last executing test programs: 3.935938735s ago: executing program 1 (id=139): r0 = socket$kcm(0x10, 0x2, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f00000002800000129487", 0x2f}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x48000) 2.51724967s ago: executing program 1 (id=153): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000980), 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendfile(r1, r1, 0x0, 0xe3aa6ea) truncate(&(0x7f0000000940)='./file1\x00', 0x8da6) 1.930031329s ago: executing program 0 (id=155): write(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00U\x00=\t\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="20000280", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000a000000000000000000001420000100", @ANYRES32=r1], 0x58}}, 0x0) 1.837318612s ago: executing program 0 (id=156): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x501, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x6001, 0x110}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TOS={0x5, 0x5, 0x3}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x36}}]}}}]}, 0x44}}, 0x84000) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x12e1b, 0x3a001}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}]}}}]}, 0x3c}}, 0x20004000) 1.830410222s ago: executing program 1 (id=157): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) r1 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r2, @ANYBLOB="0500060001000000050007a10000000005000300df00000008000200", @ANYRES64=r0], 0x68}}, 0x0) 1.677743197s ago: executing program 0 (id=159): syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4810, &(0x7f00000004c0)=ANY=[], 0x3, 0x2c4, &(0x7f00000007c0)="$eJzs3btPFFEUx/HfnV1gEYLDw5BYoiRWRrExNhjCH2GhRmXXhLDBRDFRK2JtjJ3G3s7a2FjaWBGtjVZW/gF0Y+bMzDLAvBZZJsD3k+xmdO65c87uPO7dZBgBOLWWln99uPYnfDmpoYakG5InqSU1JZ3TbOvp+sbqRrfTLuqoYRHhyymKdPvarKx3skLDOIuI+eG/mhpP/x8GIwiC4PePRnGbs0eWDmpiR38GTxqJj05b3zryzAZjs+4Eaua2ta1nmqg7DwBAveLrvxdf58fj8bvnSfPxZf9EXf+3606gZqnrv82yAhd+vzbQdzvzPZvCNUclJbPEgh5z1wwr2rN2DTBd2azScvFGH652O5dXHnXbnl5qMZZqNmPv7WjXTZRkO1eQbIby2vNYxd5QWMNCTv7TB9ni2/5T6XHf3Ja763y9V7s3/msG9onYN+Vb3n4vIMr/Sn6PY9ats1Y5VU7aRs7HW9DnjxWqbGXPSHp5Tmr3DwR+kueb4YKoqT1RUXVX86uzqOnMqIWSqJl0VHzmjPfm/MiDyyl7D/fa3XJz+qtPWk6N/73w055XlSMzbGMt4z2jsJ6mtfQrJOZVSh9VDRWufaUHuq6JJ89frN3vdjuPqy58+dlH48NeaPxPeFL5ABILRqKuB1V7c2A9pxeSHaamL/c0LSh/1Wa1fhoa0VpyzhxEqlHP2QOl0UM5QaF+qdPj7O26k0EdwnOIi+Z/NpKPRnU3bV14+Ps2Th9S1jg9KOvcenx3ZyuaPqTmBjuD1Sl7P9PXDG4sfwaXqqFwznXhknSxYItfd3frx3meEG5Z33WP3/8BAAAAAAAAAAAAAAAAAACOm2r3A8S3txzwzpCaSwQAAAAAAAAAAAAAAAAAAAAA4Ngrev6vPSOz5Pm/yZ0B+c//Tf1V7/Ln/y4uJc33P/+3+CG1APr2LwAA//8KRnSp") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4842, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6200, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a5a438, &(0x7f0000004440)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYBLOB, @ANYRESHEX, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC, @ANYRESOCT=0x0, @ANYRES16, @ANYRES32, @ANYBLOB="ac2d5b5b8945d57e7869648ebe10b8d2719763b4bf3f6667bf8f722606d2b3593f26218e9a5fba2e7d4166787da71737b380045fb0a682e2915271f214c0112961b73c4638e7ba68deb34826d7682ace7549c83bf52bd9142b6c5adebf82155270d33204c09c07ed4ca2fc932af48646c9624e3e3544d68f61a2b073fb85332599b299a4f441a8e2f74c57aa38b5b596238280c1693bba97ff258679ab84485970b60f81093dda6501baba18a7790ca3e6fcfa12898b9fff3faf613d71f9d64dbd5c2edad8e774fb0da39e532d92164e2d34aff7cae32f3cd7aa9aace000f136323e4808d0c66c0828942def38deb2e1d847555fe0d5ba8084babb3169f9f06246ecd5327758448c9c7e4591da12ff1b084e757d05af4f0f0444ecfcc0c4d2067a98d49fe52412218380bb75e21cd2372404ea0b116b9a1c1e3350b3e6f17c5bd1f1adb4ce1d03d5b30eb0690340708f06dfca5c9d74a7c140cabddd0f37d8bcf15e578dde85d7c28ccb1c9633ceeb54bb278d5a097220ca53a2ea4781aca2b70189199938afba9a700a610225311fe8316794ca0ae139a50dbd34d572d6165eaaa94844620045e615d51f5e19c29aadad3539490961135851f15bbfd0604f3926877583d85c45a04c6f155ad6e1966d2004ab6ab51f9beb82dbcdcaaab886564cbf81b581da397eba4fc8fe430ef93ed613cd588e399669b9f4b63481163e6c2b74112538192be9551ca400bc2b947a535fccbc567a68a3ab94554385bb1f2a0e2146310113102a9ffbcbbf44d30e076d363d6201faecf8bbbbc9d7fcd38195860bbc85ee3f5f9b2c990164abc3a7674ab2a631147d708585f52694a46b681cbc623b53a272f21f2aa5597beec8094954541316cc45ec9751fef12369e7272b7bdcb527bac4a19e0bba1b68ef98e3563705e9ca40bb914cece2fd75c2375b81a06dadcdb1c54a175855e30c3d9ca58ca873e43d703b1471526fb3dfe12e140b81df3afae6104e5ffa4e8585b456a7199c75c5abc7afeca743fce310df09062f20b9a99fac5d019338d98606805f4faad9cc81ebf03b7239a340c973828b676af4e594d796689f9823730c5ead8dba256925869ab0d7196a99b75a15f9927852d7813aa5a4cb76764749e882d59c094c5ebd1911153150e8d53aa8abbf360a4045b63e0e296d03158de8aa02b5aeb459dcdc6b9d5aa8c0e455e7cb6a5d9b26ee5420e41d89590a0c04ca8701a6a386716a32e04102f281f66317a21940c0cf83e128f4f83bdf6770170d74d43f3b1f4c0bb5e8c69254e0bfd15c6d02596bf3b547e5b9b8e84390455a9c4b00b633c661616aca4a4158868be21633f343155996eaff00c2c347fea03c6f06e7adcd83cf320e3a446d07dba202e5960632560da8a3b60efe5a814a5cb2a4ff0842fff23897b583b381e5030e506caef8dc97bef9532111e3eb3621870ec39fe2351d3814a02d2f9e38aac1f0897f32ddbffdc6e0acdea95ff7f67865daae1130f68f00985682ecefc43fb6f8521514923b5cf3560be0739aeb4eb00b389d39ebb9b974e054120fcd48c0d6bc09441c2c19f41bdfceed01a3b686921500fae88795f216794d21dd3a98f2fdb5a1590e0cbdc5cd9593b164e255131c21f22ed7e7ed4ec83db91f8bf5f327d7222be1e470a7c0d0a657c73ad606f2ef0c59d3c118c601d23d67ee16ce3658c9153b8131f06c1e4f83c49dbe6dbc3478b1313b9221bc4c5eadebfd16cd07afde509f2e926fcfd5f8feabe836f4080ea5e65c1e4d859f16ac45ad8c804eb9ecce363faf19c1409d8192a644823578ccfd5b643478eb948223676d375f811fffa874f7c2a281104a28baf4da2716ae870abb3e0f05e63466176356728a700fe39ebb62bdbff139fdbf21520022984dc6d3eed1d81b94f28a07cc238ccb64d65e87534c0111bb76212368c6e8e9a536e758fa2f16a2cab9d31984055488b27bcff12bcc5a0fe21a0e44edfb87c681060e6944ff89dce4a9c7122c53acc27913a5fbf15c9ada971df88f0df3f82eb563f63c640ad6e39a1f5c1aad83c364957ec6d645f4243d1fb4ecef275d4c0ca0284064cde0c282d793f290bab5a4dec15f3e2adcc9d455d2e28bd040d6e0f651ac6f20f55d1303d2aaef2104b393afc849e9cd7743ca20a6f092cbf42a67446892493128d38bb0d0f507ffe3fd718ec48eff58df729728bc01ee180d676dfa22c81da0e4e3fda94f4f94195bc82e1f941d8a290ca0d416373d420eba196470e4f25940506061c601f12b3656d6d6b3a47e50d5235b7fd0f82bb0835aee3470b69bf7e59616ece447d9af36c396f687214ff7d7e27961f461c780b4c563aeb47fa9f335cbdade8a06711ba79b6fe8778ac1bc06bb59131c17409c1d1d0cc746aec8c3b1348f9585945192d8e32002c676753ab246a92702fc8e3a3ce89b84661b1b10dcd73fddacd311ca663d483b87a59225f60627eecf409d6188236b198633d47c5f1c0ba0bb4321aac88a6061d5e97883914cd74284ab937b9579ccee6ab5bb39f6274a04e3e7a8c3d033e340357bc15c5f6daa047b1cee448ac380bbde4bf806b0891a04b9e408609b040b7d3a02d2a76d4013756d79244792c543fe2327a3c371852bed5ab54de987bc4699b32ad1c08f7fff7a23069e722f5d78742d622d4ccbc1a7bddc9a590b2c707bac3957d46b657a4e17f1914db58fb6436bdd58b86df491016a2b9ebe0c35a859b216f17f4828c8dee30a38ed1fc36347af978999d0c404313cf99c9281c45194abd79475a80ea1486840aad72b1c0c4f17fe35a150fcb574fa9fcc09a7fc5dcd34e15d4bf1bccfa8bf423d2437e2eb0d3ca9324fbfc7e256b862c50ebc8db3fb69f69003d37807af8ddccf2d929ad9d06ebbb7e538d93bb0b7bc828e1639e0b5e89c22badca307ad28183c3083e87c917feb4c882397d397ea2e7ff0e05ebb252940302cdc0f0f7efe40685f7c3e8923e3795d70d69c70d9a071e401cee771f29dcb5316471768464c4659f2c76d11713ab44f4c944a4819deb1248b02457403e9630aaf4a180e9e55bb4d291e9a2bc85a1ed17f906d54935c7e5e8b707ead56284fda0208bd88ab5c3259bd5329c0d26653eb07b6856ad799fd6fa8d2111da3970ff8509bc2ef3a8813d04f36001526b70757646ed4bf25a256751b8ec714f2e62dea19e82aacec389195532bf7f335afae4351adb93c846e22f1f2a3e0d620d81688bd5530e389f2284b3c997d4abab7c30aac1b141425cd9aa315dc5a5e8b04fd503d79896b1494d8be48048c7392fc92c325b76bde4496c49da34c9ff95969bec8f95c356239d5336907957383b12c512fff6d797097a26a5aee9251bae940ef1a19b3f746396300d3baeb476b023f740ed7c1da92fdbf1834c3a882a6079885b933333d0e194cc1f25a06c3a2d370936886cb385d9861d6762c7416a1db5275228b6499cdef9767fb998d43251b963bc4477b2