last executing test programs: 42.776158511s ago: executing program 1 (id=635): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 42.357500427s ago: executing program 1 (id=639): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f00000001c0)=0x7f, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) 42.017333125s ago: executing program 1 (id=643): openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x42, 0x4, 0x2b0, 0xffffffff, 0xb0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x408, 0x408, 0x408, 0xffffffff, 0x4, 0x0, {[{{@ip={@local, @loopback, 0x0, 0x0, 'team_slave_0\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@remote, @dev, 0x0, 0x0, 'batadv_slave_0\x00', 'rose0\x00'}, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r2) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) 41.728937113s ago: executing program 1 (id=647): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r2}, [@IFA_BROADCAST={0x8, 0x4, @private=0xa010100}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_ADDRESS={0x8, 0x1, @loopback}]}, 0x48}}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r5, 0x0, 0x8001, 0x0) 41.386524243s ago: executing program 1 (id=650): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c00810ce00f80ecdb4cb9f207c804a00d000000030007fb0a0002000a0ada1b40d805481100c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) 40.789343556s ago: executing program 1 (id=654): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = accept4(r1, 0x0, 0x0, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000300), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5) r5 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) recvmmsg(r2, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) 25.712703587s ago: executing program 32 (id=654): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = accept4(r1, 0x0, 0x0, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000300), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5) r5 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) recvmmsg(r2, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) 12.393846049s ago: executing program 0 (id=815): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000028000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000012c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 11.879626623s ago: executing program 0 (id=819): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) 11.129148617s ago: executing program 0 (id=822): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180000002c00010000000000000000000400008004001000"], 0x18}], 0x1}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000640), 0xffffffffffffffff) 8.506309219s ago: executing program 0 (id=829): chdir(&(0x7f0000000400)='./cgroup\x00') fanotify_init(0x1, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) syz_mount_image$exfat(&(0x7f0000006c00), &(0x7f0000000040)='./file0\x00', 0x208008de, &(0x7f0000000200)=ANY=[@ANYBLOB='namecase=1,discard,errors=continue,uid=', @ANYRESDEC=0x0, @ANYBLOB=',=', @ANYRESDEC, @ANYRESDEC, @ANYBLOB="f32be912e474ad5bd8cc0a19c9d7610b52abc6d5058fd8ecb25b45c12a91c16c105e53a45c82", @ANYRES64], 0x80, 0x1511, &(0x7f0000001ac0)="$eJzs3AuYjtXXMPC19t43YxJPkxyGe+1186TBJklySMghSZIkySkhIUkSEkNOSUhCzknOITlMTHI+n3JOkiRJEpJT2N+lf+/n/9b/ffver77Pe72zfte1r9nruZ+1nr1nzTP3fT/XNfN9pyFV61erVJeZ4S/Bf3xJBYAEAOgPANkBIACAkkklk64cz6Ix9a+9iPh7PTL9Wq9AXEvS/4xN+p+xSf8zNul/xib9z9ik/xmb9D9jk/4LkZFtnZHnBhkZd8jn/xmZnP//BzlcdOzX64ve1Pm/kCL9z9ik/xmb9D9jk/5nZJmv9QLENSbv///5Kv4nx6T/GZv0X4iM7Fp//izj2o5r/fMnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECJjOOevMgDwb/NrvS4hhBBCCCGEEEL8fXzm3z2QcI0WIoQQQgghhBBCiP+HEBRoMBBAJsgMCZAFEuE6yArXQzbIDjG4AZLgRsgBN0FOyAW5IQ8kQ17IByEQWGCIID8UgDjcDAXhFkiBQlAYioCDolAMboXicBuUgNuhJNwBpeBOKA1loCyUg7ugPNwNFaAiVIJ7oDJUgapQDe6F6nAf1ID7oSY8ALXgQagND0EdeBjqwiNQDx6F+vAYNIDHoSE0gsbQBJr+X+W/BN3gZegOPSAVekIveAV6Qx/oC/2gP7wKA+A1GAivwyAYDEPgDRgKb8IweAuGwwgYCW/DKBgNY2AsjIPxMAHegYnwLkyC92AyTIGpMA2mwwyYCe/DLJgNc+ADmAsfwjyYDwtgIaTBR7AIFkM6fAxL4BNYCstgOayAlbAKVsMaWAvrYD1sgI2wCTbDFtgKn8I22A47YCfsgt2wBz6DvfA57IMvYD98+V/MP/u7/M4ICKhQoUGDmTATJmACJmIiZsWsmA2zYQxjmIRJmANzYE7MibkxNyZjMubDfEhIyMiYH/NjHONYEAtiCqZgYSyMDh0Ww2JYHG/DElgCS2JJLIWlsDSWwTJYDstheSyPFbACVsJKWBkrY1WsivfivXgf1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgW22I7bIftsT12wA7YETtiJ+yEnbELdsGX8CV8GV/GHlhZ9cRe2At7Y2/si/2wH76KA/A1fA1fx0E4GIfgG/gGvonD8AwOxxE4EkdieTUax+BY5AZX3j4TcCJOxEk4CSfjFJyC03A6zsCZOBNn4WycjR/gXPwQP8T5OB8XYhqm4SJcjOmYjkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8VPcjttxJ+7E3bgbP8PP8HP8HAfhftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcXsALeBFfSP623u5C6waBusIoozKpTCpBJahElaiyqqwqm8qmYiqmklSSyqFyqJwqp8qtcqtklazyqXyKFClWkcqv8icAgCqoCqoUlaIKq8LKKaeKqWKquCquSqgSqqS6Q5VSd6rSqoxq4cqpcqq8aukqqIqqkqqkKqsqqqqqpqqp6qq6qqFqqJqqpqqlaqna6iFVR/XEvviIutKZ+mowNlBDsKFqpBqrJupNfEI1U8OwuWqhWqqn1Agcjq1VM9dWPaPaqTHYXj2nxuLzqqMaj53Ui6qz6qK6qpdUN9XcdVc91GTsqXqpadhb9VF9VT81C6uoKx2rql5Xg9RgNUS9oRbim2qYeksNVyPUSPW2GqVGqzFqrBqnxqsJ6h01Ub2rJqn31GQ1RU1V09R0NUPNVO+rWWq2mqM+UHPVh2qemq8WqIUqTX2kFqnFKl19rJaoT9RStUwtVyvUSrVKrVZr1Fq1Tq1XG9RGtUltVlvUVvWp2qa2qx1qp9qldqs96jO1V32u9qkv1H71pTqgvlIH1dfqkPpGHVbfqiPqO3VUfa+OqR/UcfWjOqFOqlPqJ3Va/azOqLPqnDqvLqhf1EV1SV1WXoFGrbTWRgc6k86sE3QWnaiv01n19Tqbzq5j+gadpG/UOfRNOqfOpXPrPDpZ59X5dKhJW8060vl1AR3XN+uC+hadogvpwrqIdrqoLqZv1cX1bbqEvl2X1HfoUvpOXVqX0WV1OX2XLq/v1hV0RV1J36Mr6yq6qq6m79XV9X26hr5f19QP6Fr6QV1bP6Tr6Id1Xf2Irqcf1fX1Y7qBflw31I10Y91EN9VP6Gb6Sd1ct9At9VO6lX5at9ZtdFv9jG6nn9Xt9XO6g35ed9Qv6E76Rd1Zd9Fd9SV9WXvdXffQqbqn7qVf0b11H91X99P99at6gH5ND9Sv60F6sB6i39BD9Zt6mH5LD9cj9Ej9th6lR+sxeqwep8frCfodPVG/qyfp9/RkPUVP1dP0dD1D9/2t0pzf5ff87az7z/nv/ov8gb+++ha9VX+qt+nteofeqXfp3XqP3qP36r16n96n9+v9+oA+oA/qg/qQPqQP68P6iD6ij+qj+pg+po/r4/qEPqnP65/0af2zPqPP6rP6vL6gL+iLv30PwKBRRhtjApPJZDYJJotJNNeZrOZ6k81kNzFzg0kyN5oc5iaT0+QyuU0ek2zymnwmNGSsYROZ/KaAiZubTUFzi0kxhUxhU8Q4U9QUM7f+5fw/W19T09Q0M81Mc9PctDQtTSvTyrQ2rU1b09a0M+1Me9PedDAdTEfT0XQynUxn09l0NV1NN9PNdDfdTapJNb3MK6a36WP6mn6mv3nVDDADzEAz0Awyg8wQM8QMNUPNMDPMDDfDzUgz0owyo8wYM8aMM+PMBDPBTDQTzSQzyUw2k81UM9VMN9PNTDPTzDKzzBwzx8w1c808M88sMAtMmkkzi8wik27SzRKzxCw1y8wys8KsMKvMKrPGrDHrzDqzwWwwm8wms9RsNVvNNrPN7DA7zC6zy+wxe8xes9fsM/vMfrPfHDAHzEFz0Bwyh8xhc9gcMUfMUXPUHDPHeh43x80Jc8KcMqfMaXPanDFnzDlzzlwwF8xFc9FcNpevXPYFKlCBCUyQKcgUJAQJQWKQGGQNsgbZgmxBLIgFSUFSkCO4KcgZ5ApyB3mC5CBvkC8IAwpswEEU5A8KBPHg5qBgcEuQEhQKCgdFAhcUDYoFtwbFg9uCEsHtQcngjqBUcGdQOigTlA3KBXcF5YO7gwpBxaBScE9QOagSVA2qBfcG1YP7ghrB/UHN4IGgVvBgUDt4KKgTPBzUDR4J6gWPBvWDx4IGweNBw6BR0DhoEjT9W+t7fybXk6572CNMDXuGvcJXwt5hn7Bv2C/sH74aDghfCweGr4eDwsHhkPCNcGj4ZjgsfCscHo4IR4Zvh6PC0eGYcGw4LhwfTgjfCSeG74aTwvfCyeGUcGo4LZwezghnhu+Hs8LZ4Zzwg3Bu+GE4L5wfLggXhmnhR+GicHGYHn4cLgk/CZeGy8Ll4YpwZbjq/A0A4dpwXbg+3BBuDDeFm8Mt4dbw03BbuD3cEe4Md4W7wz3hZ+He8PNwX/hFuD/8MjwQfhUeDL8OD4XfhIfDb8Mj4Xfh0fD78Fj4Q3g8/DE8EZ4MT4U/hafDn8Mz4dnwXHg+vBD+El4ML4WXQ3/l4v7K6Z0MGcpEmSiBEiiREikrZaVslI1iFKMkSqIclINyUk7KTbkpmZIpH+WjK5iY8lN+ilOcClJBSqEUKkyFyZGjYlSMilNxKkElqCSVpFJUikpTaSpLZekuuovuprupIlWke+geqkJVqBpVo+pUnWpQDapJNakW1aLaVJvqUB2qS3WpHtWj+lSfGlADakgNqTE1pqbUlJpRM2pOzakltaRW1IpaU2tqS22pHbWj9tSeOlAH6kgdqRN1os7UmbpSV+pG3ag7dadUSqVe1It6U2/qS32pP/WnATSABtJAGkSDaAgNoaE0lIbRMBpOI2gkvU2jaDSNobE0jsbTBJpAE2kiTaJJNJkm01SaStNpOs2kmTSLZtEcmkNzaS7No3m0gBZQGqXRIlpE6ZROS2gJLaWltJyW00paSatpNa2ltbSe1tNG2kibaTNtpa20jbbRDtpBu2gX7aE9tJf20j7aR/tpPx2gA3SQDtIhOkSH6TAdoSN0lI7SMTpGx+k4naATdIpO0Wk6TWfoDJ2jc3SBfqGLdIkuk6cEqyDRXmez2uttNpvdJtgs9p/j3DaPTbZ5bT4b2pw217+LyVqbYgvZwraIdbaoLWZv/UNc2paxZW05e5ctb++2Ff4QV7f32Rr2flvTPmCr2Xt/izP/GteyD9ra9jFbxz5u69pGtp5tYuvbx2wD+7htaBvZxraJbWWftq1tG9vWPmPb2Wf/EC+yi+1au86utxvsXvu5PWfP26P2e3vB/mK72x62v33VDrCv2YH2dTvIDv5DPNK+bUfZ0XaMHWvH2fF/iKfaaXa6nWFn2vftLDv7D3Ga/cjOtel2np1vF9iFv8ZX1pRuP7ZL7Cd2qV1ml9sVdqVdZVfbNf97rSvsJrvZbrF77Gd2m91ud9iddpfd/Wt8ZR/77Bd2v/3SHrHf2YP2a3vIHrOH7be/xlf2d8z+YI/bH+0Je9Kesj/Z0/Zne8ae/XX/V/b+k71kL1tvgZEVazYccCbOzAmchRP5Os7K13M2zs4xvoGT+EbOwTdxTs7FuTkPJ3NezschE1tmjjg/F+A438wF+RZO4UJcmIuw46JcjG/l4nwbl+DbuSTfwaX4Ti7NZbgsl+O7uDzfzRW4Ilfie7gyV+GqXI3v5ep8H9fg+7kmP8C1+EGuzQ9xHX6Y6/IjXI8f5fr8GDfgx7khN+LG3ISb8hPcjJ/k5tyCW/JT3Iqf5tbchtvyM9yOn+X2/Bx34Oe5I7/AnfhF7sxduCu/xN34Ze7OPTiVe3IvfoV7cx/uy/24P7/KA/g1Hsiv8yAezEP4DR7Kb/IwfouH8wgeyW/zKB7NY3gsj+PxPIHf4bNpbXJfudabzFN4Kk/j6TyDZ/L7PItn8xz+gOfyhzyP5/MCXshp/BEv4sWczh/zEv6El/IyXs4reCWv4tW8htfyOl7PG3gjb+LNvIW38qe8jbfzDt7Ju3g37+HPeC9/zvv4C97PX/IB/ooP8td8iL/hw/wtH+Hv+Ch/z8f4Bz7OP/IJPsmn+Cc+zT/zGT7L5/g8X+Bf+CJf4svsGSKMVKQjEwVRpihzlBBliRKj66Ks0fVRtih7FItuiJKiG6Mc0U1RzihXlDvKEyVHeaN8URhRZCOOoih/VCCKRzdHBaNbopSoUFQ4KhK5qGhULLo1Kh7dFpWIbo9KRndEpaI7o9JRmeixB8pFd0Xlo7ujClHFqFJ0T1Q5qhJVjapF90bVo/uiGtH9Uc3ogahE9GBUO3ooqhM9HNWNHonqRY9G9aPHogbR41HDqFHUOGoSNY2eiJpFT0bNoxZRy+ipqFX0dNQ6ahO1jZ6J2kXP/unx1Khn1Ct6JXol8v5+vSC+MJ4W/yi+KL44nh7/OL4k/kl8aXxZfHl8RXxlfFV8dXxNfG18XXx9fEN8Y3xTfHN8S9z7apnBoVNOO+MCl8lldgkui0t017ms7nqXzWV3MXeDS3I3uhzuJpfT5XK5XR6X7PK6fC505KxjF7n8roCLu5tdQXeLS3GFXGFXxDlX1BVzTVxT19Q1CwDAtXAt3VPuKfe0e9q1cW3cM66de9a1d8+5Du5519G94F5wL7rOrovr6l5y3dzLrrvr4VJdquvlernerrfr6/q6/q6/G+AGuIFuoBvkBrkhbogb6oa6YW6YG+6Gu5FupBvlRrkxbowb58a5CW6Cm+gmuklukpvsJrupbqqb7qa7mW6mm+VmuTlujpubMtfNc/PcArfApbk0t8gtcuku3S1xS9xSt9Qtd8vdSrfSrXar3Vq31q13691Gt9FtdpvdVrfVbXPb3A63w+1yu9wet8ftdXvdPrfP7Xf73QF3wB10B90h94077L51R9x37qj73h1zP7jj7kd3wp10p9xP7rT72Z1xZ905d95dcL+4i+6Su+y8mxB7JzYx9m5sUuy92OTYlNjU2LTY9NiM2MzY+7FZsdmxObEPYnNjH8bmxebHFsQWxtJiH8UWxRbH0mMfx5bEPoktjS2LLY+tiK2MrYp5n3db5PP7Aj7ub/YF/S0+xRfyhX0R73xRX8zf6ov723wJf7sv6e/wpfydvrQv48v6x31D38g39k18U/+Eb+af9M19C9/SP+Vb+ad9a9/Gt/XP+Hb+Wd/eP+c7+Od9R/+C7+Rf9J19F9/Vv+S7+Zd9d9/Dp/qevpd/xff2fXxf38/396/6Af41P9C/7gf5wX6If8MP9W/6Yf4tP9yP8CP9236UH+3H+LF+nB/vJ/h3/ET/rp/k3/OT/RQ/1U/z0/0MP9O/72f52X6O/8DP9R/6eX6+X+AX+jT/kV/kF/t0/7Ff4j/xS/0yv9yv8Cv9Kr/ar/Fr/Tq/3m/wG/0mv9lv8Vv9p36b3+53+J1+l9/t9/jP/F7/ud/nv/D7/Zf+gP/KH/Rf+0P+G3/Yf+uP+O/8Uf+9P+Z/8Mf9j/6EP+lP+Z/8af+zP+PP+nP+vL/gf/EX/SV/Wf5mTQghhBDi/4j+k+M9/8Vj6rdxRS8AuH57nsO/r7kx5z/mfVRyqxgAPNOj0yP/NipXTk1N/e25SzUEBeYDQOxqfia4Gi+DlvA0tIUWUPxfrq+P6nKB/6R+/A6AxKuVf5UIv69/239Q/4mnRi4qFZ1L+k/qzwdIKXA1Jwtcja/WL/Ef1M/V7E/Wn+XrCQDN/yknK1yNr9YvBk/Cs9D23z1TCCGEEEIIIYT4hz6qbIc/u3++cn+ebK7mZIar8Z/dnwshhBBCCCGEEOLae75L1zZPtG3booNM/sKkwn+PZfxtk3vOAPy1Otnh2u9CJn9lcq1/MwkhhBBCCCH+blcv+q/1SoQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiIzr/8e/E7vWexRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutf8VAAD//+hhNEE=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000700)=@updsa={0x134, 0x1a, 0x20, 0x70bd29, 0x25dfdbfb, {{@in=@local, @in=@private=0xa010100, 0x4e24, 0x7fff, 0x4e24, 0xf, 0xa, 0xa0, 0x80, 0x3b}, {@in=@private=0xa010102, 0x4d6, 0x2b}, @in6=@mcast2, {0x9, 0x1, 0x9, 0x4, 0x3ff, 0x3, 0x2, 0xffffffffffffffff}, {0x9, 0x7, 0x3, 0xad}, {0x100, 0x1ff, 0x8}, 0x70bd2b, 0x0, 0xa, 0x4, 0x0, 0x20}, [@coaddr={0x14, 0xe, @in6=@empty}, @encap={0x1c, 0x4, {0x0, 0x4e20, 0x4e20, @in=@remote}}, @mark={0xc, 0x15, {0x350759, 0x6}}, @tfcpad={0x8, 0x16, 0x101}]}, 0x134}, 0x1, 0x0, 0x0, 0x48e0}, 0x20008004) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) memfd_create(&(0x7f0000000080)='#}\x04\xe4\xfc\x1e\xff~\xb1\xe0\xa5\x9d\xc8\xca3\'\x12xY!\xa4\x9c\x97\xf1\xfc\xb0\xe8~\x91\xd5\x04i}\x03\x00@\x0e\xe6\x995b\x00\x00\x00\x00\x00\x00\x00\x8e\x96\xb7=\xb9OmILO\x8d\x00\x00\x00\x00\x00\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000000)=0x4, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) r3 = fsopen(&(0x7f0000000080)='binder\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r4) sendmsg$ETHTOOL_MSG_RINGS_SET(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={0x34, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xb}]}, 0x34}}, 0x0) 7.268320899s ago: executing program 0 (id=833): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000fc0)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000280)) 6.926685125s ago: executing program 0 (id=836): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000680)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x9e) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x1b8, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x310, 0x20a, 0x278, 0x310, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0xffffffff], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x190, 0x1b8, 0x0, {}, [@common=@inet=@set1={{0x28}, {{0x0, 0x5, 0xc}}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28, 0x0, {0x4000000000000}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00', {}, {0xff}}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x200000, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440) r6 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r6, 0x0, 0x0) bind$netlink(r6, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb}, 0xc) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x5, 0x0, 0x0) write$tun(r1, &(0x7f0000000280)={@void, @void, @x25={0x3, 0x64, 0xfd}}, 0x3) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x44, r8, 0x1, 0x0, 0x0, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x73}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}}, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000001780)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaabb88a800008100000008"], 0x5c) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0xef2, 0x1, 0x29, 0x6}, {0x6, 0x4, 0x4, 0xb2}]}) 2.898230496s ago: executing program 3 (id=852): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r2}, 0x69) 2.553396108s ago: executing program 2 (id=853): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000002340)={@mcast1, @loopback, @loopback, 0xf, 0x201, 0x10, 0x200, 0x5, 0x211}) 2.552983586s ago: executing program 3 (id=854): bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@routing={0x32, 0xc, 0x1, 0x1, 0x0, [@empty, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @broadcast}]}, 0x68) 2.202710499s ago: executing program 3 (id=856): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fcffffff000000000800000018110000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.093448891s ago: executing program 2 (id=857): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) 2.028462422s ago: executing program 4 (id=858): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES8=r0], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="682996c7082761267ce9380aea1b322373fbb680a3bc180c9fab2199b665beb6390c5a81321193131df222365dc761ab9fda495a53b47a5d68ddc0c050d87afdc9d14005f26e1e670ae21113bee61328b1f43861b9ef7e10f2aed59996d3edb0c502e9bbddcc074af6ba1341e0078c0f07dd9ff5c577dc120bf2479e02"], 