last executing test programs: 1m6.171343663s ago: executing program 0 (id=913): unshare(0x28000600) mq_open(&(0x7f00000004c0)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xednux\x02\xc7\x12\xec\xca7\xbc\x1fS\x1c\x05y\x91\xe5\x9aL\xa9u\b\x00\x00\x00\xa0pC\x19\x9b\vY\x186\xa4\xe7\x1eg{`\xfa\xf3n\x8fIj6f\xfb\x13-g\x19(a6\x18\xe24nz\x83w8\xff\xfb\x83\f\x9a\xda\xc5w\x8eo\x02\xa3\xc1\x83\x91\xc6\xfd\x8c\xc4s\x03\x16\xa4+\xce|^\x98K_0\x8a\xb0\xff~\x1e\xd92\xb4r\xd8\xe7', 0x40, 0x110, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1m2.742638633s ago: executing program 0 (id=921): unshare(0x2040400) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000ac0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="02"], 0x10) 1m2.650342405s ago: executing program 0 (id=922): r0 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000100)="abdbd3ed2c85d56cb96256050d03b268", 0x20) 1m0.136944442s ago: executing program 0 (id=929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000180)=@bloom_filter={0x1e, 0x6, 0x0, 0x0, 0x20b50, 0x1, 0xfffffffa, '\x00', r3, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x6, @void, @value, @void, @value}, 0x1b) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000e060d0000"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) 37.626818611s ago: executing program 0 (id=929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000180)=@bloom_filter={0x1e, 0x6, 0x0, 0x0, 0x20b50, 0x1, 0xfffffffa, '\x00', r3, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x6, @void, @value, @void, @value}, 0x1b) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000e060d0000"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) 9.771954778s ago: executing program 2 (id=1086): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @bcast, @bpq0, 0x5, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) 9.418988262s ago: executing program 2 (id=1089): r0 = fanotify_init(0x200, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x71, 0x40000009, r1, 0x0) r2 = fanotify_init(0x200, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r2, 0x161, 0x40000867, r3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 9.029568018s ago: executing program 2 (id=1092): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x6ffffffffffffffe, 0x0) read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$sock_int(r1, 0x1, 0x27, 0x0, &(0x7f0000002380)) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) fadvise64(r2, 0x18, 0x0, 0x4) 8.123182401s ago: executing program 2 (id=1093): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x19, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000", @ANYRES32], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x29, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0x0) 6.298663068s ago: executing program 1 (id=1100): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @bcast, @bpq0, 0x5, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) 5.858414364s ago: executing program 1 (id=1106): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000040)=0x24, 0x4) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000000)=0x1001, 0x4) bind$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @default, 0x8}, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r2, &(0x7f0000000100)={{0x3, @bcast, 0x1}, [@null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f00000001c0)=@netrom={'nr', 0x0}, 0x10) 5.840726455s ago: executing program 0 (id=929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000180)=@bloom_filter={0x1e, 0x6, 0x0, 0x0, 0x20b50, 0x1, 0xfffffffa, '\x00', r3, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x6, @void, @value, @void, @value}, 0x1b) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000e060d0000"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) 4.647553352s ago: executing program 1 (id=1108): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffc) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x770a, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f00000034c0)='\x00\x00\x03\x86\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x94\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcbzA\x8e\xf6\x89\xc2\'\xdfn\x054Y\xd4\x91s\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\xe0\\\x98\xe1%\x1c\xf4\xd0\xf5\xd5\x80\xc4\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\a\x00\x00\x00\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xa5a\xfb\xa6\xff\xfbj\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\x05\x00\xeb\xd8\t\x00\x00\x00CvNx461\x04Nl\xedV\xcet\xaa~\x01j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\f\x00\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg\xc52\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xdeZ%\xa7\x01\x00\x00\x00\x01\x00\x00\x00\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x1c\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\"Y\xad\xaf\x83\xaf\x93\xdaHg\xd4\x8c\xee\x0f\x00\x1c/\x9a\xf83\';:q\x92\x010g\\Ym\xd8,\x8d\b\xab\x9dq\xed\xcc\xba\x06\x1ej\xb7s33\xe5\xec\xe90M\xd1\xfd\xbb\xdf\xedc\xd1\xbbI\xa3\xbdqU\x02\x00\x00\x00\x00\x00\x00\x00\xee\xb0\v\x84\xc7\xac\xec\x92t\x00\x00\x00\x92\x1a\f\xbbM\x1cG\xb8\xa4\x05\x16\x06\xb6\x1a\tL\xe3C$K~\xf7\xa1mt\x87E\xc4\xb6h\xf3\x8cG=&\xbd\xa16\xaa\xa2N\xac\xad,Q\x97\xd6\x15\xc46v\x9a\x97\xa6\xb9`\x03\x8ff,V\xe8\xeb\x8bJn\x12o\x8b\xe7K)+\xe0\x06\x8a\\\xfc\nw\xf8\x01\xc4\xd8\x97\xd2\x9cF\xda6F\xfa6I\x03o\xa7\x15&*\xf6Wn\xb9\x00~Y\x17:\x03\xef\xf9\x03\xe7\x8d\x16\\/\xe3\xfcV\x9d\xf2g\xbcFy\xca\x8a\x10*\xbdU#\x7f\xbb\'6\x9e\x1d\n\x19\xff[\x92n\xe1\x81q\xfe\x10\xfd\xa6pL\xc6\x0fN\x06&W\xa2\x9dPWp\x94r\xe2\x92X\x12\x87\xe5\x94\xb3Aa\xb1/\\\xde\x9c\x93\xf5(,u|\f`\x8e\x86\xeb\xcb\x18J+\xdcv\x894\x01\xd0\xc6\x95\xea^j(x\xa5\x9b\xd6f1\x9d\x8fcr\x18\x1fs%\x91~\x19@\x84!u\xc8u\x8aL\x021k\xb4\b\xbb_#A{dw<\xb9\x9dR\xef\xaf]\xe0\xca\xd9x\xdab7@\xfd\x0e\x94\xf8\xab\x8c\xf4\xf1\xb0\xd6\xbe\x8e,\xa2Y\x000F\xe6q\xe3~\xc9\xaa!\xf3\'UF\xf0\xc0\x11\x11\xc2\xc9\x93#K\xea\xc2c\xb9\xe7)\xa4\xd9X\xb9\xaay\xd1\xc7\xab\xe9F\xc6r5\xdf\xa0\'y\r\xbf\xbd\x97\x9d\x8aS\xdb\rF\x9e99\xb4\xf7\x8c\xf9\xca;\xef\xc7]\xa4\xdd<6wc5\xc6\xdeS\xe5*H\xed\xc8^a-\xe8\xb1\xc2\xca\xfa\t\xd0\\\xfc\xe9\x90\x83oj\xa9E\xfb\x8du\x94\x97\x1cF\x0f\xe9d\xf2\xe4\fc\xdf\xde\x1c\xd8u\x9b\xd7\x9c\x11\xbe\b\xb5\x1e\x04\xa0\xdc\xe1Oxu\xd7O#\n%\x89+\xcc\x9f\x8e\xb2:\xa0\xb0\xdc\xd1\xba\xbd@\xf4\x00\x00\xfd\aqn:\x83\x84N\x83K\xbf^\xd8&\xde\x14\x17\x9d\xcd\xed\x19\xd0\xc1$*K\b$\x12\xf3\x88#\xb1#\xb6RX\x11\x86X\x94\x84\x8e\xdd\x82b\x19b\x9fQ\x91\x98\x9e\xf7\xf6`\x03\xb3\x8a\x86\xf9\x00\x00\x00\x00\x00P\x00'/1066) 4.639200742s ago: executing program 4 (id=1109): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x0, 0x8, 0xffffffffffffffff, 0xf}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x0, 0x2, 0xffffffffffffffff, 0x1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000) write$eventfd(r3, &(0x7f0000000000), 0xfffffdef) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close(0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) eventfd2(0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x930, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0) 4.520179214s ago: executing program 1 (id=1110): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 4.140749479s ago: executing program 4 (id=1111): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x490, &(0x7f0000000000), 0x2, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r0, r1, 0x0) 3.607019227s ago: executing program 1 (id=1112): syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sndpcmp(&(0x7f0000000140), 0x3, 0x800) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r4, 0xc1004111, &(0x7f00000004c0)={0x2, [0x0, 0x5, 0x10], [{0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x40, 0x100, 0x0, 0x1}, {0x5, 0x80000001, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x80000000, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x10000, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x5, 0x1, 0x0, 0x1}, {0x6, 0x9, 0x1, 0x0, 0x1}, {0x7ff, 0x62, 0x0, 0x0, 0x1, 0x1}, {0x7, 0x1000, 0x0, 0x0, 0x0, 0x1}, {0x7, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x7, 0x1, 0x1, 0x1}], 0x4}) 3.574822298s ago: executing program 3 (id=1113): connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x2, @remote, 'ip_vti0\x00'}}, 0x1e) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x2, @broadcast, 'veth1_virt_wifi\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x200, @local, 'wg2\x00'}}) 3.510432348s ago: executing program 3 (id=1114): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0) read$msr(r0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$sock_int(r1, 0x1, 0x27, 0x0, &(0x7f0000002380)) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) fadvise64(r2, 0x18, 0x0, 0x4) 3.492658429s ago: executing program 2 (id=1115): sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x24040840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0xbcc, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x184, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x15c, 0x1, [@m_simple={0xcc, 0x1e, 0x0, 0x0, {{0xb}, {0xa0, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x68f6, 0x6, 0x2, 0x8, 0x9}}, @TCA_DEF_DATA={0x9, 0x3, '/-@@\x00'}, @TCA_DEF_DATA={0x3d, 0x3, '\x00\x94\xe4\xe2X\xce\xbar\x069\xf3\xff\x8d\x94\x1ao\xa1,\xa4\xc1\xcc\x1e\x9aS>\a\xd2R\x85\v\x80\xea\x1e\xc8W\xea\x99\xacos\x80\x1d\x8b\xd9`Ewb\xa5&iu@\xfd\x8c\xde\x00'}, @TCA_DEF_DATA={0x1e, 0x3, 'cpuacct.usage_percpu_user\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x4a66, 0x4, 0x3, 0x9}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_connmark={0x58, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x25, 0x6, "726786f34dc39a3b098ea66afe225634df06865f963558e69516e656d1b4d3ec4c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_csum={0x34, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x5, 0x6, 'J'}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}, @filter_kind_options=@f_route={{0xa}, {0x9f8, 0x2, [@TCA_ROUTE4_ACT={0x9f4, 0x6, [@m_ct={0x72c, 0xa, 0x0, 0x0, {{0x7}, {0x18, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private2}]}, {0x6ee, 0x6, "02b57f031a48371d0d95626908ee06e59a74e5346fd6d0450c2829dfd0d3a86b63667dc3ea64c74d904b322fd3056cf5870f9408e82530db15f7c22a85c4bcce78fede1c2a843d8589ecb2e5f28679665adefd637863095cbd4e8c754d0073bad37e8b61e45316d38204faee0f2cc12e9d6c1e515ab90063e87c7b0a2029b2cdf049a11a7ef160937ecf1d8a3eda456fc0535ab33b096cbdf53f96f56f58f85e3bdba3ad45cf6437138d35680144885b97c7b4bbd1fe81f4c14dca8561228c8ebe2c805772b8b94a8e264f42c321d964e6093fd4f9630d158bc8698c59d787d64f60464b471523ac804d8e19fd6d3936db7bbfae5837951966016325e406545366d40717dfeeb20b54a4cf483dcc319750478044019cc6e6f0d29e9af3516898532a9b509f97dedb2bdc3451d8b3af83d3188d45d7e2c9e898ae5c3cf82c457b301408e97b13d4f57985d512a0c908d8891e59e012d55d34f5366436166fa5f1405e9f8eda8e39dcb580925665fadff6328001e0c367464d84edb0fde37c1ef5d4105c8758056fdc405648b676e2744788f2e7e1054405e0ef68dc900d1d3c1beab00d1ff577b4d2cd20610e7b9aaffcf81c8a19169cca0738d3c641dd8bf579924b3971897ed6d2ee7467e2c30278d3a28211c95b59d6a17ce287feb5359ffb818f9d230d7a86e58891025cbee76ca146f08ceb0c8d9b2e2c6b6b5671e707e5a54efcdd393197da90c8a7964c4e7c9451f3b278dda61713352480db6dca88bc3fe13123386c19388b9738c3d7881a6b945eb7dae95c598384cc8fde8b7169c594799d6c74e0b3c0ff681fc146980968e0624c4e18b76afd091d42c7c922500a8e0922742949f36ac958a06c241c55406526920f65aad34504df5f632a0d65425cb044ec458ab4d699b61c83035071a605691945ac89e084d30281ce7b33b0ed46660e126643ca8fcda14dce17868396f9e8138682ffd472205a96ae0eee55837b837d6f6d2d704d0c32c1d66d9fba93e6b09d942b89e2be4f6a7e870c75d0681d439d90babced54709a6dc5d9fba55f4fdc42d92c79377c251f8771b4b746a77de99ed1ba70c4aebc61d36c9bf9439fad5a09cedcbb2559275b4d09b9d9dc3ac1d14b243196f0a63a856644fc472e6ec57eb52a874581a401f423929b5e5f69cbdaa9feef0c09dad013e58c4cc4a745405327f5a309fa19c2628e03c79bec6f3ce87a2c3dcbc2bfa1d8657f94fbbaa1520f4e2310f030e33d68f293bd8db4a86b017632a64386ff2138303817d991385beaf61cce0e734c84f6f214b048cba2ba0d529459817e5a0aa8142198830c3a0ba04721e7c377c0c531d7633ebc77c3f59976ed15bcdb89f2b3b1fba8ede487047c6440d6b37bf43abc30a5528c948fa34338f5999a6522159821f46981bd585a0525a2d4c09cddbc4c2b7ae215178f0f5dfc3850e14b059d862d020c64b43ec30802b46e8578fd8182a3b1f89173d5eae6cc924cb28d14cd8e3e110b31ad7ebcd39aa67e07386d88c1831c7a9b42b0fe63a2c2a50e2b0a360351e2790700a55a58c6b58c8b3b35453b6a577354aa4d933c3161273be48ae16af9db5243303d63ee6157d254dff8e322b3d34a1cb7f982833386902a29bb7b762bca1cd8f8490623db608effc70bcbb017bca9819e25b2f8566bfc81cf72b5a3b739adbab0ac05075c6b4bc47e87774c70de43e88e9a442e14716bda2e4118669efc7f94fddde987a8dc98e801e0685217db080e3040384868a9ca8b8915aa574033f5c43299f8bd88e57e791e382596679c281a6e03bf69178be59e4f697e0a1b420165ac107722e47f3724536c5f33343bf061e82fc240776fe2ded2843042591151b2245986887af71c2e71dd7e4b164a86dc9acac25a6355636c5ba807f5865d181ffb928d413ccf3bdc8a5029bd75059abfae7e8ef82a80265139f79719a80550b6f358a89c0a0d1c4c940ce52f73b3b52e7ef20fae1392eec3fb197d4a66b01a798b7c7838aebacc12ce2ab09f08c6287b42c423b022cb6c97d9971eb13d648151c6df79d9eefa75f69a92d444a77fd49a2aec947f3399360e83205fddcc04d9fe89e0aa925225629bbe6ba90bf95c89343c69df60b94f201ee72318998b2eb49a478b2a2f6437b83dd80d0b9d6cf17cc166eca74b51e267fdd328e13ab8ff2034557aa3068bff4e5d5e159b566d5aff7929a1a9ee10f93b13ae4620102edd29d4e9ecac26814e225dd30d4161e8ac9de541c89dbe7d139182518676a04080cb4435f4d0e8fc3715ff4918f5336f69722faf0af089798db087e127d656c0816a4efe728691ad98069e4fba7a3acba096c38cdd3e742f57c0aa60619b23417fe462ad3bc5a9559199263183da0167e14c5c2a89e01bfb53c9f81c052d018282ce29209c1ce965ae56a7cd1fd38808b0b82b9f591caa3b153659817cfcce1ff9c305d88ddbf5d606ee1507664213b0162190f80c63de19e24f8b5739e1d4"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_tunnel_key={0x7c, 0x15, 0x0, 0x0, {{0xf}, {0x4c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x6, 0x3, 0x8, 0xc, 0x81}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @rand_addr=0x64010102}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x170, 0x7, 0x0, 0x0, {{0x8}, {0x9c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x5}, @TCA_IFE_DMAC={0xa, 0x3, @link_local}, @TCA_IFE_METALST={0x3c, 0x6, [@IFE_META_TCINDEX={0x6, 0x5, @val=0xfff9}, @IFE_META_PRIO={0x8, 0x3, @val=0x6}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x3}, @IFE_META_TCINDEX={0x6, 0x5, @val=0xcda}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x3}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x2}]}, @TCA_IFE_TYPE={0x6, 0x5, 0x8}, @TCA_IFE_DMAC={0xa}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x2, 0x8, 0x4, 0x8}}}, @TCA_IFE_DMAC={0xa}, @TCA_IFE_SMAC={0xa, 0x4, @multicast}]}, {0xad, 0x6, "32e847f642fa5be5414cf48ecd51501662ebe464360285a0fe3f1a6bb164d64c929c2e775c84c25412f60ef8b959c9ad30af16af95595d05878a4a6077daa9d760d7976af5704a67d95e01dd31b7f59af63b84347aa34c99a2314454e8a4a92ee4bf848d47865bb9144b832ba50c6f0e5eb797bf39811a06026109f210333bf5328718ebaa102ec902e5797178ba834840c3d6e41f48e48bf0ae42751a0b176f2738a5fd471285e30e"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbmod={0xd8, 0x1a, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xe422, 0x4, 0x5, 0x7}, 0xe}}]}, {0x85, 0x6, "55abe99dbd7db41da2454ebdacd973131ae8a9b60686313b2d40c0322a7e0de66b6116a5ba3aee332d5fba451b20ae2103facc4974d375f8953d3a0de7bb92dab11078bd0bc5abb503d9b226f2448f7ef9a7d9592c1cb375cabe8b41b2f9372013210bb4ace41322a8f24e566b26c732e5ddb321bc94a64beb6e040e62cb786f03"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0xbcc}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 3.463183659s ago: executing program 3 (id=1116): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) 3.382228871s ago: executing program 2 (id=1117): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000040)={0xbe, 0x0, 0x8000000000000001}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000014d564b"]) 3.298928182s ago: executing program 4 (id=1118): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) truncate(&(0x7f0000000100)='./file0/file0\x00', 0x5) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) 3.142888774s ago: executing program 3 (id=1119): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) pipe(&(0x7f0000000000)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0) 2.07789057s ago: executing program 3 (id=1120): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x3b, 0x0, &(0x7f0000000240), &(0x7f0000000100)) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sg(0x0, 0x0, 0x5) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 1.894559792s ago: executing program 