c051b70a0317de5f6ec3158914145bd036ff194df9722d2a3d2ac2397891b573a34ad16236cdc7ca77bc15f0fdbc3cae923d61633a42bab450a80cf3ee6580e792b1617d74fa189d450a64ca12d8c797698208ea61010b6072885b762af598159621f838ebacc00ea11f5924b39b2bbbc5c7d667871ce32e9aa75893a9fa13a2ffe66b360e266446259a8745addb4e186139d86d4e8d48537ac35029b0d87c03e8c1a9b9a422594496feda8bc5502777428fe737198ed896c2128a4f7d552f2eea8fef6e68feaf3cbfd549e622eea7bc988bb16fc49b7ab241426f2e40edcca07d4f947ccb1d3b8c2e9cb14a0c04495dbb75bd9c935f36bfe398455b0e5f927d5726e617c69ca81fe36c3e6ea510c5fe4735161c992f9ebf66727e5a7ded590061d4da3b86b996846a6bb102e47d33465d88a68644c8a76a770d5e0318e6c301e7c7f5575bf15a9589b32cfaa41ee15972488497195a2cb49a6b6f937a8e311e34d311dfd4fe222d3abc095b0b24a1b7193eb3353def0cc1511c8fce9b0a7867ae2fed4db93009646dc91a3745387cbe61b37f749b40d5d38970856b7ab8b6e1e0b81c078c68cb55c57854b8b5863b7a4c87f42e6d6dca2de0326b1b26970168c99f59816877448e7f72626f5354fdb5e033cd6b42e9476665efae66287e656590d1f80b3a09557a57d7de4bade6a122d40a92db1d347463b74151d44a02dbe067259c633b8c84425e77a736fca99f06d0fd66e35365511ec017537f4c212e7f2e23369958c3a7b92feffad9edb12139f1f690f9512725c0a1a164e78b4130c91fd3961df91c1a11783c24b03bcf305fd0e14e6510f4d58cf73326e94f2bc1b1ab295297bee7a98b77afe483a7d66e780d5e111b4202285f580ce571ecc0985501faa0e9f2f5b9848d770d8d8ad7b90a951f83279073e45a0c7abcf89cd6200f7fc320e46ea3de2addee3a984432501063f9928d0897d93dde20fe8ebe4dabc1ac34b0efdb3d7c7b4d49571ea64252d7209ff6d0ae5b95ef35d8160c5976f7ed9c4b69db81a73f6d00fd254c417696d6af694f3688826cc04db8019f2419fa99e47dc436fd76890b5291cd2724717a1e604e6cb5e214235664e8c7148c2bd87996c05bcfe1f29200f40a0d766df3ddc6faef82fb34d385f90b8f0e4bb7ba519e7986735c169cb3546d62fb70fbd49eec4edd70397d2fcbfdb9cd87331fce3c9786b7090501b904c8f925a1dbfa151a18e6c145ebb74da7100de60a627100d6c04ce789a7d4e88692cb090fd9ff2006e5ddb870f5b2aa502081eb7a26744de9a0d29a66ef18eb097e1d396561078e3f9258046a3a3e9b5878964d71b526755084f385d9777b2ab503f9d77c09a46004b5005f69eedee80edd87dd17f2292eba00f71dedb010b7b003a8400f6b44d63559a10bc0052c678ac8ed9658aff4f858778ebb60cbaf53d82248a260c7255f943711e8ac31a4b7a4694dcdace3be25ea43bdc9dfd52d369292d8d7581a6979d1b8ad543baeb9296907e0926025f4c3597e98e2eacd048a5dedd0e9dabc3268ed35a91c6180908af07a95bf374573c7b4f611eb30bbb5f1721a6550f483dcaed51d84fdaa5c6a52d7c4d04ca4edfd2884483c2d5aaebf6f06c6fff8bff813923ac8c6edd0eadefab938442ff09b1b3ff926c963d67a01cccbd86cb69bb5e5a4adca82110f87d3ee7800b14412b48cd94feacbaa9c1921e816d0287ad1198b94fd6de314912b79938a0d00ef5968ca4cb506afa1496ce4886c8c44955a92c9d2395f108a357e240511cc7e6548ac4174e5b52cc1f03ea8fa8268a7283e9cd25518cc71114869537891b64337222f04c111407bc2c8777f1132e1b294ec533610fd1ae3b4aa7e20c315d87aeed3a19151677e04173fbd55e88669f515dea19c8b99f8d7e829734f615a9b95e278fec62cf2d1a37d535ef71996530c62e65bb6fde625447e9122cfd947d7032c7580bfa5286bdde0bd9c4f0c63cbceddc302e1daef7f27bf289f72456802560e4477b27520b45f3a39e787824f169b3fa0ec7fba1c37f4499d43a9cdca7595f3e9ab74223c34819b260130d8a7613653101cc9a6e236ac01965356c90814c632ed421a62654a457ccc66040026451610b94898d13292cf2096fc1744b8fe67cebbcee0a3830be987694e593d732f05e3c6503a71173dc9870c3eca017318b628dd651232ea1c424a98b394188c8b8dbf30d69f1976219fd5b1975f8deebabeca970581f011f428c164bb35e0d6be187a5a2887d6bb0889c41c5c24d0b173f05db5d3a9e50318b448b3c8c53e8afceede4caf8850d585d4134559a6abbee463da46f316c3faeffa30fec0b35fff3f320b99e805fa2d3d179fe0d9a40e8b5a3df3d5fea5e743163c8a21eb10b84046c95b735e5c727336666c9922041490702d1e17c8b", @ANYBLOB="4b5b40505ce4295c79dcaf712107d5772e50bc7e91c4501e03e44ce7c98e30df04de10ee861097fdc0244296b0cdb9fb091e8872149bc55fc3de32d9bc67139102c0c51604fa", @ANYRESDEC, @ANYRES8], 0xd, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000000)='./file1\x00', 0xb8) 1.505385542s ago: executing program 3 (id=160): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300)=0x18000, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10) 1.308829319s ago: executing program 0 (id=161): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@inlinecrypt}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x40, 0x0, &(0x7f0000000140)) mkdir(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x824851, 0x0, 0x1, 0x0, &(0x7f0000000d40)) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 1.297323279s ago: executing program 3 (id=162): r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x8c) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x17e) lseek(r2, 0xfffffffffffffffe, 0x1) 1.141315514s ago: executing program 3 (id=164): r0 = socket$packet(0x11, 0x2, 0x300) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x18, r2, 0x1, 0x81}, 0x14) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) 1.135412105s ago: executing program 1 (id=165): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}}) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0xfffffffffffffc01, 0x7ff}}, 0x28) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 891.709302ms ago: executing program 3 (id=167): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0) ioctl$HIDIOCSUSAGE(r1, 0x4018480c, 0x0) 661.155169ms ago: executing program 0 (id=169): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x12) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 642.59685ms ago: executing program 2 (id=170): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = inotify_init() creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x4000cdd) unlink(&(0x7f0000000000)='./file0\x00') close_range(r0, 0xffffffffffffffff, 0x0) 551.476083ms ago: executing program 2 (id=171): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @multicast2}, 0x10) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e24, @loopback}, 0x10) r2 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r2, &(0x7f0000000280)={0x2, 0x0, @multicast1, 0x1}, 0x10) 479.944465ms ago: executing program 2 (id=172): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002740)=@newtfilter={0x38, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0xb}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 385.979608ms ago: executing program 2 (id=173): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000180)={r3, 0x2}, &(0x7f0000000280)=0x8) 324.31785ms ago: executing program 2 (id=174): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000841000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000075000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x2f64, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0x2, 0x23f}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x29, 0x2, {0x401}}, 0xb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 312.136051ms ago: executing program 0 (id=176): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001540)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000002800)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0xc0}], 0x1, 0x0) recvmsg$can_bcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/88, 0x58}], 0x1}, 0x10060) 274.994882ms ago: executing program 3 (id=177): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_macvtap\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r3 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x24, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}]}]}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb3}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001}, 0x10) 184.980625ms ago: executing program 1 (id=178): setresgid(0x0, 0xee00, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000000)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0xee01, 0x0) keyctl$setperm(0x5, r0, 0x112012) keyctl$KEYCTL_MOVE(0x3, r0, 0x0, 0x0, 0x0) 67.626968ms ago: executing program 3 (id=179): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f2300", "d21b0e8a0e000000000000000600", "1d1cbe23", "ecba06893bcdc493"}, 0x28) sendto$inet6(r0, 0x0, 0x0, 0xc0c0, 0x0, 0x0) 159.16µs ago: executing program 1 (id=180): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0xffffffff, 0x40001, 0x0, 