0x14}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002840)=ANY=[@ANYBLOB], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r1, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, [0xfffffffe]}}) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) bind$inet(r2, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x4000000, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) shutdown(r2, 0x1) unshare(0x22020600) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x5) close(r4) splice(0xffffffffffffffff, 0x0, r5, 0x0, 0x600, 0x0) 1.829061567s ago: executing program 3 (id=859): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1fc0}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x8, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) accept4$netrom(r2, &(0x7f00000001c0)={{0x3, @null}, [@rose, @default, @null, @remote, @bcast, @rose, @default, @default]}, &(0x7f0000000240)=0x48, 0x80000) socket$key(0xf, 0x3, 0x2) sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) 1.767654403s ago: executing program 2 (id=860): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100003020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000780)="b9ff0360dd2b441a79850dba1542", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.690387213s ago: executing program 5 (id=747): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, 0x0, 0x0) 1.52145519s ago: executing program 4 (id=861): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, &(0x7f0000000180)=0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x7, @remote, 0x9d}, 0x1c) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x85, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x3930) 1.473690889s ago: executing program 2 (id=862): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2, r2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 1.351430666s ago: executing program 5 (id=863): r0 = getpid() r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}}, 0x0) 1.281404168s ago: executing program 3 (id=864): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) shutdown(r2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000003000000000000000000000d"], 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.229186017s ago: executing program 4 (id=865): socket$pppoe(0x18, 0x1, 0x0) pipe(0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.123733732s ago: executing program 2 (id=866): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv4_newaddr={0x40, 0x14, 0x509, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, r2}, [@IFA_BROADCAST={0x8, 0x4, @private=0xa010100}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}, @IFA_BROADCAST={0x8, 0x4, @local}]}, 0x40}}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r5, 0x0, 0x8001, 0x0) 993.414288ms ago: executing program 5 (id=867): socket$unix(0x1, 0x1, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000540)='kmem_cache_free\x00', r2}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x8000000000, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) listen(r0, 0x0) 919.583334ms ago: executing program 4 (id=868): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fcffffff000000000800000018110000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 713.370064ms ago: executing program 5 (id=869): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0) 609.326324ms ago: executing program 4 (id=870): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x40, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x40}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) 426.770157ms ago: executing program 5 (id=871): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}, @IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x7f}}]}]}}}, @IFLA_LINK={0x8}]}, 0x54}, 0x1, 0xba01, 0x0, 0x6000000}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 261.404571ms ago: executing program 4 (id=872): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000000a50000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a0000000000006301a40000a2981db2a10926d4348f0b"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xb5, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 219.935195ms ago: executing program 3 (id=873): socket$kcm(0x10, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f00000001c0)=ANY=[@ANYBLOB="010001"]) close(r4) socket(0x400000000010, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 21.453418ms ago: executing program 5 (id=874): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socket(0x10, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100ffffffff"}) 0s ago: executing program 2 (id=875): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000420000003c00128008000100677470003000028008000200", @ANYRES32=r1], 0x5c}, 0x1, 0xba01}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts. [ 58.385384][ T5816] cgroup: Unknown subsys name 'net' [ 58.529006][ T5816] cgroup: Unknown subsys name 'cpuset' [ 58.537233][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.842720][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.796196][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.805853][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.813666][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.820736][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.821967][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.830044][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.843465][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.843496][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.859860][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.869656][ T5841] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.877386][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.887246][ T5841] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.894976][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.902557][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.912173][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.916054][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.921808][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.934563][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.936879][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.944928][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.956401][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.964255][ T5848] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.964628][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.973798][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.981970][ T5143] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.986450][ T5848] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 63.000034][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.001184][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.008006][ T5841] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 63.022206][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.443617][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 63.508604][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 63.595390][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 63.636935][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 63.697113][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.704892][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.712906][ T5827] bridge_slave_0: entered allmulticast mode [ 63.719761][ T5827] bridge_slave_0: entered promiscuous mode [ 63.729110][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.736980][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.744227][ T5827] bridge_slave_1: entered allmulticast mode [ 63.750985][ T5827] bridge_slave_1: entered promiscuous mode [ 63.778672][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 63.833296][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.840718][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.848172][ T5830] bridge_slave_0: entered allmulticast mode [ 63.854839][ T5830] bridge_slave_0: entered promiscuous mode [ 63.862251][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.869468][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.876863][ T5830] bridge_slave_1: entered allmulticast mode [ 63.883468][ T5830] bridge_slave_1: entered promiscuous mode [ 63.948756][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.978982][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.992156][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.011998][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.063811][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.071428][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.079168][ T5842] bridge_slave_0: entered allmulticast mode [ 64.086034][ T5842] bridge_slave_0: entered promiscuous mode [ 64.109035][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.116425][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.123673][ T5826] bridge_slave_0: entered allmulticast mode [ 64.131021][ T5826] bridge_slave_0: entered promiscuous mode [ 64.140810][ T5827] team0: Port device team_slave_0 added [ 64.151249][ T5827] team0: Port device team_slave_1 added [ 64.157740][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.165000][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.172920][ T5842] bridge_slave_1: entered allmulticast mode [ 64.179897][ T5842] bridge_slave_1: entered promiscuous mode [ 64.202752][ T5830] team0: Port device team_slave_0 added [ 64.212205][ T5830] team0: Port device team_slave_1 added [ 64.218312][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.225395][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.233066][ T5826] bridge_slave_1: entered allmulticast mode [ 64.240329][ T5826] bridge_slave_1: entered promiscuous mode [ 64.287937][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.295204][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.302821][ T5832] bridge_slave_0: entered allmulticast mode [ 64.309838][ T5832] bridge_slave_0: entered promiscuous mode [ 64.332804][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.345026][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.358876][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.367159][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.393414][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.407769][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.414867][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.441427][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.462132][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.469634][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.480336][ T5832] bridge_slave_1: entered allmulticast mode [ 64.487096][ T5832] bridge_slave_1: entered promiscuous mode [ 64.496074][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.503323][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.529538][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.575996][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.594951][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.602622][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.630984][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.646817][ T5826] team0: Port device team_slave_0 added [ 64.655188][ T5826] team0: Port device team_slave_1 added [ 64.662975][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.721095][ T5842] team0: Port device team_slave_0 added [ 64.729242][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.757961][ T5842] team0: Port device team_slave_1 added [ 64.764359][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.772518][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.799007][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.812304][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.832988][ T5827] hsr_slave_0: entered promiscuous mode [ 64.840985][ T5827] hsr_slave_1: entered promiscuous mode [ 64.862606][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.869707][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.896076][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.954977][ T5830] hsr_slave_0: entered promiscuous mode [ 64.961964][ T5830] hsr_slave_1: entered promiscuous mode [ 64.968540][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.976933][ T5830] Cannot create hsr debugfs directory [ 64.988466][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.999296][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.025591][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.036886][ T5841] Bluetooth: hci1: command tx timeout [ 65.036892][ T5834] Bluetooth: hci2: command tx timeout [ 65.042765][ T5834] Bluetooth: hci4: command tx timeout [ 65.048277][ T5848] Bluetooth: hci0: command tx timeout [ 65.056527][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.067356][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.094148][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.115603][ T5848] Bluetooth: hci3: command tx timeout [ 65.124314][ T5832] team0: Port device team_slave_0 added [ 65.134817][ T5832] team0: Port device team_slave_1 added [ 65.202753][ T5826] hsr_slave_0: entered promiscuous mode [ 65.212049][ T5826] hsr_slave_1: entered promiscuous mode [ 65.218386][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.226176][ T5826] Cannot create hsr debugfs directory [ 65.236285][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.243273][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.269481][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.296309][ T5842] hsr_slave_0: entered promiscuous mode [ 65.302540][ T5842] hsr_slave_1: entered promiscuous mode [ 65.308944][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.316910][ T5842] Cannot create hsr debugfs directory [ 65.333003][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.340708][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.366989][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.523948][ T5832] hsr_slave_0: entered promiscuous mode [ 65.531071][ T5832] hsr_slave_1: entered promiscuous mode [ 65.537669][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.545259][ T5832] Cannot create hsr debugfs directory [ 65.774641][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.786627][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.820277][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.841216][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.877410][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.896352][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.910152][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.920138][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.973704][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 