4 (id=1121): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e700", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) mmap$KVM_VCPU(&(0x7f0000fef000/0x3000)=nil, 0x930, 0x1000007, 0x12, r4, 0x0) r5 = eventfd2(0x0, 0x0) close(r5) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x30272, 0x0) write$eventfd(r5, &(0x7f0000000000), 0xfffffe1e) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x100b31, 0x0) 1.227705482s ago: executing program 4 (id=1122): r0 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, 0x0) 1.122140574s ago: executing program 3 (id=1123): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2041, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r1, 0x3000000, 0x12, r2, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000600)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0191e6d595bab8c4b500006490321db49c531a00000f01d967460f35"], 0x54}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x8, 0x1, 0x1, 0x0, 0x8, 0x5, 0x4, 0x72, 0x7, 0xfa, '\x00', 0x3}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = eventfd2(0x4, 0x80000) close(r6) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x9b2865eb3810f16a, 0x0) write$eventfd(r6, &(0x7f0000000200)=0x5, 0xfffffeb7) 1.040063065s ago: executing program 4 (id=1124): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0) r4 = fsopen(&(0x7f0000000100)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) mknodat$loop(r5, &(0x7f0000000040)='./file0\x00', 0x80, 0x1) 0s ago: executing program 1 (id=1125): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x19, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000", @ANYRES32], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x29, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0x0) kernel console output (not intermixed with test programs): T4170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.019460][ T4169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.053063][ T4180] team0: Port device team_slave_0 added [ 53.062160][ T4169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.080817][ T4171] team0: Port device team_slave_0 added [ 53.104341][ T4180] team0: Port device team_slave_1 added [ 53.126172][ T4171] team0: Port device team_slave_1 added [ 53.132563][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.139763][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.165820][ T4176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.188127][ T4170] device hsr_slave_0 entered promiscuous mode [ 53.194806][ T4170] device hsr_slave_1 entered promiscuous mode [ 53.206109][ T4169] team0: Port device team_slave_0 added [ 53.218831][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.225852][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.255675][ T4176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.286187][ T4169] team0: Port device team_slave_1 added [ 53.301415][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.308494][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.334600][ T4171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.347436][ T4180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.354394][ T4180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.380613][ T4180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.395339][ T4180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.402401][ T4180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.429650][ T4180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.454785][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.462297][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.489782][ T4171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.538098][ T4176] device hsr_slave_0 entered promiscuous mode [ 53.545402][ T4176] device hsr_slave_1 entered promiscuous mode [ 53.552991][ T4176] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.561259][ T4176] Cannot create hsr debugfs directory [ 53.578151][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.585759][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.613526][ T4169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.653385][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.660968][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.688583][ T4169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.713700][ T4171] device hsr_slave_0 entered promiscuous mode [ 53.721660][ T4171] device hsr_slave_1 entered promiscuous mode [ 53.729150][ T4171] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.737037][ T4171] Cannot create hsr debugfs directory [ 53.746206][ T4180] device hsr_slave_0 entered promiscuous mode [ 53.753116][ T4180] device hsr_slave_1 entered promiscuous mode [ 53.759764][ T4180] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.767603][ T4180] Cannot create hsr debugfs directory [ 53.807680][ T13] Bluetooth: hci1: command 0x0409 tx timeout [ 53.814647][ T13] Bluetooth: hci2: command 0x0409 tx timeout [ 53.821359][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 53.854724][ T4169] device hsr_slave_0 entered promiscuous mode [ 53.861984][ T4169] device hsr_slave_1 entered promiscuous mode [ 53.868514][ T4169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.876140][ T4169] Cannot create hsr debugfs directory [ 53.886618][ T13] Bluetooth: hci4: command 0x0409 tx timeout [ 53.887061][ T4160] Bluetooth: hci3: command 0x0409 tx timeout [ 54.063020][ T4170] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.098164][ T4170] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.127256][ T4170] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.152639][ T4170] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.209233][ T4176] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 54.218552][ T4176] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 54.241057][ T4176] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 54.279088][ T4176] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 54.289659][ T4171] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.303194][ T4171] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.327790][ T4171] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.351168][ T4171] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.362876][ T4169] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.371529][ T4169] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.388375][ T4170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.399029][ T4169] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.418499][ T4169] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.430541][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.440309][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.468700][ T4170] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.507641][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.516452][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.529116][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.536679][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.561070][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.586278][ T4180] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.604586][ T4180] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.614145][ T4180] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.630847][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.642720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.651305][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.658452][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.666104][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.690564][ T4176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.697750][ T4180] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.715035][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.765074][ T4171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.775720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.785504][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.795247][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.804259][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.813151][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.825495][ T4169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.844081][ T4171] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.859427][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.869344][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.878838][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.887218][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.894798][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.903585][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.919382][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.928897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.937479][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.946013][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.954930][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.962113][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.970872][ T4170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.983566][ T4176] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.996025][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.005561][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.013634][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.023888][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.033400][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.043061][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.050368][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.058484][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.075700][ T4169] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.090890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.102111][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.111853][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.119085][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.127869][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.136406][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.144756][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.151929][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.162593][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.175453][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.211148][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.225264][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.234796][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.241966][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.253500][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.262584][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.274138][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.282885][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.291806][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.313983][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.328908][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.343836][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.351005][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.367171][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.375980][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.385348][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.419763][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.430065][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.439365][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.449121][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.458005][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.466734][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.475346][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.485028][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.495723][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.505138][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.513952][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.522954][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.532809][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.541391][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.555518][ T4176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.565661][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.576443][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.602409][ T4180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.622534][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.632555][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.645068][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.655990][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.671136][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.680434][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.694248][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.704221][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.714926][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.729889][ T4170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.745324][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.757444][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.772130][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.803917][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.813384][ T4169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.847140][ T4180] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.886336][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.895013][ T4216] Bluetooth: hci0: command 0x041b tx timeout [ 55.907294][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.916085][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.926062][ T4216] Bluetooth: hci2: command 0x041b tx timeout [ 55.942160][ T4216] Bluetooth: hci1: command 0x041b tx timeout [ 55.952428][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.967161][ T4216] Bluetooth: hci3: command 0x041b tx timeout [ 55.975140][ T4216] Bluetooth: hci4: command 0x041b tx timeout [ 55.987494][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.994841][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.004424][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.013414][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.022058][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.029190][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.037721][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.054353][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.087758][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.095305][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.105608][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.113554][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.123801][ T4176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.174167][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.182784][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.190889][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.200982][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.211378][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.220234][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.229484][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.239609][ T4169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.259138][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.267989][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.276891][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.285342][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.296028][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.308215][ T4171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.325374][ T4170] device veth0_vlan entered promiscuous mode [ 56.339673][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.354976][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.363200][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.374071][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.383640][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.392897][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.411144][ T4170] device veth1_vlan entered promiscuous mode [ 56.424174][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.478419][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.490446][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.524352][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.535799][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.550242][ T4169] device veth0_vlan entered promiscuous mode [ 56.566330][ T4170] device veth0_macvtap entered promiscuous mode [ 56.584603][ T4171] device veth0_vlan entered promiscuous mode [ 56.591770][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.600312][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.609845][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.618690][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.627558][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.635622][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.644260][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.654276][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.662415][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.671314][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.679269][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.693873][ T4169] device veth1_vlan entered promiscuous mode [ 56.708501][ T4170] device veth1_macvtap entered promiscuous mode [ 56.733402][ T4171] device veth1_vlan entered promiscuous mode [ 56.751378][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.761685][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.778609][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.787942][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.796723][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.818532][ T4170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.856589][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.864642][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.875349][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.883640][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.893306][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.902267][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.911118][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.918816][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.926324][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.936019][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.944192][ T4176] device veth0_vlan entered promiscuous mode [ 56.953519][ T4170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.961957][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.972108][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.985910][ T4180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.998461][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.008799][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.020901][ T4170] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.030231][ T4170] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.039212][ T4170] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.048084][ T4170] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.068154][ T4169] device veth0_macvtap entered promiscuous mode [ 57.075628][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.084008][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.095302][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.106376][ T4171] device veth0_macvtap entered promiscuous mode [ 57.127285][ T4169] device veth1_macvtap entered promiscuous mode [ 57.135099][ T4171] device veth1_macvtap entered promiscuous mode [ 57.149105][ T4176] device veth1_vlan entered promiscuous mode [ 57.180140][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.190092][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.199403][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.211176][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.242919][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.257216][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.269780][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.284490][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.295565][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.305773][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.316421][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.331455][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.357037][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.366086][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.375973][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.384776][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.393789][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.403181][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.412143][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.430930][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.445713][ T4176] device veth0_macvtap entered promiscuous mode [ 57.467264][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.478489][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.492993][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.504366][ T4169] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.513364][ T4169] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.522407][ T4169] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.532012][ T4169] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.561653][ T4176] device veth1_macvtap entered promiscuous mode [ 57.569811][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.581194][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.591800][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.602522][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.614117][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.621942][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.630374][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.639335][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.649892][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.658944][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.670887][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.705126][ T4180] device veth0_vlan entered promiscuous mode [ 57.720159][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.731799][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.738841][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.743694][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.755594][ T4171] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.765028][ T4171] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.774202][ T4171] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.783198][ T4171] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.821714][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.830460][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.840337][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.854874][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.865608][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.878410][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.889604][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.899516][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.910384][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.922372][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.938122][ T4180] device veth1_vlan entered promiscuous mode [ 57.959303][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.969650][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.977711][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 57.978776][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.989395][ T7] Bluetooth: hci2: command 0x040f tx timeout [ 57.994110][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.998392][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.013642][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 58.018831][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.031814][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.042364][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.053067][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.063486][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 58.068399][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.069750][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 58.087165][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.099218][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.109753][ T4176] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.118901][ T4176] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.129107][ T4176] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.138090][ T4176] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.154523][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.163327][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.172160][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.222437][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.236698][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.245607][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.303762][ T4180] device veth0_macvtap entered promiscuous mode [ 58.331252][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.340621][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.351146][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.364699][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.379189][ T4180] device veth1_macvtap entered promiscuous mode [ 58.393160][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.401836][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.410870][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.437427][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.445344][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.497257][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.522121][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.556987][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.570133][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.584191][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.594403][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.598204][ T4255] Zero length message leads to an empty skb [ 58.605912][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.622395][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.633260][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.640141][ T4255] trusted_key: encrypted_key: insufficient parameters specified [ 58.645164][ T4180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.676223][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.704513][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.733810][ T4232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.750041][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.763299][ T4232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.877630][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.904748][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.968305][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.982802][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.994203][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.004716][ T4180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.016070][ T4180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.453516][ T4180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.753052][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.778685][ T4180] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.787755][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.821800][ T4180] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.831210][ T4180] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.841612][ T4180] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.880029][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.897495][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.913684][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.924553][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.016348][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 60.025627][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 60.073011][ T1108] Bluetooth: hci0: command 0x0419 tx timeout [ 60.087684][ T4232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.095709][ T4232] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.106559][ T1108] Bluetooth: hci2: command 0x0419 tx timeout [ 60.191416][ T1108] Bluetooth: hci1: command 0x0419 tx timeout [ 60.198880][ T4248] Bluetooth: hci3: command 0x0419 tx timeout [ 60.205011][ T4248] Bluetooth: hci4: command 0x0419 tx timeout [ 60.215223][ T4270] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 60.229184][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.246861][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 60.938045][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 60.947088][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 60.956117][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 60.965181][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #30a!!! [ 60.974152][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!! [ 61.061453][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 61.071956][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 61.605817][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.631266][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.655773][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.820834][ T4287] Failed to get privilege flags for destination (handle=0x2:0x7) [ 63.518442][ T4281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.756728][ T4281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.979238][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.330874][ T4304] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 65.756178][ T4317] trusted_key: encrypted_key: insufficient parameters specified [ 66.106875][ T4304] kvm [4303]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000 [ 66.132917][ T4304] kvm [4303]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0x0 [ 66.150434][ T4304] kvm [4303]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000 [ 66.426428][ T4334] kvm: pic: non byte write [ 71.044247][ T4372] UBIFS error (pid: 4372): cannot open "./file0", error -22 [ 71.047231][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.061310][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.277983][ T1108] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 71.816875][ T1108] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 72.578996][ T4384] ptrace attach of "./syz-executor exec"[4385] was attempted by "./syz-executor exec"[4384] [ 72.966968][ T1108] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 72.998497][ T4387] trusted_key: encrypted_key: insufficient parameters specified [ 73.003102][ T4373] block device autoloading is deprecated. It will be removed in Linux 5.19 [ 73.019259][ T1108] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 73.031872][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.067154][ T1108] usb 1-1: config 0 descriptor?? [ 73.110699][ T1108] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 73.118612][ T1108] dvb-usb: bulk message failed: -22 (3/0) [ 73.322766][ T4391] netlink: 16 bytes leftover after parsing attributes in process `syz.4.35'. [ 73.358684][ T25] audit: type=1326 audit(1750163717.393:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 73.413148][ T4391] netlink: 16 bytes leftover after parsing attributes in process `syz.4.35'. [ 73.798524][ T1108] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 73.847117][ T1108] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 73.875166][ T1108] usb 1-1: media controller created [ 73.880515][ T25] audit: type=1326 audit(1750163717.403:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 73.880558][ T25] audit: type=1326 audit(1750163717.403:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 73.931260][ T25] audit: type=1326 audit(1750163717.403:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 73.966925][ T1108] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 74.026779][ T25] audit: type=1326 audit(1750163717.413:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 74.037020][ T1108] dvb-usb: bulk message failed: -22 (6/0) [ 74.071168][ T1108] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 74.109036][ T25] audit: type=1326 audit(1750163717.413:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 74.148413][ T1108] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 74.157356][ T25] audit: type=1326 audit(1750163717.423:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 74.271704][ T1108] dvb-usb: schedule remote query interval to 150 msecs. [ 74.346389][ T25] audit: type=1326 audit(1750163717.503:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 74.385591][ T1108] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 74.480274][ T1108] usb 1-1: USB disconnect, device number 2 [ 76.377095][ T26] cfg80211: failed to load regulatory.db [ 76.392044][ T4214] Bluetooth: hci4: command 0x0405 tx timeout [ 76.466955][ T25] audit: type=1326 audit(1750163717.513:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 76.489644][ T25] audit: type=1326 audit(1750163717.513:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4388 comm="syz.4.