0xd, "ff00f7000000000000000020af88008300"}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000034c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="d8000000dafffffff7ffffffffffffff0600000000000000ffffdeffffffffff0200000004000000ffff0003000000000100000000000000f903000000000000010000007f00000000000000000000000600000000000000000000800000000007000000040000002528267b2b5d2a000200000000000000d90e00000000000002000000060000005c3a000000000000040000000000000008000000000000000a000000002000002f6465762f70746d78000000000000000200000000000000020000000000000006000000320900007d407b7b24000000cda0a4cfdf20d5683303406781e1f27dbd6dab46b378e9e1f2790e50b734ed16b7ff54d9f240526d797343d54c06f83091d7ed01b90c2ffb9fb36dc6d519e9a131902abdd7610f6604f344e040215aa347ff78ca5404c3a6b9e199057f49f47180acb510e9b318c94f51682387b6032dbc8e578ae03242a9e20a7fdf72f8528b5632a157d97bbb1e97e0d96fccc344e2d0666ac25d4a561f8402c791380d"], 0x0, 0x0, 0x0, 0x0}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)={0xf, 0xffffffff, 0x5, 0x7, 0xa, "0216a422c521d22b4d86c4f01780dae4840663"}) r1 = syz_open_pts(r0, 0x141601) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) 0s ago: executing program 2 (id=181): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000003a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0xfffe, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x16, 0xc2, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x81000001, 0x56}, @timestamp={0x8, 0xa, 0x10000, 0xffffffff}, @window={0x3, 0x3, 0x5}, @mptcp=@syn={0x1e, 0xc, 0x2, 0x1, 0xfb, 0x143, 0x8}, @timestamp={0x8, 0xa, 0xee, 0x500000}, @sack={0x5, 0xa, [0x5, 0xfffff000]}, @timestamp={0x8, 0xa, 0x1, 0x2}]}}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. [ 65.771056][ T5759] cgroup: Unknown subsys name 'net' [ 65.902819][ T5759] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.218390][ T5759] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.577569][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.586620][ T5772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.594597][ T5772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.609214][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.617056][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.626643][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.634699][ T5774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.643406][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.651400][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.658798][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.664058][ T5776] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.673328][ T5776] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.743743][ T5087] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.765994][ T5087] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.773700][ T5087] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.786003][ T5087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.794977][ T5772] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.802758][ T5772] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.816983][ T5774] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.825458][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.833861][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.842624][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.851004][ T5774] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.858620][ T5774] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.086854][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 69.204763][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 69.228125][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 69.259627][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.267327][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.274597][ T5770] bridge_slave_0: entered allmulticast mode [ 69.281586][ T5770] bridge_slave_0: entered promiscuous mode [ 69.291153][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.298401][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.305700][ T5770] bridge_slave_1: entered allmulticast mode [ 69.314498][ T5770] bridge_slave_1: entered promiscuous mode [ 69.374359][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.396434][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.444837][ T5770] team0: Port device team_slave_0 added [ 69.471272][ T5770] team0: Port device team_slave_1 added [ 69.495410][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.502776][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.510156][ T5773] bridge_slave_0: entered allmulticast mode [ 69.516931][ T5773] bridge_slave_0: entered promiscuous mode [ 69.548020][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.555222][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.562759][ T5777] bridge_slave_0: entered allmulticast mode [ 69.569545][ T5777] bridge_slave_0: entered promiscuous mode [ 69.576970][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.584064][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.591361][ T5773] bridge_slave_1: entered allmulticast mode [ 69.598143][ T5773] bridge_slave_1: entered promiscuous mode [ 69.631088][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.638149][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.666204][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.678596][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.685914][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.693062][ T5777] bridge_slave_1: entered allmulticast mode [ 69.700002][ T5777] bridge_slave_1: entered promiscuous mode [ 69.725136][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.733247][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.763296][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.784219][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.796104][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.841736][ T5770] hsr_slave_0: entered promiscuous mode [ 69.848936][ T5770] hsr_slave_1: entered promiscuous mode [ 69.868085][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.888486][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 69.900492][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.912364][ T5773] team0: Port device team_slave_0 added [ 69.927942][ T5773] team0: Port device team_slave_1 added [ 70.020245][ T5777] team0: Port device team_slave_0 added [ 70.026830][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.033800][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.060280][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.091145][ T5777] team0: Port device team_slave_1 added [ 70.107207][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.114164][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.141209][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.190163][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.197227][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.223465][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.265256][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.272469][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.300856][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.321167][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.329062][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.338773][ T5780] bridge_slave_0: entered allmulticast mode [ 70.345591][ T5780] bridge_slave_0: entered promiscuous mode [ 70.353404][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.360745][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.368286][ T5780] bridge_slave_1: entered allmulticast mode [ 70.375348][ T5780] bridge_slave_1: entered promiscuous mode [ 70.411853][ T5773] hsr_slave_0: entered promiscuous mode [ 70.418126][ T5773] hsr_slave_1: entered promiscuous mode [ 70.424148][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.432137][ T5773] Cannot create hsr debugfs directory [ 