66.000555][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 66.012376][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 66.023005][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.125014][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 66.142738][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 66.153207][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 66.163938][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.239177][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.256529][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.278974][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 66.296188][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 66.340308][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 66.354070][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.373818][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 66.399771][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.415276][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.422737][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.452707][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.460032][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.482153][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.492333][ T1034] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.499520][ T1034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.524371][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.531554][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.561153][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.590129][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.597286][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.631571][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.638719][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.749939][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.788366][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.843167][ T5842] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.854271][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.881247][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.888498][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.905077][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.912350][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.939989][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.956926][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.990066][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.046125][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.053288][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.100836][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.107999][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.116656][ T5848] Bluetooth: hci4: command tx timeout [ 67.122125][ T5848] Bluetooth: hci2: command tx timeout [ 67.127756][ T5841] Bluetooth: hci0: command tx timeout [ 67.133192][ T5841] Bluetooth: hci1: command tx timeout [ 67.161212][ T5827] veth0_vlan: entered promiscuous mode [ 67.196376][ T5841] Bluetooth: hci3: command tx timeout [ 67.203473][ T5827] veth1_vlan: entered promiscuous mode [ 67.239569][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.284175][ T5827] veth0_macvtap: entered promiscuous mode [ 67.295176][ T5827] veth1_macvtap: entered promiscuous mode [ 67.350221][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 67.402100][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.431664][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.467187][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.501606][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.511964][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.521852][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.532584][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.593929][ T5830] veth0_vlan: entered promiscuous mode [ 67.644228][ T5842] veth0_vlan: entered promiscuous mode [ 67.685191][ T5842] veth1_vlan: entered promiscuous mode [ 67.714133][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.726951][ T5830] veth1_vlan: entered promiscuous mode [ 67.748096][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.827795][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.843416][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.900836][ T5842] veth0_macvtap: entered promiscuous mode [ 67.910549][ T5830] veth0_macvtap: entered promiscuous mode [ 67.942503][ T5830] veth1_macvtap: entered promiscuous mode [ 67.955210][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.973886][ T5842] veth1_macvtap: entered promiscuous mode [ 67.976957][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.992532][ T5826] veth0_vlan: entered promiscuous mode [ 68.042704][ T5826] veth1_vlan: entered promiscuous mode [ 68.058990][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.078498][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.091372][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.101301][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.115681][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.126097][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.130321][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.137138][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.163318][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.181103][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.193926][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.209188][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.234121][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.265740][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.274531][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.289640][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.321047][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.334883][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.350819][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.352500][ T5912] loop0: detected capacity change from 0 to 512 [ 68.361860][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.379408][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.393160][ T5826] veth0_macvtap: entered promiscuous mode [ 68.404564][ T5912] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 68.434808][ T5912] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 68.438030][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.453916][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.463469][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.464394][ T5912] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 68.473577][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.498187][ T5912] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #11: comm syz.0.1: corrupted inode contents [ 68.517681][ T5912] EXT4-fs error (device loop0): ext4_dirty_inode:6042: inode #11: comm syz.0.1: mark_inode_dirty error [ 68.518592][ T5826] veth1_macvtap: entered promiscuous mode [ 68.542987][ T5912] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1: invalid indirect mapped block 1 (level 1) [ 68.559322][ T5912] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #11: comm syz.0.1: corrupted inode contents [ 68.577824][ T5912] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 68.578172][ T5832] veth0_vlan: entered promiscuous mode [ 68.586926][ T5912] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #11: comm syz.0.1: corrupted inode contents [ 68.608554][ T5912] EXT4-fs error (device loop0): ext4_truncate:4240: inode #11: comm syz.0.1: mark_inode_dirty error [ 68.624041][ T5912] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 68.652568][ T5912] EXT4-fs (loop0): 1 truncate cleaned up [ 68.667913][ T5912] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.669821][ T5832] veth1_vlan: entered promiscuous mode [ 68.741284][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.770609][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.785336][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.805216][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.816109][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.836227][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.856262][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.868412][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.898379][ T5917] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 68.905330][ T5917] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 68.920306][ T5917] vhci_hcd vhci_hcd.0: Device attached [ 68.931721][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.933639][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.947310][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.962495][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.972520][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.983571][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.993538][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.004247][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.015244][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.048182][ T3023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.056465][ T3023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.080221][ T5826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.090040][ T5826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.099444][ T5826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.109035][ T5826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.142224][ T5918] vhci_hcd: connection closed [ 69.143721][ T3023] vhci_hcd: stop threads [ 69.145148][ T5832] veth0_macvtap: entered promiscuous mode [ 69.150043][ T3023] vhci_hcd: release socket [ 69.165293][ T3023] vhci_hcd: disconnect device [ 69.182521][ T5832] veth1_macvtap: entered promiscuous mode [ 69.198356][ T5881] usb 34-1: enqueue for inactive port 0 [ 69.205205][ T5841] Bluetooth: hci1: command tx timeout [ 69.207212][ T5834] Bluetooth: hci0: command tx timeout [ 69.210788][ T5841] Bluetooth: hci4: command tx timeout [ 69.216320][ T5848] Bluetooth: hci2: command tx timeout [ 69.238498][ T3023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.255237][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.273863][ T3023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.281537][ T5848] Bluetooth: hci3: command tx timeout [ 69.282918][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.297324][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.308667][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.318911][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.329791][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.340493][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.351303][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.363534][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.393887][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.405031][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.415295][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.426002][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.437013][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.447760][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.457908][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.468912][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.480322][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.503654][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.507441][ T5832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.524349][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.526320][ T5832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.543743][ T5832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.552863][ T5832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.572750][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.583655][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.659981][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.699579][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.709838][ T5881] usb usb34-port1: attempt power cycle [ 69.777862][ T5922] loop2: detected capacity change from 0 to 512 [ 69.839195][ T3023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.856195][ T3023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.880379][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.888424][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.043799][ T5922] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 70.062007][ T5922] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 70.076934][ T5922] System zones: 0-2, 18-18, 34-35 [ 70.094952][ T5922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 70.367453][ T5881] usb usb34-port1: unable to enumerate USB device [ 70.516000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.524855][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.766967][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.844604][ T5945] loop0: detected capacity change from 0 to 128 [ 70.971087][ T5844] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 70.976275][ T5946] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 70.995965][ T5943] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 71.028040][ T5943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'. [ 71.165083][ T5943] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 71.189421][ T5844] usb 4-1: Using ep0 maxpacket: 32 [ 71.198704][ T5844] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 71.230472][ T5844] usb 4-1: config 0 has no interface number 0 [ 71.260688][ T5844] usb 4-1: config 0 interface 184 has no altsetting 0 [ 71.279117][ T5848] Bluetooth: hci4: command tx timeout [ 71.285890][ T5841] Bluetooth: hci0: command tx timeout [ 71.286009][ T5848] Bluetooth: hci2: command tx timeout [ 71.291403][ T5841] Bluetooth: hci1: command tx timeout [ 71.310308][ T5950] binder: BINDER_SET_CONTEXT_MGR already set [ 71.328804][ T5844] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 71.339820][ T5844] usb 4-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 71.349055][ T5844] usb 4-1: Product: syz [ 71.353445][ T5844] usb 4-1: Manufacturer: syz [ 71.365609][ T5841] Bluetooth: hci3: command tx timeout [ 71.370684][ T5844] usb 4-1: SerialNumber: syz [ 71.387957][ T5844] usb 4-1: config 0 descriptor?? [ 71.400969][ T5950] binder: 5942:5950 ioctl 