last executing test programs: 35.197372299s ago: executing program 2 (id=643): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x6, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592e66e6229bc5c7ac135fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) r1 = dup(r0) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080", @ANYRESOCT=r2], 0x38}}, 0x0) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000000d060000000000000007008182000000a8b5c3bbd580b65842"], 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x20000001) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1) symlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='./file0\x00') r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r1) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)={0xec, r3, 0x100, 0x70bd26, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8001}, {0x6, 0x11, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xd}, {0x6, 0x11, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xff}, {0x6, 0x11, 0x480}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6}}]}, 0xec}, 0x1, 0x0, 0x0, 0x40}, 0x1805) 34.197563524s ago: executing program 2 (id=646): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$dri(0x0, 0x7ce, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket(0x840000000002, 0x3, 0x100) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x1c0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x8}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) 31.914522979s ago: executing program 2 (id=650): mkdir(&(0x7f0000000400)='./file0\x00', 0x99) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001b80)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffff22, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0xa) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0) 30.615323609s ago: executing program 2 (id=655): socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x22d, &(0x7f0000000a40)="$eJzslb9v00AUx793dpy0gkoMMLCkQyWKRB3bBdSFoexISC0Cxoheq4DbVGmGthJSKxYWZsQfwMbM0ImBDSZmBkBCYqAjC0gcuvM5Ptd22igIhr6PlMv33t27H8/PzyAI4tTy5fOPT89uLixfAXAGM6gb+zcnm8Ot+R9fODUj325MPT6whhqqYQCkzIzuMft7AN4sOsBesqyUmfcr86/WXAbHjOnfAcdlo++CwU/PKjNvAYb7xvxwUw5u050wIhbsQTdeWe3EIlBNqJpotfOyljufOv/hPsOKuaDagVnjWzu7j9ox0EtELFJRk+k+haFUJDcDSoZyYlj89PkWOW5YIVDP697TJ/uq7xt7YMUvBEdo9DwYloxeQB2+7zdNV4TW/S+62fpO8tgS9qrPXRSNUSaPL87N5SzTUEJl+HD3iVio2/61Y/yWQ+bUR16Qmazycin476JansrA6F68WfTyius0zEW1RRzzkpxgd3bUwuyUuHB48K7o9fW/hnc8ARNAe+i5CtSHyTi+Vep1PmeZrnhlPJzVJaEyJZL6wVzgklWfXOur0Oqvb7a2dnbnOuvtNbEmNqJo/npwNQiuRS1dm5PWLndH6l9D16dJa/1aRa30mIftdr/fC7eBfi8c9KOktZJp6XX3u/bhuv5xzP6SMv286Bcv/VCy/B7M/Lj+V2rWqTgOQRAEQRAEQRAEQRAEQRDECfhp6SYY3k8NurIcN7qth/8EAAD//7LLT5w=") socket$caif_stream(0x25, 0x1, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x8000, &(0x7f0000001dc0)={0x9, 0x72}, 0x49) 26.079801149s ago: executing program 2 (id=666): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000014c0)={0x30, 0x5, 0x0, {0x0, 0xfffffffffffffffe}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x8, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 22.933111888s ago: executing program 2 (id=678): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x2, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 6.727580436s ago: executing program 0 (id=726): r0 = socket(0x1, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x89f2, &(0x7f0000000040)={'bond0\x00', @ifru_flags=0x1}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x101082) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x104}}, 0x0) r2 = gettid() r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x3c, r3, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}]}, 0x3c}}, 0x80) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) writev(r4, &(0x7f00000014c0)=[{&(0x7f00000001c0)="e4384d01", 0x4}, {&(0x7f0000000440)="47233c0d41faacf48636d5bf0766080bba8147f2fcf75061590dc44f012934392c8919208b0cd2a685501f71288bb584879aad8f3a019343bc560f4ddfad2a21026a46a903cedfac577d3871b4345b4e2f646e05f659644f39b527a6e92d942660d80bc3ce3f20f766efb729444e35cb6519bb6560ac777368d6c3805eaa895272c8a7ecfbd5fce664194acc077d9add356cd199a6e26d61328416ef25ab53ac2a7cc55a95e412677dfcbfbe82c4f5cc8bc1f2da3e4ba666c234e7674915159dbb1b3faa26b309e3cb2d1633e4e8fa49a14d92628764371b53ee5f720d181272c8739981807208088ac271107e54ac1d2b61e7f2e22a41ce73f47cba54b5cc5b50ad7ee316357e041364d5f1073d915acd2770076a45c8b00896586e84e5aa3956ceff3eb0182293f3beb53a550eb10b0aca2ba3031c490495d327f099ae05fe7489b6bf18055efcf21adffd5cb7562ccc13e0a78be8917981741c69fb33388436e214f70d8af4d45316fb7f2028ba60a2b10753e74266ffd3fbd72dd452292fbf71d82ebdd9668eaf213334c2133534beb1ad3ec4ac7f8defe7fd236e032c7f15093717fe297cd6f45d7bb97942cbaac89f437196f47eb8a82ff9dc684df93f59ed65d455e469c1faddaeb1284637b9d6c057712e71ae9828d998cf5375058406186b8778257329c3e98a77f19e4ba82498a163b59bdf97685385dab5beca59ad6e4f0240b0e74ef1921fdc2512879535e9b894462b4d7b9df5bd97a67d0642db30f4a93f692c624b39187d35f8912eeec45b29af1e14fdc38b14243f81efdec614b5d0be55fa50b0a6cf079e3ddb3d454f29f460b3f2237f3e3d2f2642169d4f082122a237dc18b0563324d0043ff3067dd510ef5dec4ee11865fda85561e6e9bbd1935fb9e8eb4ff26dffb889d6b1ca6d001330511d22e5bf6e12e1ed35389e055bb10ca458d70a2858b158c9525be3830f2d706279b58c1b0465e60d682c82d36211b0b7ebe5a760593d2a9e185e581453c580cd58d297be5e0d5bb198a9817dac52472b5712b272a69f4dee533af0d7b1126ae687a5add9d9b022444b7624e9f33747c7025c942711079eaa8a561ba0498e4de617aa83d9f968f13bb042b17593df474f0e18a9b329a180a1c6a7906d937c0d76847f50aaac2596486b5aa18746db9cb8279fbf349c9278eb9e1a3fad0698fbff236e442d6124bc6a992cebc4333f2adeb806885530446cb79de3c5c0108c686be8e5ae09c5b80a7a3e95c105bb852912f1df0c9752bb0b5a606cb1155fd4afa8be7ebf77e306aebe884a3b802c18198e4d0f3dc4bccbca381a024c7face6999e1dd94b279154e4904e883df77b1cb86537cccc879a258ea06e0add8926495316b6bee17e8d2d8f54cdd8cf3143119fe75b08f3cbf2212191e5565a2fbb70ffc6b947faaf9514a3796d694427efb03ce6bd7b03299352f2eeee1315685a8a2bc680aa8c8d037a5597eae44380749e72b6a81288318b22ae28f4860308e7c250f6e836f242827c178526ccbffcf50ca280a04769db229dc4e2f18ff342ebfb767b5090f3440e515143454c898faf4649e34e1500630986374300cf15a358796a775a55fb46ecd7c173fa7814ba6950f594cd341ec686fbb09ba82c5a1c2f6ba43d0fb56b20bb913cfb38268067e61e2aaaf86f248f7e814489fccd9964758dcb0bb2cd4e7af3e20de0d56a0b6da14f1e76b6ce307f4b62582383540513086b7aa4b419e43284437af08758c6af1c86033c0205b14e7e46b765059846d0447362bc0941c762ddd40e56c9845bb5e0c814579dc46f5360eedef5d451ed53556013b59b4997078e79605b1b70e777790b4116ab280ae6ca2e186df643f99745f56ccb8940d0e63ee6d447d17503af5b2eeda8099aa999e1cf6b6ac016a4710e5ff229254e21428b45e110581678e67933c378d8e5b7044cadfcdb9960ecd21dfd2d608ed1effaccfac1e786b244a983a0c87990040925e86d79881a8be6a73676c779141edfcaec1c431bf64ab4a0f8cb24ccddcee907b3347ddb1678d486ffe21d4d183c9c85b33aecdeb5e791cca39f6c83123b227ebe609aaac49a2a1cf90aba065c64d7f63755dc96b94559c198317d6b84c0b037ed909ddb5c396e2684cc2fc1bac27d94542c0440b0401973e85d02afcc4605832ea80c29591504089b7a663231e9eb00a7457e2c7e124968700ec54b8267d0312c1c1ace66f8fa0ec1cd22f7d58da698145a83e646c6743ca8e5dcc8d37d0bc2075f77ba9e2ba5bf205af5a6ef03493ead8449d9d4043e93224a45afa52877b4957e34d0246d7ed370a5f944236572bb7fa244e6c0dde0607190b3d67217027a1d7b22b56d89ba2b6cd396b1b083468ca2fff29f55da87dcb3d8f667c17ef90168b1fe35abea8c9f9c6f47745cd013f8590477c3279f0884cd49c56c6319a0a60cea7dedadcb8be9460e16c7d90d810f5680d39523d855936cee9e873b7a2b5df1e8f185c21362882c3d6f8c21efe16cc9298bd602dca05444ae762730df51fb1699b6000d4aa48e01b469b47d1ac0f9663b88e1936583a658b9f11d0162683763ff690280842652d4eab27964679a5575a70ca1272da81795c40a24fd87db25decbbf897f8d96b9af0aa2e5099adfe99616b6413efae0868835b2936b5e56aa2d8b7a1e2ac15894f336ffe1f93c30062ef5d94f410ce5f8dfb1bba56c2e4b3dea970f3b29b9742655dd5b3d1642fd4161f1c2f32b7138165a5a7ca04b591c275c0d6ab3b6f94c953ba5021cb6e2c184474ac1564b24d006d25fe71f5914d560a555df112314712581fba9533d52136ca0cdd1049ff2750e8a0f87a7cbe333697ccf09ee20097f8b093368b3a61a45187a3504e8cf76b45a5450094d5b0af794a14605a14ed663a03662fb8e64cd65043603776ce89f17482e6d387bf09f997f5a00e64c7cbd817cb012c04d82d858a08c3f962348da45be845156373a159e87e5138269db95532ce3c486c4e67a1c3052e30b6fc998007e17b2ba6e2c0f1d0d91a23f105642037c00ee68e47c565ffdf0abb8f831742ac9a2b9818249ca6e5d2348c43f483c1aa7c501a9913213c65f976e7e56019ef51c0b31a52eba220505a0d8ab601fd03159714f016ba39597c9aca5e63eb8f48d6fdf8155a8452e9756037b1be5c4caf740accca30b84ccd05402ea3ca0ee0474e3b635d11c6a40cc31e7c3833f8d5a1ee1e220c0372a116fd5686f6f5ec8a7e53364ff9b29319f1baec9786aafd25c1650c99bc5651d6f03509818092c40565b30e9fcce5fa8047371efb3f0253873895d564534128971aef0002d950925d150ed6b4f9afbc8ad3649887ec55836aa6372fcf4de77261b8267b171e985457bea98da59ecb7a4387632c908e419ba6e27013381673789ed0883491a83d375d9e85b35f20b6946e58dc2fd5aae387c57c7feb35533e5e9e31fe4052feaeb6df053af6ccf25a6180e38a52a57f7fde39757a527ae17afc89a0b9b1c571aea5aff56b98e23e26cc9fa40c55526c311ff118881a5df624ee57534c54bdcca5cf1aac2d6f267720f39cf0abaeb12266559622acac01172e75f68822d22a9b6aeb1c671783b5ec00c904638cce3d3222558153c21d8671c510cf22463f88bcfb6d3a363e9afb1bb1e7af2cfa9a578292d40b27cdc2b93500cb1bc71143fc1b89018ad82136cdeec00f5bcda2bbf091cb613a45d5921d40240150ec5b07e8d6795cfea05b7c306413a821db023aeb612385ba81b20fad6e85085093dac364175ccb9d1b7556f6cfd57d6236d62842f670090f656996ef63f8d429e861a02937df613c2164b500a8c6efb886b05f88799c580c01d3774f2940c21343e8a8836c7c095e4166f57e11c44bee6a89d3d5c67702d5e7b57a8f7085fc228f831710d1ff4862ada2b3b2662ab1854d3570d0f1c13990c5188d89bf9a422002fa2286a6927034e7f36fc66402d09646e2306cd0ad67ee220e2c83cc964a22810e571c911db1ae5841ca22e0f617fa34827de13709480cbe40fb553bc3feb4a46d294e1181831b5953311fcafbb4d7eed58d7c20045eb368e64342c1617116592439a2f67e45df8d7c159bcfd33e031bc8f29e93c3af2e63bcf53886c5ea9866e483bb7e3538fb6d9051dc9359055f87a2c602767ad40432e0e9aa47e86c885136d901a398cd1e1e4c2e808f1083b78e80f99c7ecb4a17634123f2e82b2897def1d76e20dde416a58f79160aa3845976708936d50812fbde54af0be18a631c66af2b8c12fdc4a15b9b149b3604e4550eaf58c1f469b4c4d288e806e0c4b8f3838d887f8fb8903ecbcbe57fe4211b35ba659f91f674cbf5bf4a6e5131509c815ff8b7a21b765d5d59bae06aba8935ee3ed660c35db11eca36629fc047df5d7b4689404a970623e43a2d6772863f60ff50532e4ba47727a5c7f564484e40e24cfac0f028e70b20c5cafcac3f539a75d4a317517bd54bff99a1ab028760e0a260494b51af99f0fdd56cfea800ea7e651782f14c165e524060b9304986dd5e74cc60dbaed18b77f5ac2569aec87a47443a3b1d376acd04c312e3a0596ea4907160129679c005dbc9fa62ef718806904d03aa09dd3891a68875c8b53ce79b02f4182439d49083a0953e61255b6ed16efc99e29ee2220c1bfd2a1af27a78941a3edcb6aed890a165a5e629979980cdd07d4fa3e316020bd7b4a202430b1ec0a6345f1e62f90c1e0fd31d5cb4c880157d3f071b33de7e192e4c3512c43a50e0a6bbb56145e742b2a623cc6cea24f5fb09649aa0b76a420bd096f90cb7a7270cd85f73e972d9d4de24bc0fa937bbc85b2ee7392f2b3dd0d64ef942c3f78078d59dbcf6d2fa23f29986ea57eb7bcdf38d78ead6f2c73c88b8d20dac166853e3d4e9230984bc3f5da7d16da9c3ea501472823653a1ee47cee5ea2b6e9278bc7039eb5d9d6e74c02de912e4409f094c2941e2a38d3905350d83a50a2da75828084df128a3e82dc55b7ddaa1f6061a81c040a0628bcafa3c4b1b67a4c81f5adf93574de75dd0bba095bad93a0b764973099917d1bd5da04b576beb7d19274d8a71bbe6784c317b5136dfffee6a318b5905b244ffaadf9799ce04310ba171fbb0ba1a8899a5a636cfe17bedcfa7d0376f7065d50bba64ca17ebac776af64554e115baa3fcf8282936e9faac0f62c4f2378b58280e19d98904d049aa1a7b5a1788fd28f7b04721e6dd494733ac52fdb4523b020b8bebdd43bd81b3b85120ca7b4c15c2dae421503301d39eecc637d97ddada1335e8735ca2f7e3d4cf8735af28329e6564cf312492172eda16aff65b4eb8000aafbff0b4bfe0a579e8bc85eba190ad09e442ecd88ab4cf0e817a672c5f691286b308bba5244423adce4b6b265f915f2ec57cc35769cbc7c30113da31ce2349daab88226b08266d9a7dfc2dbbcfb817aa0a87f453d760412325e5dff8a8d59101f8ea12561eb3e2ed6865b71f7e72e418b66d23e4a4382d6ea96f7cd6cd6a921907227c449858cc0d6917ea9a4abff39a94a1b2693d6ab941525d848ddee5aee637e3a0db3e2b42c1bf5e11a5c000f8318c871c7cc29522e02cb767201297ae7a67fecb7af054f6679368cf17381542e1cdc0fd31b4867027d774be0aef71371f376594e8ca851da425d5d2ff70a4e7a262b9c1e63677d60890df306d6af09dcd4c9dfe6c5262ed7dd35973eddbc78dadb79692fae8b27a2c64309801b9951e25f4cb35a415136da10c3d90cf80333dfba9bc9d67d481ec0", 0xffc}], 0x2) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 6.727037636s ago: executing program 4 (id=727): r0 = socket(0x28, 0x5, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x4) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) socket$xdp(0x2c, 0x3, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffe, 0x0, 0x20000000000000}, 0x0, &(0x7f0000000400)={0x3ff, 0x0, 0xfffffffffffffffe, 0x8000009, 0x2, 0x4c, 0x7fffffff, 0x3}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) 6.697201318s ago: executing program 3 (id=729): syz_open_procfs(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000100)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache']) utime(&(0x7f0000000200)='./file0\x00', 0x0) utime(&(0x7f0000000040)='./file0\x00', 0x0) 6.607803768s ago: executing program 3 (id=730): statx(0xffffffffffffffff, 0x0, 0x1000, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket(0x10, 0x3, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$MAP_CREATE(0x0, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r3, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x0) 5.408400997s ago: executing program 4 (id=732): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = syz_io_uring_setup(0x3678, &(0x7f000000a9c0)={0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff}, &(0x7f000000aa40), &(0x7f000000aa80)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x2, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2={0xff, 0x3}, 0x0, 0x0, 0xfffffffe, 0xffffffff}}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES2(r1, 0x6, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 5.323830549s ago: executing program 0 (id=733): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2000044, &(0x7f0000000040)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@quota}]}, 0x2, 0x500, &(0x7f0000000b00)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x18001}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x9, 0x0, 0x0, {0x0, 0x300, 0x0, 0x80000300}}) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x82c25) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0xc0844123, &(0x7f0000000080)=0x5) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee2, 0x8031, 0xffffffffffffffff, 0xffffd000) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) 5.322197849s ago: executing program 3 (id=734): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000280), &(0x7f0000000000), 0x2}, 0x20) semop(0x0, &(0x7f00000003c0)=[{0x0, 0xfffc}], 0x1f4) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001380)={r2, &(0x7f0000001300)="7f", &(0x7f0000001340)=""/3}, 0x20) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x200000000000, 0x1, 0x2, '\x00', 0x8}}, 0x2a) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r4, @ANYBLOB="010028bd7000ffdbdf250300000014000180060005004e2400000500020005000000050005000a00000038000180060001000a000000060005004e22000008000300ac1414aa14000400fe8000000000000000000000000000bb080006"], 0xcc}, 0x1, 0x0, 0x0, 0x44850}, 0xc0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)={0x1ac, r5, 0x800, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0xb}}}}, [@NL80211_ATTR_NAN_FUNC={0xc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x3}]}, @NL80211_ATTR_NAN_FUNC={0x174, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SRF={0x14c, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x5}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x7a}, @NL80211_NAN_SRF_BF={0x103, 0x2, "01932b1bc209ad66068dbf06b90b36d460d456532455d67fbde6fbec3c6aca00065ff034d4a1e38363bd2a68c21fa62a891888821f792ac421ed4262b1b70f3ea1373d849190a3cfc3a4ecd100f60214274d3898e86a0b3731afcf389fbc822ee4382db124f2ddd6e8fc8158e307502843f28512c102fa5c49cc87fd89b1ce4c614d63a97e3120112f433f787c2317d74d2c0f1267223774e549e3224e4b4d5f07a4449c720e02d99127a055f7bf0f01845034533f43f7994f1502c8ae1bf30ace0ee2771290fff900c040e6038b348674f117e8a115a2ed731aa45d51322c10f6e973066ec40159c401c232bd68efa7fe129c88429ca02c266485f367e38d"}, @NL80211_NAN_SRF_MAC_ADDRS={0x1c, 0x4, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}]}, @NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_BF_IDX={0x5}]}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x9c}, @NL80211_NAN_FUNC_TTL={0x8}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "1a1676f9c446"}, @NL80211_NAN_FUNC_TTL={0x8, 0xa, 0x2}]}, @NL80211_ATTR_NAN_FUNC={0xc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0xa}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4000000}, 0x11) 5.090901352s ago: executing program 3 (id=735): sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x7) socket$nl_generic(0x10, 0x3, 