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 77.724962][ T4409] sched: RT throttling activated [ 81.240123][ T1108] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 81.601588][ T4482] netlink: 24 bytes leftover after parsing attributes in process `syz.0.44'. [ 82.770206][ T4496] xt_ecn: cannot match TCP bits for non-tcp packets [ 83.939099][ T4218] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 84.102908][ T4508] netlink: 'syz.1.53': attribute type 4 has an invalid length. [ 84.377619][ T4218] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 84.390436][ T4218] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.405294][ T4218] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.419085][ T4218] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 84.524385][ T4521] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 84.827746][ T4218] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 84.847296][ T4218] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 84.885473][ T4218] usb 4-1: Manufacturer: syz [ 85.086386][ T4218] usb 4-1: config 0 descriptor?? [ 85.520439][ T4523] loop2: detected capacity change from 0 to 65 [ 85.609857][ T4523] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop2 [ 85.894455][ T4218] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 86.047871][ T4218] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 86.134615][ T4218] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 87.806301][ T4218] usb 4-1: USB disconnect, device number 2 [ 88.041067][ T4540] fido_id[4540]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 88.828100][ T4553] vivid-000: disconnect [ 88.846626][ T4553] vivid-000: reconnect [ 89.685617][ T25] kauditd_printk_skb: 12 callbacks suppressed [ 89.685665][ T25] audit: type=1326 audit(1750163733.773:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4559 comm="syz.3.69" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7146255929 code=0x0 [ 89.756366][ T4557] netlink: 'syz.1.68': attribute type 39 has an invalid length. [ 93.596884][ T4219] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 94.026724][ T4219] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 94.071900][ T4219] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 94.106932][ T4219] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 94.274938][ T4219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.335011][ T4597] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 94.828497][ T4609] UBIFS error (pid: 4609): cannot open "./file0", error -22 [ 96.166582][ T26] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 96.676696][ T25] audit: type=1326 audit(1750163740.743:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4596 comm="syz.1.77" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1d57490929 code=0x0 [ 96.698398][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.715923][ T4632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.87'. [ 98.063279][ T26] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 98.063385][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.063451][ T26] usb 5-1: Product: syz [ 98.063512][ T26] usb 5-1: Manufacturer: syz [ 98.063573][ T26] usb 5-1: SerialNumber: syz [ 98.640963][ T4219] usb 2-1: USB disconnect, device number 2 [ 98.650849][ T26] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 98.836406][ T1325] usb 5-1: USB disconnect, device number 2 [ 98.846615][ T4247] usb 5-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 98.896883][ T1325] usb 5-1: ath9k_htc: USB layer deinitialized [ 99.466887][ T4273] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 99.746728][ T4273] usb 1-1: Using ep0 maxpacket: 8 [ 99.876992][ T4273] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 99.908668][ T4273] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 100.024270][ T4273] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 100.062232][ T4273] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 100.105489][ T4273] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 100.123822][ T4273] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 100.133514][ T4273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.163416][ T25] audit: type=1326 audit(1750163744.253:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 100.230113][ T25] audit: type=1326 audit(1750163744.283:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 100.252950][ T25] audit: type=1326 audit(1750163744.333:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 100.350908][ T25] audit: type=1326 audit(1750163744.443:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 101.640307][ T25] audit: type=1326 audit(1750163744.503:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 101.737485][ T4273] usb 1-1: usb_control_msg returned -32 [ 101.743413][ T4273] usbtmc 1-1:16.0: can't read capabilities [ 101.798371][ T25] audit: type=1326 audit(1750163744.543:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4652 comm="syz.4.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ed95929 code=0x7ffc0000 [ 103.483250][ T1108] usb 1-1: USB disconnect, device number 3 [ 104.265841][ T4690] process 'syz.0.103' launched '/dev/fd/5' with NULL argv: empty string added [ 105.116966][ T4705] netdevsim netdevsim2: Direct firmware load for JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F failed with error -2 [ 105.136726][ T4705] netdevsim netdevsim2: Falling back to sysfs fallback for: JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F [ 105.663017][ T4273] kernel write not supported for file /72/clear_refs (pid: 4273 comm: kworker/0:10) [ 110.315879][ T4755] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 110.425782][ T4759] netlink: 20 bytes leftover after parsing attributes in process `syz.4.118'. [ 112.836849][ T4780] ======================================================= [ 112.836849][ T4780] WARNING: The mand mount option has been deprecated and [ 112.836849][ T4780] and is ignored by this kernel. Remove the mand [ 112.836849][ T4780] option from the mount to silence this warning. [ 112.836849][ T4780] ======================================================= [ 113.116695][ T1325] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 113.575315][ T4783] Process accounting resumed [ 113.737932][ T1325] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.792067][ T1325] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 113.812056][ T1325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.898125][ T1325] usb 1-1: config 0 descriptor?? [ 113.959447][ T1325] pwc: Askey VC010 type 2 USB webcam detected. [ 116.448839][ T1325] pwc: recv_control_msg error -32 req 02 val 2b00 [ 116.836937][ T1325] pwc: recv_control_msg error -71 req 02 val 2c00 [ 116.876843][ T1325] pwc: recv_control_msg error -71 req 04 val 1000 [ 116.966886][ T1325] pwc: recv_control_msg error -71 req 04 val 1300 [ 117.076831][ T1325] pwc: recv_control_msg error -71 req 04 val 1400 [ 117.171395][ T1325] pwc: recv_control_msg error -71 req 02 val 2000 [ 117.255847][ T1325] pwc: recv_control_msg error -71 req 02 val 2100 [ 117.356064][ T1325] pwc: recv_control_msg error -71 req 04 val 1500 [ 117.517878][ T1325] pwc: recv_control_msg error -71 req 02 val 2500 [ 117.607688][ T1325] pwc: recv_control_msg error -71 req 02 val 2400 [ 117.714838][ T4814] trusted_key: encrypted_key: key user:syz not found [ 118.191547][ T1325] pwc: recv_control_msg error -71 req 02 val 2600 [ 118.296728][ T1325] pwc: recv_control_msg error -71 req 02 val 2900 [ 118.317857][ T1325] pwc: recv_control_msg error -71 req 02 val 2800 [ 118.480178][ T1325] pwc: recv_control_msg error -71 req 04 val 1100 [ 118.607020][ T1325] pwc: recv_control_msg error -71 req 04 val 1200 [ 118.708442][ T1325] pwc: Registered as video103. [ 118.715175][ T1325] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7 [ 119.677860][ T1325] usb 1-1: USB disconnect, device number 4 [ 119.804739][ T4828] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 120.332060][ T4838] netlink: 'syz.3.149': attribute type 1 has an invalid length. [ 120.656568][ T4832] syz.4.147 (4832) used greatest stack depth: 21152 bytes left [ 120.815099][ T4823] loop1: detected capacity change from 0 to 32768 [ 120.886782][ T1325] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 121.147896][ T1325] usb 3-1: Using ep0 maxpacket: 8 [ 121.386627][ T1325] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 121.394964][ T1325] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 121.457686][ T1325] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 121.467992][ T1325] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 121.478347][ T1325] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 121.492559][ T1325] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 121.501963][ T1325] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.866824][ T1325] usb 3-1: GET_CAPABILITIES returned 0 [ 121.891569][ T1325] usbtmc 3-1:16.0: can't read capabilities [ 122.527171][ T4218] Bluetooth: hci0: command 0x1407 tx timeout [ 124.026665][ T4288] usb 3-1: USB disconnect, device number 2 [ 124.330789][ T4880] Failed to get privilege flags for destination (handle=0x2:0x7) [ 129.579425][ T4912] Failed to get privilege flags for destination (handle=0x2:0x7) [ 132.478723][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.485112][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.127397][ T4929] Failed to get privilege flags for destination (handle=0x2:0x7) [ 135.832938][ T4962] Failed to get privilege flags for destination (handle=0x2:0x7) [ 137.986508][ T13] Bluetooth: hci0: command 0x040e tx timeout [ 139.184390][ T4976] Failed to get privilege flags for destination (handle=0x2:0x7) [ 140.052020][ T4980] netlink: 56 bytes leftover after parsing attributes in process `syz.1.192'. [ 140.484041][ T4995] Failed to get privilege flags for destination (handle=0x2:0x7) [ 140.486517][ T4288] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 141.249378][ T1325] Bluetooth: hci0: command 0x040e tx timeout [ 142.845354][ T5009] Failed to get privilege flags for destination (handle=0x2:0x7) [ 142.966653][ T4288] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 145.211964][ T4288] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 145.226964][ T4288] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 145.236545][ T4288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.251404][ T4288] usb 4-1: config 0 descriptor?? [ 145.276650][ T4288] usb 4-1: can't set config #0, error -71 [ 145.287036][ T4288] usb 4-1: USB disconnect, device number 3 [ 145.329756][ T5019] overlayfs: conflicting options: userxattr,metacopy=on [ 147.037078][ T5033] Failed to get privilege flags for destination (handle=0x2:0x7) [ 150.756115][ T5063] Failed to get privilege flags for destination (handle=0x2:0x7) [ 154.968780][ T5115] Failed to get privilege flags for destination (handle=0x2:0x7) [ 156.455914][ T5129] loop3: detected capacity change from 0 to 256 [ 156.738932][ T5129] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 157.097965][ T2240] Bluetooth: hci0: command 0x040e tx timeout [ 158.089125][ T5154] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 158.862056][ T5120] loop2: detected capacity change from 0 to 32768 [ 158.937324][ T5162] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 161.064210][ T5175] Failed to get privilege flags for destination (handle=0x2:0x7) [ 164.053720][ T5185] tipc: Started in network mode [ 164.060069][ T5185] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 164.067697][ T5185] tipc: Enabled bearer , priority 0 [ 165.034698][ T5210] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 165.208535][ T4247] tipc: Node number set to 11578026 [ 167.106934][ T5233] tipc: Started in network mode [ 167.112118][ T5233] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 167.119515][ T5233] tipc: Enabled bearer , priority 0 [ 167.292054][ T5204] loop4: detected capacity change from 0 to 32768 [ 167.375643][ T5242] Failed to get privilege flags for destination (handle=0x2:0x7) [ 168.364700][ T2240] tipc: Node number set to 11578026 [ 169.648511][ T5249] device team0 entered promiscuous mode [ 169.654612][ T5249] device team_slave_0 entered promiscuous mode [ 169.688850][ T5249] device team_slave_1 entered promiscuous mode [ 169.708681][ T5248] device team0 left promiscuous mode [ 169.714383][ T5248] device team_slave_0 left promiscuous mode [ 169.751642][ T5248] device team_slave_1 left promiscuous mode [ 172.692510][ T5288] Failed to get privilege flags for destination (handle=0x2:0x7) [ 175.242313][ T5286] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 175.446110][ T5296] loop2: detected capacity change from 0 to 256 [ 178.762881][ T5336] Failed to get privilege flags for destination (handle=0x2:0x7) [ 179.847049][ T5353] syz.2.306 uses obsolete (PF_INET,SOCK_PACKET) [ 181.021336][ T5381] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 182.731816][ T5395] Failed to get privilege flags for destination (handle=0x2:0x7) [ 187.276520][ T5431] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 189.475050][ T5461] Failed to get privilege flags for destination (handle=0x2:0x7) [ 190.610927][ T4465] wlan1: Trigger new scan to find an IBSS to join [ 191.556924][ T5482] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.569698][ T5483] netlink: 20 bytes leftover after parsing attributes in process `syz.1.344'. [ 192.636678][ T5485] raw_sendmsg: syz.3.346 forgot to set AF_INET. Fix it! [ 192.812963][ T5487] Set syz1 is full, maxelem 1038 reached [ 192.984701][ T5498] Failed to get privilege flags for destination (handle=0x2:0x7) [ 193.894185][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.487997][ T4443] wlan1: Creating new IBSS network, BSSID e6:fb:35:10:d6:c7 [ 196.443421][ T5520] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'. [ 196.573705][ T5520] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.594710][ T5527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.360'. [ 197.617096][ T5520] device bridge_slave_1 left promiscuous mode [ 197.624689][ T5520] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.643347][ T5034] Bluetooth: hci0: command 0x040e tx timeout [ 198.040398][ T5542] Failed to get privilege flags for destination (handle=0x2:0x7) [ 201.800536][ T5565] netlink: 60 bytes leftover after parsing attributes in process `syz.1.376'. [ 202.081419][ T5568] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 203.231414][ T5584] Failed to get privilege flags for destination (handle=0x2:0x7) [ 206.833800][ T5595] syz.1.382 (5595) used greatest stack depth: 18592 bytes left [ 207.112893][ T5611] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 209.197770][ T5640] Failed to get privilege flags for destination (handle=0x2:0x7) [ 209.834534][ T5646] device wg1 entered promiscuous mode [ 212.075594][ T5683] Failed to get privilege flags for destination (handle=0x2:0x7) [ 212.413416][ T5684] netlink: 24 bytes leftover after parsing attributes in process `syz.3.410'. [ 214.772767][ T5731] Failed to get privilege flags for destination (handle=0x2:0x7) [ 217.141515][ T5728] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 217.762599][ T5764] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 217.823533][ T5767] netlink: 'syz.0.438': attribute type 9 has an invalid length. [ 217.879972][ T5767] netlink: 32 bytes leftover after parsing attributes in process `syz.0.438'. [ 221.422701][ T5805] loop4: detected capacity change from 0 to 65 [ 221.591268][ T5805] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4 [ 221.628451][ T5819] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 221.822657][ T4214] Bluetooth: hci0: command 0x040e tx timeout [ 223.561075][ T4281] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 225.316307][ T5862] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12 [ 225.411362][ T5867] loop1: detected capacity