70.498698][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.511665][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.591940][ T5780] team0: Port device team_slave_0 added [ 70.603431][ T5777] hsr_slave_0: entered promiscuous mode [ 70.612869][ T5777] hsr_slave_1: entered promiscuous mode [ 70.619438][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.627587][ T5777] Cannot create hsr debugfs directory [ 70.650384][ T5780] team0: Port device team_slave_1 added [ 70.722531][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.730503][ T5774] Bluetooth: hci1: command tx timeout [ 70.730515][ T5087] Bluetooth: hci0: command tx timeout [ 70.741875][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.768055][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.780929][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.787950][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.814687][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.878810][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.889749][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.896048][ T5774] Bluetooth: hci2: command tx timeout [ 70.904890][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.915594][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.965963][ T5774] Bluetooth: hci3: command tx timeout [ 71.010362][ T5780] hsr_slave_0: entered promiscuous mode [ 71.017365][ T5780] hsr_slave_1: entered promiscuous mode [ 71.023424][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.031211][ T5780] Cannot create hsr debugfs directory [ 71.097205][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.109441][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.125284][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.136501][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.245362][ T5777] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.260094][ T5777] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.270946][ T5777] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.304573][ T5777] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.425197][ T5780] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.442405][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.449687][ T5780] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.460340][ T5780] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.471741][ T5780] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.494004][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.532136][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.561191][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.568452][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.589682][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.596853][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.609854][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.618361][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.625388][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.657521][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.701265][ T4412] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.708462][ T4412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.718734][ T4412] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.725912][ T4412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.772696][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.785537][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.792743][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.839362][ T4412] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.846523][ T4412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.875575][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.963926][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.989105][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.996424][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.069056][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.076255][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.189660][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.292330][ T5773] veth0_vlan: entered promiscuous mode [ 72.350047][ T5773] veth1_vlan: entered promiscuous mode [ 72.391717][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.487184][ T5773] veth0_macvtap: entered promiscuous mode [ 72.509305][ T5773] veth1_macvtap: entered promiscuous mode [ 72.581383][ T5770] veth0_vlan: entered promiscuous mode [ 72.593235][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.605076][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.619587][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.631456][ T5770] veth1_vlan: entered promiscuous mode [ 72.649584][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.661775][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.672007][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.681571][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.690578][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.802300][ T5770] veth0_macvtap: entered promiscuous mode [ 72.810222][ T5774] Bluetooth: hci0: command tx timeout [ 72.816413][ T5774] Bluetooth: hci1: command tx timeout [ 72.839773][ T5777] veth0_vlan: entered promiscuous mode [ 72.847347][ T5780] veth0_vlan: entered promiscuous mode [ 72.890366][ T5770] veth1_macvtap: entered promiscuous mode [ 72.908112][ T5777] veth1_vlan: entered promiscuous mode [ 72.910802][ T2976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.932037][ T5780] veth1_vlan: entered promiscuous mode [ 72.939420][ T2976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.967659][ T5774] Bluetooth: hci2: command tx timeout [ 72.984508][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.996677][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.009191][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.020084][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.027161][ T5777] veth0_macvtap: entered promiscuous mode [ 73.038969][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.050726][ T5774] Bluetooth: hci3: command tx timeout [ 73.053642][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.056986][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.076782][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.100518][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.110501][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.127890][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.136685][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.192115][ T5777] veth1_macvtap: entered promiscuous mode [ 73.244187][ T5780] veth0_macvtap: entered promiscuous mode [ 73.261043][ T5780] veth1_macvtap: entered promiscuous mode [ 73.314445][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.326545][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.336876][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.347425][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.358609][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.379636][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.390413][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.400424][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.410887][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.420779][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.431475][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.443467][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.469090][ T2976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.483612][ T2976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.494207][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.505198][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.515171][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.527011][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.538911][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.562861][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.573613][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.584163][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.595533][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.607218][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.617973][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.628933][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.642929][ T5780] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.652034][ T5780] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.660893][ T5780] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.669766][ T5780] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.683019][ T5777] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.693207][ T5777] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.702473][ T5777] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.711538][ T5777] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.808312][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.819696][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.924054][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.954065][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.035528][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.072835][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.182563][ T4412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.200995][ T4412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.246817][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.255291][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.602978][ T5845] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.738474][ T5849] syz.1.8[5849]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 74.864962][ T5851] team0: Port device syz_tun added [ 74.888375][ T5774] Bluetooth: hci1: command tx timeout [ 74.888387][ T5087] Bluetooth: hci0: command tx timeout [ 75.047491][ T5774] Bluetooth: hci2: command tx timeout [ 75.127235][ T5774] Bluetooth: hci3: command tx timeout [ 75.575979][ T5849] loop1: detected capacity change from 0 to 40427 [ 75.629530][ T5849] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 75.670244][ T5849] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 75.726734][ T5849] F2FS-fs (loop1): invalid crc value [ 75.763348][ T5849] F2FS-fs (loop1): Found nat_bits in checkpoint [ 75.894950][ T5849] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 75.915365][ T5849] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 76.870439][ T5891] netlink: 'syz.2.24': attribute type 1 has an invalid length. [ 76.884696][ T5891] netlink: 'syz.2.24': attribute type 4 has an invalid length. [ 76.893185][ T5891] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.24'. [ 76.966363][ T5774] Bluetooth: hci1: command tx timeout [ 76.966667][ T5087] Bluetooth: hci0: command tx timeout [ 77.082673][ T5770] syz-executor: attempt to access beyond end of device [ 77.082673][ T5770] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 77.114840][ T5900] mkiss: ax0: crc mode is auto. [ 77.128646][ T5087] Bluetooth: hci2: command tx timeout [ 77.155782][ T5770] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 77.207944][ T5087] Bluetooth: hci3: command tx timeout [ 78.016885][ T4412] nci: nci_ntf_packet: unknown ntf opcode 0x3c [ 78.301063][ T5924] loop0: detected capacity change from 0 to 32768 [ 78.350709][ T5924] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 78.423926][ T5948] "syz.2.44" (5948) uses obsolete ecb(arc4) skcipher [ 78.456446][ T5924] XFS (loop0): Ending clean mount [ 78.480909][ T5924] XFS (loop0): Quotacheck needed: Please wait. [ 78.602527][ T5924] XFS (loop0): Quotacheck: Done. [ 78.676474][ T5923] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 78.703843][ T28] audit: type=1800 audit(1780667699.652:2): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.38" name="bus" dev="loop0" ino=6155 res=0 errno=0 [ 78.767334][ T28] audit: type=1800 audit(1780667699.692:3): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.38" name="bus" dev="loop0" ino=6155 res=0 errno=0 [ 78.868206][ T28] audit: type=1800 audit(1780667699.812:4): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.38" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 79.289516][ T5087] Bluetooth: hci3: command tx timeout [ 79.395003][ T5780] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 79.779546][ T5986] netlink: 'syz.3.58': attribute type 10 has an invalid length. [ 79.797831][ T5986] team0: Port device netdevsim0 added [ 80.104132][ T5999] batman_adv: batadv0: Adding interface: dummy0 [ 80.114032][ T5999] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.205257][ T5999] batman_adv: batadv0: Interface activated: dummy0 [ 80.247672][ T6000] batadv0: mtu less than device minimum [ 80.255243][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.267936][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.280329][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.292766][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.305105][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.317516][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.330015][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.342400][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.354777][ T6000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 80.983465][ T6031] loop3: detected capacity change from 0 to 1024 [ 80.995199][ T28] audit: type=1800 audit(1780667701.932:5): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.74" name="file0" dev="overlay" ino=137 res=0 errno=0 [ 81.017955][ T6031] EXT4-fs: Ignoring removed orlov option [ 81.066869][ T6031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.387879][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.539683][ T6057] loop0: detected capacity change from 0 to 1024 [ 82.682624][ T5764] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.859881][ T6065] netlink: 16 bytes leftover after parsing attributes in process `syz.0.88'. [ 82.886849][ T6065] bridge_slave_0: left allmulticast mode [ 82.892541][ T6065] bridge_slave_0: left promiscuous mode [ 82.911064][ T6065] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.924534][ T6067] loop3: detected capacity change from 0 to 64 [ 83.221386][ T6075] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.332664][ T6081] relay: one or more items not logged [item size (56) > sub-buffer size (14)] [ 83.786653][ T6080] loop0: detected capacity change from 0 to 40427 [ 83.801174][ T6080] F2FS-fs (loop0): invalid crc value [ 83.813244][ T6080] F2FS-fs (loop0): Found nat_bits in checkpoint [ 83.867664][ T6080] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 83.973611][ T5780] syz-executor: attempt to access beyond end of device [ 83.973611][ T5780] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 83.998312][ T5780] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 84.476405][ T6103] bridge0: entered allmulticast mode [ 84.491438][ T6103] pim6reg: entered allmulticast mode [ 84.505157][ T6103] pim6reg: left allmulticast mode [ 84.516557][ T6103] bridge0: left allmulticast mode [ 84.812942][ T6114] netlink: 68 bytes leftover after parsing attributes in process `syz.1.107'. [ 85.562555][ T6139] hsr0: entered promiscuous mode [ 85.590925][ T28] audit: type=1326 audit(1780667706.542:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6138 comm="syz.1.119" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f989239ce59 code=0x0 [ 85.648390][ T6142] hsr0: left promiscuous mode [ 86.717776][ T6174] Zero length message leads to an empty skb [ 86.987787][ T9] cfg80211: failed to load regulatory.db [ 87.284685][ T6188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.308661][ T6188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.329475][ T6188] bond0 (unregistering): Released all slaves [ 87.351135][ T6185] netlink: 'syz.1.139': attribute type 10 has an invalid length. [ 87.433709][ T6185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.477619][ T6185] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 87.491627][ T6191] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.510083][ T6191] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.548290][ T6191] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.556584][ T6191] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.613537][ T6191] bond0: (slave batadv0): Releasing backup interface [ 87.641298][ T6200] netlink: 'syz.3.146': attribute type 20 has an invalid length. [ 87.649828][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'. [ 87.681614][ T6200] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.690869][ T6200] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.699796][ T6200] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.708758][ T6200] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.724177][ T6200] netlink: 'syz.3.146': attribute type 20 has an invalid length. [ 87.732294][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'. [ 87.744203][ T6202] netlink: 'syz.2.147': attribute type 25 has an invalid length. [ 87.754689][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.147'. [ 87.771781][ T6202] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.780974][ T6202] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.789854][ T6202] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.798622][ T6202] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.813832][ T6202] netlink: 'syz.2.147': attribute type 25 has an invalid length. [ 87.824363][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.147'. [ 87.968015][ T6208] netlink: 'syz.2.150': attribute type 9 has an invalid length. [ 87.981417][ T6208] netlink: 44 bytes leftover after parsing attributes in process `syz.2.150'. [ 88.395292][ T6185] syz.1.139 (6185) used greatest stack depth: 19688 bytes left [ 88.458911][ T6210] loop2: detected capacity change from 0 to 32768 [ 88.476470][ T6210] ======================================================= [ 88.476470][ T6210] WARNING: The mand mount option has been deprecated and [ 88.476470][ T6210] and is ignored by this kernel. Remove the mand [ 88.476470][ T6210] option from the mount to silence this warning. [ 88.476470][ T6210] ======================================================= [ 88.484317][ T6214] loop1: detected capacity change from 0 to 1024 [ 88.608909][ T6214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 88.632011][ T6210] JBD2: Ignoring recovery information on journal [ 88.673891][ T6214] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.738688][ T6210] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 88.956186][ T6210] (syz.2.151,6210,0):ocfs2_file_write_iter:2445 ERROR: status = -27 [ 89.121508][ T42] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: comm kworker/u4:2: lblock 0 mapped to illegal pblock 0 (length 6) [ 89.168419][ T42] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 89.195012][ T42] EXT4-fs (loop1): This should not happen!! Data will be lost [ 89.195012][ T42] [ 89.221605][ T77] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:4: lblock 8 mapped to illegal pblock 8 (length 8) [ 89.227419][ T5773] ocfs2: Unmounting device (7,2) on (node local) [ 89.291083][ T77] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 89.325567][ T77] EXT4-fs (loop1): This should not happen!! Data will be lost [ 89.325567][ T77] [ 89.348544][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 89.363269][ T6229] loop0: detected capacity change from 0 to 64 [ 89.523426][ T28] audit: type=1800 audit(1780667710.462:7): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.159" name="file1" dev="loop0" ino=21 res=0 errno=0 [ 89.571875][ T6233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.157'. [ 89.613189][ T6233] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 89.628513][ T5780] hfs: node 4:3 still has 1 user(s)! [ 89.666582][ T6233] gretap0: entered promiscuous mode [ 89.767121][ T6241] loop0: detected capacity change from 0 to 128 [ 89.774402][ T6241] EXT4-fs: inline encryption not supported [ 89.807997][ T6241] EXT4-fs (loop0): Test dummy encryption mode enabled [ 89.831886][ T6241] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 89.861535][ T6241] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.897416][ T6245] process 'syz.1.165' launched './file0' with NULL argv: empty string added [ 90.091997][ T6241] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 90.105153][ T6254] warning: `syz.2.175' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 90.220755][ T6241] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 90.231429][ T6262] netlink: 68 bytes leftover after parsing attributes in process `syz.2.168'. [ 90.279675][ T5780] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.412504][ T6266] cgroup: fork rejected by pids controller in /syz0 [ 90.915551][ T5844] team0: Port device syz_tun removed [ 90.947303][ T77] ------------[ cut here ]------------ [ 90.947306][ T42] ------------[ cut here ]------------ [ 90.953049][ T77] WARNING: CPU: 1 PID: 77 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 90.958746][ T42] WARNING: CPU: 0 PID: 42 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 90.958790][ T42] Modules linked in: [ 90.969595][ T77] Modules linked in: [ 90.980482][ T42] [ 90.984209][ T77] [ 90.984231][ T77] CPU: 1 PID: 77 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 90.988108][ T42] CPU: 0 PID: 42 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 90.988125][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 90.988137][ T42] Workqueue: phy9 ieee80211_csa_finalize_work [ 90.990445][ T77] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 90.992751][ T42] [ 90.992766][ T42] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.000213][ T77] Workqueue: phy8 ieee80211_csa_finalize_work [ 91.000241][ T77] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.007615][ T42] Code: 48 89 df e8 da 6f d4 f7 e9 dc fc ff ff e8 d0 2f 7c f7 eb 24 e8 c9 2f 7c f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 2f 7c f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 2f 7c f7 48 8b 7c 24 08 4c 8b 7c [ 91.007631][ T42] RSP: 0018:ffffc90000b379c0 EFLAGS: 00010293 [ 91.017722][ T77] Code: 48 89 df e8 da 6f d4 f7 e9 dc fc ff ff e8 d0 2f 7c f7 eb 24 e8 c9 2f 7c f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 2f 7c f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 2f 7c f7 48 8b 7c 24 08 4c 8b 7c [ 91.017737][ T77] RSP: 0018:ffffc900022bf9c0 EFLAGS: 00010293 [ 91.017753][ T77] RAX: ffffffff8a0af7de RBX: 0000000000000001 RCX: ffff88801f6fda00 [ 91.017766][ T77] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 91.017776][ T77] RBP: dffffc0000000000 R08: ffff88805c83562f R09: 1ffff1100b906ac5 [ 91.017790][ T77] R10: dffffc0000000000 R11: ffffed100b906ac6 R12: 0000000000000001 [ 91.017802][ T77] R13: ffff88805c836659 R14: ffff88801df52cd0 R15: ffff88801df52d48 [ 91.017816][ T77] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 91.017831][ T77] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.017845][ T77] CR2: 00007f98925ea2f8 CR3: 000000002facc000 CR4: 00000000003506e0 [ 91.017862][ T77] Call Trace: [ 91.017879][ T77] [ 91.017900][ T77] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 91.024075][ T42] RAX: ffffffff8a0af7de RBX: 0000000000000001 RCX: ffff8880192b9e00 [ 91.034016][ T77] ieee80211_csa_finalize+0x5a6/0xf20 [ 91.036348][ T42] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 91.036361][ T42] RBP: dffffc0000000000 R08: ffff88805ca0962f R09: 1ffff1100b9412c5 [ 91.036374][ T42] R10: dffffc0000000000 R11: ffffed100b9412c6 R12: 0000000000000001 [ 91.036385][ T42] R13: ffff88805ca0a659 R14: ffff88807fa82cd0 R15: ffff88807fa82d48 [ 91.036397][ T42] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 91.036411][ T42] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.036424][ T42] CR2: 00007f61797456b8 CR3: 