0x10) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x2cab, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$l2tp(0x2, 0x2, 0x73) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@in={0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000034c0)=@newtaction={0xf8, 0x30, 0x800, 0x70bd26, 0x25dfdbfc, {}, [{0xe4, 0x1, [@m_skbmod={0xe0, 0x1e, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xf, 0x6, 0x4, 0x1, 0x2}, 0xb}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x80}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}]}, {0x62, 0x6, "1d659ce2e6e8324e8f59945a1465fc5631eb940f24e5d0a00a2caf5c5318700b37d9f17d5aa6ef2ad5696d6aca89c678db098d12a4207de989f01f6bbed3a651a4b5ebb9ef0c0e361d1cfffffcc963fa91495e082b2caa000a88227290b7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 4.999241843s ago: executing program 1 (id=736): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x14, &(0x7f00000002c0)="010000000980ffff", 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r1 = landlock_create_ruleset(&(0x7f0000000240)={0x20}, 0x18, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='omfs\x00', 0xa08410, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000080)={r4, 0x80, 0x6, "0c35877196c7"}, 0xe) landlock_restrict_self(r1, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file1\x00', 0x81c0, 0x0) removexattr(&(0x7f0000000100)='./file0/file1\x00', &(0x7f0000000140)=@known='system.posix_acl_access\x00') unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file1\x00', 0x0) 4.859825705s ago: executing program 3 (id=737): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)) r2 = socket$packet(0x11, 0x3, 0x300) r3 = dup(r0) r4 = fcntl$dupfd(r1, 0x406, r2) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/254, 0x0, 0x4000}) ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_usb_connect(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000c291492099042a102d85010203010902"], 0x0) 4.758268107s ago: executing program 1 (id=738): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r2 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000140)={r3, 0x0, 0x0}, 0x20) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x24, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}, @TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x7}, @TCA_CAKE_MPU={0x8, 0xe, 0x6a}]}}]}, 0x54}}, 0x0) r7 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000080)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 4.604326909s ago: executing program 1 (id=739): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1000420, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x50}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.419749702s ago: executing program 4 (id=740): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) bind$inet(r1, 0x0, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0x13, 0x0, &(0x7f0000000900)) r3 = socket$igmp6(0xa, 0x3, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x10, 0x2b, 0x0, @private2, @local, {[@hopopts={0x87}], {0x0, 0x0, 0x8}}}}}}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001780)={'tunl0\x00', &(0x7f00000026c0)={'syztnl0\x00', 0x0, 0x700, 0x7800, 0x3, 0x3714, {{0x5, 0x4, 0x2, 0x7, 0x14, 0x67, 0x0, 0x88, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x38}, @loopback}}}}) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x30, 0x0, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x12}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x12}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 4.302367334s ago: executing program 4 (id=741): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r4, 0x0, 0xe, 0x0, &(0x7f0000000900)) 4.047730858s ago: executing program 0 (id=742): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ptrace$ARCH_SHSTK_DISABLE(0x1e, r0, 0x1, 0x5002) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0xa, [@struct={0x8, 0x1, 0x0, 0xf, 0x0, 0x10005, [{0x2, 0x5, 0xa}]}]}, {0x0, [0x30, 0x0, 0x0, 0xcf, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f00000001c0)=""/257, 0x3a, 0x101, 0x6, 0x0, 0x0, @void, @value}, 0x28) 3.977615359s ago: executing program 1 (id=743): prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) 3.111679443s ago: executing program 4 (id=744): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0xb4, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0xa0, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x0, 0x446, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, 0xfffffffd}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000) 2.197536647s ago: executing program 1 (id=745): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xd}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000005c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) msgget(0x1, 0x40) 2.007615009s ago: executing program 0 (id=746): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write(0xffffffffffffffff, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29) r2 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000001c0)='ramfs\x00', &(0x7f0000000400)="c08c", 0x2) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) 499.932052ms ago: executing program 1 (id=747): ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, &(0x7f0000000240)={0x281}) io_uring_setup(0x68e2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000400), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r3, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x80, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==") bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) 372.537465ms ago: executing program 4 (id=748): socket(0x848000000015, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket$alg(0x26, 0x5, 0x0) socket(0x1e, 0x805, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 276.292556ms ago: executing program 0 (id=749): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e0b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) socket$packet(0x11, 0xa, 0x300) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f0000000300)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14) r6 = socket$packet(0x11, 0x3, 0x300) bind$packet(r6, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x10, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x60, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x2a, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}, [{0x1}]}}}}}}, 0x0) 43.80072ms ago: executing program 3 (id=750): ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0902000000000000000001000000050002000a00000014000700ff00000000000000000000000000000108000b000552"], 0x38}}, 0x0) 0s ago: executing program 0 (id=751): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r4, r4, r4}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-avx2\x00'}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.230' (ED25519) to the list of known hosts. [ 65.230342][ T4160] cgroup: Unknown subsys name 'net' [ 65.378806][ T4160] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.831656][ T4160] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 68.298859][ T4170] chnl_net:caif_netlink_parms(): no params data found [ 68.325080][ T4176] chnl_net:caif_netlink_parms(): no params data found [ 68.371700][ T4173] chnl_net:caif_netlink_parms(): no params data found [ 68.457351][ T4181] chnl_net:caif_netlink_parms(): no params data found [ 68.505438][ T4180] chnl_net:caif_netlink_parms(): no params data found [ 68.555781][ T4170] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.563378][ T4170] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.571263][ T4170] device bridge_slave_0 entered promiscuous mode [ 68.595415][ T4176] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.603236][ T4176] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.611004][ T4176] device bridge_slave_0 entered promiscuous mode [ 68.618756][ T4173] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.626028][ T4173] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.634314][ T4173] device bridge_slave_0 entered promiscuous mode [ 68.641604][ T4170] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.648848][ T4170] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.657352][ T4170] device bridge_slave_1 entered promiscuous mode [ 68.677415][ T4176] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.684553][ T4176] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.692413][ T4176] device bridge_slave_1 entered promiscuous mode [ 68.705685][ T4173] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.712953][ T4173] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.720693][ T4173] device bridge_slave_1 entered promiscuous mode [ 68.782019][ T4181] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.789183][ T4181] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.797235][ T4181] device bridge_slave_0 entered promiscuous mode [ 68.806606][ T4176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.826016][ T4170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.844152][ T4181] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.851302][ T4181] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.859545][ T4181] device bridge_slave_1 entered promiscuous mode [ 68.876795][ T4176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.887794][ T4173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.898541][ T4170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.925159][ T4173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.948906][ T4180] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.956234][ T4180] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.964447][ T4180] device bridge_slave_0 entered promiscuous mode [ 68.973656][ T4181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.006520][ T4180] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.013864][ T4180] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.021608][ T4180] device bridge_slave_1 entered promiscuous mode [ 69.030062][ T4181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.049470][ T4176] team0: Port device team_slave_0 added [ 69.058069][ T4170] team0: Port device team_slave_0 added [ 69.066480][ T4170] team0: Port device team_slave_1 added [ 69.089741][ T4173] team0: Port device team_slave_0 added [ 69.105559][ T4176] team0: Port device team_slave_1 added [ 69.126841][ T4173] team0: Port device team_slave_1 added [ 69.135225][ T4181] team0: Port device team_slave_0 added [ 69.165290][ T4180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.175753][ T4181] team0: Port device team_slave_1 added [ 69.183635][ T4180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.208435][ T4170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.215673][ T4170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.241794][ T4170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.268165][ T4173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.275189][ T4173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.301227][ T4173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.313223][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.320772][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.346874][ T4176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.367078][ T4170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.374492][ T4170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.401177][ T4170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.431368][ T4173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.438490][ T4173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.465063][ T4173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.476939][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.484006][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.515997][ T4176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.530291][ T4181] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.537700][ T4181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.563925][ T4181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.577791][ T4180] team0: Port device team_slave_0 added [ 69.599137][ T4180] team0: Port device team_slave_1 added [ 69.611773][ T4181] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.619007][ T4181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.645117][ T4181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.669789][ T4170] device hsr_slave_0 entered promiscuous mode [ 69.677096][ T4170] device hsr_slave_1 entered promiscuous mode [ 69.692912][ T4180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.699878][ T4180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.725998][ T4180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.768808][ T4180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.776073][ T4180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.802556][ T4180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.823320][ T4176] device hsr_slave_0 entered promiscuous mode [ 69.830132][ T4176] device hsr_slave_1 entered promiscuous mode [ 69.836746][ T4176] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.844549][ T4176] Cannot create hsr debugfs directory [ 69.884693][ T4173] device hsr_slave_0 entered promiscuous mode [ 69.891415][ T4173] device hsr_slave_1 entered promiscuous mode [ 69.898096][ T4173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.906113][ T4173] Cannot create hsr debugfs directory [ 69.914220][ T4181] device hsr_slave_0 entered promiscuous mode [ 69.920978][ T4181] device hsr_slave_1 entered promiscuous mode [ 69.927950][ T4181] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.935773][ T4181] Cannot create hsr debugfs directory [ 69.947676][ T2306] Bluetooth: hci0: command 0x0409 tx timeout [ 69.954598][ T2306] Bluetooth: hci2: command 0x0409 tx timeout [ 69.960662][ T2306] Bluetooth: hci1: command 0x0409 tx timeout [ 70.011396][ T4180] device hsr_slave_0 entered promiscuous mode [ 70.018237][ T4180] device hsr_slave_1 entered promiscuous mode [ 70.022469][ T2306] Bluetooth: hci4: command 0x0409 tx timeout [ 70.024738][ T1327] Bluetooth: hci3: command 0x0409 tx timeout [ 70.037192][ T4180] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.044881][ T4180] Cannot create hsr debugfs directory [ 70.341227][ T4173] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.352414][ T4173] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.362102][ T4173] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.371289][ T4173] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.433658][ T4180] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.451671][ T4180] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.461319][ T4180] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.479390][ T4180] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.523432][ T4170] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.543034][ T4170] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.559953][ T4170] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.570085][ T4170] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.606725][ T4173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.631256][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.648070][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.669124][ T4173] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.678290][ T4181] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.696894][ T4181] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.705849][ T4181] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.719614][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.728751][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.738214][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.745507][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.759744][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 70.770640][ T4181] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.805565][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.816947][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.826325][ T1287] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.833446][ T1287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.843655][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.861497][ T4176] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 70.897149][ T4176] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 70.906126][ T4176] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 70.918061][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.937580][ T4180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.948058][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.958296][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.967417][ T4176] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 70.995213][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.020517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.030927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.039870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.049094][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.062398][ T4180] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.093783][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.102165][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.118167][ T4173] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.130171][ T4173] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.150957][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.169836][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.186776][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.200861][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.212210][ T1287] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.219340][ T1287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.235635][ T4170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.259422][ T4181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.266740][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.276911][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.286254][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.301283][ T1287] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.308472][ T1287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.318478][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.357921][ T4170] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.370697][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.379996][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.390991][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.397836][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.400663][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.414956][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.423820][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.431503][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.439566][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.447700][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.474563][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.484389][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.493529][ T478] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.500611][ T478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.508767][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.518168][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.527656][ T478] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.534773][ T478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.549564][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.557159][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.567527][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.576852][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.586002][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.597356][ T4181] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.605533][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.614653][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.637190][ T4173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.657234][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.666664][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.676112][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.685439][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.695265][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.704280][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.714000][ T1287] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.721072][ T1287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.728925][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.737727][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.747840][ T1287] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.754956][ T1287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.770912][ T4176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.788449][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.796718][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.805780][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.817458][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.825962][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.834596][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.843270][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.856408][ T4170] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.868728][ T4170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.895632][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.909704][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.918804][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.934457][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.949978][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.959086][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.969121][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.976975][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.986047][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.005667][ T4176] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.019556][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.029132][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.035565][ T4215] Bluetooth: hci1: command 0x041b tx timeout [ 72.038695][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.043639][ T4215] Bluetooth: hci2: command 0x041b tx timeout [ 72.060254][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.072423][ T4215] Bluetooth: hci0: command 0x041b tx timeout [ 72.074379][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.088723][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.098315][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.107377][ T4224] Bluetooth: hci3: command 0x041b tx timeout [ 72.118165][ T4224] Bluetooth: hci4: command 0x041b tx timeout [ 72.127930][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.157479][ T4181] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.169844][ T4181] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.180668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.189525][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.199153][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.206723][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.217457][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.226343][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.235652][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.242823][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.257311][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.272210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.281488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.302064][ T4170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.314918][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.324329][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.349231][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.360022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.374799][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.381898][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.403632][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.421011][ T4173] device veth0_vlan entered promiscuous mode [ 72.437279][ T4173] device veth1_vlan entered promiscuous mode [ 72.477887][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.488753][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.508107][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.539057][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.550164][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.565064][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.609416][ T4170] device veth0_vlan entered promiscuous mode [ 72.618075][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.626338][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.635008][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.643228][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.651958][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.660824][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.670433][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.679044][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.687859][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.696482][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.704557][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.721962][ T4181] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.733622][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.741115][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.761201][ T4170] device veth1_vlan entered promiscuous mode [ 72.774191][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.783797][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.794212][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.806020][ T4176] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.817723][ T4176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.840452][ T4180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.849066][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.864259][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.877361][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.896793][ T4173] device veth0_macvtap entered promiscuous mode [ 72.942033][ T4173] device veth1_macvtap entered promiscuous mode [ 72.957006][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.968833][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 72.978200][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.990469][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.010152][ T4170] device veth0_macvtap entered promiscuous mode [ 73.036483][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.046181][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.055503][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.065434][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.075320][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.091892][ T4170] device veth1_macvtap entered promiscuous mode [ 73.111469][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.119794][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.128168][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.140577][ T4173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.157994][ T4170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.169009][ T4170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.182137][ T4170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.197344][ T4181] device veth0_vlan entered promiscuous mode [ 73.204652][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.213862][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.223715][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.231999][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.240757][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.249736][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.258811][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.267839][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.276496][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.284581][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.292941][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.300760][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.309910][ T4180] device veth0_vlan entered promiscuous mode [ 73.325345][ T4170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.335586][ T4176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.346300][ T4173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.363250][ T4173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.379823][ T4173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.403441][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.414024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.423244][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.431854][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.446064][ T4180] device veth1_vlan entered promiscuous mode [ 73.467854][ T4173] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.477039][ T4173] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.486345][ T4173] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.495385][ T4173] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.510514][ T4170] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.521187][ T4170] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.530354][ T4170] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.540392][ T4170] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.555064][ T4181] device veth1_vlan entered promiscuous mode [ 73.564213][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.577639][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.586335][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.631603][ T4180] device veth0_macvtap entered promiscuous mode [ 73.653522][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.664757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.674061][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.724661][ T4180] device veth1_macvtap entered promiscuous mode [ 73.826089][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.837220][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.847643][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.859410][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.871491][ T4180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.885817][ T478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.899800][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.907640][ T478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.913350][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.926911][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.936817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.947309][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.956814][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.967733][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.978611][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.988795][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.999376][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.011685][ T4180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.026956][ T4181] device veth0_macvtap entered promiscuous mode [ 74.052352][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.060850][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.070531][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.080325][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.089370][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.101485][ T4180] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.103851][ T23] Bluetooth: hci0: command 0x040f tx timeout [ 74.111273][ T4180] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.123379][ T23] Bluetooth: hci2: command 0x040f tx timeout [ 74.125327][ T4180] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.131101][ T23] Bluetooth: hci1: command 0x040f tx timeout [ 74.139725][ T4180] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.151450][ T4181] device veth1_macvtap entered promiscuous mode [ 74.169584][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.178521][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.186633][ T23] Bluetooth: hci4: command 0x040f tx timeout [ 74.200000][ T23] Bluetooth: hci3: command 0x040f tx timeout [ 74.218045][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.228114][ T1287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.230477][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.236730][ T1287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.254733][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.275982][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.288637][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.309826][ T4176] device veth0_vlan entered promiscuous mode [ 