4018620d 20000040 returned -16 [ 71.423356][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.478720][ T5844] smsc75xx v1.0.0 [ 71.518984][ T5955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 71.683051][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.695621][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.832858][ T5960] capability: warning: `syz.4.14' uses deprecated v2 capabilities in a way that may be insecure [ 72.342337][ T5953] loop1: detected capacity change from 0 to 32768 [ 72.424207][ T5953] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 72.594882][ T5963] loop2: detected capacity change from 0 to 32768 [ 72.602169][ T5963] ======================================================= [ 72.602169][ T5963] WARNING: The mand mount option has been deprecated and [ 72.602169][ T5963] and is ignored by this kernel. Remove the mand [ 72.602169][ T5963] option from the mount to silence this warning. [ 72.602169][ T5963] ======================================================= [ 72.678411][ T5955] loop0: detected capacity change from 0 to 32768 [ 72.746163][ T5939] loop3: detected capacity change from 0 to 32768 [ 72.770931][ T5939] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.9 (5939) [ 72.854011][ T5963] XFS (loop2): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 72.876117][ T5955] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 72.933459][ T5939] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 73.021156][ T5953] XFS (loop1): Ending clean mount [ 73.033644][ T5939] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 73.043740][ T5939] BTRFS info (device loop3): using free-space-tree [ 73.054337][ T5953] XFS (loop1): Quotacheck needed: Please wait. [ 73.060897][ T5963] XFS (loop2): Ending clean mount [ 73.071787][ T5827] ocfs2: Unmounting device (7,0) on (node local) [ 73.134518][ T29] audit: type=1800 audit(1736513590.679:2): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.15" name="file1" dev="loop2" ino=1286 res=0 errno=0 [ 73.321394][ T5953] XFS (loop1): Quotacheck: Done. [ 73.707568][ T5830] XFS (loop2): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 74.002061][ T5844] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 74.014636][ T5844] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 74.028675][ T5844] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 74.041130][ T5844] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 74.125179][ T5842] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 74.192250][ T6006] openvswitch: netlink: IP tunnel dst address not specified [ 74.241496][ T5844] usb 4-1: USB disconnect, device number 2 [ 74.257737][ T5826] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 74.278106][ T6011] loop4: detected capacity change from 0 to 512 [ 74.389249][ T6011] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 74.410721][ T6011] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 74.430656][ T6011] System zones: 0-2, 18-18, 34-35 [ 74.437608][ T6011] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.597684][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.704426][ T6018] EXT4-fs (loop4): shut down requested (0) [ 74.876287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 75.036129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 75.391561][ T6021] loop2: detected capacity change from 0 to 512 [ 75.565818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.947673][ T6021] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 75.966975][ T6021] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 75.993739][ T6021] System zones: 0-2, 18-18, 34-35 [ 76.006227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 76.011868][ T6021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.041993][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.156099][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 76.194375][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 76.290061][ T6033] loop4: detected capacity change from 0 to 512 [ 76.563001][ T6033] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 76.575049][ T6037] loop0: detected capacity change from 0 to 512 [ 76.581736][ T6033] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 76.605689][ T6033] System zones: 0-2, 18-18, 34-35 [ 76.611994][ T6033] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.651508][ T6037] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 76.674170][ T6037] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 76.780222][ T6037] System zones: 0-2, 18-18, 34-35 [ 76.817399][ T875] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.061934][ T6040] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 3: comm syz.4.24: path /5/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 77.246533][ T6037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 77.274061][ T6030] loop3: detected capacity change from 0 to 32768 [ 77.345613][ T6040] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 12: comm syz.4.24: path /5/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 77.365641][ T875] usb 3-1: device descriptor read/64, error -71 [ 77.407394][ T6040] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 13: comm syz.4.24: path /5/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 77.448213][ T6026] loop1: detected capacity change from 0 to 32768 [ 77.462170][ T6040] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 14: comm syz.4.24: path /5/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 77.616583][ T875] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 77.768646][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.915596][ T875] usb 3-1: device descriptor read/64, error -71 [ 77.962960][ T6030] ERROR: (device loop3): dbDiscardAG: -EIO [ 77.962960][ T6030] [ 77.985731][ T6042] EXT4-fs (loop0): shut down requested (0) [ 78.016279][ T6030] ERROR: (device loop3): remounting filesystem as read-only [ 78.133869][ T875] usb usb3-port1: attempt power cycle [ 78.376142][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.566856][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.639716][ T6048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.28'. [ 78.690688][ T6048] tipc: Started in network mode [ 78.710629][ T6048] tipc: Node identity @, cluster identity 4711 [ 78.848910][ T6052] loop0: detected capacity change from 0 to 1024 [ 78.949108][ T29] audit: type=1326 audit(1736513596.499:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.052176][ T29] audit: type=1326 audit(1736513596.499:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.156952][ T29] audit: type=1326 audit(1736513596.499:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.220451][ T29] audit: type=1326 audit(1736513596.499:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.283985][ T29] audit: type=1326 audit(1736513596.499:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.341278][ T29] audit: type=1326 audit(1736513596.499:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.439279][ T29] audit: type=1326 audit(1736513596.499:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.465252][ T6046] loop2: detected capacity change from 0 to 32768 [ 79.491488][ T29] audit: type=1326 audit(1736513596.499:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.524699][ T29] audit: type=1326 audit(1736513596.499:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.557611][ T6056] loop1: detected capacity change from 0 to 2048 [ 79.594359][ T6054] loop3: detected capacity change from 0 to 64 [ 79.616237][ T6046] batadv_slave_1: entered promiscuous mode [ 79.629425][ T29] audit: type=1326 audit(1736513596.499:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6051 comm="syz.0.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f0519785d29 code=0x7ffc0000 [ 79.666888][ T6046] batadv_slave_1: left promiscuous mode [ 79.689759][ T6056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.706735][ T6046] ERROR: (device loop2): dbDiscardAG: -EIO [ 79.706735][ T6046] [ 79.708865][ T6050] loop4: detected capacity change from 0 to 32768 [ 79.727666][ T6046] ERROR: (device loop2): remounting filesystem as read-only [ 80.014501][ T6050] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 81.163830][ T6073] loop2: detected capacity change from 0 to 512 [ 81.185944][ T6050] XFS (loop4): Ending clean mount [ 81.196585][ T6050] XFS (loop4): Quotacheck needed: Please wait. [ 81.234673][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.262065][ T6073] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 81.312271][ T6073] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 81.346299][ T6050] XFS (loop4): Quotacheck: Done. [ 81.365750][ T6073] System zones: 0-2, 18-18, 34-35 [ 81.376766][ T6073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 81.419928][ T6079] capability: warning: `syz.1.34' uses 32-bit capabilities (legacy support in use) [ 81.823082][ T6083] EXT4-fs (loop2): shut down requested (0) [ 82.098213][ T6085] loop0: detected capacity change from 0 to 256 [ 82.119058][ T9] cfg80211: failed to load regulatory.db [ 82.127668][ T875] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 82.203547][ T6085] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 82.295698][ T875] usb 4-1: Using ep0 maxpacket: 8 [ 82.303164][ T875] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 82.323067][ T875] usb 4-1: config 0 has no interface number 0 [ 82.339428][ T6087] process 'syz.0.36' launched './file0' with NULL argv: empty string added [ 82.353760][ T875] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 82.365288][ T875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.378367][ T875] usb 4-1: Product: syz [ 82.383643][ T875] usb 4-1: Manufacturer: syz [ 82.386821][ T6079] loop1: detected capacity change from 0 to 4096 [ 82.391013][ T875] usb 4-1: SerialNumber: syz [ 82.425205][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.481319][ T875] usb 4-1: config 0 descriptor?? [ 82.699910][ T875] usb 4-1: Found Unit with invalid ID 0. [ 82.722721][ T875] usb 4-1: USB disconnect, device number 3 [ 82.772635][ T5832] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 82.785578][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 82.960052][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 82.981195][ T8] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 82.996821][ T8] usb 3-1: config 0 has no interface number 0 [ 83.005127][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 83.018649][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.027233][ T8] usb 3-1: Product: syz [ 83.031428][ T8] usb 3-1: Manufacturer: syz [ 83.045903][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 83.061817][ T8] usb 3-1: SerialNumber: syz [ 83.078438][ T8] usb 3-1: config 0 descriptor?? [ 83.220770][ T9] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 83.230367][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.245813][ T9] usb 2-1: Product: syz [ 83.255998][ T9] usb 2-1: Manufacturer: syz [ 83.271127][ T9] usb 2-1: SerialNumber: syz [ 83.303494][ T9] usb 2-1: config 0 descriptor?? [ 83.317417][ T8] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 83.330661][ T8] usb 3-1: No valid video chain found. [ 83.372188][ T8] usb 3-1: USB disconnect, device number 5 [ 84.251794][ T6097] loop4: detected capacity change from 0 to 32768 [ 84.326925][ T6101] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 84.344713][ T6095] loop0: detected capacity change from 0 to 32768 [ 84.362191][ T6095] XFS: noattr2 mount option is deprecated. [ 84.368859][ T6095] XFS (loop0): attr2 and noattr2 cannot both be specified. [ 84.536137][ T3666] usb 2-1: USB disconnect, device number 2 [ 84.629960][ T6105] loop0: detected capacity change from 0 to 512 [ 84.710690][ T6105] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 84.718829][ T6105] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 84.726995][ T6105] System zones: 0-2, 18-18, 34-35 [ 84.733348][ T6105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 84.751842][ T6109] loop3: detected capacity change from 0 to 2048 [ 84.784058][ T6097] ERROR: (device loop4): dbDiscardAG: -EIO [ 84.784058][ T6097] [ 84.862542][ T6097] ERROR: (device loop4): remounting filesystem as read-only [ 85.194116][ T6109] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.196117][ T6110] EXT4-fs (loop0): shut down requested (0) [ 85.767971][ T6123] loop4: detected capacity change from 0 to 512 [ 86.184389][ T6113] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 86.233864][ T6123] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 86.252611][ T6123] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 86.261066][ T6113] EXT4-fs (loop3): Remounting filesystem read-only [ 86.271093][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.304321][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.345771][ T6123] System zones: 0-2, 18-18, 34-35 [ 86.405748][ T5904] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 86.449913][ T6123] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 86.586493][ T5904] usb 3-1: New USB device found, idVendor=102c, idProduct=6251, bcdDevice=75.3e [ 86.597175][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.853606][ T6131] EXT4-fs (loop4): shut down requested (0) [ 87.076837][ T5904] usb 3-1: Product: syz [ 87.081037][ T5904] usb 3-1: Manufacturer: syz [ 87.111631][ T5904] usb 3-1: SerialNumber: syz [ 87.142834][ T5904] usb 3-1: config 0 descriptor?? [ 87.178841][ T5904] gspca_main: etoms-2.14.0 probing 102c:6251 [ 87.215341][ T6132] netlink: 12 bytes leftover after parsing attributes in process `syz.0.50'. [ 87.225344][ T6132] tipc: Started in network mode [ 87.226751][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.230544][ T6132] tipc: Node identity @, cluster identity 4711 [ 87.325691][ T5844] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 87.453480][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.4.51'. [ 87.507811][ T5844] usb 4-1: Using ep0 maxpacket: 16 [ 87.524783][ T5844] usb 4-1: config 0 has an invalid interface number: 174 but max is 0 [ 87.543893][ T5844] usb 4-1: config 0 has no interface number 0 [ 87.583507][ T5844] usb 4-1: New USB device found, idVendor=07ca, idProduct=a801, bcdDevice=ee.4a [ 87.608195][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.660328][ T5844] usb 4-1: Product: syz [ 87.675599][ T5844] usb 4-1: Manufacturer: syz [ 87.695709][ T5844] usb 4-1: SerialNumber: syz [ 87.852301][ T5844] usb 4-1: config 0 descriptor?? [ 