000000007e851000 CR4: 00000000003506f0 [ 91.044507][ C1] ------------[ cut here ]------------ [ 91.044599][ C1] WARNING: CPU: 1 PID: 77 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600 [ 91.044640][ C1] Modules linked in: [ 91.044655][ C1] CPU: 1 PID: 77 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 91.044674][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.044688][ C1] Workqueue: phy8 ieee80211_csa_finalize_work [ 91.044720][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 91.044751][ C1] Code: 24 4c 89 e7 e8 ae a6 be f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 db 80 f7 0f 0b e9 f6 f7 ff ff e8 ad db 80 f7 <0f> 0b e9 48 fb ff ff e8 a1 db 80 f7 48 c7 c7 a0 d0 64 8e 4c 89 e6 [ 91.044767][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 91.044787][ C1] RAX: ffffffff8a064fe3 RBX: ffffffff8a063de6 RCX: ffff88801f6fda00 [ 91.044803][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.044816][ C1] RBP: 0000000000000000 R08: ffff88801f6fda00 R09: 0000000000000003 [ 91.044829][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c836440 [ 91.044843][ C1] R13: dffffc0000000000 R14: ffff88805c836930 R15: ffff88802e2f8824 [ 91.044858][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 91.044874][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.044889][ C1] CR2: 00007f98925ea2f8 CR3: 000000002facc000 CR4: 00000000003506e0 [ 91.044905][ C1] Call Trace: [ 91.044913][ C1] [ 91.044925][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 91.044962][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 91.044993][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 91.045032][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 91.045067][ C1] __iterate_interfaces+0x243/0x500 [ 91.045090][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 91.045117][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 91.045142][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 91.045169][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 91.045197][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 91.045219][ C1] __hrtimer_run_queues+0x520/0xc40 [ 91.051549][ T42] Call Trace: [ 91.058828][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 91.078694][ T42] [ 91.084537][ C1] ? hw_scan_work+0xf60/0xf60 [ 91.084573][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 91.104239][ T42] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 91.110276][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 91.118277][ T42] ieee80211_csa_finalize+0x5a6/0xf20 [ 91.126333][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 91.126363][ C1] handle_softirqs+0x280/0x820 [ 91.126387][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 91.126410][ C1] ? do_softirq+0x1a0/0x1a0 [ 91.126430][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 91.134409][ T42] ? mutex_lock_nested+0x20/0x20 [ 91.142397][ C1] __irq_exit_rcu+0xd3/0x190 [ 91.151101][ T42] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 91.159309][ C1] ? irq_exit_rcu+0x20/0x20 [ 91.159336][ C1] irq_exit_rcu+0x9/0x20 [ 91.159351][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 91.159378][ C1] [ 91.159386][ C1] [ 91.159394][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 91.159422][ C1] RIP: 0010:console_flush_all+0x8b1/0xd20 [ 91.166025][ T42] ? ieee80211_csa_finalize_work+0x140/0x140 [ 91.173980][ C1] Code: ed 01 00 00 e8 f0 8a 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 e1 8a 1b 00 eb 06 e8 da 8a 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 58 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 91.177290][ T42] ? read_lock_is_recursive+0x20/0x20 [ 91.180201][ C1] RSP: 0018:ffffc900022bf2e0 EFLAGS: 00000293 [ 91.186739][ T42] ieee80211_csa_finalize_work+0xf6/0x140 [ 91.194742][ C1] [ 91.194751][ C1] RAX: ffffffff816ba0b6 RBX: ffffc900022bf47f RCX: ffff88801f6fda00 [ 91.200122][ T42] ? process_scheduled_works+0x96f/0x15d0 [ 91.208098][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.208110][ C1] RBP: ffffc900022bf450 R08: ffffffff911cd5c7 R09: 1ffffffff2239ab8 [ 91.208123][ C1] R10: dffffc0000000000 R11: fffffbfff2239ab9 R12: ffffffff8d8baa40 [ 91.208136][ C1] R13: 1ffffffff19f9724 R14: ffffffff8d8baa98 R15: dffffc0000000000 [ 91.208159][ C1] ? console_flush_all+0x8a6/0xd20 [ 91.208191][ C1] ? __rwlock_init+0x150/0x150 [ 91.208212][ C1] ? console_flush_all+0x10a/0xd20 [ 91.208248][ C1] ? is_console_locked+0x20/0x20 [ 91.208269][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 91.208304][ C1] console_unlock+0xad/0x350 [ 91.208329][ C1] ? other_cpu_in_panic+0xf0/0xf0 [ 91.208358][ C1] ? vprintk_emit+0x467/0x610 [ 91.208380][ C1] ? vprintk_emit+0x30b/0x610 [ 91.208401][ C1] ? vprintk_emit+0x30b/0x610 [ 91.208426][ C1] vprintk_emit+0x497/0x610 [ 91.208448][ C1] ? vprintk_emit+0x30b/0x610 [ 91.208471][ C1] ? printk_sprint+0x460/0x460 [ 91.208514][ C1] _printk+0xde/0x130 [ 91.216612][ T42] process_scheduled_works+0xa5d/0x15d0 [ 91.224435][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.232475][ T42] ? worker_attach_to_pool+0x380/0x380 [ 91.241362][ C1] ? load_image+0x420/0x420 [ 91.241385][ C1] ? is_bpf_text_address+0x28f/0x2a0 [ 91.248662][ T42] ? assign_work+0x3d2/0x5d0 [ 91.255951][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 91.255976][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.256004][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.256032][ C1] __show_trace_log_lvl+0x485/0x6c0 [ 91.256071][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.261508][ T42] worker_thread+0xa55/0xfc0 [ 91.271313][ C1] __warn+0x160/0x470 [ 91.275189][ T42] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 91.282557][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.282588][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.292652][ T42] ? _raw_spin_unlock+0x40/0x40 [ 91.298728][ C1] report_bug+0x2be/0x4f0 [ 91.298751][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.298775][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.298801][ C1] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 91.298827][ C1] handle_bug+0xcf/0x120 [ 91.298849][ C1] exc_invalid_op+0x1a/0x50 [ 91.298870][ C1] asm_exc_invalid_op+0x1a/0x20 [ 91.298894][ C1] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.305195][ T42] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 91.324812][ C1] Code: 48 89 df e8 da 6f d4 f7 e9 dc fc ff ff e8 d0 2f 7c f7 eb 24 e8 c9 2f 7c f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 2f 7c f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 2f 7c f7 48 8b 7c 24 08 4c 8b 7c [ 91.324829][ C1] RSP: 0018:ffffc900022bf9c0 EFLAGS: 00010293 [ 91.330933][ T42] kthread+0x2fa/0x390 [ 91.338899][ C1] RAX: ffffffff8a0af7de RBX: 0000000000000001 RCX: ffff88801f6fda00 [ 91.346890][ T42] ? pr_cont_work+0x560/0x560 [ 91.354829][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 91.354842][ C1] RBP: dffffc0000000000 R08: ffff88805c83562f R09: 1ffff1100b906ac5 [ 91.354854][ C1] R10: dffffc0000000000 R11: ffffed100b906ac6 R12: 0000000000000001 [ 91.354866][ C1] R13: ffff88805c836659 R14: ffff88801df52cd0 R15: ffff88801df52d48 [ 91.354886][ C1] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 91.354933][ C1] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 91.354966][ C1] ieee80211_csa_finalize+0x5a6/0xf20 [ 91.354994][ C1] ? mutex_lock_nested+0x20/0x20 [ 91.355019][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 91.355043][ C1] ? ieee80211_csa_finalize_work+0x140/0x140 [ 91.355073][ C1] ? read_lock_is_recursive+0x20/0x20 [ 91.355104][ C1] ieee80211_csa_finalize_work+0xf6/0x140 [ 91.355135][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 91.355160][ C1] process_scheduled_works+0xa5d/0x15d0 [ 91.355211][ C1] ? worker_attach_to_pool+0x380/0x380 [ 91.355247][ C1] ? assign_work+0x3d2/0x5d0 [ 91.355278][ C1] worker_thread+0xa55/0xfc0 [ 91.355328][ C1] kthread+0x2fa/0x390 [ 91.355347][ C1] ? pr_cont_work+0x560/0x560 [ 91.355372][ C1] ? kthread_blkcg+0xd0/0xd0 [ 91.355392][ C1] ret_from_fork+0x48/0x80 [ 91.355414][ C1] ? kthread_blkcg+0xd0/0xd0 [ 91.355435][ C1] ret_from_fork_asm+0x11/0x20 [ 91.355476][ C1] [ 91.355493][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 91.355515][ C1] CPU: 1 PID: 77 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 91.355532][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.355544][ C1] Workqueue: phy8 ieee80211_csa_finalize_work [ 91.355572][ C1] Call Trace: [ 91.355578][ C1] [ 91.355584][ C1] dump_stack_lvl+0x18c/0x250 [ 91.355609][ C1] ? show_regs_print_info+0x20/0x20 [ 91.355630][ C1] ? load_image+0x420/0x420 [ 91.355658][ C1] panic+0x2dc/0x730 [ 91.355688][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 91.355722][ C1] ? ret_from_fork_asm+0x11/0x20 [ 91.355750][ C1] __warn+0x2e0/0x470 [ 91.355773][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.355804][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.355829][ C1] report_bug+0x2be/0x4f0 [ 91.355850][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.355876][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.355900][ C1] ? __ieee80211_beacon_get+0x1235/0x1600 [ 91.355926][ C1] handle_bug+0xcf/0x120 [ 91.355947][ C1] exc_invalid_op+0x1a/0x50 [ 91.355968][ C1] asm_exc_invalid_op+0x1a/0x20 [ 91.355991][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 91.356017][ C1] Code: 24 4c 89 e7 e8 ae a6 be f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 db 80 f7 0f 0b e9 f6 f7 ff ff e8 ad db 80 f7 <0f> 0b e9 48 fb ff ff e8 a1 db 80 f7 48 c7 c7 a0 d0 64 8e 4c 89 e6 [ 91.356031][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 91.356045][ C1] RAX: ffffffff8a064fe3 RBX: ffffffff8a063de6 RCX: ffff88801f6fda00 [ 91.356058][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.356068][ C1] RBP: 0000000000000000 R08: ffff88801f6fda00 R09: 0000000000000003 [ 91.356079][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c836440 [ 91.356090][ C1] R13: dffffc0000000000 R14: ffff88805c836930 R15: ffff88802e2f8824 [ 91.356106][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 91.356133][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.356164][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 91.356190][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 91.356223][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 91.356259][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 91.356298][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 91.356334][ C1] __iterate_interfaces+0x243/0x500 [ 91.356354][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 91.356379][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 91.356400][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 91.356424][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 91.356449][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 91.356474][ C1] __hrtimer_run_queues+0x520/0xc40 [ 91.356501][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 91.356534][ C1] ? hw_scan_work+0xf60/0xf60 [ 91.356564][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 91.356584][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 91.356618][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 91.356643][ C1] handle_softirqs+0x280/0x820 [ 91.356667][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 91.356690][ C1] ? do_softirq+0x1a0/0x1a0 [ 91.356712][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 91.356739][ C1] __irq_exit_rcu+0xd3/0x190 [ 91.356758][ C1] ? irq_exit_rcu+0x20/0x20 [ 91.356783][ C1] irq_exit_rcu+0x9/0x20 [ 91.356800][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 91.356825][ C1] [ 91.356831][ C1] [ 91.356837][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 91.356864][ C1] RIP: 0010:console_flush_all+0x8b1/0xd20 [ 91.356889][ C1] Code: ed 01 00 00 e8 f0 8a 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 e1 8a 1b 00 eb 06 e8 da 8a 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 58 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 91.356903][ C1] RSP: 0018:ffffc900022bf2e0 EFLAGS: 00000293 [ 91.356918][ C1] RAX: ffffffff816ba0b6 RBX: ffffc900022bf47f RCX: ffff88801f6fda00 [ 91.356932][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.356943][ C1] RBP: ffffc900022bf450 R08: ffffffff911cd5c7 R09: 1ffffffff2239ab8 [ 91.356957][ C1] R10: dffffc0000000000 R11: fffffbfff2239ab9 R12: ffffffff8d8baa40 [ 91.356971][ C1] R13: 1ffffffff19f9724 R14: ffffffff8d8baa98 R15: dffffc0000000000 [ 91.356991][ C1] ? console_flush_all+0x8a6/0xd20 [ 91.357021][ C1] ? __rwlock_init+0x150/0x150 [ 91.357045][ C1] ? console_flush_all+0x10a/0xd20 [ 91.357079][ C1] ? is_console_locked+0x20/0x20 [ 91.357099][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 91.357132][ C1] console_unlock+0xad/0x350 [ 91.357156][ C1] ? other_cpu_in_panic+0xf0/0xf0 [ 91.357183][ C1] ? vprintk_emit+0x467/0x610 [ 91.357202][ C1] ? vprintk_emit+0x30b/0x610 [ 91.357222][ C1] ? vprintk_emit+0x30b/0x610 [ 91.357245][ C1] vprintk_emit+0x497/0x610 [ 91.357265][ C1] ? vprintk_emit+0x30b/0x610 [ 91.357288][ C1] ? printk_sprint+0x460/0x460 [ 91.357324][ C1] _printk+0xde/0x130 [ 91.357343][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.357371][ C1] ? load_image+0x420/0x420 [ 91.357389][ C1] ? is_bpf_text_address+0x28f/0x2a0 [ 91.357409][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 91.357432][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.357459][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.357491][ C1] __show_trace_log_lvl+0x485/0x6c0 [ 91.357532][ C1] ? ieee80211_csa_finalize+0x5a6/0xf20 [ 91.357567][ C1] __warn+0x160/0x470 [ 91.357593][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.357621][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.357647][ C1] report_bug+0x2be/0x4f0 [ 91.357671][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.357698][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.357723][ C1] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 91.357748][ C1] handle_bug+0xcf/0x120 [ 91.357770][ C1] exc_invalid_op+0x1a/0x50 [ 91.357791][ C1] asm_exc_invalid_op+0x1a/0x20 [ 91.357814][ C1] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 91.357839][ C1] Code: 48 89 df e8 da 6f d4 f7 e9 dc fc ff ff e8 d0 2f 7c f7 eb 24 e8 c9 2f 7c f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 2f 7c f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 2f 7c f7 48 8b 7c 24 08 4c 8b 7c [ 91.357852][ C1] RSP: 0018:ffffc900022bf9c0 EFLAGS: 00010293 [ 91.357867][ C1] RAX: ffffffff8a0af7de RBX: 0000000000000001 RCX: ffff88801f6fda00 [ 91.357879][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 91.357890][ C1] RBP: dffffc0000000000 R08: ffff88805c83562f R09: 1ffff1100b906ac5 [ 91.357903][ C1] R10: dffffc0000000000 R11: ffffed100b906ac6 R12: 0000000000000001 [ 91.357914][ C1] R13: ffff88805c836659 R14: ffff88801df52cd0 R15: ffff88801df52d48 [ 91.357933][ C1] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 91.357976][ C1] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 91.358005][ C1] ieee80211_csa_finalize+0x5a6/0xf20 [ 91.358031][ C1] ? mutex_lock_nested+0x20/0x20 [ 91.358053][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 91.358074][ C1] ? ieee80211_csa_finalize_work+0x140/0x140 [ 91.358100][ C1] ? read_lock_is_recursive+0x20/0x20 [ 91.358126][ C1] ieee80211_csa_finalize_work+0xf6/0x140 [ 91.358154][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 91.358176][ C1] process_scheduled_works+0xa5d/0x15d0 [ 91.358222][ C1] ? worker_attach_to_pool+0x380/0x380 [ 91.358249][ C1] ? assign_work+0x3d2/0x5d0 [ 91.358276][ C1] worker_thread+0xa55/0xfc0 [ 91.358323][ C1] kthread+0x2fa/0x390 [ 91.358339][ C1] ? pr_cont_work+0x560/0x560 [ 91.358360][ C1] ? kthread_blkcg+0xd0/0xd0 [ 91.358381][ C1] ret_from_fork+0x48/0x80 [ 91.358401][ C1] ? kthread_blkcg+0xd0/0xd0 [ 91.358418][ C1] ret_from_fork_asm+0x11/0x20 [ 91.358453][ C1] [ 91.363699][ C1] Kernel Offset: disabled