74.317081][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.325788][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.336020][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.346974][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.357830][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.368366][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.378228][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.388911][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.400647][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.428788][ T4176] device veth1_vlan entered promiscuous mode [ 74.456590][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.468366][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.478022][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.488592][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.499623][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.513760][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.524402][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.534292][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.544799][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.555937][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.586351][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.597159][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.617654][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.643705][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.660551][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.671750][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.697039][ T4181] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.709745][ T4181] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.722345][ T4181] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.740592][ T4181] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.793794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.810158][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.821982][ T4176] device veth0_macvtap entered promiscuous mode [ 74.845138][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.875080][ T4176] device veth1_macvtap entered promiscuous mode [ 74.885074][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.937982][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.962083][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.976333][ T478] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.011488][ T1243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.024945][ T1243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.040622][ T478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.045180][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.072919][ T478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.082316][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.092160][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.102879][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.120995][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.131807][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.153194][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.168595][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.180377][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.198217][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.209262][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.225355][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.239596][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.256759][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.275354][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.289695][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.312462][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.334473][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.346285][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.356746][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.367260][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.378678][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.412879][ T478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.421002][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.429569][ T478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.430974][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.450617][ T4176] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.459936][ T4176] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.470202][ T4176] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.479046][ T4176] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.498345][ T4256] tipc: Started in network mode [ 75.509327][ T4256] tipc: Node identity e20505060f27, cluster identity 4711 [ 75.519247][ T4256] tipc: Enabled bearer , priority 0 [ 75.539849][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.565275][ T4256] device syzkaller0 entered promiscuous mode [ 75.597818][ T4256] tipc: Resetting bearer [ 75.739823][ T4255] tipc: Resetting bearer [ 75.760696][ T4255] tipc: Disabling bearer [ 76.183210][ T2306] Bluetooth: hci1: command 0x0419 tx timeout [ 76.198856][ T2306] Bluetooth: hci2: command 0x0419 tx timeout [ 76.293895][ T2306] Bluetooth: hci0: command 0x0419 tx timeout [ 76.645966][ T2306] Bluetooth: hci3: command 0x0419 tx timeout [ 76.652069][ T2306] Bluetooth: hci4: command 0x0419 tx timeout [ 76.898981][ T4218] Process accounting resumed [ 77.866066][ T4285] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 77.890831][ T4263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.930330][ T4263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.963541][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.206594][ T4285] loop1: detected capacity change from 0 to 2048 [ 78.319664][ T4285] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=26504, location=26504 [ 78.350492][ T4285] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 78.649481][ T4270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.785862][ T4270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.804395][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.681819][ T4312] overlayfs: overlapping lowerdir path [ 80.661243][ T4323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20'. [ 80.960319][ T4333] loop1: detected capacity change from 0 to 256 [ 81.025813][ T4335] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 81.696139][ T4333] FAT-fs (loop1): Directory bread(block 64) failed [ 81.738456][ T4333] FAT-fs (loop1): Directory bread(block 65) failed [ 81.801306][ T4333] FAT-fs (loop1): Directory bread(block 66) failed [ 81.867693][ T4333] FAT-fs (loop1): Directory bread(block 67) failed [ 81.874737][ T4333] FAT-fs (loop1): Directory bread(block 68) failed [ 81.881287][ T4333] FAT-fs (loop1): Directory bread(block 69) failed [ 81.888363][ T4333] FAT-fs (loop1): Directory bread(block 70) failed [ 81.897660][ T4333] FAT-fs (loop1): Directory bread(block 71) failed [ 81.906077][ T4333] FAT-fs (loop1): Directory bread(block 72) failed [ 81.913237][ T4333] FAT-fs (loop1): Directory bread(block 73) failed [ 81.940887][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #1c!!! [ 81.950542][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #21e!!! [ 81.959633][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #21e!!! [ 81.971172][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #21e!!! [ 81.981177][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #21e!!! [ 81.990635][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #21e!!! [ 81.999633][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #31e!!! [ 82.008684][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #31e!!! [ 82.017673][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #31e!!! [ 82.026837][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #39e!!! [ 82.046343][ T4346] loop2: detected capacity change from 0 to 8 [ 83.318541][ T4350] MPTCP: addr_signal error, add_addr=1, echo=0 [ 87.483598][ T1110] cfg80211: failed to load regulatory.db [ 87.512241][ C1] sched: RT throttling activated [ 87.793384][ T4386] tipc: Failed to remove unknown binding: 66,1,1/0:4196591459/4196591461 [ 87.832416][ T4386] tipc: Failed to remove unknown binding: 66,1,1/0:4196591459/4196591461 [ 89.588687][ T4398] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'. [ 89.756489][ T4218] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.042301][ T4218] usb 4-1: Using ep0 maxpacket: 32 [ 90.182534][ T4218] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 90.191042][ T4218] usb 4-1: config 0 has no interface number 0 [ 90.224094][ T4218] usb 4-1: config 0 interface 184 has no altsetting 0 [ 90.442568][ T4218] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 90.493055][ T4218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.555625][ T4218] usb 4-1: Product: syz [ 90.590598][ T4218] usb 4-1: Manufacturer: syz [ 90.614371][ T4218] usb 4-1: SerialNumber: syz [ 90.638958][ T4218] usb 4-1: config 0 descriptor?? [ 90.712650][ T4218] usb 4-1: can't set config #0, error -71 [ 90.792329][ T4218] usb 4-1: USB disconnect, device number 2 [ 90.950285][ T4420] netlink: zone id is out of range [ 91.007900][ T4420] netlink: zone id is out of range [ 91.018569][ T4423] netlink: 220 bytes leftover after parsing attributes in process `syz.0.47'. [ 91.054115][ T4420] netlink: zone id is out of range [ 91.076236][ T4420] netlink: zone id is out of range [ 91.081474][ T4420] netlink: zone id is out of range [ 91.094336][ T4420] netlink: zone id is out of range [ 91.144082][ T4420] netlink: zone id is out of range [ 91.149402][ T4420] netlink: zone id is out of range [ 91.160169][ T4420] netlink: zone id is out of range [ 91.685021][ T4420] netlink: zone id is out of range [ 91.920905][ T4430] netlink: 8 bytes leftover after parsing attributes in process `syz.4.50'. [ 91.952611][ T4430] netlink: 'syz.4.50': attribute type 2 has an invalid length. [ 92.213580][ T4435] netlink: 92 bytes leftover after parsing attributes in process `syz.1.54'. [ 92.284784][ T4440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.56'. [ 92.618992][ T4445] xt_hashlimit: size too large, truncated to 1048576 [ 92.765814][ T4453] xt_socket: unknown flags 0x48 [ 94.256283][ T4458] syz.4.61 uses obsolete (PF_INET,SOCK_PACKET) [ 94.301721][ T4460] sch_tbf: burst 1885 is lower than device lo mtu (65550) ! [ 94.530119][ T4460] netlink: 12 bytes leftover after parsing attributes in process `syz.0.62'. [ 96.157826][ T4478] netlink: 'syz.4.68': attribute type 11 has an invalid length. [ 96.185565][ T4478] loop4: detected capacity change from 0 to 2048 [ 96.341974][ T4478] UDF-fs: bad mount option "uid=00000000000000060929" or missing value [ 96.878913][ T4478] xt_SECMARK: invalid mode: 2 [ 97.213244][ T4485] Zero length message leads to an empty skb [ 98.379071][ T4498] kAFS: unable to lookup cell ' [ 98.379071][ T4498] $)-.ÌײfÍY¹Ç²a×ïÅ2sˆ [ 98.379071][ T4498] ' [ 98.540627][ T4503] netlink: 68 bytes leftover after parsing attributes in process `syz.1.75'. [ 98.687576][ T4512] loop0: detected capacity change from 0 to 256 [ 98.734321][ T4512] FAT-fs (loop0): Unrecognized mount option "xœìÛ1kaðçÚ´½XÐN¢pàâÔO` [ 98.734321][ T4512] b@ˆdÐÉ@uiEH—(ˆý<Î~¿ŒKɹÜÑ&i‹­gr’þ~p¼÷¿#ÏÉsÛ·w?ìï}<|¿ñå8Ò$‹µˆ'1ŠØÉ«RR®é¤ÞŒITñ«ÒÝ" or missing value [ 98.813665][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 98.830138][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 98.840992][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 98.859498][ T4514] net_ratelimit: 23 callbacks suppressed [ 98.859516][ T4514] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 99.003845][ T4518] loop0: detected capacity change from 0 to 64 [ 99.256385][ T4522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.81'. [ 99.271308][ T4522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.81'. [ 100.501014][ T4537] netlink: 'syz.2.85': attribute type 4 has an invalid length. [ 101.452345][ T4539] netlink: 'syz.2.85': attribute type 4 has an invalid length. [ 101.576923][ T4537] syz.2.85 (4537) used greatest stack depth: 20896 bytes left [ 101.676639][ T4224] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 102.052469][ T4224] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 102.060781][ T4224] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 102.078874][ T4224] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 102.090130][ T4224] usb 5-1: config 220 has no interface number 2 [ 102.096879][ T4224] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 102.122053][ T4224] usb 5-1: config 220 interface 0 has no altsetting 0 [ 102.129311][ T4224] usb 5-1: config 220 interface 76 has no altsetting 0 [ 102.136280][ T4224] usb 5-1: config 220 interface 1 has no altsetting 0 [ 102.177559][ T4569] netlink: 2028 bytes leftover after parsing attributes in process `syz.1.92'. [ 102.208437][ T4569] netlink: 12 bytes leftover after parsing attributes in process `syz.1.92'. [ 102.478387][ T4224] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 103.991369][ T4224] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.001562][ T4224] usb 5-1: Product: syz [ 104.005909][ T4224] usb 5-1: Manufacturer: syz [ 104.010615][ T4224] usb 5-1: SerialNumber: syz [ 104.053293][ T4224] usb 5-1: can't set config #220, error -71 [ 104.064077][ T4224] usb 5-1: USB disconnect, device number 2 [ 104.335354][ T4602] futex_wake_op: syz.2.105 tries to shift op by -1; fix this program [ 105.507120][ T4618] loop0: detected capacity change from 0 to 1024 [ 106.013114][ T4224] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 106.762910][ T4224] usb 3-1: config 7 has an invalid interface number: 252 but max is 0 [ 106.834743][ T4224] usb 3-1: config 7 has no interface number 0 [ 107.025521][ T4224] usb 3-1: config 7 interface 252 has no altsetting 0 [ 107.384307][ T4631] netlink: 'syz.3.114': attribute type 1 has an invalid length. [ 107.485252][ T4631] loop3: detected capacity change from 0 to 512 [ 107.494011][ T4630] process 'syz.1.115' launched '/dev/fd/6' with NULL argv: empty string added [ 107.552508][ T4224] usb 3-1: string descriptor 0 read error: -22 [ 107.558849][ T4224] usb 3-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0 [ 107.568365][ T4224] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.575159][ T4631] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 107.660242][ T4631] EXT4-fs (loop3): 1 truncate cleaned up [ 107.677730][ T4631] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback. [ 107.817439][ T4631] EXT4-fs (loop3): Unrecognized mount option "ì¥YðÌÚ„yµ²Fm¤ïŠ©«±ZÉ1Ø(O[½Å [ 107.817439][ T4631] ^¥Æ+EïóªØ]0rQ#Íó{ØÌŽÎcÄpç6;æ°:ªPŸrïfè˜l¿íÐIG>Žá¦?