87.858049][ T6137] binder: BINDER_SET_CONTEXT_MGR already set [ 87.893025][ T5844] dvb-usb: found a 'AVerMedia AverTV DVB-T USB 2.0 (A800)' in warm state. [ 87.904236][ T6137] binder: 6136:6137 ioctl 4018620d 20000040 returned -16 [ 88.039249][ T5844] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 88.089627][ T5844] dvbdev: DVB: registering new adapter (AVerMedia AverTV DVB-T USB 2.0 (A800)) [ 88.121234][ T5844] usb 4-1: media controller created [ 88.259994][ T5844] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 88.272015][ T6119] loop2: detected capacity change from 0 to 32768 [ 88.331241][ T6148] loop4: detected capacity change from 0 to 512 [ 88.347700][ T6119] syz.2.48: attempt to access beyond end of device [ 88.347700][ T6119] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 88.375080][ T6119] lbmIODone: I/O error in JFS log [ 88.384201][ T6148] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 88.392428][ T6119] *** Log Format Error ! *** [ 88.397538][ T6119] lmLogInit: exit(-22) [ 88.401677][ T6119] lmLogOpen: exit(-22) [ 88.401754][ T6148] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 88.416414][ T5844] dvb-usb: bulk message failed: -22 (6/0) [ 88.433063][ T3666] usb 3-1: USB disconnect, device number 6 [ 88.451652][ T6148] System zones: 0-2, 18-18, 34-35 [ 88.462371][ T6148] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 88.463996][ T5844] dvb-usb: bulk message failed: -22 (6/0) [ 88.912400][ T5844] dvb-usb: no frontend was attached by 'AVerMedia AverTV DVB-T USB 2.0 (A800)' [ 89.236182][ T6159] EXT4-fs (loop4): shut down requested (0) [ 89.651987][ T6161] loop3: detected capacity change from 0 to 512 [ 89.745751][ T5844] rc_core: IR keymap rc-avermedia-m135a not found [ 89.762623][ T5844] Registered IR keymap rc-empty [ 89.771410][ T5844] rc rc0: AVerMedia AverTV DVB-T USB 2.0 (A800) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 89.789466][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.853711][ T5844] input: AVerMedia AverTV DVB-T USB 2.0 (A800) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input5 [ 89.903599][ T6161] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 89.933897][ T6161] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002] [ 89.947228][ T6161] System zones: 0-2, 18-18 [ 90.008626][ T6168] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 90.765200][ T6161] , 34-35 [ 90.770320][ T6161] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 90.784571][ T5844] dvb-usb: schedule remote query interval to 150 msecs. [ 90.805678][ T5844] dvb-usb: AVerMedia AverTV DVB-T USB 2.0 (A800) successfully initialized and connected. [ 90.837350][ T5844] usb 4-1: USB disconnect, device number 4 [ 91.154742][ T6176] EXT4-fs (loop3): shut down requested (0) [ 91.444933][ T5844] dvb-usb: AVerMedia AverTV DVB-T USB 2.0 (A800) successfully deinitialized and disconnected. [ 91.543429][ T6178] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 92.164123][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.363993][ T6191] loop2: detected capacity change from 0 to 512 [ 92.397321][ T6191] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 92.462598][ T6191] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 92.478804][ T6191] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #11: comm syz.2.65: corrupted inode contents [ 92.486645][ T6192] netlink: 16 bytes leftover after parsing attributes in process `syz.3.64'. [ 92.503858][ T6191] EXT4-fs error (device loop2): ext4_dirty_inode:6042: inode #11: comm syz.2.65: mark_inode_dirty error [ 92.549314][ T6191] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.65: invalid indirect mapped block 1 (level 1) [ 92.568887][ T6172] loop0: detected capacity change from 0 to 32768 [ 92.675790][ T6191] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #11: comm syz.2.65: corrupted inode contents [ 92.716647][ T6191] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 92.731936][ T6172] ERROR: (device loop0): dbDiscardAG: -EIO [ 92.731936][ T6172] [ 92.749522][ T6172] ERROR: (device loop0): remounting filesystem as read-only [ 92.783369][ T6191] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #11: comm syz.2.65: corrupted inode contents [ 92.807977][ T6191] EXT4-fs error (device loop2): ext4_truncate:4240: inode #11: comm syz.2.65: mark_inode_dirty error [ 92.822509][ T6191] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 92.834726][ T6191] EXT4-fs (loop2): 1 truncate cleaned up [ 92.842034][ T6191] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.059455][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.073634][ T6211] Zero length message leads to an empty skb [ 93.193562][ T6217] netlink: 1344 bytes leftover after parsing attributes in process `syz.3.74'. [ 93.414652][ T6227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.77'. [ 93.654409][ T6222] team0 (unregistering): Port device team_slave_0 removed [ 93.667989][ T6222] team0 (unregistering): Port device team_slave_1 removed [ 93.716739][ T6235] tipc: Started in network mode [ 93.748734][ T6235] tipc: Node identity eae2053aa7e3, cluster identity 4711 [ 93.784786][ T6235] tipc: Enabled bearer , priority 0 [ 93.855167][ T6238] syzkaller0: entered promiscuous mode [ 93.905625][ T6238] syzkaller0: entered allmulticast mode [ 93.952540][ T6232] tipc: Resetting bearer [ 94.002398][ T6231] tipc: Resetting bearer [ 94.108604][ T6231] tipc: Disabling bearer [ 94.175531][ C0] Unknown status report in ack skb [ 94.188098][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.1.88'. [ 94.605810][ T6255] binder: BINDER_SET_CONTEXT_MGR already set [ 94.612517][ T6255] binder: 6254:6255 ioctl 4018620d 20000040 returned -16 [ 94.931638][ T6284] netlink: 'syz.3.96': attribute type 13 has an invalid length. [ 95.057632][ T6289] netlink: 72 bytes leftover after parsing attributes in process `syz.2.97'. [ 95.480253][ T6307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.105'. [ 95.884390][ T6332] bridge_slave_0: left allmulticast mode [ 95.919094][ T6332] bridge_slave_0: left promiscuous mode [ 95.934763][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.988329][ T6332] bridge_slave_1: left allmulticast mode [ 95.994570][ T6332] bridge_slave_1: left promiscuous mode [ 96.053052][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.105338][ T6332] bond0: (slave bond_slave_0): Releasing backup interface [ 96.133698][ T46] IPVS: starting estimator thread 0... [ 96.143439][ T6332] bond0: (slave bond_slave_1): Releasing backup interface [ 96.221913][ T6332] team0: Port device team_slave_0 removed [ 96.236603][ T6348] IPVS: using max 20 ests per chain, 48000 per kthread [ 96.266603][ T6332] team0: Port device team_slave_1 removed [ 96.280146][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.290784][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 96.302149][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 96.310536][ T6332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 96.439962][ T6356] netlink: 48 bytes leftover after parsing attributes in process `syz.3.125'. [ 96.657740][ T6365] netlink: 16 bytes leftover after parsing attributes in process `syz.2.127'. [ 96.689958][ T6355] dccp_close: ABORT with 88 bytes unread [ 96.737904][ T6368] netlink: 4 bytes leftover after parsing attributes in process `syz.2.129'. [ 96.833600][ T6372] warning: `syz.0.130' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 97.046641][ T6383] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'. [ 97.167608][ T6389] pim6reg1: entered promiscuous mode [ 97.183383][ T6389] pim6reg1: entered allmulticast mode [ 97.376080][ T6398] insert transport fail, errno -7 [ 97.924171][ T6412] __nla_validate_parse: 1 callbacks suppressed [ 97.924191][ T6412] netlink: 24 bytes leftover after parsing attributes in process `syz.1.148'. [ 99.371957][ T6454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.162'. [ 99.697327][ T6451] netlink: 8 bytes leftover after parsing attributes in process `syz.4.161'. [ 99.797462][ T6451] netlink: 8 bytes leftover after parsing attributes in process `syz.4.161'. [ 100.498668][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.170'. [ 101.084721][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.0.176'. [ 103.136457][ T6544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.194'. [ 104.385763][ T6561] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.560625][ T6582] netlink: 'syz.1.210': attribute type 10 has an invalid length. [ 105.768601][ T6582] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 105.844194][ T6582] syz.1.210 (6582) used greatest stack depth: 18552 bytes left [ 106.282873][ T6591] Illegal XDP return value 4294967274 on prog (id 36) dev syz_tun, expect packet loss! [ 107.988554][ T6612] loop0: detected capacity change from 0 to 1024 [ 108.128030][ T6615] netlink: 'syz.1.225': attribute type 10 has an invalid length. [ 109.015412][ T6627] loop1: detected capacity change from 0 to 4096 [ 109.089308][ T6632] netlink: 48 bytes leftover after parsing attributes in process `syz.2.231'. [ 109.099406][ T6629] fuse: Bad value for 'fd' [ 109.131476][ T6627] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 109.184401][ T6627] UDF-fs: Scanning with blocksize 512 failed [ 109.271624][ T6627] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 109.299295][ T6629] loop4: detected capacity change from 0 to 1024 [ 110.311018][ T6650] loop2: detected capacity change from 0 to 256 [ 110.366924][ T6650] exfat: Deprecated parameter 'namecase' [ 110.456855][ T6650] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 111.819534][ T6667] loop1: detected capacity change from 0 to 256 [ 112.228135][ T6672] loop4: detected capacity change from 0 to 128 [ 112.251774][ T6667] FAT-fs (loop1): Directory bread(block 64) failed [ 112.268423][ T6673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.248'. [ 112.288217][ T6670] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.295869][ T6670] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.304459][ T6667] FAT-fs (loop1): Directory bread(block 65) failed [ 112.336579][ T6672] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.351347][ T6667] FAT-fs (loop1): Directory bread(block 66) failed [ 112.367808][ T6667] FAT-fs (loop1): Directory bread(block 67) failed [ 112.407275][ T6667] FAT-fs (loop1): Directory bread(block 68) failed [ 112.417870][ T6670] bridge0: entered allmulticast mode [ 112.424931][ T6672] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 112.461930][ T6667] FAT-fs (loop1): Directory bread(block 69) failed [ 112.477239][ T6678] bridge_slave_1: left allmulticast mode [ 112.504118][ T6667] FAT-fs (loop1): Directory bread(block 70) failed [ 112.527908][ T6678] bridge_slave_1: left promiscuous mode [ 112.550471][ T6667] FAT-fs (loop1): Directory bread(block 71) failed [ 112.576875][ T6678] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.598398][ T6667] FAT-fs (loop1): Directory bread(block 72) failed [ 112.654458][ T6667] FAT-fs (loop1): Directory bread(block 73) failed [ 112.733764][ T6678] bridge_slave_0: left allmulticast mode [ 112.755092][ T5832] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.786440][ T6678] bridge_slave_0: left promiscuous mode [ 112.820588][ T6678] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.841289][ T6667] syz.1.243: attempt to access beyond end of device [ 112.841289][ T6667] loop1: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 112.936272][ T6667] syz.1.243: attempt to access beyond end of device [ 112.936272][ T6667] loop1: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 113.041490][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 113.041507][ T29] audit: type=1800 audit(1736513630.589:39): pid=6667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.243" name="file1" dev="loop1" ino=1048605 res=0 errno=0 [ 113.675144][ T6695] loop1: detected capacity change from 0 to 1764 [ 113.824060][ T6695] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 113.857003][ T6699] loop4: detected capacity change from 0 to 128 [ 113.936743][ T6699] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 114.036678][ T6702] hub 2-0:1.0: USB hub found [ 114.045699][ T6702] hub 2-0:1.0: 1 port detected [ 114.449853][ T6699] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 114.746547][ T29] audit: type=1800 audit(1736513632.279:40): pid=6699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.256" name="file1" dev="loop4" ino=104 res=0 errno=0 [ 114.917834][ T6707] kvm: emulating exchange as write [ 115.812506][ T6734] loop1: detected capacity change from 0 to 512 [ 115.890874][ T6734] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 115.959276][ T6738] loop4: detected capacity change from 0 to 256 [ 115.975718][ T6734] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 116.002366][ T6738] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 116.025820][ T6734] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.270: Corrupt directory, running e2fsck is recommended [ 116.069940][ T6738] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 116.103346][ T6738] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 116.113510][ T6734] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 116.149294][ T6738] UDF-fs: Scanning with blocksize 512 failed [ 116.162520][ T6734] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.270: corrupted in-inode xattr: invalid ea_ino [ 116.206042][ T6738] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 116.243229][ T6734] EXT4-fs (loop1): Remounting filesystem read-only [ 116.261049][ T6738] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 116.303077][ T6734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.417771][ T6734] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 116.512452][ T6734] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 116.585352][ T6734] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.270: Corrupt directory, running e2fsck is recommended [ 116.735282][ T6744] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 116.904297][ T6744] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 116.966189][ T6744] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.270: Corrupt directory, running e2fsck is recommended [ 117.097281][ T6747] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 117.196550][ T6747] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 117.275789][ T6747] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.270: Corrupt