change from 0 to 65 [ 225.539036][ T5867] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop1 [ 229.707671][ T4214] hid-generic 0005:0C45:000B.0002: item fetching failed at offset 0/1 [ 229.758460][ T4214] hid-generic: probe of 0005:0C45:000B.0002 failed with error -22 [ 234.220372][ T5957] Failed to get privilege flags for destination (handle=0x2:0x7) [ 235.662840][ T5962] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input13 [ 236.075907][ T5974] netlink: 20 bytes leftover after parsing attributes in process `syz.0.498'. [ 238.332153][ T6000] loop3: detected capacity change from 0 to 256 [ 239.192847][ T6015] Failed to get privilege flags for destination (handle=0x2:0x7) [ 240.317920][ T6017] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14 [ 242.714509][ T6040] netlink: 20 bytes leftover after parsing attributes in process `syz.2.515'. [ 243.730434][ T6051] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 243.995811][ T6061] Failed to get privilege flags for destination (handle=0x2:0x7) [ 246.892396][ T6080] netlink: 20 bytes leftover after parsing attributes in process `syz.0.531'. [ 248.631575][ T6099] loop4: detected capacity change from 0 to 65 [ 248.771836][ T6099] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4 [ 248.977457][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 250.846603][ T4273] Bluetooth: hci0: command 0x0c20 tx timeout [ 250.926281][ T6124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 251.107873][ T6124] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 251.494123][ T6133] netlink: 20 bytes leftover after parsing attributes in process `syz.2.546'. [ 252.182934][ T6142] loop1: detected capacity change from 0 to 65 [ 252.280569][ T6142] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop1 [ 252.444961][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 252.454920][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 252.463512][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 252.501854][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 254.573831][ T6174] netlink: 20 bytes leftover after parsing attributes in process `syz.1.560'. [ 254.725230][ T4281] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 254.935423][ T6180] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 255.330372][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.034269][ T6199] loop4: detected capacity change from 0 to 65 [ 256.062242][ T6199] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4 [ 256.726457][ C0] hrtimer: interrupt took 52570 ns [ 258.926596][ T6222] netlink: 20 bytes leftover after parsing attributes in process `syz.0.576'. [ 259.286257][ T6237] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 259.783326][ T6246] netlink: 76 bytes leftover after parsing attributes in process `syz.3.587'. [ 261.620564][ T6287] netlink: 20 bytes leftover after parsing attributes in process `syz.4.597'. [ 261.741848][ T6289] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 261.960980][ T6236] loop2: detected capacity change from 0 to 32768 [ 263.372704][ T6321] netlink: 20 bytes leftover after parsing attributes in process `syz.3.612'. [ 263.957198][ T6331] Failed to get privilege flags for destination (handle=0x2:0x7) [ 265.929903][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.616'. [ 267.067109][ T6355] loop3: detected capacity change from 0 to 65 [ 267.233414][ T6355] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop3 [ 270.949511][ T6407] loop4: detected capacity change from 0 to 65 [ 271.010208][ T6407] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4 [ 272.040899][ T6423] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.643'. [ 272.794210][ T6429] loop4: detected capacity change from 0 to 512 [ 272.987482][ T6427] loop3: detected capacity change from 0 to 4096 [ 273.109501][ T6429] FAT-fs (loop4): Unrecognized mount option "01777777777777777777777" or missing value [ 274.132320][ T6427] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x000000000000ee01,delalloc,,errors=continue. Quota mode: writeback. [ 274.188074][ T25] audit: type=1800 audit(1750163918.283:32): pid=6427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.644" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 276.320947][ T6501] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.653'. [ 276.337942][ T6501] netlink: 36 bytes leftover after parsing attributes in process `syz.4.653'. [ 276.619829][ T6505] netlink: 'syz.4.656': attribute type 4 has an invalid length. [ 277.836681][ T4218] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 278.141537][ T6509] loop2: detected capacity change from 0 to 32768 [ 278.256563][ T4218] usb 2-1: Using ep0 maxpacket: 16 [ 278.509532][ T4218] usb 2-1: config 0 has no interfaces? [ 278.797543][ T4218] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 278.965377][ T4218] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.503994][ T4218] usb 2-1: Product: syz [ 280.546054][ T4218] usb 2-1: Manufacturer: syz [ 280.558555][ T4218] usb 2-1: SerialNumber: syz [ 280.587818][ T4218] usb 2-1: config 0 descriptor?? [ 280.640408][ T4218] usb 2-1: can't set config #0, error -71 [ 281.463843][ T6546] loop1: detected capacity change from 0 to 32768 [ 281.484526][ T4218] usb 2-1: USB disconnect, device number 3 [ 281.547501][ T6546] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.668 (6546) [ 281.605674][ T6546] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 281.615488][ T6546] BTRFS info (device loop1): enabling disk space caching [ 281.623247][ T6546] BTRFS info (device loop1): doing ref verification [ 281.629896][ T6546] BTRFS info (device loop1): use zlib compression, level 3 [ 281.637136][ T6546] BTRFS info (device loop1): force clearing of disk cache [ 281.644282][ T6546] BTRFS info (device loop1): setting nodatacow, compression disabled [ 281.652685][ T6546] BTRFS info (device loop1): doing ref verification [ 281.659523][ T6546] BTRFS info (device loop1): disk space caching is enabled [ 281.666766][ T6546] BTRFS info (device loop1): has skinny extents [ 282.615074][ T6546] BTRFS info (device loop1): enabling ssd optimizations [ 282.628209][ T6546] BTRFS info (device loop1): clearing free space tree [ 282.674268][ T6546] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 282.684185][ T6546] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 283.001763][ T6581] sp0: Synchronizing with TNC [ 284.333334][ T6592] Failed to get privilege flags for destination (handle=0x2:0x7) [ 285.576146][ T5755] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop1 scanned by udevd (5755) [ 286.014033][ T4406] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 288.871258][ T6622] netlink: 3 bytes leftover after parsing attributes in process `syz.1.684'. [ 290.754054][ T6637] loop4: detected capacity change from 0 to 1024 [ 291.698489][ T6637] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=ignore,mb_optimize_scan=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 291.835091][ T25] audit: type=1800 audit(1750163935.923:33): pid=6646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.689" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 291.923442][ T6651] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15 [ 291.951453][ T25] audit: type=1804 audit(1750163935.983:34): pid=6637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.689" name="/newroot/144/bus/bus" dev="loop4" ino=18 res=1 errno=0 [ 292.080839][ T6659] loop3: detected capacity change from 0 to 65 [ 292.155800][ T6659] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop3 [ 292.199894][ T6665] loop8: detected capacity change from 0 to 16384 [ 292.220491][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 292.323562][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 292.360038][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 292.442558][ T6663] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 292.486981][ T6666] loop_set_status: loop8 () has still dirty pages (nrpages=129) [ 292.498787][ T6663] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 293.138757][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 293.182853][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 293.224513][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 293.231799][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 293.266168][ T6663] hsr0 speed is unknown, defaulting to 1000 [ 293.291653][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 293.384498][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 293.451237][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 293.529239][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 294.403164][ T6681] loop1: detected capacity change from 0 to 128 [ 294.447817][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 294.484030][ T6681] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 294.600036][ T6681] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 294.617933][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 294.695915][ T6685] Invalid ELF header type: 65535 != 1 [ 295.368489][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 295.524878][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 295.657695][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 295.665940][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 295.715172][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 295.734478][ T6675] device bridge_slave_0 left promiscuous mode [ 295.747036][ T6675] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.014328][ T6675] device bridge_slave_1 left promiscuous mode [ 296.083301][ T6675] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.461485][ T6675] bond0: (slave bond_slave_0): Releasing backup interface [ 296.572047][ T6675] bond0: (slave bond_slave_1): Releasing backup interface [ 296.658889][ T6703] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 296.770649][ T6675] team0: Port device team_slave_0 removed [ 296.863185][ T6675] team0: Port device team_slave_1 removed [ 296.895231][ T6675] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.931422][ T6675] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.980794][ T6675] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.040254][ T6675] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.111913][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 297.152402][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 297.198411][ T6675] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 297.240958][ T4465] tipc: Resetting bearer [ 297.289249][ T6710] netlink: 4 bytes leftover after parsing attributes in process `syz.4.712'. [ 299.577992][ T6725] loop3: detected capacity change from 0 to 32768 [ 300.271762][ T6725] XFS (loop3): Mounting V5 Filesystem [ 300.439437][ T6725] XFS (loop3): Ending clean mount [ 300.828888][ T6767] loop6: detected capacity change from 0 to 524287999 [ 300.896887][ C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 102 prio class 0 [ 300.940945][ C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 300.952180][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 300.960118][ C0] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 301.020321][ C1] blk_update_request: I/O error, dev loop6, sector 524287744 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 301.032173][ C1] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 302.748511][ T4180] XFS (loop3): Unmounting Filesystem [ 302.902096][ T6789] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 303.026555][ T6600] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 303.398079][ T6600] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.475206][ T6600] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.608372][ T6600] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 303.720191][ T6600] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.891176][ T6600] usb 3-1: config 0 descriptor?? [ 304.485706][ T6600] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 304.724146][ T6600] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 304.990368][ T6600] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0003/input/input16 [ 305.099644][ T6600] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 305.391645][ T6600] usb 3-1: USB disconnect, device number 3 [ 306.447643][ T6819] fido_id[6819]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 306.846995][ T6831] netlink: 'syz.3.752': attribute type 4 has an invalid length. [ 306.864287][ T6834] loop2: detected capacity change from 0 to 256 [ 306.936686][ T4160] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 307.072801][ T6834] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 307.376833][ T4160] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 307.490388][ T6841] 9pnet_virtio: no channels available for device ./file0/file0 [ 307.499898][ T6841] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 307.506800][ T6841] PKCS7: Only support pkcs7_signedData type [ 307.884691][ T4160] usb 2-1: config 0 interface 0 has no altsetting 0 [ 308.217038][ T4160] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 308.226547][ T4160] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 308.236867][ T4160] usb 2-1: Product: syz [ 308.251240][ T4160] usb 2-1: Manufacturer: syz [ 308.256068][ T4160] usb 2-1: SerialNumber: syz [ 308.263584][ T4160] usb 2-1: config 0 descriptor?? [ 308.859277][ T4160] usb 2-1: selecting invalid altsetting 0 [ 310.992041][ T6899] 9pnet_virtio: no channels available for device ./file0/file0 [ 311.001689][ T6899] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 311.008982][ T6899] PKCS7: Only support pkcs7_signedData type [ 311.257084][ T6898] loop4: detected capacity change from 0 to 1024 [ 312.177372][ T6600] usb 2-1: USB disconnect, device number 4 [ 312.437635][ T6898] EXT4-fs (loop4): Ignoring removed nobh option [ 312.444161][ T6898] EXT4-fs (loop4): Ignoring removed bh option [ 313.591353][ T6898] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 317.398543][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.406956][ T4465] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 317.453351][ T6898] EXT4-fs warning (device loop4): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop4. [ 323.412344][ T6953] loop3: detected capacity change from 0 to 256 [ 324.755340][ T6953] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 327.173231][ T6984] loop4: detected capacity change from 0 to 256 [ 329.170691][ T1108] libceph: connect (1)[c::]:6789 error -101 [ 329.177644][ T1108] libceph: mon0 (1)[c::]:6789 connect error [ 329.218565][ T1108] libceph: connect (1)[c::]:6789 error -101 [ 329.227545][ T1108] libceph: mon0 (1)[c::]:6789 connect error [ 329.276840][ T6997] loop3: detected capacity change from 0 to 512 [ 329.529766][ T4216] libceph: connect (1)[c::]:6789 error -101 [ 330.051383][ T6985] ceph: No mds server is up or the cluster is laggy [ 330.083803][ T4216] libceph: mon0 (1)[c::]:6789 connect error [ 330.133135][ T7002] loop4: detected capacity change from 0 to 65 [ 330.309102][ T7002] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4 [ 331.252248][ T6997] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 331.719376][ T6997] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 331.749858][ T13] libceph: connect (1)[c::]:6789 error -101 [ 331.795595][ T13] libceph: mon0 (1)[c::]:6789 connect error [ 331.796471][ T7017] loop1: detected capacity change from 0 to 256 [ 331.949522][ T25] audit: type=1800 audit(1750163976.043:35): pid=6997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.793" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 332.023077][ T7017] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 333.473029][ T7045] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 336.568295][ T7061] binder: 7060:7061 ioctl 4018620d 0 returned -22 [ 336.593650][ T7063] loop4: detected capacity change from 0 to 512 [ 336.689105][ T7065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.812'. [ 336.858332][ T7063] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 336.946689][ T7063] ext4 filesystem being mounted at /173/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 336.974777][ T25] audit: type=1800 audit(1750163981.063:36): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.811" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 337.071512][ T7073] loop1: detected capacity change from 0 to 256 [ 337.185844][ T7073] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 