Ï…-H"’&Fþ)ð!Iˆ|.z" or missing value [ 107.988614][ T1327] usb 3-1: USB disconnect, device number 2 [ 108.293123][ T4224] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 108.722089][ T4644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.118'. [ 108.955139][ T4647] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.011981][ T4656] netlink: 'syz.0.122': attribute type 10 has an invalid length. [ 110.417932][ T4656] team0 (unregistering): Port device team_slave_0 removed [ 110.480596][ T4656] team0 (unregistering): Port device team_slave_1 removed [ 110.541379][ T4655] netlink: 'syz.2.123': attribute type 1 has an invalid length. [ 110.605383][ T4659] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 110.623428][ T4660] netlink: 28 bytes leftover after parsing attributes in process `syz.2.123'. [ 110.644858][ T4660] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 110.673615][ T4660] bond1 (unregistering): Released all slaves [ 110.765360][ T4647] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.921970][ T4647] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.015256][ T4647] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.139724][ T4647] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.167002][ T4647] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.190756][ T4647] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.212071][ T4647] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.352565][ T4224] usb 4-1: device descriptor read/all, error -71 [ 111.426317][ T4673] loop2: detected capacity change from 0 to 512 [ 112.275520][ T4667] sctp: failed to load transform for md5: -4 [ 112.318981][ T4673] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz.2.129: corrupted xattr block 255 [ 112.390341][ T4673] EXT4-fs (loop2): Remounting filesystem read-only [ 112.442457][ T4673] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 112.450804][ T4673] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=abort,nolazytime,errors=remount-ro,nombcache,auto_da_alloc,grpjquota=.nouid32,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 112.517969][ T4673] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz.2.129: corrupted xattr block 255 [ 112.589684][ T4673] EXT4-fs (loop2): Remounting filesystem read-only [ 112.672577][ T4686] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 255: padding at end of block bitmap is not set [ 112.855017][ T4686] EXT4-fs (loop2): Remounting filesystem read-only [ 114.481474][ T4214] Process accounting resumed [ 115.320756][ T4715] mmap: syz.1.139 (4715) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 115.381424][ T4715] loop1: detected capacity change from 0 to 1024 [ 115.412516][ T4703] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 115.494162][ T4715] EXT4-fs (loop1): Ignoring removed orlov option [ 115.502561][ T4715] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 115.509902][ T4715] EXT4-fs (loop1): Number of reserved GDT blocks insanely large: 2304 [ 116.698020][ T4740] hugetlbfs: Bad value 'm' for mount option 'size' [ 116.698020][ T4740] [ 116.751671][ T4740] netlink: 'syz.2.147': attribute type 10 has an invalid length. [ 116.820366][ T4740] team0: Device veth1_macvtap failed to register rx_handler [ 116.893780][ T4749] syz.3.151[4749] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.893919][ T4749] syz.3.151[4749] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.955922][ T4740] syz.2.147 (4740) used greatest stack depth: 20768 bytes left [ 118.423669][ T4764] netlink: 'syz.0.156': attribute type 1 has an invalid length. [ 118.646898][ T4764] device bond1 entered promiscuous mode [ 118.656239][ T4764] 8021q: adding VLAN 0 to HW filter on device bond1 [ 119.868649][ T4766] 8021q: adding VLAN 0 to HW filter on device bond1 [ 119.900217][ T4766] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 119.911977][ T4766] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 119.980802][ T4766] bond1: (slave ip6gre1): making interface the new active one [ 119.992379][ T4766] device ip6gre1 entered promiscuous mode [ 120.004730][ T4766] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 120.014788][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 120.056202][ T4778] tipc: New replicast peer: 255.255.255.255 [ 120.066231][ T4778] tipc: Enabled bearer , priority 10 [ 120.264409][ T4792] netlink: 'syz.1.163': attribute type 8 has an invalid length. [ 120.356394][ T4792] bridge0: port 3(syz_tun) entered blocking state [ 120.363760][ T4792] bridge0: port 3(syz_tun) entered disabled state [ 120.372530][ T4792] device syz_tun entered promiscuous mode [ 120.379327][ T4792] bridge0: port 3(syz_tun) entered blocking state [ 120.386128][ T4792] bridge0: port 3(syz_tun) entered forwarding state [ 120.543553][ T4797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.164'. [ 120.552669][ T4797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.598661][ T4797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.628346][ T4802] netlink: 'syz.4.166': attribute type 4 has an invalid length. [ 121.134719][ T4215] tipc: Node number set to 3978429702 [ 126.309101][ T4852] loop3: detected capacity change from 0 to 1024 [ 126.416327][ T4852] EXT4-fs (loop3): filesystem is read-only [ 126.532358][ T4249] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 126.612348][ T13] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 126.703925][ T4861] xt_TCPMSS: Only works on TCP SYN packets [ 126.722432][ T4249] usb 5-1: device descriptor read/64, error -71 [ 126.770042][ T4868] loop0: detected capacity change from 0 to 128 [ 126.857392][ T4868] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 126.890141][ T4868] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 127.002326][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 127.133122][ T4249] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 127.352553][ T4249] usb 5-1: device descriptor read/64, error -71 [ 127.462746][ T13] usb 3-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 127.483029][ T4249] usb usb5-port1: attempt power cycle [ 127.573813][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.938933][ T13] usb 3-1: Product: syz [ 127.943518][ T13] usb 3-1: Manufacturer: syz [ 127.948741][ T13] usb 3-1: SerialNumber: syz [ 127.956545][ T13] usb 3-1: config 0 descriptor?? [ 128.134102][ T4882] device geneve2 entered promiscuous mode [ 128.147627][ T13] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 128.232004][ T4249] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 128.657708][ T4249] usb 5-1: device descriptor read/8, error -71 [ 129.212341][ T4249] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 129.302420][ T4249] usb 5-1: device descriptor read/8, error -71 [ 129.402541][ T13] pwc: Warning: more than 1 configuration available. [ 129.418334][ T4900] netlink: 'syz.4.197': attribute type 10 has an invalid length. [ 129.426514][ T13] pwc: Failed to set LED on/off time (-71) [ 129.443569][ T4249] usb usb5-port1: unable to enumerate USB device [ 129.623138][ T13] pwc: send_video_command error -71 [ 129.654022][ T13] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 129.740710][ T13] Philips webcam: probe of 3-1:0.0 failed with error -71 [ 129.969495][ T13] usb 3-1: USB disconnect, device number 3 [ 130.229422][ T4900] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.238645][ T4900] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.383104][ T4900] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.390311][ T4900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.399320][ T4900] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.406540][ T4900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.455601][ T4900] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 130.507145][ T4902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.197'. [ 130.573047][ T4902] device bridge_slave_1 left promiscuous mode [ 130.586911][ T4902] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.977181][ T4902] device bridge_slave_0 left promiscuous mode [ 131.098157][ T4902] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.240031][ T4902] bond0: (slave bridge0): Releasing backup interface [ 131.491473][ T4922] loop1: detected capacity change from 0 to 1024 [ 131.919012][ T4922] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,data_err=ignore,,errors=continue. Quota mode: none. [ 133.077879][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.085858][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.115406][ T4948] syz.0.210 sent an empty control message without MSG_MORE. [ 134.162550][ T4951] loop2: detected capacity change from 0 to 1024 [ 134.219643][ T4951] EXT4-fs (loop2): Ignoring removed orlov option [ 134.245409][ T4951] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 134.349701][ T4954] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 134.356698][ T4954] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 134.391439][ T4951] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 134.554680][ T4959] loop1: detected capacity change from 0 to 256 [ 134.662419][ T4954] vhci_hcd vhci_hcd.0: Device attached [ 134.796558][ T4959] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 134.902607][ T21] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 135.011901][ T4970] MPTCP: addr_signal error, add_addr=1, echo=0 [ 137.238661][ T4955] vhci_hcd: connection reset by peer [ 137.320297][ T4320] vhci_hcd: stop threads [ 137.328659][ T4987] loop4: detected capacity change from 0 to 8 [ 137.340739][ T4320] vhci_hcd: release socket [ 137.346820][ T4992] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 137.390314][ T4320] vhci_hcd: disconnect device [ 137.431124][ T4987] SQUASHFS error: lzo decompression failed, data probably corrupt [ 137.450264][ T4987] SQUASHFS error: Failed to read block 0x91: -5 [ 137.488760][ T4987] SQUASHFS error: Unable to read metadata cache entry [8f] [ 137.525602][ T4987] SQUASHFS error: Unable to read inode 0x11f [ 138.752277][ T26] audit: type=1326 audit(1750205574.765:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 138.952889][ T26] audit: type=1326 audit(1750205574.775:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 139.006699][ T26] audit: type=1326 audit(1750205574.775:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 139.089292][ T26] audit: type=1326 audit(1750205574.775:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 139.111921][ T26] audit: type=1326 audit(1750205574.775:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 139.236025][ T5026] device veth1_macvtap left promiscuous mode [ 139.242637][ T5026] device macsec0 entered promiscuous mode [ 139.329849][ T26] audit: type=1326 audit(1750205574.775:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 140.754365][ T26] audit: type=1326 audit(1750205574.775:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 140.778119][ T26] audit: type=1326 audit(1750205574.775:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 141.490626][ T21] vhci_hcd: vhci_device speed not set [ 141.581712][ T26] audit: type=1326 audit(1750205574.775:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 141.665696][ T5028] ======================================================= [ 141.665696][ T5028] WARNING: The mand mount option has been deprecated and [ 141.665696][ T5028] and is ignored by this kernel. Remove the mand [ 141.665696][ T5028] option from the mount to silence this warning. [ 141.665696][ T5028] ======================================================= [ 141.705801][ T26] audit: type=1326 audit(1750205574.775:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5006 comm="syz.4.226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f78d8c65929 code=0x7ffc0000 [ 141.713901][ T5037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.740857][ T5039] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.048958][ T5048] ODEBUG: Out of memory. ODEBUG disabled [ 143.857426][ T5058] loop2: detected capacity change from 0 to 1024 [ 144.068601][ T5063] overlayfs: statfs failed on './file0' [ 144.192026][ T5058] EXT4-fs (loop2): Ignoring removed orlov option [ 144.289197][ T5058] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 145.970211][ T5080] netlink: 'syz.0.248': attribute type 1 has an invalid length. [ 147.459663][ T5085] 8021q: adding VLAN 0 to HW filter on device bond3 [ 147.477651][ T5085] bond2: (slave bond3): making interface the new active one [ 147.514047][ T5085] bond2: (slave bond3): Enslaving as an active interface with an up link [ 147.600240][ T5088] netlink: 28 bytes leftover after parsing attributes in process `syz.0.248'. [ 147.639525][ T5088] 8021q: adding VLAN 0 to HW filter on device bond2 [ 147.681490][ T1287] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 147.711549][ T5102] netlink: 'syz.1.244': attribute type 10 has an invalid length. [ 147.799636][ T5102] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 147.970305][ T5120] loop1: detected capacity change from 0 to 128 [ 148.209553][ T5120] attempt to access beyond end of device [ 148.209553][ T5120] loop1: rw=2049, want=1041, limit=128 [ 149.403519][ T21] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 149.772934][ T21] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 149.817959][ T21] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 149.892641][ T21] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 149.958695][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.253301][ T5136] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 150.320914][ T5156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.271'. [ 150.646000][ T21] usb 4-1: USB disconnect, device number 5 [ 150.722719][ T5174] device lo entered promiscuous mode [ 150.742157][ T5174] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 154.766837][ T5231] loop4: detected capacity change from 0 to 164 [ 156.170949][ T5241] netlink: 43 bytes leftover after parsing attributes in process `syz.3.293'. [ 156.265279][ T5241] tipc: Started in network mode [ 156.270214][ T5241] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 156.313933][ T5241] tipc: Enabled bearer , priority 10 [ 156.338570][ T5247] tipc: Resetting bearer [ 156.470208][ T5252] xt_TCPMSS: Only works on TCP SYN packets [ 156.572661][ T5247] tipc: Disabling bearer [ 157.633881][ T5263] netlink: 277 bytes leftover after parsing attributes in process `syz.1.297'. [ 158.305081][ T5261] infiniband syz1: set active [ 158.317948][ T5261] infiniband syz1: added syz_tun [ 158.427303][ T5269] loop1: detected capacity change from 0 to 256 [ 158.631814][ T5261] RDS/IB: syz1: added [ 158.661696][ T5269] loop1: detected capacity change from 0 to 512 [ 158.671972][ T5261] smc: adding ib device syz1 with port count 1 [ 158.700686][ T5261] smc: ib device syz1 port 1 has pnetid [ 158.753534][ T5269] EXT4-fs (loop1): Unrecognized mount option "smackfsroot=/dev/kvM" or missing value [ 158.859748][ T5269] loop1: detected capacity change from 0 to 1024 [ 158.897549][ T5269] hfsplus: unable to parse mount options [ 160.039387][ T5284] loop3: detected capacity change from 0 to 512 [ 160.435992][ T5284] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 160.680486][ T5284] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 160.735947][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 160.735963][ T26] audit: type=1326 audit(1750205596.755:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5281 comm="syz.1.303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896f86e929 code=0x7fc00000 [ 160.984130][ T5298] loop2: detected capacity change from 0 to 2048 [ 161.040968][ T5284] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #2: comm syz.3.304: corrupted inode contents [ 161.095487][ T5298] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 161.095571][ T5284] EXT4-fs error (device loop3): ext4_dirty_inode:6039: inode #2: comm syz.3.304: mark_inode_dirty error [ 161.136873][ T5284] EXT4-fs error (device loop3): ext4_do_update_inode:5203: inode #2: comm syz.3.304: corrupted inode contents [ 161.168887][ T5284] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz.3.304: mark_inode_dirty error [ 161.222421][ T4214] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 161.237201][ T5303] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.240755][ T5298] attempt to access beyond end of device [ 161.240755][ T5298] loop2: rw=524288, want=33554432, limit=2048 [ 161.342067][ T5298] attempt to access beyond end of device [ 161.342067][ T5298] loop2: rw=0, want=9437256, limit=2048 [ 161.472473][ T5298] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0) [ 161.526264][ T5306] attempt to access beyond end of device [ 161.526264][ T5306] loop2: rw=0, want=33554432, limit=2048 [ 162.069714][ T5306] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=3) [ 162.334948][ T5306] NILFS (loop2): error -5 reading inode: ino=15 [ 162.459059][ T5317] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 162.469425][ T5317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.314'. [ 162.479216][ T4214] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 162.500351][ T4214] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 162.541225][ T5318] loop4: detected capacity change from 0 to 512 [ 162.558222][ T4214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.589791][ T5318] EXT4-fs error (device loop4): ext4_fill_super:4841: inode #2: comm syz.4.313: iget: bad i_size value: -1 [ 162.604412][ T5318] EXT4-fs (loop4): get root inode failed [ 162.610105][ T5318] EXT4-fs (loop4): mount failed [ 163.622512][ T4214] usb 2-1: config 0 descriptor?? [ 164.222935][ T5331] loop4: detected capacity change from 0 to 128 [ 164.364355][ T5331] ADFS-fs (loop4): error: can't find an ADFS filesystem on dev loop4. [ 165.096546][ T5335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 165.128711][ T21] usb 2-1: USB disconnect, device number 2 [ 165.213138][ T5345] netlink: 'syz.4.321': attribute type 3 has an invalid length. [ 165.330061][ T5350] tipc: Started in network mode [ 165.335760][ T5350] tipc: Node identity aad3f5d5c3eb, cluster identity 4711 [ 165.343423][ T5350] tipc: Enabled bearer , priority 0 [ 165.386987][ T5350] device syzkaller0 entered promiscuous mode [ 165.396160][ T5353] netlink: 32 bytes leftover after parsing attributes in process `syz.0.324'. [ 165.424200][ T5353] netlink: 32 bytes leftover after parsing attributes in process `syz.0.324'. [ 165.453920][ T5349] tipc: Resetting bearer [ 165.524460][ T5349] tipc: Disabling bearer [ 165.633115][ T5361] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 165.849148][ T5372] netlink: 48 bytes leftover after parsing attributes in process `syz.3.328'. [ 167.189564][ T5388] loop4: detected capacity change from 0 to 164 [ 167.329030][ T5388] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 168.565809][ T5398] netlink: 8 bytes leftover after parsing attributes in process `syz.0.337'. [ 168.599166][ T5400] loop4: detected capacity change from 0 to 1024 [ 168.674284][ T5405] ieee802154 phy0 wpan0: encryption failed: -22 [ 168.711307][ T5400] EXT4-fs (loop4): inline encryption not supported [ 168.749472][ T5400] EXT4-fs (loop4): Ignoring removed nobh option [ 168.767198][ T5400] EXT4-fs (loop4): Ignoring removed bh option [ 168.836804][ T5400] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,nojournal_checksum,inlinecrypt,jqfmt=vfsv0,grpquota,nobh,jqfmt=vfsold,bh,usrquota,,errors=continue. Quota mode: writeback. [ 169.022099][ T5416] loop3: detected capacity change from 0 to 512 [ 169.055006][ T26] audit: type=1800 audit(1750205605.081:19): pid=5400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.338" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 169.056107][ T5416] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 169.217223][ T5400] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3876: comm syz.4.338: Allocating blocks 385-513 which overlap fs metadata [ 169.400871][ T5417] EXT4-fs (loop4): pa ffff888073e25380: logic 16, phys. 129, len 24 [ 169.409454][ T5417] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 8 [ 169.483448][ T5416] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 169.693959][ T5416] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 169.701927][ T5416] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 169.712630][ T4320] Trying to write to read-only block-device loop4 [ 169.719598][ T4320] Trying to write to read-only block-device loop4 [ 169.762813][ T4176] Trying to write to read-only block-device loop4 [ 169.769331][ T4176] Trying to write to read-only block-device loop4 [ 169.825564][ T4320] Trying to write to read-only block-device loop4 [ 169.834169][ T5416] System zones: 0-1, 15-15, 18-18, 34-34 [ 169.841240][ T5416] EXT4-fs (loop3): orphan cleanup on readonly fs [ 169.848023][ T5416] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 169.857541][ T5416] EXT4-fs warning (device loop3): ext4_enable_quotas:6456: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 169.878370][ T5416] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 169.897918][ T5416] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.343: bg 0: block 40: padding at end of block bitmap is not set [ 169.918418][ T4176] Trying to write to read-only block-device loop4 [ 169.927235][ T4176] Trying to write to read-only block-device loop4 [ 169.935504][ T5434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.348'. [ 169.946150][ T4176] Trying to write to read-only block-device loop4 [ 169.953553][ T5416] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 169.962813][ T4176] Trying to write to read-only block-device loop4 [ 169.970073][ T4176] Trying to write to read-only block-device loop4 [ 169.992092][ T5436] netlink: 20 bytes leftover after parsing attributes in process `syz.2.348'. [ 170.001337][ T5416] EXT4-fs (loop3): 1 truncate cleaned up [ 170.031679][ T5416] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsv0,norecovery,nogrpid,dioread_lock,,errors=continue. Quota mode: writeback. [ 170.299747][ T5416] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 170.363077][ T5416] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 170.393672][ T5416] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 170.539043][ T5450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'. [ 170.553443][ T5449] netlink: 788 bytes leftover after parsing attributes in process `syz.2.352'. [ 170.565348][ T5450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.354'. [ 170.779418][ T5457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.355'. [ 172.004476][ T5206] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 172.025259][ T5469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.294039][ T5494] loop3: detected capacity change from 0 to 512 [ 172.313399][ T5496] tipc: Started in network mode [ 172.318847][ T5496] tipc: Node identity ac1414aa, cluster identity 4711 [ 172.326752][ T5496] tipc: Enabled bearer , priority 10 [ 173.513867][ T5036] tipc: Node number set to 2886997162 [ 173.534591][ T5494] EXT4-fs (loop3): Ignoring removed nobh option [ 173.537552][ T5469] syz.4.359 (5469) used greatest stack depth: 20320 bytes left [ 173.825797][ T5494] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.369: invalid indirect mapped block 256 (level 2) [ 173.865671][ T5494] EXT4-fs (loop3): 2 truncates cleaned up [ 175.386243][ T5494] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 175.889612][ T5527] loop4: detected capacity change from 0 to 128 [ 176.875053][ T5538] netlink: 24 bytes leftover after parsing attributes in process `syz.0.383'. [ 177.541223][ T5546] netlink: zone id is out of range [ 177.563370][ T5546] netlink: zone id is out of range [ 177.678539][ T5546] netlink: zone id is out of range [ 177.830451][ T5546] netlink: zone id is out of range [ 177.853474][ T5546] netlink: zone id is out of range [ 177.877910][ T5546] netlink: zone id is out of range [ 177.900840][ T5546] netlink: zone id is out of range [ 177.925535][ T5546] netlink: zone id is out of range [ 177.950146][ T5546] netlink: zone id is out of range [ 177.992591][ T5546] netlink: zone id is out of range [ 178.640400][ T5565] loop1: detected capacity change from 0 to 512 [ 179.935745][ T5565] EXT4-fs error (device loop1): ext4_fill_super:4841: inode #2: comm syz.1.391: iget: bad i_size value: -1 [ 179.954520][ T5565] EXT4-fs (loop1): get root inode failed [ 179.960212][ T5565] EXT4-fs (loop1): mount failed [ 180.509821][ T5584] loop1: detected capacity change from 0 to 128 [ 180.568424][ T5584] ADFS-fs (loop1): error: can't find an ADFS filesystem on dev loop1. [ 181.126771][ T5592] device vlan3 entered promiscuous mode [ 181.160644][ T5592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.399'. [ 182.491597][ T5614] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 182.517175][ T5614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.404'. [ 182.845440][ T13] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 183.383112][ T5614] loop3: detected capacity change from 0 to 32768 [ 183.985344][ T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.995750][ T13] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 184.004904][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.134846][ T13] usb 3-1: config 0 descriptor?? [ 184.650455][ T13] usb 3-1: USB disconnect, device number 4 [ 185.309534][ T5657] loop1: detected capacity change from 0 to 256 [ 185.389100][ T5657] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 185.509292][ T26] audit: type=1800 audit(1750205621.529:20): pid=5657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.419" name="file1" dev="loop1" ino=1048614 res=0 errno=0 [ 185.534770][ T4216] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 188.141396][ T5680] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 188.149227][ T5680] IPv6: NLM_F_CREATE should be set when creating new route [ 188.214427][ T5685] device lo left promiscuous mode [ 188.395004][ T4216] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 188.416883][ T4216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.461067][ T4216] usb 5-1: config 0 descriptor?? [ 188.505109][ T4216] usb 5-1: can't set config #0, error -71 [ 188.532028][ T4216] usb 5-1: USB disconnect, device number 7 [ 188.778516][ T5695] loop4: detected capacity change from 0 to 4096 [ 188.893233][ T5695] /dev/loop4: Can't open blockdev [ 189.684200][ T5685] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.691928][ T5685] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.885550][ T26] audit: type=1326 audit(1750205626.908:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5709 comm="syz.4.434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x0 [ 191.197286][ T5685] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 191.225552][ T4216] Bluetooth: hci0: command 0x0406 tx timeout [ 191.233045][ T4216] Bluetooth: hci2: command 0x0406 tx timeout [ 191.257826][ T1108] Bluetooth: hci1: command 0x0406 tx timeout [ 191.264031][ T1108] Bluetooth: hci3: command 0x0406 tx timeout [ 191.272424][ T5685] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.731938][ T5685] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.741357][ T5685] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.750632][ T5685] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.759959][ T5685] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.842766][ T5716] binfmt_misc: register: failed to install interpreter file ./file2 [ 192.124306][ T5724] loop2: detected capacity change from 0 to 1024 [ 192.173752][ T5724] EXT4-fs (loop2): Ignoring removed orlov option [ 192.194184][ T5724] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 192.257157][ T5733] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 192.268987][ T5733] hfsplus: unable to find HFS+ superblock [ 193.018852][ T5724] EXT4-fs (loop2): Number of reserved GDT blocks insanely large: 2304 [ 193.185235][ T13] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 193.606471][ T5746] loop4: detected capacity change from 0 to 256 [ 195.043218][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.049612][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.057237][ T5746] exfat: Deprecated parameter 'namecase' [ 195.116466][ T5746] /dev/loop4: Can't open blockdev [ 195.171258][ T5763] loop3: detected capacity change from 0 to 128 [ 195.316168][ T5763] FAT-fs (loop3): bogus number of FAT structure [ 195.355237][ T5763] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 195.422177][ T5763] FAT-fs (loop3): Can't find a valid FAT filesystem [ 195.445702][ T13] usb 4-1: device descriptor read/all, error -71 [ 195.453366][ T5768] loop1: detected capacity change from 0 to 512 [ 195.690982][ T5768] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 195.705907][ T5779] xt_bpf: check failed: parse error [ 195.715650][ T5768] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.919728][ T5783] loop2: detected capacity change from 0 to 256 [ 196.031605][ T5783] FAT-fs (loop2): Directory bread(block 64) failed [ 196.061384][ T5783] FAT-fs (loop2): Directory bread(block 65) failed [ 196.080065][ T5783] FAT-fs (loop2): Directory bread(block 66) failed [ 196.093916][ T5783] FAT-fs (loop2): Directory bread(block 67) failed [ 196.101164][ T5783] FAT-fs (loop2): Directory bread(block 68) failed [ 196.115540][ T5783] FAT-fs (loop2): Directory bread(block 69) failed [ 196.129882][ T5783] FAT-fs (loop2): Directory bread(block 70) failed [ 196.145251][ T5783] FAT-fs (loop2): Directory bread(block 71) failed [ 196.158819][ T5783] FAT-fs (loop2): Directory bread(block 72) failed [ 196.178674][ T5783] FAT-fs (loop2): Directory bread(block 73) failed [ 199.892035][ T5812] xt_recent: hitcount (692) is larger than allowed maximum (255) [ 201.156234][ T26] audit: type=1326 audit(1750205637.167:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5798 comm="syz.0.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7fc00000 [ 201.319832][ T5816] netlink: 12 bytes leftover after parsing attributes in process `syz.4.468'. [ 201.510415][ T5825] kernel profiling enabled (shift: 17) [ 201.829066][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.838802][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.847933][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.857866][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.866910][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.471'. [ 203.121500][ T5836] loop4: detected capacity change from 0 to 128 [ 203.260554][ T26] audit: type=1326 audit(1750205639.277:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 203.313558][ T26] audit: type=1326 audit(1750205639.277:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 203.387378][ T26] audit: type=1326 audit(1750205639.277:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 203.412928][ T5845] CIFS: iocharset name too long [ 203.457740][ T26] audit: type=1326 audit(1750205639.277:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 203.482070][ T26] audit: type=1326 audit(1750205639.277:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 203.506188][ T26] audit: type=1326 audit(1750205639.287:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f896f8658e7 code=0x7ffc0000 [ 204.615842][ T26] audit: type=1326 audit(1750205639.287:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f896f80ab19 code=0x7ffc0000 [ 204.786679][ T26] audit: type=1326 audit(1750205639.287:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f896f86e929 code=0x7ffc0000 [ 205.021469][ T26] audit: type=1326 audit(1750205639.357:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5840 comm="syz.1.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f896f8658e7 code=0x7ffc0000 [ 205.052426][ T4216] syzkaller0: tun_net_xmit 76 [ 205.058221][ T4216] syzkaller0: tun_net_xmit 48 [ 205.076942][ T1110] syzkaller0: tun_net_xmit 76 [ 205.211677][ T5864] loop1: detected capacity change from 0 to 512 [ 205.376437][ T5864] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 205.413751][ T5864] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 205.426051][ T5864] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 205.451918][ T5872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.482'. [ 205.494120][ T5864] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 205.511195][ T5864] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=e040e01c, mo2=0000] [ 205.522178][ T5864] EXT4-fs (loop1): failed to initialize system zone (-117) [ 205.537092][ T5864] EXT4-fs (loop1): mount failed [ 207.000969][ T5893] rdma_rxe: rxe_register_device failed with error -23 [ 207.038929][ T5894] binder: 5891:5894 ioctl c0306201 200000000080 returned -14 [ 207.061256][ T5893] rdma_rxe: failed to add syz_tun [ 207.118774][ T5894] binder: BINDER_SET_CONTEXT_MGR already set [ 207.167292][ T5894] binder: 5891:5894 ioctl 4018620d 200000000040 returned -16 [ 207.373805][ T5904] netlink: 277 bytes leftover after parsing attributes in process `syz.2.486'. [ 208.084532][ T5911] loop2: detected capacity change from 0 to 512 [ 208.675028][ T5911] EXT4-fs (loop2): Test dummy encryption mode enabled [ 208.676620][ T5924] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 209.331719][ T5911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.492: inode #1: comm syz.2.492: iget: illegal inode # [ 209.514960][ T5911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.492: error while reading EA inode 1 err=-117 [ 209.556499][ T5911] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 209.735010][ T5911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.492: inode #1: comm syz.2.492: iget: illegal inode # [ 209.776948][ T5911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.492: error while reading EA inode 1 err=-117 [ 209.806708][ T5911] EXT4-fs (loop2): 1 orphan inode deleted [ 209.817670][ T5911] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,discard,norecovery,noinit_itable,test_dummy_encryption,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,jqfmt=vfsold,dioread_lock,noblock_validity,nouid32,,errors=continue. Quota mode: none. [ 209.836099][ T5940] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 209.854431][ T5940] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 209.862658][ T5940] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 209.872097][ T5940] device bridge_slave_0 left promiscuous mode [ 209.879452][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.921827][ T5940] device bridge_slave_1 left promiscuous mode [ 209.946329][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.971862][ T5940] bond0: (slave bond_slave_0): Releasing backup interface [ 209.991064][ T5940] bond0: (slave bond_slave_1): Releasing backup interface [ 210.030546][ T5940] team0: Port device team_slave_0 removed [ 210.065784][ T5940] team0: Port device team_slave_1 removed [ 210.073692][ T5940] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.081656][ T5940] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.119426][ T5941] team0: Mode changed to "loadbalance" [ 210.279027][ T5950] loop2: detected capacity change from 0 to 8 [ 210.830200][ T5955] loop1: detected capacity change from 0 to 8 [ 211.223844][ T5964] netlink: 277 bytes leftover after parsing attributes in process `syz.4.503'. [ 213.762565][ T5968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.506'. [ 213.964637][ T5973] rdma_rxe: rxe_register_device failed with error -23 [ 213.978493][ T5973] rdma_rxe: failed to add syz_tun [ 218.342486][ T6013] loop3: detected capacity change from 0 to 512 [ 218.352630][ T6008] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 219.491627][ T6014] loop4: detected capacity change from 0 to 8 [ 219.597159][ T6013] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 219.625011][ T6013] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.882268][ T6029] netlink: 'syz.2.523': attribute type 12 has an invalid length. [ 220.065181][ T6034] loop1: detected capacity change from 0 to 64 [ 220.236101][ T6014] /dev/loop4: Can't open blockdev [ 221.672265][ T6033] attempt to access beyond end of device [ 221.672265][ T6033] loop1: rw=0, want=268435470, limit=64 [ 221.684607][ T6033] Buffer I/O error on dev loop1, logical block 134217734, async page read [ 221.713166][ T6033] Trying to free block not in datazone [ 222.839995][ T4249] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 223.028905][ T4214] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 223.088832][ T4249] usb 5-1: Using ep0 maxpacket: 8 [ 223.940651][ T4249] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 223.969294][ T4249] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 224.025272][ T4249] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 224.084186][ T4214] usb 2-1: not running at top speed; connect to a high speed hub [ 224.105891][ T4249] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 224.127573][ T4249] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 224.148570][ T4249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.189159][ T4214] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 224.198172][ T4214] usb 2-1: config 1 has no interface number 1 [ 224.220051][ T4249] hub 5-1:1.0: bad descriptor, ignoring hub [ 224.237812][ T4249] hub: probe of 5-1:1.0 failed with error -5 [ 224.249942][ T4249] cdc_wdm 5-1:1.0: skipping garbage [ 224.265246][ T4249] cdc_wdm 5-1:1.0: skipping garbage [ 224.459859][ T4249] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 224.465965][ T4249] cdc_wdm 5-1:1.0: Unknown control protocol [ 224.485652][ T6078] overlayfs: failed to clone upperpath [ 224.499121][ T4214] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 224.510426][ T4249] usb 5-1: USB disconnect, device number 9 [ 224.718106][ T4214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.935133][ T4214] usb 2-1: Product: syz [ 225.035798][ T4214] usb 2-1: Manufacturer: syz [ 225.161691][ T4214] usb 2-1: SerialNumber: syz [ 225.397979][ T6083] loop2: detected capacity change from 0 to 256 [ 228.018746][ T6083] loop2: detected capacity change from 0 to 512 [ 228.082459][ T6083] EXT4-fs (loop2): Unrecognized mount option "smackfsroot=/dev/kvM" or missing value [ 228.889749][ T4214] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 228.963644][ T6108] netlink: 'syz.3.547': attribute type 10 has an invalid length. [ 228.996009][ T4214] usb 2-1: USB disconnect, device number 3 [ 229.252601][ T4305] udevd[4305]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 229.329803][ T6129] blk_update_request: I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 229.341341][ T6129] hfsplus: unable to find HFS+ superblock [ 230.209021][ T6137] loop3: detected capacity change from 0 to 128 [ 230.235250][ T6133] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 232.907419][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 232.955262][ T6157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.831605][ T6178] blk_update_request: I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 234.843143][ T6178] hfsplus: unable to find HFS+ superblock [ 235.670905][ T6187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.580'. [ 235.967785][ T6196] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 237.790823][ T6214] loop3: detected capacity change from 0 to 64 [ 239.049126][ T6214] attempt to access beyond end of device [ 239.049126][ T6214] loop3: rw=0, want=268435470, limit=64 [ 239.060315][ T6214] Buffer I/O error on dev loop3, logical block 134217734, async page read [ 239.116136][ T6214] Trying to free block not in datazone [ 239.484882][ T6221] loop4: detected capacity change from 0 to 256 [ 239.772484][ T6221] /dev/loop4: Can't open blockdev [ 239.903004][ T26] kauditd_printk_skb: 63 callbacks suppressed [ 239.903019][ T26] audit: type=1326 audit(1750205675.912:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6208 comm="syz.2.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1da9220929 code=0x7fc00000 [ 240.211903][ T6229] net_ratelimit: 23 callbacks suppressed [ 240.211923][ T6229] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 241.361364][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.598'. [ 241.506794][ T6249] device hsr_slave_0 left promiscuous mode [ 242.614618][ T6267] loop4: detected capacity change from 0 to 3 [ 243.097348][ T6267] squashfs: Unknown parameter 'û' [ 244.147940][ T6283] loop2: detected capacity change from 0 to 64 [ 244.569622][ T6283] attempt to access beyond end of device [ 244.569622][ T6283] loop2: rw=0, want=268435470, limit=64 [ 244.580886][ T6283] Buffer I/O error on dev loop2, logical block 134217734, async page read [ 244.677915][ T6283] Trying to free block not in datazone [ 245.542201][ T26] audit: type=1326 audit(1750205681.552:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6270 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7fc00000 [ 246.357896][ T6301] netlink: 24 bytes leftover after parsing attributes in process `syz.2.601'. [ 247.022625][ T6306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.602'. [ 247.125001][ T6306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.602'. [ 248.748660][ T6324] MPTCP: addr_signal error, rm_addr=1 [ 249.318241][ T6332] xt_connbytes: Forcing CT accounting to be enabled [ 249.330466][ T6332] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 249.342526][ T6332] xt_bpf: check failed: parse error [ 250.464087][ T6325] loop4: detected capacity change from 0 to 64 [ 250.993929][ T6343] loop1: detected capacity change from 0 to 40427 [ 251.104753][ T6343] F2FS-fs (loop1): invalid crc value [ 251.139380][ T6343] F2FS-fs (loop1): Found nat_bits in checkpoint [ 251.231310][ T6343] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 251.709524][ T6358] syz.4.615[6358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.709632][ T6358] syz.4.615[6358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 252.994816][ T4170] attempt to access beyond end of device [ 252.994816][ T4170] loop1: rw=2049, want=45104, limit=40427 [ 255.831337][ T1424] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.837721][ T1424] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.956221][ T6391] netlink: 'syz.0.626': attribute type 10 has an invalid length. [ 256.023066][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.087262][ T6391] device bridge_slave_1 left promiscuous mode [ 256.125536][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.146922][ T6391] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 256.157209][ T6394] netlink: 14 bytes leftover after parsing attributes in process `syz.0.626'. [ 256.183289][ C1] Illegal XDP return value 16128, expect packet loss! [ 256.213997][ T6398] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20000 [ 256.267143][ T6394] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.290129][ T6402] binder_alloc: 6401: binder_alloc_buf, no vma [ 256.307123][ T6403] netlink: 'syz.2.628': attribute type 16 has an invalid length. [ 256.323734][ T6403] netlink: 'syz.2.628': attribute type 3 has an invalid length. [ 256.341750][ T6403] netlink: 132 bytes leftover after parsing attributes in process `syz.2.628'. [ 256.439449][ T6394] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.462038][ T6394] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 256.514570][ T6394] bond0 (unregistering): Released all slaves [ 257.775142][ T26] audit: type=1326 audit(1750205693.790:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f78d8c65929 code=0x0 [ 257.847255][ T6425] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 258.988170][ T6439] loop1: detected capacity change from 0 to 512 [ 259.156215][ T6446] loop3: detected capacity change from 0 to 512 [ 260.315072][ T6439] EXT4-fs error (device loop1): __ext4_iget:4893: inode #14: block 1886221359: comm syz.1.638: invalid block [ 260.337725][ T6439] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.638: couldn't read orphan inode 14 (err -117) [ 260.549521][ T6457] netlink: 28 bytes leftover after parsing attributes in process `syz.2.643'. [ 260.558211][ T6446] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 260.715228][ T6439] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nodiscard,nouid32,journal_ioprio=0x0000000000000006,quota,,errors=continue. Quota mode: writeback. [ 260.909724][ T6446] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 261.064455][ T6439] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 261.136479][ T6446] EXT4-fs (loop3): 1 truncate cleaned up [ 261.143578][ T6446] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000066,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 262.488989][ T6474] xt_CT: You must specify a L4 protocol and not use inversions on it [ 265.567271][ T6508] loop2: detected capacity change from 0 to 16 [ 267.247012][ T6508] erofs: (device loop2): mounted with root inode @ nid 36. [ 267.673446][ T6523] loop4: detected capacity change from 0 to 4096 [ 269.216635][ T6535] hugetlbfs: syz.0.665 (6535): Using mlock ulimits for SHM_HUGETLB is deprecated [ 273.698835][ T26] audit: type=1326 audit(1750205709.708:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 273.733597][ T6578] netlink: 16 bytes leftover after parsing attributes in process `syz.4.682'. [ 273.760716][ T26] audit: type=1326 audit(1750205709.708:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 273.810511][ T6581] cgroup: Unknown subsys name 'obj_role' [ 273.853457][ T26] audit: type=1326 audit(1750205709.708:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.189348][ T26] audit: type=1326 audit(1750205709.708:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.214555][ T26] audit: type=1326 audit(1750205709.708:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.251267][ T26] audit: type=1326 audit(1750205709.708:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.303553][ T26] audit: type=1326 audit(1750205709.708:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.332699][ T26] audit: type=1326 audit(1750205709.708:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.357671][ T26] audit: type=1326 audit(1750205709.728:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 274.495472][ T26] audit: type=1326 audit(1750205709.758:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6579 comm="syz.0.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd7ccab8929 code=0x7ffc0000 [ 275.105750][ T5215] tipc: Disabling bearer [ 275.117367][ T5215] tipc: Left network mode [ 275.458851][ T6595] netlink: 'syz.0.686': attribute type 1 has an invalid length. [ 275.470893][ T6595] netlink: 'syz.0.686': attribute type 4 has an invalid length. [ 276.290580][ T6595] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.686'. [ 276.326010][ T1108] Bluetooth: hci4: command 0x0409 tx timeout [ 276.430766][ T6601] netlink: 'syz.0.686': attribute type 1 has an invalid length. [ 276.449131][ T6601] netlink: 'syz.0.686': attribute type 4 has an invalid length. [ 276.465555][ T6601] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.686'. [ 276.624444][ T6612] 9pnet: Insufficient options for proto=fd [ 278.355449][ T1108] Bluetooth: hci4: command 0x041b tx timeout [ 278.800858][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.696'. [ 278.839036][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 278.839052][ T26] audit: type=1800 audit(1750205714.848:122): pid=6641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.695" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 279.031850][ C1] Unknown status report in ack skb [ 279.093405][ T6645] loop1: detected capacity change from 0 to 32768 [ 279.150496][ T6645] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 279.161178][ T6645] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 279.196584][ T6645] gfs2: fsid=syz:syz.0: journal 0 mapped with 7 extents in 0ms [ 279.210065][ T1108] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 279.217476][ T1108] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 279.306139][ T6584] chnl_net:caif_netlink_parms(): no params data found [ 279.383431][ T1108] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 165ms [ 280.357090][ T1108] gfs2: fsid=syz:syz.0: jid=0: Done [ 280.364691][ T6645] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 280.378533][ T6645] attempt to access beyond end of device [ 280.378533][ T6645] loop1: rw=12288, want=9007199254757624, limit=32768 [ 280.390932][ T6645] gfs2: fsid=syz:syz.0: can't lock local "qc" file: -5 [ 280.449083][ T4249] Bluetooth: hci4: command 0x040f tx timeout [ 280.573637][ T6659] loop4: detected capacity change from 0 to 2048 [ 281.702479][ T6668] netlink: 'syz.1.703': attribute type 10 has an invalid length. [ 281.839791][ T6584] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.880463][ T6584] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.913442][ T6584] device bridge_slave_0 entered promiscuous mode [ 281.975335][ T6584] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.020138][ T6584] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.066881][ T6584] device bridge_slave_1 entered promiscuous mode [ 282.381232][ T6584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.394538][ T6686] device syzkaller0 entered promiscuous mode [ 282.410673][ T6584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.605907][ T4249] Bluetooth: hci4: command 0x0419 tx timeout [ 283.634102][ T6584] team0: Port device team_slave_0 added [ 283.708603][ T6721] xt_CT: You must specify a L4 protocol and not use inversions on it [ 283.921426][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.034510][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.150632][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.391548][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.510745][ T6713] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.588032][ T6584] team0: Port device team_slave_1 added [ 284.745193][ T6713] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.786975][ T6584] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.794047][ T6584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.848745][ T6584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.862113][ T6584] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.869425][ T6584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.911735][ T6584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.407127][ T5215] device hsr_slave_0 left promiscuous mode [ 285.417207][ T5215] device hsr_slave_1 left promiscuous mode [ 285.428589][ T5215] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 285.442723][ T5215] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 285.684505][ T5215] device bridge_slave_1 left promiscuous mode [ 285.700650][ T26] audit: type=1326 audit(1750205721.707:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 285.791028][ T5215] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.936011][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.720'. [ 285.941552][ T26] audit: type=1326 audit(1750205721.707:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.057266][ T26] audit: type=1326 audit(1750205721.707:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.059716][ T5215] device bridge_slave_0 left promiscuous mode [ 286.085088][ T26] audit: type=1326 audit(1750205721.707:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.086902][ T5215] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.115651][ T26] audit: type=1326 audit(1750205721.707:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.140567][ T26] audit: type=1326 audit(1750205721.707:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.164618][ T26] audit: type=1326 audit(1750205721.707:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.191812][ T26] audit: type=1326 audit(1750205721.707:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.433942][ T26] audit: type=1326 audit(1750205721.707:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.463780][ T26] audit: type=1326 audit(1750205721.707:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6734 comm="syz.3.