg' [ 163.082630][ T787] keyspan 4-1:0.20: Keyspan 1 port adapter converter detected [ 163.126054][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 87 [ 163.133940][ T787] keyspan 4-1:0.20: unsupported endpoint type 0 [ 163.160523][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 81 [ 164.038543][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 1 [ 164.046424][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 2 [ 164.054166][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 85 [ 164.062045][ T787] keyspan 4-1:0.20: found no endpoint descriptor for endpoint 5 [ 164.071372][ T787] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 164.085795][ T787] usb 4-1: USB disconnect, device number 9 [ 164.104480][ T787] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 164.117287][ T787] keyspan 4-1:0.20: device disconnected [ 166.742417][ T6511] loop2: detected capacity change from 0 to 2048 [ 166.804594][ T6511] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.515540][ T787] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 171.264903][ T787] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 171.275406][ T787] usb 2-1: config 0 has no interface number 0 [ 171.337971][ T6542] loop3: detected capacity change from 0 to 2048 [ 171.388088][ T6542] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.494093][ T787] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 171.506273][ T787] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 171.518534][ T787] usb 2-1: config 0 interface 20 altsetting 119 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 171.529844][ T787] usb 2-1: config 0 interface 20 altsetting 119 has an invalid endpoint with address 0x0, skipping [ 171.541606][ T787] usb 2-1: config 0 interface 20 has no altsetting 0 [ 171.554817][ T787] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice= d.05 [ 172.485364][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.494680][ T787] usb 2-1: Product: syz [ 172.520958][ T787] usb 2-1: Manufacturer: syz [ 172.526421][ T787] usb 2-1: SerialNumber: syz [ 172.544219][ T787] usb 2-1: config 0 descriptor?? [ 172.642504][ T787] usb 2-1: can't set config #0, error -71 [ 172.674075][ T787] usb 2-1: USB disconnect, device number 6 [ 173.026813][ T6559] ================================================================== [ 173.034956][ T6559] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 173.042658][ T6559] Read of size 1 at addr ffff88805d0fa830 by task syz.3.226/6559 [ 173.050411][ T6559] [ 173.052786][ T6559] CPU: 1 PID: 6559 Comm: syz.3.226 Not tainted 6.6.96-syzkaller #0 [ 173.060708][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.070825][ T6559] Call Trace: [ 173.074136][ T6559] [ 173.077105][ T6559] dump_stack_lvl+0x16c/0x230 [ 173.081833][ T6559] ? __lock_acquire+0x7c80/0x7c80 [ 173.086900][ T6559] ? show_regs_print_info+0x20/0x20 [ 173.092139][ T6559] ? load_image+0x3b0/0x3b0 [ 173.096687][ T6559] ? __virt_addr_valid+0x469/0x540 [ 173.101879][ T6559] print_report+0xac/0x230 [ 173.106339][ T6559] ? rose_get_neigh+0x391/0x990 [ 173.111232][ T6559] kasan_report+0x117/0x150 [ 173.115790][ T6559] ? rose_get_neigh+0x391/0x990 [ 173.120686][ T6559] rose_get_neigh+0x391/0x990 [ 173.125416][ T6559] rose_connect+0x417/0x10a0 [ 173.130091][ T6559] ? aa_sk_perm+0x7fc/0x930 [ 173.134630][ T6559] ? rose_bind+0x7c0/0x7c0 [ 173.139089][ T6559] ? aa_af_perm+0x1f0/0x2b0 [ 173.143632][ T6559] ? tomoyo_socket_connect_permission+0x164/0x290 [ 173.146932][ T6558] loop1: detected capacity change from 0 to 4096 [ 173.150070][ T6559] ? __might_fault+0xaa/0x120 [ 173.150102][ T6559] ? bpf_lsm_socket_connect+0x9/0x10 [ 173.166446][ T6559] ? security_socket_connect+0x80/0xa0 [ 173.171951][ T6559] ? rose_bind+0x7c0/0x7c0 [ 173.176418][ T6559] __sys_connect+0x397/0x420 [ 173.181063][ T6559] ? __sys_connect_file+0x180/0x180 [ 173.186319][ T6559] __x64_sys_connect+0x7a/0x90 [ 173.191141][ T6559] do_syscall_64+0x55/0xb0 [ 173.195597][ T6559] ? clear_bhb_loop+0x40/0x90 [ 173.200298][ T6559] ? clear_bhb_loop+0x40/0x90 [ 173.204998][ T6559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.210918][ T6559] RIP: 0033:0x7f3f7698e929 [ 173.215373][ T6559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.235020][ T6559] RSP: 002b:00007f3f77849038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 173.243467][ T6559] RAX: ffffffffffffffda RBX: 00007f3f76bb5fa0 RCX: 00007f3f7698e929 [ 173.251455][ T6559] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000d [ 173.259436][ T6559] RBP: 00007f3f76a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 173.267417][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.275402][ T6559] R13: 0000000000000000 R14: 00007f3f76bb5fa0 R15: 00007ffdc541aac8 [ 173.283394][ T6559] [ 173.286422][ T6559] [ 173.288767][ T6559] Allocated by task 6169: [ 173.293105][ T6559] kasan_set_track+0x4e/0x70 [ 173.297724][ T6559] __kasan_kmalloc+0x8f/0xa0 [ 173.302333][ T6559] rose_add_node+0x23a/0xdd0 [ 173.306943][ T6559] rose_rt_ioctl+0xa42/0xfb0 [ 173.311556][ T6559] rose_ioctl+0x3cf/0x8b0 [ 173.315904][ T6559] sock_do_ioctl+0xd7/0x2f0 [ 173.320420][ T6559] sock_ioctl+0x623/0x7a0 [ 173.324760][ T6559] __se_sys_ioctl+0xfd/0x170 [ 173.329375][ T6559] do_syscall_64+0x55/0xb0 [ 173.333808][ T6559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.339716][ T6559] [ 173.342045][ T6559] Freed by task 6559: [ 173.346036][ T6559] kasan_set_track+0x4e/0x70 [ 173.350645][ T6559] kasan_save_free_info+0x2e/0x50 [ 173.355694][ T6559] ____kasan_slab_free+0x126/0x1e0 [ 173.360832][ T6559] slab_free_freelist_hook+0x130/0x1b0 [ 173.366307][ T6559] __kmem_cache_free+0xba/0x1f0 [ 173.371187][ T6559] rose_rt_device_down+0x66d/0x6c0 [ 173.376332][ T6559] rose_device_event+0x604/0x690 [ 173.381290][ T6559] notifier_call_chain+0x197/0x390 [ 173.386421][ T6559] __dev_notify_flags+0x18e/0x2e0 [ 173.391469][ T6559] dev_change_flags+0xe8/0x1a0 [ 173.396250][ T6559] dev_ifsioc+0x6a7/0xe20 [ 173.400593][ T6559] dev_ioctl+0x7e2/0x1170 [ 173.404956][ T6559] sock_do_ioctl+0x226/0x2f0 [ 173.409564][ T6559] sock_ioctl+0x623/0x7a0 [ 173.413943][ T6559] __se_sys_ioctl+0xfd/0x170 [ 173.418575][ T6559] do_syscall_64+0x55/0xb0 [ 173.423039][ T6559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.428956][ T6559] [ 173.431290][ T6559] Last potentially related work creation: [ 173.437012][ T6559] kasan_save_stack+0x3e/0x60 [ 173.441711][ T6559] __kasan_record_aux_stack+0xaf/0xc0 [ 173.447196][ T6559] call_rcu+0x14f/0x920 [ 173.451371][ T6559] ip6_route_info_create+0x9c0/0x1200 [ 173.456754][ T6559] ip6_route_add+0x28/0x130 [ 173.461269][ T6559] addrconf_prefix_route+0x211/0x2b0 [ 173.466669][ T6559] inet6_addr_add+0x64a/0xb60 [ 173.471383][ T6559] inet6_rtm_newaddr+0x68d/0x940 [ 173.476347][ T6559] rtnetlink_rcv_msg+0x7c7/0xf10 [ 173.481296][ T6559] netlink_rcv_skb+0x216/0x480 [ 173.486077][ T6559] netlink_unicast+0x750/0x8c0 [ 173.490859][ T6559] netlink_sendmsg+0x8c1/0xbe0 [ 173.495638][ T6559] __sys_sendto+0x46a/0x620 [ 173.500161][ T6559] __x64_sys_sendto+0xde/0xf0 [ 173.504857][ T6559] do_syscall_64+0x55/0xb0 [ 173.509307][ T6559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.515210][ T6559] [ 173.517544][ T6559] The buggy address belongs to the object at ffff88805d0fa800 [ 173.517544][ T6559] which belongs to the cache kmalloc-512 of size 512 [ 173.531633][ T6559] The buggy address is located 48 bytes inside of [ 173.531633][ T6559] freed 512-byte region [ffff88805d0fa800, ffff88805d0faa00) [ 173.545373][ T6559] [ 173.547713][ T6559] The buggy address belongs to the physical page: [ 173.554142][ T6559] page:ffffea0001743e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805d0f8800 pfn:0x5d0f8 [ 173.565611][ T6559] head:ffffea0001743e00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 173.574559][ T6559] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 173.582556][ T6559] page_type: 0xffffffff() [ 173.586899][ T6559] raw: 00fff00000000840 ffff888017841c80 ffffea0001771210 ffffea000078be10 [ 173.595490][ T6559] raw: ffff88805d0f8800 000000000010000a 00000001ffffffff 0000000000000000 [ 173.604079][ T6559] page dumped because: kasan: bad access detected [ 173.610501][ T6559] page_owner tracks the page as allocated [ 173.616218][ T6559] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5789, tgid 5789 (syz-executor), ts 91498148904, free_ts 26558774831 [ 173.638980][ T6559] post_alloc_hook+0x1cd/0x210 [ 173.643759][ T6559] get_page_from_freelist+0x195c/0x19f0 [ 173.649349][ T6559] __alloc_pages+0x1e3/0x460 [ 173.653953][ T6559] alloc_slab_page+0x5d/0x170 [ 173.658653][ T6559] new_slab+0x87/0x2e0 [ 173.662898][ T6559] ___slab_alloc+0xc6d/0x12f0 [ 173.667590][ T6559] __kmem_cache_alloc_node+0x1a2/0x260 [ 173.673061][ T6559] __kmalloc+0xa4/0x240 [ 173.677229][ T6559] fib6_info_alloc+0x32/0xe0 [ 173.681835][ T6559] ip6_route_info_create+0x44f/0x1200 [ 173.687222][ T6559] ip6_route_add+0x28/0x130 [ 173.691741][ T6559] addrconf_add_dev+0x257/0x340 [ 173.696610][ T6559] addrconf_init_auto_addrs+0x5d7/0xb40 [ 173.702187][ T6559] addrconf_notify+0xb62/0x1010 [ 173.707056][ T6559] notifier_call_chain+0x197/0x390 [ 173.712183][ T6559] __dev_notify_flags+0x18e/0x2e0 [ 173.717229][ T6559] page last free stack trace: [ 173.721907][ T6559] free_unref_page_prepare+0x7ce/0x8e0 [ 173.727381][ T6559] free_unref_page+0x32/0x2e0 [ 173.732080][ T6559] free_contig_range+0xa1/0x160 [ 173.736952][ T6559] destroy_args+0x87/0x770 [ 173.741382][ T6559] debug_vm_pgtable+0x3cc/0x410 [ 173.746251][ T6559] do_one_initcall+0x1fd/0x750 [ 173.751034][ T6559] do_initcall_level+0x137/0x1f0 [ 173.755982][ T6559] do_initcalls+0x69/0xd0 [ 173.760326][ T6559] kernel_init_freeable+0x3d2/0x570 [ 173.765622][ T6559] kernel_init+0x1d/0x1c0 [ 173.769959][ T6559] ret_from_fork+0x48/0x80 [ 173.774387][ T6559] ret_from_fork_asm+0x11/0x20 [ 173.779170][ T6559] [ 173.781499][ T6559] Memory state around the buggy address: [ 173.787173][ T6559] ffff88805d0fa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 173.795248][ T6559] ffff88805d0fa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 173.803330][ T6559] >ffff88805d0fa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 173.811400][ T6559] ^ [ 173.817039][ T6559] ffff88805d0fa880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 173.825106][ T6559] ffff88805d0fa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 173.833170][ T6559] ================================================================== [ 173.841480][ T6559] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 173.848706][ T6559] CPU: 1 PID: 6559 Comm: syz.3.226 Not tainted 6.6.96-syzkaller #0 [ 173.856659][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.866759][ T6559] Call Trace: [ 173.870070][ T6559] [ 173.873065][ T6559] dump_stack_lvl+0x16c/0x230 [ 173.877807][ T6559] ? show_regs_print_info+0x20/0x20 [ 173.883053][ T6559] ? load_image+0x3b0/0x3b0 [ 173.887607][ T6559] panic+0x2c0/0x710 [ 173.891540][ T6559] ? bpf_jit_dump+0xd0/0xd0 [ 173.896114][ T6559] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 173.902041][ T6559] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 173.907982][ T6559] ? _raw_spin_unlock+0x40/0x40 [ 173.912872][ T6559] ? print_memory_metadata+0x314/0x400 [ 173.918375][ T6559] ? rose_get_neigh+0x391/0x990 [ 173.923267][ T6559] check_panic_on_warn+0x84/0xa0 [ 173.928242][ T6559] ? rose_get_neigh+0x391/0x990 [ 173.933130][ T6559] end_report+0x6f/0x140 [ 173.937411][ T6559] kasan_report+0x128/0x150 [ 173.942040][ T6559] ? rose_get_neigh+0x391/0x990 [ 173.946931][ T6559] rose_get_neigh+0x391/0x990 [ 173.951651][ T6559] rose_connect+0x417/0x10a0 [ 173.956284][ T6559] ? aa_sk_perm+0x7fc/0x930 [ 173.960856][ T6559] ? rose_bind+0x7c0/0x7c0 [ 173.965309][ T6559] ? aa_af_perm+0x1f0/0x2b0 [ 173.969844][ T6559] ? tomoyo_socket_connect_permission+0x164/0x290 [ 173.976295][ T6559] ? __might_fault+0xaa/0x120 [ 173.981008][ T6559] ? bpf_lsm_socket_connect+0x9/0x10 [ 173.986331][ T6559] ? security_socket_connect+0x80/0xa0 [ 173.991819][ T6559] ? rose_bind+0x7c0/0x7c0 [ 173.996355][ T6559] __sys_connect+0x397/0x420 [ 174.000990][ T6559] ? __sys_connect_file+0x180/0x180 [ 174.006238][ T6559] __x64_sys_connect+0x7a/0x90 [ 174.011041][ T6559] do_syscall_64+0x55/0xb0 [ 174.015491][ T6559] ? clear_bhb_loop+0x40/0x90 [ 174.020203][ T6559] ? clear_bhb_loop+0x40/0x90 [ 174.024912][ T6559] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 174.030837][ T6559] RIP: 0033:0x7f3f7698e929 [ 174.035279][ T6559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.054921][ T6559] RSP: 002b:00007f3f77849038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 174.063376][ T6559] RAX: ffffffffffffffda RBX: 00007f3f76bb5fa0 RCX: 00007f3f7698e929 [ 174.071387][ T6559] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000d [ 174.079391][ T6559] RBP: 00007f3f76a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 174.087395][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.095398][ T6559] R13: 0000000000000000 R14: 00007f3f76bb5fa0 R15: 00007ffdc541aac8 [ 174.103409][ T6559] [ 174.106706][ T6559] Kernel Offset: disabled [ 174.111040][ T6559] Rebooting in 86400 seconds..