directory, running e2fsck is recommended [ 117.370287][ T6746] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 118.927106][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.851119][ T29] audit: type=1326 audit(1736513638.399:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 120.923707][ T29] audit: type=1326 audit(1736513638.429:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.007431][ T29] audit: type=1326 audit(1736513638.429:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.074435][ T29] audit: type=1326 audit(1736513638.429:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.137950][ T29] audit: type=1326 audit(1736513638.429:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.202186][ T29] audit: type=1326 audit(1736513638.429:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.264926][ T29] audit: type=1326 audit(1736513638.429:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.325404][ T29] audit: type=1326 audit(1736513638.429:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.391717][ T29] audit: type=1326 audit(1736513638.429:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 121.451347][ T29] audit: type=1326 audit(1736513638.429:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6778 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 124.610432][ T6800] loop0: detected capacity change from 0 to 4096 [ 124.696639][ T6800] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.716698][ T6806] loop3: detected capacity change from 0 to 2048 [ 124.792807][ T6806] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 124.872073][ T6806] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376) [ 124.974942][ T6812] UDF-fs: error (device loop3): udf_read_inode: (ino 1345) failed !bh [ 125.151865][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.478318][ T6820] loop0: detected capacity change from 0 to 512 [ 125.548500][ T6820] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 125.648176][ T6820] EXT4-fs error (device loop0): ext4_orphan_get:1415: comm syz.0.297: bad orphan inode 131083 [ 125.706504][ T6820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.033359][ T6830] 9pnet_virtio: no channels available for device [ 126.520984][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.654445][ T6832] netlink: 24 bytes leftover after parsing attributes in process `syz.3.303'. [ 127.045103][ T6843] fuse: Bad value for 'fd' [ 129.212277][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.318'. [ 129.420882][ T6875] netlink: 24 bytes leftover after parsing attributes in process `syz.2.319'. [ 129.488559][ T6877] xt_NFQUEUE: number of total queues is 0 [ 129.570420][ T6880] loop0: detected capacity change from 0 to 128 [ 129.617571][ T6880] EXT4-fs: inline encryption not supported [ 129.672238][ T6880] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 129.718706][ T5841] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 129.755022][ T6882] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 129.785778][ T6880] ext4 filesystem being mounted at /58/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.136110][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 130.777051][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 130.860017][ T5827] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.889175][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 130.955037][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.008772][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.047277][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.085426][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.249568][ T6882] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.257308][ T6882] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.540881][ T6882] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.594481][ T6882] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.661087][ T6882] __nla_validate_parse: 38 callbacks suppressed [ 131.661109][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.713668][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.752127][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.783896][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.826405][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.860866][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.903898][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 131.963871][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 132.002671][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 132.025139][ T6882] netlink: 7 bytes leftover after parsing attributes in process `syz.1.322'. [ 132.153418][ T6882] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.193494][ T6882] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.224189][ T6882] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.253849][ T6882] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.119502][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.126092][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.187264][ T6914] loop1: detected capacity change from 0 to 1024 [ 134.968216][ T6915] batadv_slave_1: entered promiscuous mode [ 135.161978][ T6944] loop1: detected capacity change from 0 to 164 [ 135.770867][ T6945] netlink: 'syz.0.340': attribute type 10 has an invalid length. [ 135.916082][ T6912] batadv_slave_1: left promiscuous mode [ 136.016561][ T6945] syz_tun: entered promiscuous mode [ 136.074068][ T6945] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 137.576350][ T6966] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 137.847728][ T6974] tipc: Started in network mode [ 137.860625][ T6974] tipc: Node identity 080211, cluster identity 4711 [ 137.870810][ T6974] tipc: Enabled bearer , priority 0 [ 137.883940][ T6974] tipc: Resetting bearer [ 138.867870][ T9] tipc: Node number set to 134353152 [ 139.892770][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 139.892787][ T29] audit: type=1326 audit(1736513657.439:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.918654][ T29] audit: type=1326 audit(1736513657.459:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.918699][ T29] audit: type=1326 audit(1736513657.459:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.918730][ T29] audit: type=1326 audit(1736513657.459:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929049][ T29] audit: type=1326 audit(1736513657.479:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929091][ T29] audit: type=1326 audit(1736513657.479:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929121][ T29] audit: type=1326 audit(1736513657.479:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929158][ T29] audit: type=1326 audit(1736513657.479:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929187][ T29] audit: type=1326 audit(1736513657.479:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.929216][ T29] audit: type=1326 audit(1736513657.479:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f1744185d29 code=0x7ffc0000 [ 139.976383][ T6991] __nla_validate_parse: 20 callbacks suppressed [ 139.976400][ T6991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.362'. [ 140.185820][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 140.335650][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 140.366509][ T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 127: 255, using maximum allowed: 30 [ 140.366552][ T9] usb 4-1: config 0 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.366576][ T9] usb 4-1: config 0 interface 0 altsetting 127 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.366597][ T9] usb 4-1: config 0 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 140.366622][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 140.366648][ T9] usb 4-1: New USB device found, idVendor=054c, idProduct=a64b, bcdDevice= 0.01 [ 140.366669][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.368768][ T9] usb 4-1: config 0 descriptor?? [ 140.795872][ T9] hid (null): unknown global tag 0xc [ 140.795951][ T9] hid (null): report_id 900821450 is invalid [ 140.800194][ T9] hid-generic 0003:054C:A64B.0001: unknown global tag 0xc [ 140.800259][ T9] hid-generic 0003:054C:A64B.0001: item 0 2 1 12 parsing failed [ 140.800898][ T9] hid-generic 0003:054C:A64B.0001: probe with driver hid-generic failed with error -22 [ 140.931370][ T7004] mmap: syz.4.368 (7004) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.998759][ T9] usb 4-1: USB disconnect, device number 5 [ 142.316574][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'. [ 145.291085][ T7057] loop0: detected capacity change from 0 to 512 [ 145.340717][ T7057] EXT4-fs: Ignoring removed i_version option [ 145.386152][ T7057] EXT4-fs: Ignoring removed mblk_io_submit option [ 145.445302][ T7057] ext4: Unknown parameter 'seclabel' [ 145.848531][ T7069] loop0: detected capacity change from 0 to 128 [ 145.901143][ T7069] vfat: Bad value for 'time_offset' [ 146.082850][ T7072] netlink: 'syz.1.395': attribute type 10 has an invalid length. [ 146.131737][ T7072] syz_tun: entered promiscuous mode [ 146.198634][ T7072] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 147.855850][ T7100] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 147.855850][ T7100] The task syz.4.407 (7100) triggered the difference, watch for misbehavior. [ 149.987124][ T7120] syzkaller0: entered promiscuous mode [ 150.013387][ T7120] syzkaller0: entered allmulticast mode [ 150.470311][ T7132] loop0: detected capacity change from 0 to 2048 [ 150.549594][ T7132] loop0: detected capacity change from 0 to 1024 [ 150.587659][ T7132] hfsplus: Unknown parameter '/dev/ptmx' [ 151.192150][ T7149] tracefs: Bad value for 'mode' [ 152.440637][ T7165] netlink: 'syz.0.427': attribute type 10 has an invalid length. [ 152.500244][ T7165] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 152.626127][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 152.940840][ T8] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.956972][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 152.963748][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 153.144443][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.480164][ T8] usb 4-1: config 0 descriptor?? [ 153.583475][ T7173] netlink: 24 bytes leftover after parsing attributes in process `syz.0.433'. [ 153.895054][ T7179] loop1: detected capacity change from 0 to 512 [ 154.062424][ T7179] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 154.074108][ T7179] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.435: invalid indirect mapped block 2683928664 (level 1) [ 154.183564][ T8] magicmouse 0003:05AC:0269.0002: item fetching failed at offset 3/7 [ 154.203847][ T8] magicmouse 0003:05AC:0269.0002: magicmouse hid parse failed [ 154.231579][ T8] magicmouse 0003:05AC:0269.0002: probe with driver magicmouse failed with error -22 [ 154.260165][ T7179] EXT4-fs (loop1): Remounting filesystem read-only [ 154.281902][ T7179] EXT4-fs (loop1): 1 truncate cleaned up [ 154.335072][ T7179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.481370][ T7192] loop0: detected capacity change from 0 to 512 [ 154.489689][ T8] usb 4-1: USB disconnect, device number 6 [ 154.566862][ T7192] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 154.631038][ T7194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'. [ 154.801203][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.462049][ T7209] loop1: detected capacity change from 0 to 512 [ 155.519356][ T7209] EXT4-fs: Ignoring removed nomblk_io_submit option [ 155.564371][ T7209] EXT4-fs: Ignoring removed i_version option [ 155.659514][ T7209] EXT4-fs (loop1): 1 orphan inode deleted [ 155.699274][ T7209] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.672702][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.450'. [ 156.716619][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.065207][ T7230] loop1: detected capacity change from 0 to 1024 [ 157.130261][ T7230] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.152314][ T7233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.455'. [ 157.781779][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.497486][ T7267] loop0: detected capacity change from 0 to 1024 [ 158.567247][ T7267] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.310255][ T7258] loop1: detected capacity change from 0 to 8192 [ 160.748358][ T7280] netlink: 'syz.2.468': attribute type 10 has an invalid length. [ 160.844355][ T7283] loop1: detected capacity change from 0 to 256 [ 160.914122][ T7283] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 160.975901][ T7280] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 162.142825][ T7306] loop1: detected capacity change from 0 to 256 [ 162.204619][ T7306] exfat: Invalid uid '0x00000000ffffffff' [ 162.250503][ T7311] devtmpfs: Invalid uid '0x00000000ffffffff' [ 162.983128][ T7320] netlink: 'syz.3.484': attribute type 10 has an invalid length. [ 163.158824][ T7320] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 164.336930][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 164.336947][ T29] audit: type=1326 audit(1736513681.889:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 164.422760][ T7349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.497'. [ 165.221095][ T29] audit: type=1326 audit(1736513681.889:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 165.355639][ T29] audit: type=1326 audit(1736513681.939:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 165.505697][ T29] audit: type=1326 audit(1736513681.939:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 165.655400][ T29] audit: type=1326 audit(1736513681.939:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 165.835269][ T29] audit: type=1326 audit(1736513681.939:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 165.991417][ T29] audit: type=1326 audit(1736513681.939:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 166.105666][ T29] audit: type=1326 audit(1736513681.939:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 166.225690][ T875] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 166.252011][ T29] audit: type=1326 audit(1736513681.939:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 166.368806][ T7369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.504'. [ 166.388066][ T29] audit: type=1326 audit(1736513681.939:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f40c6f85d29 code=0x7ffc0000 [ 166.441313][ T875] usb 3-1: Using ep0 maxpacket: 32 [ 166.453787][ T875] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 166.480955][ T875] usb 3-1: config 0 has no interface number 0 [ 166.522068][ T875] usb 3-1: config 0 interface 184 has no altsetting 0 [ 166.560680][ T875] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 166.601743][ T875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.648244][ T875] usb 3-1: Product: syz [ 166.673115][ T875] usb 3-1: Manufacturer: syz [ 166.710697][ T875] usb 3-1: SerialNumber: syz [ 166.747509][ T875] usb 3-1: config 0 descriptor?? [ 166.789170][ T875] smsc75xx v1.0.0 [ 167.458204][ T875] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 167.685923][ T875] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 168.017363][ T875] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 168.069499][ T875] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 168.135049][ T875] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 168.922613][ T875] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 168.934005][ T875] usb 3-1: USB disconnect, device number 7 [ 169.073668][ T7390] netlink: 'syz.1.511': attribute type 10 has an invalid length. [ 171.486791][ T7419] tipc: Started in network mode [ 171.520283][ T7419] tipc: Node identity e6d4bf44cba2, cluster identity 4711 [ 171.577933][ T7419] tipc: Enabled bearer , priority 0 [ 171.599625][ T7421] tipc: Resetting bearer [ 171.668219][ T7418] tipc: Disabling bearer [ 173.114751][ T7447] loop0: detected capacity change from 0 to 512 [ 173.189608][ T7447] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 173.280030][ T7447] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.562044][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 174.834987][ T7460] loop1: detected capacity change from 0 to 1024 [ 174.891675][ T7460] hfsplus: request for non-existent node 3 in B*Tree [ 174.923129][ T7460] hfsplus: request for non-existent node 3 in B*Tree [ 177.250468][ T7500] GUP no longer grows the stack in syz.3.549 (7500): 20003000-2000a000 (20002000) [ 177.260397][ T7500] CPU: 0 UID: 0 PID: 7500 Comm: syz.3.549 Not tainted 6.13.0-rc6-next-20250107-syzkaller #0 [ 177.260421][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 177.260435][ T7500] Call Trace: [ 177.260442][ T7500] [ 177.260449][ T7500] dump_stack_lvl+0x241/0x360 [ 177.260483][ T7500] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.260501][ T7500] ? __pfx__printk+0x10/0x10 [ 177.260523][ T7500] ? find_vma+0xf9/0x170 [ 177.260556][ T7500] __get_user_pages+0x3b04/0x4140 [ 177.260615][ T7500] ? __pfx___get_user_pages+0x10/0x10 [ 177.260668][ T7500] get_user_pages_remote+0x31e/0xb60 [ 177.260698][ T7500] ? __pfx_get_user_pages_remote+0x10/0x10 [ 177.260721][ T7500] ? __access_remote_vm+0x320/0x800 [ 177.260747][ T7500] __access_remote_vm+0x229/0x800 [ 177.260776][ T7500] ? __pfx___access_remote_vm+0x10/0x10 [ 177.260797][ T7500] ? set_page_refcounted+0xa1/0x1e0 [ 177.260829][ T7500] ? alloc_pages_noprof+0x136/0x190 [ 177.260849][ T7500] proc_pid_cmdline_read+0x5b2/0x860 [ 177.260882][ T7500] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 177.260908][ T7500] ? rw_verify_area+0x243/0x630 [ 177.260933][ T7500] vfs_readv+0x6bc/0xa80 [ 177.260959][ T7500] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 177.260988][ T7500] ? __pfx_vfs_readv+0x10/0x10 [ 177.261003][ T7500] ? do_sys_openat2+0x17a/0x1d0 [ 177.261036][ T7500] ? __fget_files+0x2a/0x410 [ 177.261060][ T7500] ? __fget_files+0x395/0x410 [ 177.261076][ T7500] ? __fget_files+0x2a/0x410 [ 177.261103][ T7500] __x64_sys_preadv+0x1b7/0x2d0 [ 177.261128][ T7500] ? __pfx___x64_sys_preadv+0x10/0x10 [ 177.261151][ T7500] ? do_syscall_64+0x100/0x230 [ 177.261175][ T7500] ? do_syscall_64+0xb6/0x230 [ 177.261196][ T7500] do_syscall_64+0xf3/0x230 [ 177.261214][ T7500] ? clear_bhb_loop+0x35/0x90 [ 177.261239][ T7500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.261265][ T7500] RIP: 0033:0x7f0ce8f85d29 [ 177.261284][ T7500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.261298][ T7500] RSP: 002b:00007f0ce9ded038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 177.261317][ T7500] RAX: ffffffffffffffda RBX: 00007f0ce9176160 RCX: 00007f0ce8f85d29 [ 177.261330][ T7500] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 000000000000000b [ 177.261340][ T7500] RBP: 00007f0ce9001b08 R08: 0000000000000000 R09: 0000000000000000 [ 177.261350][ T7500] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 177.261361][ T7500] R13: 0000000000000000 R14: 00007f0ce9176160 R15: 00007ffc75a09fc8 [ 177.261389][ T7500] [ 177.861870][ T7503] loop0: detected capacity change from 0 to 512 [ 177.922176][ T7503] EXT4-fs: Ignoring removed bh option [ 177.980680][ T7503] EXT4-fs (loop0): blocks per group (71) and clusters per group (20800) inconsistent [ 179.107536][ T7519] loop1: detected capacity change from 0 to 512 [ 179.210517][ T7519] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 179.274126][ T7519] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.284887][ T8] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 179.504556][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.555393][ T8] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 179.585103][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.623198][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 179.648287][ T8] usb 1-1: Product: syz [ 179.652493][ T8] usb 1-1: Manufacturer: syz [ 179.877248][ T8] usb 1-1: SerialNumber: syz [ 179.893098][ T8] usb 1-1: config 0 descriptor?? [ 180.495580][ T8] usb 1-1: USB disconnect, device number 2 [ 181.228503][ T5881] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 181.442028][ T5881] usb 3-1: config 0 interface 0 altsetting 132 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.495738][ T5881] usb 3-1: config 0 interface 0 altsetting 132 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.560178][ T7546] loop0: detected capacity change from 0 to 256 [ 181.578437][ T5881] usb 3-1: config 0 interface 0 has no altsetting 0 [ 181.629456][ T5881] usb 3-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00 [ 181.650237][ T7546] exfat: Deprecated parameter 'namecase' [ 181.688437][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.727308][ T7546] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 181.773474][ T5881] usb 3-1: config 0 descriptor?? [ 182.385390][ T5881] wacom 0003:056A:00B4.0003: Unknown device_type for 'HID 056a:00b4'. Assuming pen. [ 182.656275][ T5881] wacom 0003:056A:00B4.0003: hidraw0: USB HID v0.00 Device [HID 056a:00b4] on usb-dummy_hcd.2-1/input0 [ 182.834611][ T5881] input: Wacom Intuos3 12x19 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B4.0003/input/input10 [ 183.328220][ T5881] usb 3-1: USB disconnect, device number 8 [ 183.808168][ T7565] fuse: Bad value for 'fd' [ 183.908114][ T7568] loop1: detected capacity change from 0 to 1024 [ 183.982932][ T7568] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.495515][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 186.501586][ T5143] Bluetooth: hci4: command 0x0406 tx timeout [ 186.507705][ T5143] Bluetooth: hci0: command 0x0406 tx timeout [ 186.513713][ T5143] Bluetooth: hci2: command 0x0406 tx timeout [ 186.519858][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 193.870095][ T7574] netlink: 'syz.0.576': attribute type 4 has an invalid length. [ 193.965708][ T7575] netlink: 'syz.0.576': attribute type 4 has an invalid length. [ 194.435510][ T7587] loop1: detected capacity change from 0 to 256 [ 194.444771][ T7587] exfat: Deprecated parameter 'namecase' [ 194.468733][ T7588] netlink: 'syz.3.580': attribute type 10 has an invalid length. [ 194.488266][ T7587] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 194.742444][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.748863][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.984412][ T7592] netlink: 'syz.4.582': attribute type 3 has an invalid length. [ 194.996904][ T7592] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.582'. [ 195.786112][ T7588] syz_tun: entered promiscuous mode [ 195.851946][ T7588] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 197.300885][ T7624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.593'. [ 197.357315][ T7624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.593'. [ 197.864050][ T7639] bridge_slave_0: entered promiscuous mode [ 198.195414][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.603'. [ 199.050219][ T7658] syz_tun: left promiscuous mode [ 199.201936][ T7658] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 199.648864][ T7672] netlink: 36 bytes leftover after parsing attributes in process `syz.1.616'. [ 199.727911][ T7672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.616'. [ 200.301718][ T7691] netlink: 72 bytes leftover after parsing attributes in process `syz.4.620'. [ 200.859942][ T7678] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.931227][ T7678] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.235972][ T7705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.627'. [ 201.305343][ T7678] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.334227][ T7678] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.362998][ T7678] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.392717][ T7678] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.926515][ T7709] netlink: 24 bytes leftover after parsing attributes in process `syz.0.628'. [ 202.125192][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'. [ 203.423944][ T7752] tipc: Enabled bearer , priority 0 [ 203.463663][ T7752] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 203.509458][ T7752] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 203.564648][ T7752] tipc: Resetting bearer [ 203.691874][ T7760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.647'. [ 204.428313][ T9] tipc: Node number set to 1073741869 [ 204.722794][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.655'. [ 204.802518][ T7782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.656'. [ 205.255414][ T7788] netlink: 76 bytes leftover after parsing attributes in process `syz.2.658'. [ 205.336701][ T7788] nbd: must specify an index to disconnect [ 205.389458][ T7791] tipc: Enabled bearer , priority 0 [ 205.464484][ T7791] tipc: Resetting bearer [ 205.546064][ T7790] tipc: Disabling bearer [ 205.948142][ T7800] Bluetooth: MGMT ver 1.23 [ 206.102250][ T7808] netlink: 24 bytes leftover after parsing attributes in process `syz.0.664'. [ 206.750389][ T7815] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.757926][ T7815] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.119295][ T7815] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 207.181382][ T7815] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 207.200903][ T7827] netlink: 'syz.0.671': attribute type 3 has an invalid length. [ 207.229143][ T7827] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.671'. [ 207.470271][ T7815] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.499553][ T7815] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.526546][ T7815] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.551848][ T7815] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.693394][ T7817] rose2: entered allmulticast mode [ 208.025917][ T7830] netlink: 24 bytes leftover after parsing attributes in process `syz.0.672'. [ 208.071667][ T7835] netlink: 32 bytes leftover after parsing attributes in process `syz.3.673'. [ 208.147581][ T7835] netlink: 28 bytes leftover after parsing attributes in process `syz.3.673'. [ 208.224069][ T7835] netlink: 28 bytes leftover after parsing attributes in process `syz.3.673'. [ 208.276790][ T7830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.672'. [ 208.646770][ T7843] netlink: 'syz.3.678': attribute type 10 has an invalid length. [ 208.786492][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.679'. [ 208.795325][ T7848] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.914323][ T7848] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.343774][ T7857] gre1: entered promiscuous mode [ 211.440045][ T7883] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 211.855710][ T7887] raw_sendmsg: syz.3.695 forgot to set AF_INET. Fix it! [ 212.558877][ T7898] netlink: 36 bytes leftover after parsing attributes in process `syz.2.699'. [ 212.804905][ T7905] netlink: 892 bytes leftover after parsing attributes in process `syz.0.702'. [ 218.171814][ T7985] veth0_to_team: entered promiscuous mode [ 218.206863][ T7985] veth0_to_team: entered allmulticast mode [ 218.877970][ T7998] batadv_slave_1: entered promiscuous mode [ 218.941871][ T7997] batadv_slave_1: left promiscuous mode [ 219.038348][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.2.742'. [ 219.464800][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 219.535867][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 219.601975][ T8009] dummy0: entered promiscuous mode [ 219.646427][ T8009] batadv_slave_1: entered promiscuous mode [ 219.677541][ T8009] hsr1: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network [ 219.744419][ T8009] hsr1: Slave B (batadv_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.817189][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 219.854040][ T8014] netlink: 236 bytes leftover after parsing attributes in process `syz.3.748'. [ 219.885715][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 220.808311][ T8024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.753'. [ 221.141528][ T8030] netlink: 24 bytes leftover after parsing attributes in process `syz.3.756'. [ 221.226346][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 221.247827][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 221.258584][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 221.266591][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 221.284021][ T5841] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 221.292706][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 221.754999][ T8047] netlink: 'syz.4.763': attribute type 10 has an invalid length. [ 221.851723][ T8047] syz_tun: entered promiscuous mode [ 221.887964][ T8047] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 222.108266][ T8054] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode [ 222.150615][ T8054] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode [ 222.214715][ T8056] netlink: 'syz.0.765': attribute type 4 has an invalid length. [ 222.414728][ T8033] chnl_net:caif_netlink_parms(): no params data found [ 222.897031][ T8033] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.930497][ T8069] netlink: 24 bytes leftover after parsing attributes in process `syz.2.770'. [ 222.954426][ T8033] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.979625][ T8033] bridge_slave_0: entered allmulticast mode [ 223.011900][ T8033] bridge_slave_0: entered promiscuous mode [ 223.047480][ T8065] syz_tun: left promiscuous mode [ 223.067119][ T8065] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 223.145715][ T8033] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.196066][ T8033] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.203314][ T8033] bridge_slave_1: entered allmulticast mode [ 223.281460][ T8033] bridge_slave_1: entered promiscuous mode [ 223.363982][ T5841] Bluetooth: hci5: command tx timeout [ 223.625139][ T8033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.721417][ T8033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.037192][ T8033] team0: Port device team_slave_0 added [ 224.109245][ T8033] team0: Port device team_slave_1 added [ 225.438768][ T5841] Bluetooth: hci5: command tx timeout [ 225.509665][ T8105] netlink: 24 bytes leftover after parsing attributes in process `syz.2.783'. [ 226.078924][ T8090] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.115378][ T8090] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.164201][ T8090] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.212592][ T8090] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.691390][ T8097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.747284][ T8097] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.825916][ T8097] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 227.036990][ T7775] bond0: (slave syz_tun): Releasing backup interface [ 227.150298][ T8033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.198713][ T8033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.327155][ T8033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.391370][ T8033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.430554][ T8033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.524349][ T5841] Bluetooth: hci5: command tx timeout [ 227.548236][ T8033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.628186][ T8124] x_tables: duplicate underflow at hook 3 [ 228.171962][ T8033] hsr_slave_0: entered promiscuous mode [ 228.220860][ T8033] hsr_slave_1: entered promiscuous mode [ 228.261950][ T8033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.313508][ T8033] Cannot create hsr debugfs directory [ 229.590047][ T8153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.803'. [ 229.599282][ T5841] Bluetooth: hci5: command tx timeout [ 229.674007][ T12] bridge_slave_1: left allmulticast mode [ 229.702368][ T12] bridge_slave_1: left promiscuous mode [ 229.735097][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.783526][ T12] bridge_slave_0: left allmulticast mode [ 229.810331][ T12] bridge_slave_0: left promiscuous mode [ 229.833154][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.201518][ T8163] openvswitch: netlink: IP tunnel dst address not specified [ 231.416414][ T8169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.807'. [ 232.146380][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.184775][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.195257][ T12] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 232.211586][ T12] bond0 (unregistering): Released all slaves [ 232.231028][ T8153] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 232.262334][ T8157] batadv1: entered allmulticast mode [ 232.382907][ T8033] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 232.477744][ T12] tipc: Disabling bearer [ 232.609769][ T12] tipc: Left network mode [ 232.614572][ T8033] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 232.691447][ T8033] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 233.095549][ T8033] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 233.799564][ T8234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.818'. [ 234.231316][ T12] hsr_slave_0: left promiscuous mode [ 234.252378][ T12] hsr_slave_1: left promiscuous mode [ 234.277369][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.295917][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.402332][ T8033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.608254][ T8033] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.719832][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.727026][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.839104][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.846334][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.306502][ T12] IPVS: stop unused estimator thread 0... [ 238.561571][ T8289] netlink: 40 bytes leftover after parsing attributes in process `syz.2.837'. [ 238.635229][ T8284] syz_tun: left promiscuous mode [ 238.674241][ T8284] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.681700][ T8284] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.804949][ T8284] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 238.931801][ T8285] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 239.012576][ T8291] xt_TCPMSS: Only works on TCP SYN packets [ 239.578024][ T8299] bridge0: entered promiscuous mode [ 239.594295][ T8298] bridge0: left promiscuous mode [ 239.657540][ T8033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.048078][ T8306] netlink: 1280 bytes leftover after parsing attributes in process `syz.4.841'. [ 240.105842][ T8306] openvswitch: netlink: Flow actions attr not present in new flow. [ 241.377516][ T8318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.843'. [ 241.545421][ T8033] veth0_vlan: entered promiscuous mode [ 241.623242][ T8033] veth1_vlan: entered promiscuous mode [ 241.773624][ T8033] veth0_macvtap: entered promiscuous mode [ 241.833834][ T8033] veth1_macvtap: entered promiscuous mode [ 241.975385][ T8033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.038804][ T8033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.108972][ T8033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.186888][ T8033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.266914][ T8033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.344626][ T8033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.433317][ T8033] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.490784][ T8033] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.542415][ T8033] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.583383][ T8033] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.995760][ T8207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.085640][ T8207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.190198][ T8198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.239727][ T8198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.436401][ T8351] veth0_to_team: entered promiscuous mode [ 243.468985][ T8351] veth0_to_team: entered allmulticast mode [ 243.610934][ T8355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.859'. [ 244.725684][ T8378] netlink: 'syz.4.870': attribute type 12 has an invalid length. [ 244.759508][ T8378] netlink: 'syz.4.870': attribute type 29 has an invalid length. [ 244.803229][ T8378] netlink: 148 bytes leftover after parsing attributes in process `syz.4.870'. [ 245.232500][ T8384] tipc: Enabling of bearer rejected, failed to enable media [ 245.257130][ T46] ------------[ cut here ]------------ [ 245.263140][ T46] WARNING: CPU: 1 PID: 46 at mm/util.c:674 __kvmalloc_node_noprof+0x17a/0x190 [ 245.272388][ T46] Modules linked in: [ 245.276436][ T46] CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.13.0-rc6-next-20250107-syzkaller #0 [ 245.286901][ T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 245.297447][ T46] Workqueue: events rht_deferred_worker [ 245.303076][ T46] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 245.309329][ T46] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 2f 7a bb ff 41 81 e7 00 20 00 00 74 0a e8 e1 75 bb ff e9 3b ff ff ff e8 d7 75 bb ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 245.329030][ T46] RSP: 0018:ffffc90000b678d8 EFLAGS: 00010293 [ 245.335163][ T46] RAX: ffffffff8203c389 RBX: 0000000080000080 RCX: ffff88802068bc00 [ 245.343222][ T46] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.351259][ T46] RBP: 0000000000000000 R08: ffffffff8203c371 R09: 00000000ffffffff [ 245.359299][ T46] R10: ffffc90000b67720 R11: fffff5200016cee9 R12: ffffc9005d000000 [ 245.367393][ T46] R13: dffffc0000000000 R14: 00000000ffffffff R15: 0000000000000000 [ 245.375396][ T46] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 245.384432][ T46] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 245.391107][ T46] CR2: 00007f3eb6d2fd58 CR3: 000000000e736000 CR4: 00000000003526f0 [ 245.399153][ T46] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 245.407268][ T46] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 245.415328][ T46] Call Trace: [ 245.418670][ T46] [ 245.421623][ T46] ? __warn+0x165/0x4d0 [ 245.422789][ T8389] netlink: 36 bytes leftover after parsing attributes in process `syz.2.875'. [ 245.425837][ T46] ? __kvmalloc_node_noprof+0x17a/0x190 [ 245.440419][ T46] ? report_bug+0x2b3/0x500 [ 245.444969][ T46] ? __kvmalloc_node_noprof+0x17a/0x190 [ 245.450618][ T46] ? handle_bug+0x60/0x90 [ 245.454981][ T46] ? exc_invalid_op+0x1a/0x50 [ 245.459921][ T46] ? asm_exc_invalid_op+0x1a/0x20 [ 245.464989][ T46] ? __kvmalloc_node_noprof+0x161/0x190 [ 245.470623][ T46] ? __kvmalloc_node_noprof+0x179/0x190 [ 245.476239][ T46] ? __kvmalloc_node_noprof+0x17a/0x190 [ 245.481824][ T46] ? __kvmalloc_node_noprof+0x179/0x190 [ 245.487591][ T46] rhashtable_rehash_alloc+0x9e/0x290 [ 245.493005][ T46] ? rht_deferred_worker+0x4cb/0x23f0 [ 245.498479][ T46] rht_deferred_worker+0x4e1/0x23f0 [ 245.503727][ T46] ? __pfx_lock_acquire+0x10/0x10 [ 245.508834][ T46] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 245.514843][ T46] ? __pfx_rht_deferred_worker+0x10/0x10 [ 245.520540][ T46] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 245.526939][ T46] ? process_scheduled_works+0x976/0x1840 [ 245.532692][ T46] process_scheduled_works+0xa66/0x1840 [ 245.538347][ T46] ? __pfx_process_scheduled_works+0x10/0x10 [ 245.544572][ T46] ? assign_work+0x364/0x3d0 [ 245.549300][ T46] worker_thread+0x870/0xd30 [ 245.553939][ T46] ? __kthread_parkme+0x169/0x1d0 [ 245.559533][ T46] ? __pfx_worker_thread+0x10/0x10 [ 245.565133][ T46] kthread+0x7a9/0x920 [ 245.569302][ T46] ? __pfx_kthread+0x10/0x10 [ 245.574114][ T46] ? __pfx_worker_thread+0x10/0x10 [ 245.579293][ T46] ? __pfx_kthread+0x10/0x10 [ 245.583923][ T46] ? __pfx_kthread+0x10/0x10 [ 245.588584][ T46] ? __pfx_kthread+0x10/0x10 [ 245.594129][ T46] ? _raw_spin_unlock_irq+0x23/0x50 [ 245.599412][ T46] ? lockdep_hardirqs_on+0x99/0x150 [ 245.604806][ T46] ? __pfx_kthread+0x10/0x10 [ 245.609456][ T46] ret_from_fork+0x4b/0x80 [ 245.613892][ T46] ? __pfx_kthread+0x10/0x10 [ 245.618543][ T46] ret_from_fork_asm+0x1a/0x30 [ 245.623715][ T46] [ 245.626860][ T46] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 245.634248][ T46] CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.13.0-rc6-next-20250107-syzkaller #0 [ 245.644333][ T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 245.654417][ T46] Workqueue: events rht_deferred_worker [ 245.660005][ T46] Call Trace: [ 245.663390][ T46] [ 245.666533][ T46] dump_stack_lvl+0x241/0x360 [ 245.671245][ T46] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.676472][ T46] ? __pfx__printk+0x10/0x10 [ 245.681108][ T46] ? vscnprintf+0x5d/0x90 [ 245.685467][ T46] panic+0x349/0x880 [ 245.689480][ T46] ? __warn+0x174/0x4d0 [ 245.693666][ T46] ? __pfx_panic+0x10/0x10 [ 245.698133][ T46] ? ret_from_fork_asm+0x1a/0x30 [ 245.703118][ T46] __warn+0x344/0x4d0 [ 245.707197][ T46] ? __kvmalloc_node_noprof+0x17a/0x190 [ 245.712753][ T46] report_bug+0x2b3/0x500 [ 245.717169][ T46] ? __kvmalloc_node_noprof+0x17a/0x190 [ 245.722718][ T46] handle_bug+0x60/0x90 [ 245.726894][ T46] exc_invalid_op+0x1a/0x50 [ 245.731415][ T46] asm_exc_invalid_op+0x1a/0x20 [ 245.736279][ T46] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 245.742431][ T46] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 2f 7a bb ff 41 81 e7 00 20 00 00 74 0a e8 e1 75 bb ff e9 3b ff ff ff e8 d7 75 bb ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 245.762138][ T46] RSP: 0018:ffffc90000b678d8 EFLAGS: 00010293 [ 245.768477][ T46] RAX: ffffffff8203c389 RBX: 0000000080000080 RCX: ffff88802068bc00 [ 245.776447][ T46] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.784411][ T46] RBP: 0000000000000000 R08: ffffffff8203c371 R09: 00000000ffffffff [ 245.792375][ T46] R10: ffffc90000b67720 R11: fffff5200016cee9 R12: ffffc9005d000000 [ 245.800342][ T46] R13: dffffc0000000000 R14: 00000000ffffffff R15: 0000000000000000 [ 245.808315][ T46] ? __kvmalloc_node_noprof+0x161/0x190 [ 245.814473][ T46] ? __kvmalloc_node_noprof+0x179/0x190 [ 245.820140][ T46] ? __kvmalloc_node_noprof+0x179/0x190 [ 245.825785][ T46] rhashtable_rehash_alloc+0x9e/0x290 [ 245.831159][ T46] ? rht_deferred_worker+0x4cb/0x23f0 [ 245.836531][ T46] rht_deferred_worker+0x4e1/0x23f0 [ 245.841741][ T46] ? __pfx_lock_acquire+0x10/0x10 [ 245.846787][ T46] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 245.852774][ T46] ? __pfx_rht_deferred_worker+0x10/0x10 [ 245.858402][ T46] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 245.864734][ T46] ? process_scheduled_works+0x976/0x1840 [ 245.870453][ T46] process_scheduled_works+0xa66/0x1840 [ 245.876038][ T46] ? __pfx_process_scheduled_works+0x10/0x10 [ 245.882023][ T46] ? assign_work+0x364/0x3d0 [ 245.886612][ T46] worker_thread+0x870/0xd30 [ 245.891208][ T46] ? __kthread_parkme+0x169/0x1d0 [ 245.896227][ T46] ? __pfx_worker_thread+0x10/0x10 [ 245.901420][ T46] kthread+0x7a9/0x920 [ 245.905493][ T46] ? __pfx_kthread+0x10/0x10 [ 245.910085][ T46] ? __pfx_worker_thread+0x10/0x10 [ 245.915290][ T46] ? __pfx_kthread+0x10/0x10 [ 245.919877][ T46] ? __pfx_kthread+0x10/0x10 [ 245.924991][ T46] ? __pfx_kthread+0x10/0x10 [ 245.929576][ T46] ? _raw_spin_unlock_irq+0x23/0x50 [ 245.934776][ T46] ? lockdep_hardirqs_on+0x99/0x150 [ 245.939966][ T46] ? __pfx_kthread+0x10/0x10 [ 245.944557][ T46] ret_from_fork+0x4b/0x80 [ 245.948980][ T46] ? __pfx_kthread+0x10/0x10 [ 245.953567][ T46] ret_from_fork_asm+0x1a/0x30 [ 245.958340][ T46] [ 245.961714][ T46] Kernel Offset: disabled [ 245.966146][ T46] Rebooting in 86400 seconds..