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7e48540929 code=0x7ffc0000 [ 286.720167][ T5215] team0 (unregistering): Port device team_slave_1 removed [ 286.736185][ T5215] team0 (unregistering): Port device team_slave_0 removed [ 286.751938][ T5215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.773622][ T5215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 287.672338][ T5215] bond0 (unregistering): Released all slaves [ 287.782074][ T6713] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.795202][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.720'. [ 287.882405][ T6713] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.945813][ T6584] device hsr_slave_0 entered promiscuous mode [ 287.959851][ T6584] device hsr_slave_1 entered promiscuous mode [ 287.970558][ T6584] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.980808][ T6584] Cannot create hsr debugfs directory [ 288.106230][ T6713] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.293411][ T6713] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.358843][ T6713] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.413051][ T6713] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.894233][ T6775] loop1: detected capacity change from 0 to 512 [ 289.959595][ T6775] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 290.086399][ T6775] EXT4-fs (loop1): 1 truncate cleaned up [ 290.096151][ T6775] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 290.203198][ T6775] netlink: 24 bytes leftover after parsing attributes in process `syz.1.731'. [ 290.242842][ T6775] netlink: 16 bytes leftover after parsing attributes in process `syz.1.731'. [ 290.643005][ T6584] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 290.663473][ T6584] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 290.684761][ T6584] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 290.704598][ T6584] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 290.898375][ T5036] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 290.965363][ T6809] kvm: pic: level sensitive irq not supported [ 290.987903][ T6809] kvm: pic: non byte write [ 290.995881][ T6584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.059784][ T5203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 291.130125][ T5203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 291.171181][ T6584] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.212043][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 291.242363][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 291.287419][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.294511][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.311980][ T5036] usb 4-1: Using ep0 maxpacket: 32 [ 291.442653][ T5036] usb 4-1: config 0 has no interfaces? [ 291.650060][ T5036] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 291.764614][ T5036] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.032498][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 292.173212][ T5036] usb 4-1: Product: syz [ 292.177759][ T5036] usb 4-1: Manufacturer: syz [ 292.182379][ T5036] usb 4-1: SerialNumber: syz [ 292.189559][ T5036] usb 4-1: config 0 descriptor?? [ 292.234321][ T5201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 292.246308][ T5201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.255674][ T5201] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.262851][ T5201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.107730][ T5036] usb 4-1: USB disconnect, device number 8 [ 294.649372][ T5201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 294.693028][ T5201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 294.965586][ T6851] loop1: detected capacity change from 0 to 2048 [ 294.977249][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 294.988516][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 295.021861][ T6849] bond0: (slave wlan1): Releasing backup interface [ 295.102543][ T6851] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 295.185071][ T6853] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.193996][ T6853] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.202395][ T6853] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.211037][ T6853] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.317221][ T6853] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 295.342882][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 295.365061][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 295.403680][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 295.435180][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 295.487981][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 295.621408][ C0] ------------[ cut here ]------------ [ 295.626930][ C0] WARNING: CPU: 0 PID: 6871 at net/mac80211/tx.c:4851 __ieee80211_beacon_get+0x172c/0x1f80 [ 295.637011][ C0] Modules linked in: [ 295.641053][ C0] CPU: 0 PID: 6871 Comm: syz.3.750 Not tainted 5.15.185-syzkaller #0 [ 295.649188][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.659312][ C0] RIP: 0010:__ieee80211_beacon_get+0x172c/0x1f80 [ 295.665674][ C0] Code: f8 0f 0b e9 f1 fa ff ff e8 b1 1a 42 f8 0f 0b 4c 8b 74 24 08 e9 36 fe ff ff e8 a0 1a 42 f8 0f 0b e9 3c ef ff ff e8 94 1a 42 f8 <0f> 0b e9 b8 f2 ff ff e8 18 c5 6b 00 44 89 e1 80 e1 07 80 c1 03 38 [ 295.685361][ C0] RSP: 0018:ffffc900000078c0 EFLAGS: 00010246 [ 295.691487][ C0] RAX: ffffffff8935a78c RBX: ffff88805fb6cc80 RCX: ffff888077eb1dc0 [ 295.699509][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.707527][ C0] RBP: ffffc90000007ae8 R08: ffff888077eb1dc0 R09: 0000000000000003 [ 295.715517][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888077ab0400 [ 295.723536][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff92000000f28 [ 295.731549][ C0] FS: 00007f7e463876c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 295.740535][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.747140][ C0] CR2: 000000110c324355 CR3: 0000000074285000 CR4: 00000000003506f0 [ 295.755168][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 295.763188][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 295.771205][ C0] Call Trace: [ 295.774498][ C0] [ 295.777401][ C0] ? mark_lock+0x94/0x320 [ 295.781756][ C0] ? ieee80211_beacon_get_template+0x30/0x30 [ 295.787799][ C0] ? verify_lock_unused+0x140/0x140 [ 295.793041][ C0] ? __lock_acquire+0x13ad/0x7c60 [ 295.798139][ C0] ieee80211_beacon_get_tim+0x48/0x840 [ 295.803634][ C0] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 295.809151][ C0] __iterate_interfaces+0x243/0x500 [ 295.814374][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 295.820674][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 295.826938][ C0] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 295.834025][ C0] mac80211_hwsim_beacon+0x9b/0x180 [ 295.839287][ C0] __hrtimer_run_queues+0x53d/0xc40 [ 295.844522][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 295.850551][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 295.856655][ C0] ? hw_scan_work+0xeb0/0xeb0 [ 295.861399][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 295.866547][ C0] hrtimer_run_softirq+0x176/0x240 [ 295.871716][ C0] handle_softirqs+0x328/0x820 [ 295.876512][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 295.881426][ C0] ? do_softirq+0x200/0x200 [ 295.885960][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 295.891218][ C0] __irq_exit_rcu+0x12f/0x220 [ 295.895919][ C0] ? irq_exit_rcu+0x20/0x20 [ 295.900486][ C0] irq_exit_rcu+0x5/0x20 [ 295.904857][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 295.910607][ C0] [ 295.913627][ C0] [ 295.916647][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 295.922801][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 [ 295.929383][ C0] Code: 74 05 e8 3e 14 d3 f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 06 94 a6 f7 65 8b 05 a7 a3 57 76 85 c0 74 3c 48 c7 04 24 0e 36 [ 295.949066][ C0] RSP: 0018:ffffc900032df5e0 EFLAGS: 00000206 [ 295.955165][ C0] RAX: 6b611aadcc0efa00 RBX: 0000000000000a02 RCX: 6b611aadcc0efa00 [ 295.963217][ C0] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: 0000000000000001 [ 295.971252][ C0] RBP: ffffc900032df678 R08: dffffc0000000000 R09: fffffbfff1ff362f [ 295.979291][ C0] R10: fffffbfff1ff362f R11: 1ffffffff1ff362e R12: dffffc0000000000 [ 295.987291][ C0] R13: 1ffff1100fdaa144 R14: ffff88807ed509c8 R15: 1ffff9200065bebc [ 295.994573][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 295.995381][ C0] ? _raw_spin_unlock+0x40/0x40 [ 296.008091][ C0] __skb_try_recv_datagram+0x179/0x4d0 [ 296.013593][ C0] ? sock_load_diag_module+0x130/0x130 [ 296.019174][ C0] __unix_dgram_recvmsg+0x2d3/0xd50 [ 296.024429][ C0] ? unix_unhash+0x10/0x10 [ 296.028951][ C0] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 296.035143][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 296.040442][ C0] ? mark_lock+0x94/0x320 [ 296.044817][ C0] ? unix_dgram_recvmsg+0xb2/0xd0 [ 296.049941][ C0] ? unix_dgram_sendmsg+0x1890/0x1890 [ 296.055364][ C0] ____sys_recvmsg+0x291/0x580 [ 296.060236][ C0] ? __sys_recvmsg_sock+0x40/0x40 [ 296.065393][ C0] ? import_iovec+0x6f/0xa0 [ 296.070004][ C0] ___sys_recvmsg+0x1af/0x4f0 [ 296.074735][ C0] ? __sys_recvmsg+0x250/0x250 [ 296.079614][ C0] ? __lock_acquire+0x7c60/0x7c60 [ 296.084678][ C0] ? __might_fault+0xb3/0x110 [ 296.089455][ C0] do_recvmmsg+0x344/0x7a0 [ 296.093909][ C0] ? __sys_recvmmsg+0x280/0x280 [ 296.097132][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 296.098862][ C0] ? __lock_acquire+0x7c60/0x7c60 [ 296.098906][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 296.098932][ C0] ? do_recvmmsg+0x7a0/0x7a0 [ 296.098957][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 296.098986][ C0] do_syscall_64+0x4c/0xa0 [ 296.099006][ C0] ? clear_bhb_loop+0x30/0x80 [ 296.099027][ C0] ? clear_bhb_loop+0x30/0x80 [ 296.099050][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 296.099076][ C0] RIP: 0033:0x7f7e48540929 [ 296.099096][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.099115][ C0] RSP: 002b:00007f7e46387038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 296.099140][ C0] RAX: ffffffffffffffda RBX: 00007f7e48768080 RCX: 00007f7e48540929 [ 296.099156][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 296.099170][ C0] RBP: 00007f7e485c2b39 R08: 0000000000000000 R09: 0000000000000000 [ 296.099185][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 296.099198][ C0] R13: 0000000000000000 R14: 00007f7e48768080 R15: 00007ffcd771c378 [ 296.099228][ C0] [ 296.099252][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 296.230401][ C0] CPU: 0 PID: 6871 Comm: syz.3.750 Not tainted 5.15.185-syzkaller #0 [ 296.238499][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.248643][ C0] Call Trace: [ 296.251966][ C0] [ 296.254868][ C0] dump_stack_lvl+0x168/0x230 [ 296.259675][ C0] ? show_regs_print_info+0x20/0x20 [ 296.264897][ C0] ? load_image+0x3b0/0x3b0 [ 296.269439][ C0] panic+0x2c9/0x7f0 [ 296.273374][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 296.277940][ C0] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 296.283699][ C0] __warn+0x248/0x2b0 [ 296.287729][ C0] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 296.293583][ C0] report_bug+0x1b7/0x2e0 [ 296.298011][ C0] handle_bug+0x3a/0x70 [ 296.302210][ C0] exc_invalid_op+0x16/0x40 [ 296.306745][ C0] asm_exc_invalid_op+0x16/0x20 [ 296.311625][ C0] RIP: 0010:__ieee80211_beacon_get+0x172c/0x1f80 [ 296.317988][ C0] Code: f8 0f 0b e9 f1 fa ff ff e8 b1 1a 42 f8 0f 0b 4c 8b 74 24 08 e9 36 fe ff ff e8 a0 1a 42 f8 0f 0b e9 3c ef ff ff e8 94 1a 42 f8 <0f> 0b e9 b8 f2 ff ff e8 18 c5 6b 00 44 89 e1 80 e1 07 80 c1 03 38 [ 296.337846][ C0] RSP: 0018:ffffc900000078c0 EFLAGS: 00010246 [ 296.344069][ C0] RAX: ffffffff8935a78c RBX: ffff88805fb6cc80 RCX: ffff888077eb1dc0 [ 296.352071][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 296.360080][ C0] RBP: ffffc90000007ae8 R08: ffff888077eb1dc0 R09: 0000000000000003 [ 296.368092][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff888077ab0400 [ 296.376091][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff92000000f28 [ 296.384192][ C0] ? __ieee80211_beacon_get+0x172c/0x1f80 [ 296.389985][ C0] ? mark_lock+0x94/0x320 [ 296.394373][ C0] ? ieee80211_beacon_get_template+0x30/0x30 [ 296.400392][ C0] ? verify_lock_unused+0x140/0x140 [ 296.405638][ C0] ? __lock_acquire+0x13ad/0x7c60 [ 296.410845][ C0] ieee80211_beacon_get_tim+0x48/0x840 [ 296.416350][ C0] mac80211_hwsim_beacon_tx+0xf4/0x920 [ 296.421849][ C0] __iterate_interfaces+0x243/0x500 [ 296.427076][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 296.433352][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 296.439631][ C0] ieee80211_iterate_active_interfaces_atomic+0xb3/0x140 [ 296.446707][ C0] mac80211_hwsim_beacon+0x9b/0x180 [ 296.451954][ C0] __hrtimer_run_queues+0x53d/0xc40 [ 296.457198][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 296.463313][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 296.469346][ C0] ? hw_scan_work+0xeb0/0xeb0 [ 296.474068][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 296.479224][ C0] hrtimer_run_softirq+0x176/0x240 [ 296.484382][ C0] handle_softirqs+0x328/0x820 [ 296.489195][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 296.494097][ C0] ? do_softirq+0x200/0x200 [ 296.498816][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 296.504182][ C0] __irq_exit_rcu+0x12f/0x220 [ 296.508991][ C0] ? irq_exit_rcu+0x20/0x20 [ 296.513528][ C0] irq_exit_rcu+0x5/0x20 [ 296.517792][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 296.523450][ C0] [ 296.526393][ C0] [ 296.529343][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 296.535344][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 [ 296.541869][ C0] Code: 74 05 e8 3e 14 d3 f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 06 94 a6 f7 65 8b 05 a7 a3 57 76 85 c0 74 3c 48 c7 04 24 0e 36 [ 296.561501][ C0] RSP: 0018:ffffc900032df5e0 EFLAGS: 00000206 [ 296.567606][ C0] RAX: 6b611aadcc0efa00 RBX: 0000000000000a02 RCX: 6b611aadcc0efa00 [ 296.575593][ C0] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: 0000000000000001 [ 296.583586][ C0] RBP: ffffc900032df678 R08: dffffc0000000000 R09: fffffbfff1ff362f [ 296.591574][ C0] R10: fffffbfff1ff362f R11: 1ffffffff1ff362e R12: dffffc0000000000 [ 296.599568][ C0] R13: 1ffff1100fdaa144 R14: ffff88807ed509c8 R15: 1ffff9200065bebc [ 296.607583][ C0] ? _raw_spin_unlock+0x40/0x40 [ 296.612474][ C0] __skb_try_recv_datagram+0x179/0x4d0 [ 296.618325][ C0] ? sock_load_diag_module+0x130/0x130 [ 296.623825][ C0] __unix_dgram_recvmsg+0x2d3/0xd50 [ 296.629067][ C0] ? unix_unhash+0x10/0x10 [ 296.633505][ C0] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 296.639684][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 296.644918][ C0] ? mark_lock+0x94/0x320 [ 296.649289][ C0] ? unix_dgram_recvmsg+0xb2/0xd0 [ 296.654348][ C0] ? unix_dgram_sendmsg+0x1890/0x1890 [ 296.659760][ C0] ____sys_recvmsg+0x291/0x580 [ 296.664572][ C0] ? __sys_recvmsg_sock+0x40/0x40 [ 296.669810][ C0] ? import_iovec+0x6f/0xa0 [ 296.674340][ C0] ___sys_recvmsg+0x1af/0x4f0 [ 296.679060][ C0] ? __sys_recvmsg+0x250/0x250 [ 296.683869][ C0] ? __lock_acquire+0x7c60/0x7c60 [ 296.688928][ C0] ? __might_fault+0xb3/0x110 [ 296.693637][ C0] do_recvmmsg+0x344/0x7a0 [ 296.698088][ C0] ? __sys_recvmmsg+0x280/0x280 [ 296.702976][ C0] ? __lock_acquire+0x7c60/0x7c60 [ 296.708053][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 296.713107][ C0] ? do_recvmmsg+0x7a0/0x7a0 [ 296.717727][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 296.722962][ C0] do_syscall_64+0x4c/0xa0 [ 296.727407][ C0] ? clear_bhb_loop+0x30/0x80 [ 296.732105][ C0] ? clear_bhb_loop+0x30/0x80 [ 296.736835][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 296.742753][ C0] RIP: 0033:0x7f7e48540929 [ 296.747191][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.766831][ C0] RSP: 002b:00007f7e46387038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 296.775361][ C0] RAX: ffffffffffffffda RBX: 00007f7e48768080 RCX: 00007f7e48540929 [ 296.777226][ T6881] netlink: 'syz.0.753': attribute type 10 has an invalid length. [ 296.783355][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 296.783374][ C0] RBP: 00007f7e485c2b39 R08: 0000000000000000 R09: 0000000000000000 [ 296.783387][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 296.783400][ C0] R13: 0000000000000000 R14: 00007f7e48768080 R15: 00007ffcd771c378 [ 296.823134][ C0] [ 296.826427][ C0] Kernel Offset: disabled [ 296.831216][ C0] Rebooting in 86400 seconds..