337.803956][ T7086] loop2: detected capacity change from 0 to 1024 [ 337.870621][ T7086] EXT4-fs (loop2): Ignoring removed orlov option [ 337.940869][ T7086] EXT4-fs (loop2): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 339.908620][ T7118] loop3: detected capacity change from 0 to 256 [ 340.977144][ T7118] exfat: Unknown parameter 'sys_tz' [ 341.846621][ T13] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 343.496626][ T13] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 343.601564][ T13] usb 5-1: config 0 interface 0 has no altsetting 0 [ 343.639266][ T7149] input: syz1 as /devices/virtual/input/input17 [ 343.813506][ T13] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 343.875377][ T13] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 343.883789][ T13] usb 5-1: Product: syz [ 343.889646][ T13] usb 5-1: Manufacturer: syz [ 343.895929][ T13] usb 5-1: SerialNumber: syz [ 343.923336][ T13] usb 5-1: config 0 descriptor?? [ 343.981693][ T13] usb 5-1: selecting invalid altsetting 0 [ 344.100873][ T13] usb 5-1: USB disconnect, device number 3 [ 344.425494][ T5617] udevd[5617]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 344.670058][ T6597] Bluetooth: hci0: command 0x0406 tx timeout [ 347.366622][ T1108] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 348.706092][ T1108] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 348.763046][ T1108] usb 3-1: config 0 interface 0 has no altsetting 0 [ 348.938272][ T1108] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 348.976487][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 349.919708][ T4443] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 350.144272][ T7250] loop1: detected capacity change from 0 to 256 [ 350.755415][ T1108] usb 3-1: Product: syz [ 350.766425][ T1108] usb 3-1: Manufacturer: syz [ 350.790658][ T1108] usb 3-1: SerialNumber: syz [ 350.872282][ T1108] usb 3-1: config 0 descriptor?? [ 350.936678][ T1108] usb 3-1: can't set config #0, error -71 [ 350.969061][ T1108] usb 3-1: USB disconnect, device number 4 [ 357.056972][ T7310] netlink: 14 bytes leftover after parsing attributes in process `syz.4.877'. [ 357.159187][ T7310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.236641][ T7310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.305229][ T7310] bond0 (unregistering): Released all slaves [ 357.672767][ T7313] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 358.618197][ T6599] Bluetooth: hci0: command 0x040e tx timeout [ 359.373126][ T7335] binder: 7330:7335 ioctl c0306201 0 returned -14 [ 361.905143][ T7357] loop3: detected capacity change from 0 to 1024 [ 362.641854][ T7357] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 362.726740][ T7357] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 362.793693][ T7361] loop2: detected capacity change from 0 to 32768 [ 363.203384][ T7361] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.894 (7361) [ 363.289864][ T7361] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 363.376637][ T7361] BTRFS info (device loop2): using free space tree [ 363.395875][ T7361] BTRFS info (device loop2): has skinny extents [ 364.508932][ T7379] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 364.526569][ T7379] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 364.695190][ T7361] BTRFS info (device loop2): enabling ssd optimizations [ 365.138622][ T7413] netlink: 20 bytes leftover after parsing attributes in process `syz.0.902'. [ 367.219155][ T7423] loop3: detected capacity change from 0 to 512 [ 367.503842][ T7423] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e028, mo2=0002] [ 367.584899][ T7423] System zones: 1-12 [ 367.820482][ T7423] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 33261: comm syz.3.907: invalid block [ 368.269472][ T7423] EXT4-fs (loop3): Remounting filesystem read-only [ 368.346794][ T7423] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.907: invalid indirect mapped block 8 (level 2) [ 368.384606][ T7432] netlink: 'syz.4.911': attribute type 21 has an invalid length. [ 368.407490][ T7432] IPv6: NLM_F_CREATE should be specified when creating new route [ 368.527312][ C0] Unknown status report in ack skb [ 368.565222][ T7423] EXT4-fs (loop3): Remounting filesystem read-only [ 368.602653][ T7423] EXT4-fs (loop3): 1 truncate cleaned up [ 368.624149][ T7423] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_dev=0x0000000000000008,data_err=ignore,noinit_itable,sysvgroups,errors=remount-ro,. Quota mode: none. [ 368.985563][ T7453] netlink: 20 bytes leftover after parsing attributes in process `syz.2.916'. [ 369.004919][ T7455] capability: warning: `syz.3.907' uses deprecated v2 capabilities in a way that may be insecure [ 369.296564][ T5545] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 369.507953][ T7461] loop4: detected capacity change from 0 to 512 [ 371.006259][ T7461] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.918: casefold flag without casefold feature [ 371.033592][ T7461] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.918: couldn't read orphan inode 15 (err -117) [ 371.047709][ T7461] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 371.723065][ T5545] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 371.753613][ T5545] usb 2-1: config 0 interface 0 has no altsetting 0 [ 371.818801][ T7470] [U] M٭q& K4 [ 371.833103][ T7469] [U] [)U}ǔJ}Nsef* nZf[F_h'W"x~;vA [ 372.876941][ T5545] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 372.886184][ T5545] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 372.894552][ T5545] usb 2-1: Product: syz [ 372.898907][ T5545] usb 2-1: Manufacturer: syz [ 372.926147][ T5545] usb 2-1: config 0 descriptor?? [ 372.947432][ T5545] usb 2-1: can't set config #0, error -71 [ 372.966728][ T5545] usb 2-1: USB disconnect, device number 5 [ 373.610500][ T7480] loop4: detected capacity change from 0 to 8192 [ 373.695942][ T7484] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input18 [ 374.352044][ T7480] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 374.376870][ T7480] REISERFS (device loop4): using ordered data mode [ 374.383461][ T7480] reiserfs: using flush barriers [ 374.444787][ T7472] loop2: detected capacity change from 0 to 8 [ 374.464387][ T7480] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 374.487048][ T7472] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 374.593889][ T7480] REISERFS (device loop4): checking transaction log (loop4) [ 374.654489][ T7480] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.6* [0 0 0x0 SD], item_len 0, item_location 4052, free_space(entry_count) 11 [ 374.736545][ T7480] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 374.766596][ T7480] REISERFS (device loop4): Remounting filesystem read-only [ 374.780684][ T7480] REISERFS error (device loop4): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 374.910126][ T7499] loop2: detected capacity change from 0 to 256 [ 375.053724][ T7499] FAT-fs (loop2): Directory bread(block 64) failed [ 375.087023][ T7499] FAT-fs (loop2): Directory bread(block 65) failed [ 375.093669][ T7499] FAT-fs (loop2): Directory bread(block 66) failed [ 375.140129][ T7499] FAT-fs (loop2): Directory bread(block 67) failed [ 375.160659][ T7499] FAT-fs (loop2): Directory bread(block 68) failed [ 375.167692][ T4216] Bluetooth: hci1: command 0x0406 tx timeout [ 375.191367][ T7499] FAT-fs (loop2): Directory bread(block 69) failed [ 375.215797][ T7499] FAT-fs (loop2): Directory bread(block 70) failed [ 375.240104][ T7499] FAT-fs (loop2): Directory bread(block 71) failed [ 375.260252][ T7499] FAT-fs (loop2): Directory bread(block 72) failed [ 375.281171][ T7499] FAT-fs (loop2): Directory bread(block 73) failed [ 375.373637][ T7498] loop3: detected capacity change from 0 to 65536 [ 375.634262][ T7498] XFS (loop3): Mounting V5 Filesystem [ 375.815779][ T7508] hsr0 speed is unknown, defaulting to 1000 [ 375.983817][ T7498] XFS (loop3): Ending clean mount [ 377.553233][ T6598] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x18d/0x250, xfs_agf block 0x1 [ 377.570016][ T6598] XFS (loop3): Unmount and run xfs_repair [ 377.575969][ T6598] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 377.585500][ T6598] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 377.594967][ T6598] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 377.604420][ T6598] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 377.613793][ T6598] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 377.623163][ T6598] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 377.632535][ T6598] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 377.642077][ T6598] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 377.677727][ T6598] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 377.745178][ T7523] XFS (loop3): metadata I/O error in "xfs_read_agf+0x23c/0x500" at daddr 0x1 len 1 error 74 [ 377.767376][ T7523] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x514/0x8a0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 377.782458][ T7523] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 377.806706][ T4216] Bluetooth: hci2: command 0x0409 tx timeout [ 377.872620][ T7532] bridge0: port 3(ipvlan2) entered blocking state [ 377.885441][ T7532] bridge0: port 3(ipvlan2) entered disabled state [ 378.024658][ T4180] XFS (loop3): Unmounting Filesystem [ 378.109854][ T7508] chnl_net:caif_netlink_parms(): no params data found [ 378.231171][ T4288] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 378.240016][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.718483][ T4288] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 378.946034][ T4288] usb 5-1: config 0 interface 0 has no altsetting 0 [ 378.958588][ T7542] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input19 [ 379.227917][ T7549] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 379.256641][ T4288] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 379.265733][ T4288] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 379.293054][ T4288] usb 5-1: Product: syz [ 379.305052][ T4288] usb 5-1: Manufacturer: syz [ 379.324510][ T7551] loop1: detected capacity change from 0 to 256 [ 379.333696][ T4288] usb 5-1: SerialNumber: syz [ 379.349527][ T7508] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.363475][ T7508] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.373491][ T4288] usb 5-1: config 0 descriptor?? [ 379.387447][ T7508] device bridge_slave_0 entered promiscuous mode [ 379.407635][ T7508] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.415130][ T7508] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.432757][ T7508] device bridge_slave_1 entered promiscuous mode [ 379.507349][ T7552] delete_channel: no stack [ 379.512323][ T7551] FAT-fs (loop1): Directory bread(block 64) failed [ 379.519580][ T7551] FAT-fs (loop1): Directory bread(block 65) failed [ 379.522647][ T4288] usb 5-1: selecting invalid altsetting 0 [ 379.557772][ T7551] FAT-fs (loop1): Directory bread(block 66) failed [ 379.567909][ T7551] FAT-fs (loop1): Directory bread(block 67) failed [ 379.603234][ T7551] FAT-fs (loop1): Directory bread(block 68) failed [ 379.632333][ T7508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.649004][ T7508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 379.662170][ T7551] FAT-fs (loop1): Directory bread(block 69) failed [ 379.675272][ T7551] FAT-fs (loop1): Directory bread(block 70) failed [ 379.684176][ T7551] FAT-fs (loop1): Directory bread(block 71) failed [ 379.738962][ T7551] FAT-fs (loop1): Directory bread(block 72) failed [ 379.745804][ T7551] FAT-fs (loop1): Directory bread(block 73) failed [ 379.889928][ T7508] team0: Port device team_slave_0 added [ 379.897006][ T13] Bluetooth: hci2: command 0x041b tx timeout [ 380.689210][ T7508] team0: Port device team_slave_1 added [ 380.773917][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 380.781326][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.807790][ T7508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 380.851375][ T7508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 380.859313][ T7508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.888650][ T7508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.977880][ T7508] device hsr_slave_0 entered promiscuous mode [ 380.985250][ T7508] device hsr_slave_1 entered promiscuous mode [ 380.992353][ T7508] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 381.003379][ T7508] Cannot create hsr debugfs directory [ 381.213331][ T7569] loop2: detected capacity change from 0 to 32768 [ 381.253001][ T7508] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.340202][ T7573] mmap: syz.2.951 (7573) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 381.402154][ T7508] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.485925][ T7577] loop2: detected capacity change from 0 to 8 [ 381.527578][ T7577] squashfs: Unknown parameter '00000000000000000000' [ 381.540158][ T7508] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.612889][ T7508] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.793607][ T4216] usb 5-1: USB disconnect, device number 4 [ 381.967379][ T13] Bluetooth: hci2: command 0x040f tx timeout [ 382.163722][ T7580] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input20 [ 382.884666][ T4443] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 383.271845][ T7591] loop2: detected capacity change from 0 to 2048 [ 383.392152][ T7591] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 383.529107][ T7508] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 383.566113][ T7508] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 383.585586][ T7508] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 383.603563][ T7508] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 384.478792][ T1108] Bluetooth: hci2: command 0x0419 tx timeout [ 384.849440][ T7508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.874003][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 384.943624][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 385.404379][ T7508] 8021q: adding VLAN 0 to HW filter on device team0 [ 385.846530][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 385.854985][ T4218] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 385.902621][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 385.912560][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.919718][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 385.982516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 386.057200][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 386.236592][ T4218] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 386.377322][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.384452][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 386.753531][ T4218] usb 3-1: config 0 interface 0 has no altsetting 0 [ 386.773222][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 386.796213][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 386.812447][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 386.823145][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 386.844640][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 386.874876][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 386.892176][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 386.913744][ T7508] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 386.926671][ T4218] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 386.934938][ T7508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 386.952298][ T4218] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 386.979323][ T4218] usb 3-1: Product: syz [ 386.985121][ T7631] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input21 [ 386.999937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 387.013381][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 387.022158][ T4218] usb 3-1: Manufacturer: syz [ 387.032080][ T4218] usb 3-1: SerialNumber: syz [ 387.043033][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 387.057445][ T4218] usb 3-1: config 0 descriptor?? [ 387.074502][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 387.087397][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 387.096230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 387.110637][ T4218] usb 3-1: selecting invalid altsetting 0 [ 387.532459][ T7622] loop3: detected capacity change from 0 to 40427 [ 388.075965][ T4443] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 388.119363][ T4443] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 388.255826][ T7508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 388.649448][ T6464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 389.386675][ T6464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 389.445867][ T4219] usb 3-1: USB disconnect, device number 5 [ 389.532578][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 389.569083][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 389.644578][ T7508] device veth0_vlan entered promiscuous mode [ 389.653879][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 389.678128][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 389.691478][ T7508] device veth1_vlan entered promiscuous mode [ 389.844419][ T7508] device veth0_macvtap entered promiscuous mode [ 389.926699][ T7508] device veth1_macvtap entered promiscuous mode [ 389.936240][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 389.957224][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 390.146971][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 390.364212][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 390.670373][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.680979][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.691201][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.701671][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.711529][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.736388][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.906822][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.946954][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.230169][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 391.251702][ T7673] loop3: detected capacity change from 0 to 512 [ 391.608443][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 391.648366][ T7673] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 391.681331][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 391.709586][ T7673] EXT4-fs (loop3): Unrecognized mount option "euid<00000000000000000000" or missing value [ 391.722238][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.753331][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.777905][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.793644][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.847343][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.884751][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.915225][ T7508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.936570][ T7508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.949383][ T7508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 391.966243][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 391.976026][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 391.995185][ T7508] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.204839][ T7508] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.244918][ T7508] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.316394][ T7692] Cannot find add_set index 0 as target [ 393.250260][ T7508] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.796837][ T26] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 394.138258][ T6472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.215572][ T6472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.377227][ T26] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 394.428001][ T26] usb 4-1: config 0 interface 0 has no altsetting 0 [ 394.515156][ T7708] loop4: detected capacity change from 0 to 128 [ 394.542064][ T4443] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 394.562577][ T4443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.583674][ T4443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.607212][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 394.678587][ T7708] qnx6: invalid mount options. [ 394.696866][ T26] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 395.517213][ T26] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 395.525686][ T26] usb 4-1: Product: syz [ 395.529976][ T26] usb 4-1: Manufacturer: syz [ 395.534720][ T26] usb 4-1: SerialNumber: syz [ 395.541336][ T26] usb 4-1: config 0 descriptor?? [ 395.589430][ T26] usb 4-1: selecting invalid altsetting 0 [ 395.611430][ T7718] netlink: 16 bytes leftover after parsing attributes in process `syz.2.995'. [ 395.658661][ T7722] loop4: detected capacity change from 0 to 256 [ 396.014038][ T7722] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 397.837114][ T6598] usb 4-1: USB disconnect, device number 4 [ 397.944358][ T4472] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.733435][ T4472] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.053261][ T4472] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.343862][ T7758] hsr0 speed is unknown, defaulting to 1000 [ 399.907239][ T7768] batman_adv: batadv0: Adding interface: ip6gretap1 [ 399.946577][ T7768] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.987131][ T7768] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 400.124634][ T4472] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.229148][ T7772] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 400.244369][ T7772] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 400.286316][ T7772] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 400.311900][ T7772] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 400.334937][ T7772] batman_adv: batadv0: Removing interface: ip6gretap1 [ 402.044837][ T4272] Bluetooth: hci2: command 0x0409 tx timeout [ 402.111659][ T7795] loop4: detected capacity change from 0 to 64 [ 403.261584][ T7758] chnl_net:caif_netlink_parms(): no params data found [ 403.531617][ T7819] loop3: detected capacity change from 0 to 512 [ 403.645122][ T7819] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.1022: casefold flag without casefold feature [ 403.679250][ T7819] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1022: couldn't read orphan inode 15 (err -117) [ 403.697405][ T7819] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 403.990963][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.012197][ T7758] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.040947][ T7758] device bridge_slave_0 entered promiscuous mode [ 404.116690][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.126504][ T4218] Bluetooth: hci2: command 0x041b tx timeout [ 404.168390][ T7758] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.195634][ T7758] device bridge_slave_1 entered promiscuous mode [ 404.439346][ T7758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 404.479228][ T7758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.909527][ T7758] team0: Port device team_slave_0 added [ 406.115659][ T7758] team0: Port device team_slave_1 added [ 406.317750][ T7758] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.318150][ T4272] Bluetooth: hci2: command 0x040f tx timeout [ 406.356611][ T7758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.358734][ T7835] loop4: detected capacity change from 0 to 128 [ 406.396173][ T7758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.404505][ T7862] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 406.442495][ T7758] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.467261][ T7758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.516845][ T7835] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 406.531416][ T7758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.556241][ T7835] ext4 filesystem being mounted at /220/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 406.774621][ T7758] device hsr_slave_0 entered promiscuous mode [ 406.797615][ T7758] device hsr_slave_1 entered promiscuous mode [ 406.822757][ T7758] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 406.852409][ T7758] Cannot create hsr debugfs directory [ 407.369935][ T4472] device hsr_slave_0 left promiscuous mode [ 407.377277][ T4472] device hsr_slave_1 left promiscuous mode [ 407.384132][ T4472] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.419957][ T4472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.453619][ T4472] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.462764][ T7882] loop3: detected capacity change from 0 to 1024 [ 407.487854][ T4472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.504917][ T4472] device bridge_slave_1 left promiscuous mode [ 407.523506][ T4472] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.541743][ T7882] EXT4-fs (loop3): Ignoring removed orlov option [ 407.703567][ T7882] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 407.862193][ T4472] device bridge_slave_0 left promiscuous mode [ 407.939318][ T4472] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.401046][ T4272] Bluetooth: hci2: command 0x0419 tx timeout [ 408.470418][ T4472] device veth1_macvtap left promiscuous mode [ 408.478757][ T4472] device veth0_macvtap left promiscuous mode [ 408.485201][ T4472] device veth1_vlan left promiscuous mode [ 408.491561][ T4472] device veth0_vlan left promiscuous mode [ 410.035641][ T4472] team0 (unregistering): Port device team_slave_1 removed [ 410.054323][ T4472] team0 (unregistering): Port device team_slave_0 removed [ 410.070408][ T4472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 410.168775][ T7910] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 410.359638][ T4472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 410.825477][ T4472] bond0 (unregistering): Released all slaves [ 411.172030][ T7918] device syzkaller0 entered promiscuous mode [ 411.186152][ T7927] loop2: detected capacity change from 0 to 256 [ 411.323849][ T7927] FAT-fs (loop2): Directory bread(block 64) failed [ 411.377119][ T7927] FAT-fs (loop2): Directory bread(block 65) failed [ 411.424164][ T7927] FAT-fs (loop2): Directory bread(block 66) failed [ 411.480765][ T7927] FAT-fs (loop2): Directory bread(block 67) failed [ 411.544869][ T7927] FAT-fs (loop2): Directory bread(block 68) failed [ 411.599144][ T7927] FAT-fs (loop2): Directory bread(block 69) failed [ 411.648513][ T7927] FAT-fs (loop2): Directory bread(block 70) failed [ 411.666533][ T7927] FAT-fs (loop2): Directory bread(block 71) failed [ 411.673166][ T7927] FAT-fs (loop2): Directory bread(block 72) failed [ 411.693100][ T7927] FAT-fs (loop2): Directory bread(block 73) failed [ 412.288583][ T7937] loop3: detected capacity change from 0 to 1024 [ 412.335231][ T7937] EXT4-fs (loop3): Ignoring removed orlov option [ 412.431253][ T7937] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 414.873431][ T7981] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 414.921206][ T7758] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 415.766115][ T7758] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 415.846812][ T7758] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 415.897394][ T7758] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 417.890402][ T7758] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.912372][ T7758] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.063622][ T7758] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 418.753562][ T7758] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 418.996775][ T8031] Failed to get privilege flags for destination (handle=0x2:0x7) [ 420.383325][ T8024] loop2: detected capacity change from 0 to 1024 [ 420.404506][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 420.425385][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 420.638593][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 420.797575][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 420.946503][ T4406] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.953623][ T4406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.030329][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 421.039295][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 421.049645][ T4406] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.056788][ T4406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.065016][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 421.074917][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 421.084787][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 421.094113][ T4219] Bluetooth: hci0: command 0x040e tx timeout [ 421.119515][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 421.139131][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 421.168938][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 421.207830][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 421.358363][ T8044] loop2: detected capacity change from 0 to 40427 [ 421.547427][ T8044] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff [ 421.556294][ T8044] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4 [ 421.569488][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 421.577929][ T8044] F2FS-fs (loop2): invalid crc value [ 421.586280][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 421.599452][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 421.610732][ T8044] F2FS-fs (loop2): Found nat_bits in checkpoint [ 421.644166][ T8044] F2FS-fs (loop2): Start checkpoint disabled! [ 421.672647][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 421.699766][ T8044] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 421.744679][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 421.797323][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 423.141341][ T8063] loop4: detected capacity change from 0 to 512 [ 423.259525][ T4429] attempt to access beyond end of device [ 423.259525][ T4429] loop2: rw=2049, want=40976, limit=40427 [ 423.313055][ T8063] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 423.385140][ T8063] UDF-fs: Scanning with blocksize 512 failed [ 423.523746][ T8070] Failed to get privilege flags for destination (handle=0x2:0x7) [ 423.579763][ T8063] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 423.714463][ T8063] UDF-fs: Scanning with blocksize 1024 failed [ 423.900870][ T8063] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 424.047633][ T8063] UDF-fs: Scanning with blocksize 2048 failed [ 424.261390][ T8063] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 424.389465][ T7758] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.403277][ T8063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 424.433004][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 424.448499][ T8063] UDF-fs: error (device loop4): udf_read_inode: (ino 30) failed !bh [ 424.478524][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 424.493245][ T8063] UDF-fs: error (device loop4): udf_fill_super: Error in udf_iget, block=2, partition=0 [ 424.585961][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 424.602893][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 424.685210][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 424.707438][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 424.727214][ T7758] device veth0_vlan entered promiscuous mode [ 424.746501][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 424.772286][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 424.798945][ T7758] device veth1_vlan entered promiscuous mode [ 424.858406][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 424.877406][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 424.885688][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 424.901459][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 424.915313][ T7758] device veth0_macvtap entered promiscuous mode [ 424.942649][ T7758] device veth1_macvtap entered promiscuous mode [ 425.062204][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.126399][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.272409][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.296395][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.316463][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.340410][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.362208][ T7758] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.378751][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.390274][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.401844][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.413369][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.423379][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.467345][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.480249][ T7758] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.493611][ T7758] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.503027][ T7758] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.512399][ T7758] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.522328][ T7758] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.568380][ T4281] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 426.415616][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 426.424157][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 426.433800][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 426.444580][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 426.455325][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 426.464929][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 426.957637][ T8127] loop1: detected capacity change from 0 to 2048 [ 427.779256][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.801819][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.872591][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 427.881778][ T4443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.897976][ T4443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.936625][ T8127] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 428.019192][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 428.040319][ T8144] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1098'. [ 430.400635][ T8183] hsr0 speed is unknown, defaulting to 1000 [ 431.000215][ T8198] loop4: detected capacity change from 0 to 2048 [ 431.129897][ T8198] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 431.186744][ T6598] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 431.218925][ T8216] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 431.236292][ T4472] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.407371][ T8220] loop4: detected capacity change from 0 to 1024 [ 431.478352][ T8220] EXT4-fs (loop4): Ignoring removed orlov option [ 431.505292][ T4472] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.619150][ T8220] EXT4-fs (loop4): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 431.746554][ T6598] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 431.790586][ T8183] chnl_net:caif_netlink_parms(): no params data found [ 432.172912][ T4472] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.402775][ T6598] usb 2-1: config 0 interface 0 has no altsetting 0 [ 432.411118][ T26] Bluetooth: hci2: command 0x0409 tx timeout [ 432.584591][ T4472] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.792256][ T6598] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 432.810591][ T6598] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 432.819060][ T6598] usb 2-1: Product: syz [ 432.823250][ T6598] usb 2-1: Manufacturer: syz [ 432.827935][ T6598] usb 2-1: SerialNumber: syz [ 432.834592][ T6598] usb 2-1: config 0 descriptor?? [ 432.887998][ T8234] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1120'. [ 432.902731][ T6598] usb 2-1: selecting invalid altsetting 0 [ 433.272545][ T8183] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.330246][ T8183] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.428183][ T8183] device bridge_slave_0 entered promiscuous mode [ 433.485499][ T8183] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.506523][ T8183] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.552414][ T8183] device bridge_slave_1 entered promiscuous mode [ 433.725361][ T8183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.992988][ T8183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.477156][ T4272] Bluetooth: hci2: command 0x041b tx timeout [ 434.513780][ T4288] usb 2-1: USB disconnect, device number 6 [ 434.526902][ C1] ================================================================== [ 434.535748][ C1] BUG: KASAN: use-after-free in rose_timer_expiry+0x470/0x490 [ 434.543337][ C1] Read of size 2 at addr ffff88806086102a by task dhcpcd-run-hook/8231 [ 434.551769][ C1] [ 434.554109][ C1] CPU: 1 PID: 8231 Comm: dhcpcd-run-hook Not tainted 5.15.185-syzkaller #0 [ 434.562697][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 434.572762][ C1] Call Trace: [ 434.576044][ C1] [ 434.578887][ C1] dump_stack_lvl+0x168/0x230 [ 434.583571][ C1] ? show_regs_print_info+0x20/0x20 [ 434.588765][ C1] ? _printk+0xcc/0x110 [ 434.592921][ C1] ? rose_timer_expiry+0x470/0x490 [ 434.598041][ C1] ? load_image+0x3b0/0x3b0 [ 434.602548][ C1] print_address_description+0x60/0x2d0 [ 434.608104][ C1] ? rose_timer_expiry+0x470/0x490 [ 434.613224][ C1] kasan_report+0xdf/0x130 [ 434.617661][ C1] ? rose_timer_expiry+0x470/0x490 [ 434.622783][ C1] rose_timer_expiry+0x470/0x490 [ 434.627812][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 434.632838][ C1] call_timer_fn+0x16c/0x530 [ 434.637430][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 434.642540][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 434.648525][ C1] ? __run_timers+0x7c0/0x7c0 [ 434.653239][ C1] ? rcu_is_watching+0x11/0xa0 [ 434.657999][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 434.663302][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 434.668500][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 434.673522][ C1] __run_timers+0x525/0x7c0 [ 434.678033][ C1] ? detach_timer+0x2b0/0x2b0 [ 434.682702][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 434.688682][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 434.693618][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 434.698991][ C1] run_timer_softirq+0x63/0xf0 [ 434.703754][ C1] handle_softirqs+0x328/0x820 [ 434.708612][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 434.713465][ C1] ? do_softirq+0x200/0x200 [ 434.717968][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 434.723171][ C1] __irq_exit_rcu+0x12f/0x220 [ 434.727982][ C1] ? irq_exit_rcu+0x20/0x20 [ 434.732494][ C1] irq_exit_rcu+0x5/0x20 [ 434.736738][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 434.742472][ C1] [ 434.745400][ C1] [ 434.748325][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 434.754306][ C1] RIP: 0010:_raw_write_unlock_irq+0x25/0x40 [ 434.760206][ C1] Code: f6 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 5e 91 b1 f7 48 89 df e8 36 6e b2 f7 e8 71 0a d3 f7 fb bf 01 00 00 00 56 8a a6 f7 65 8b 05 f7 99 57 76 85 c0 74 02 5b c3 e8 a4 a4 55 [ 434.779807][ C1] RSP: 0018:ffffc90003fe78b0 EFLAGS: 00000282 [ 434.785883][ C1] RAX: 5a1e19a370c41d00 RBX: ffffffff8be0a040 RCX: 5a1e19a370c41d00 [ 434.793946][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: 0000000000000001 [ 434.801919][ C1] RBP: ffffc90003fe79f0 R08: dffffc0000000000 R09: fffffbfff1ad157e [ 434.809886][ C1] R10: fffffbfff1ad157e R11: 1ffffffff1ad157d R12: dffffc0000000000 [ 434.817977][ C1] R13: ffff888029be5280 R14: ffff88802b019dc0 R15: ffff88802b019dc0 [ 434.825958][ C1] release_task+0x13e6/0x15a0 [ 434.830645][ C1] ? wait_consider_task+0x18d2/0x2df0 [ 434.836021][ C1] ? delayed_put_task_struct+0x260/0x260 [ 434.841656][ C1] ? task_gtime+0xb3/0x1f0 [ 434.846072][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 434.851278][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 434.856651][ C1] wait_consider_task+0x18d2/0x2df0 [ 434.861867][ C1] ? do_wait+0x2f8/0xac0 [ 434.866109][ C1] ? child_wait_callback+0x230/0x230 [ 434.871387][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 434.877279][ C1] ? _raw_spin_unlock+0x40/0x40 [ 434.882132][ C1] do_wait+0x2f8/0xac0 [ 434.886209][ C1] kernel_wait4+0x1ab/0x270 [ 434.890710][ C1] ? __ia32_sys_waitid+0xc0/0xc0 [ 434.895641][ C1] ? handle_mm_fault+0x2b8f/0x43c0 [ 434.900751][ C1] ? kernel_waitid+0x370/0x370 [ 434.905606][ C1] __x64_sys_wait4+0x130/0x1e0 [ 434.910380][ C1] ? kernel_wait+0x160/0x160 [ 434.914979][ C1] ? lock_chain_count+0x20/0x20 [ 434.919963][ C1] ? vtime_user_exit+0x2dc/0x400 [ 434.924903][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 434.930118][ C1] do_syscall_64+0x4c/0xa0 [ 434.934528][ C1] ? clear_bhb_loop+0x30/0x80 [ 434.939202][ C1] ? clear_bhb_loop+0x30/0x80 [ 434.943893][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 434.949871][ C1] RIP: 0033:0x7f05a643c407 [ 434.954287][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 434.974100][ C1] RSP: 002b:00007ffd3e873400 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 434.982862][ C1] RAX: ffffffffffffffda RBX: 00007f05a62ecc80 RCX: 00007f05a643c407 [ 434.990916][ C1] RDX: 0000000000000000 RSI: 00007ffd3e87346c RDI: ffffffffffffffff [ 434.998882][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 435.006942][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00005649c07134c0 [ 435.014994][ C1] R13: 0000000000000001 R14: 00005649c070b910 R15: 00007f05a6656460 [ 435.022974][ C1] [ 435.025990][ C1] [ 435.028306][ C1] Allocated by task 6108: [ 435.032776][ C1] __kasan_kmalloc+0xb5/0xf0 [ 435.037366][ C1] rose_add_node+0x227/0xdb0 [ 435.041955][ C1] rose_rt_ioctl+0x9db/0xe20 [ 435.046551][ C1] rose_ioctl+0x27a/0x790 [ 435.050965][ C1] sock_do_ioctl+0xd3/0x2f0 [ 435.055554][ C1] sock_ioctl+0x4ed/0x6e0 [ 435.059965][ C1] __se_sys_ioctl+0xfa/0x170 [ 435.064554][ C1] do_syscall_64+0x4c/0xa0 [ 435.068967][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 435.074948][ C1] [ 435.077266][ C1] Last potentially related work creation: [ 435.082968][ C1] kasan_save_stack+0x35/0x60 [ 435.087648][ C1] kasan_record_aux_stack+0xb8/0x100 [ 435.093021][ C1] insert_work+0x54/0x3d0 [ 435.097520][ C1] __queue_work+0x9c5/0xd50 [ 435.102017][ C1] call_timer_fn+0x16c/0x530 [ 435.106598][ C1] __run_timers+0x550/0x7c0 [ 435.111125][ C1] run_timer_softirq+0x63/0xf0 [ 435.115912][ C1] handle_softirqs+0x328/0x820 [ 435.120688][ C1] __irq_exit_rcu+0x12f/0x220 [ 435.125361][ C1] irq_exit_rcu+0x5/0x20 [ 435.129610][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 435.135509][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 435.141759][ C1] [ 435.144103][ C1] The buggy address belongs to the object at ffff888060861000 [ 435.144103][ C1] which belongs to the cache kmalloc-512 of size 512 [ 435.158595][ C1] The buggy address is located 42 bytes inside of [ 435.158595][ C1] 512-byte region [ffff888060861000, ffff888060861200) [ 435.171895][ C1] The buggy address belongs to the page: [ 435.177521][ C1] page:ffffea0001821800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060861000 pfn:0x60860 [ 435.188976][ C1] head:ffffea0001821800 order:2 compound_mapcount:0 compound_pincount:0 [ 435.197390][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 435.205491][ C1] raw: 00fff00000010200 ffffea0001e89608 ffffea0001836208 ffff888016841c80 [ 435.214246][ C1] raw: ffff888060861000 000000000010000f 00000001ffffffff 0000000000000000 [ 435.222827][ C1] page dumped because: kasan: bad access detected [ 435.229332][ C1] page_owner tracks the page as allocated [ 435.235126][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4169, ts 54914762992, free_ts 12002959925 [ 435.254401][ C1] get_page_from_freelist+0x1b77/0x1c60 [ 435.259967][ C1] __alloc_pages+0x1e1/0x470 [ 435.264573][ C1] new_slab+0xc0/0x4b0 [ 435.268652][ C1] ___slab_alloc+0x81e/0xdf0 [ 435.273243][ C1] __kmalloc+0x1cd/0x330 [ 435.277493][ C1] fib6_info_alloc+0x2e/0xe0 [ 435.282108][ C1] ip6_route_info_create+0x44f/0x1210 [ 435.287482][ C1] addrconf_f6i_alloc+0x1b9/0x3f0 [ 435.292507][ C1] ipv6_add_addr+0x438/0xde0 [ 435.297105][ C1] inet6_addr_add+0x43a/0x9c0 [ 435.301779][ C1] inet6_rtm_newaddr+0x5d7/0x840 [ 435.306719][ C1] rtnetlink_rcv_msg+0x9b9/0xe60 [ 435.311655][ C1] netlink_rcv_skb+0x1e0/0x430 [ 435.316421][ C1] netlink_unicast+0x77c/0x920 [ 435.321177][ C1] netlink_sendmsg+0x8ab/0xbc0 [ 435.326025][ C1] __sys_sendto+0x423/0x580 [ 435.330526][ C1] page last free stack trace: [ 435.335190][ C1] free_unref_page_prepare+0x637/0x6c0 [ 435.340648][ C1] free_unref_page+0x94/0x280 [ 435.345318][ C1] free_contig_range+0x96/0xf0 [ 435.350084][ C1] destroy_args+0xef/0x8b0 [ 435.354507][ C1] debug_vm_pgtable+0x318/0x370 [ 435.359350][ C1] do_one_initcall+0x1ee/0x680 [ 435.364210][ C1] do_initcall_level+0x137/0x1f0 [ 435.369149][ C1] do_initcalls+0x4b/0x90 [ 435.373474][ C1] kernel_init_freeable+0x3ce/0x560 [ 435.378868][ C1] kernel_init+0x19/0x1b0 [ 435.383190][ C1] ret_from_fork+0x1f/0x30 [ 435.387602][ C1] [ 435.389930][ C1] Memory state around the buggy address: [ 435.395559][ C1] ffff888060860f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 435.403613][ C1] ffff888060860f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 435.411671][ C1] >ffff888060861000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.419726][ C1] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 435.425092][ C1] ffff888060861080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.433544][ C1] ffff888060861100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.441615][ C1] ================================================================== [ 435.449671][ C1] Disabling lock debugging due to kernel taint [ 435.455909][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 435.463385][ C1] CPU: 1 PID: 8231 Comm: dhcpcd-run-hook Tainted: G B 5.15.185-syzkaller #0 [ 435.473482][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 435.483752][ C1] Call Trace: [ 435.487053][ C1] [ 435.489919][ C1] dump_stack_lvl+0x168/0x230 [ 435.494625][ C1] ? show_regs_print_info+0x20/0x20 [ 435.499937][ C1] ? load_image+0x3b0/0x3b0 [ 435.504645][ C1] panic+0x2c9/0x7f0 [ 435.508558][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 435.513087][ C1] ? _raw_spin_unlock_irqrestore+0xa5/0x100 [ 435.519089][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 435.525005][ C1] ? _raw_spin_unlock+0x40/0x40 [ 435.529887][ C1] ? print_memory_metadata+0x314/0x400 [ 435.535369][ C1] ? rose_timer_expiry+0x470/0x490 [ 435.540513][ C1] check_panic_on_warn+0x80/0xa0 [ 435.545765][ C1] ? rose_timer_expiry+0x470/0x490 [ 435.551186][ C1] end_report+0x6d/0xf0 [ 435.555458][ C1] kasan_report+0x102/0x130 [ 435.560086][ C1] ? rose_timer_expiry+0x470/0x490 [ 435.565239][ C1] rose_timer_expiry+0x470/0x490 [ 435.570291][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 435.575342][ C1] call_timer_fn+0x16c/0x530 [ 435.580075][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 435.585127][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 435.591227][ C1] ? __run_timers+0x7c0/0x7c0 [ 435.595941][ C1] ? rcu_is_watching+0x11/0xa0 [ 435.600715][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 435.605942][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 435.611162][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 435.616322][ C1] __run_timers+0x525/0x7c0 [ 435.620839][ C1] ? detach_timer+0x2b0/0x2b0 [ 435.625538][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 435.631535][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 435.636582][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 435.642015][ C1] run_timer_softirq+0x63/0xf0 [ 435.646887][ C1] handle_softirqs+0x328/0x820 [ 435.651689][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 435.656724][ C1] ? do_softirq+0x200/0x200 [ 435.661265][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 435.666504][ C1] __irq_exit_rcu+0x12f/0x220 [ 435.671205][ C1] ? irq_exit_rcu+0x20/0x20 [ 435.675738][ C1] irq_exit_rcu+0x5/0x20 [ 435.680004][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 435.685662][ C1] [ 435.688709][ C1] [ 435.691663][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 435.697664][ C1] RIP: 0010:_raw_write_unlock_irq+0x25/0x40 [ 435.703579][ C1] Code: f6 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 5e 91 b1 f7 48 89 df e8 36 6e b2 f7 e8 71 0a d3 f7 fb bf 01 00 00 00 56 8a a6 f7 65 8b 05 f7 99 57 76 85 c0 74 02 5b c3 e8 a4 a4 55 [ 435.723199][ C1] RSP: 0018:ffffc90003fe78b0 EFLAGS: 00000282 [ 435.729247][ C1] RAX: 5a1e19a370c41d00 RBX: ffffffff8be0a040 RCX: 5a1e19a370c41d00 [ 435.737198][ C1] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: 0000000000000001 [ 435.745161][ C1] RBP: ffffc90003fe79f0 R08: dffffc0000000000 R09: fffffbfff1ad157e [ 435.753319][ C1] R10: fffffbfff1ad157e R11: 1ffffffff1ad157d R12: dffffc0000000000 [ 435.761270][ C1] R13: ffff888029be5280 R14: ffff88802b019dc0 R15: ffff88802b019dc0 [ 435.769224][ C1] release_task+0x13e6/0x15a0 [ 435.773890][ C1] ? wait_consider_task+0x18d2/0x2df0 [ 435.779262][ C1] ? delayed_put_task_struct+0x260/0x260 [ 435.784871][ C1] ? task_gtime+0xb3/0x1f0 [ 435.789275][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 435.794484][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 435.799656][ C1] wait_consider_task+0x18d2/0x2df0 [ 435.804830][ C1] ? do_wait+0x2f8/0xac0 [ 435.809048][ C1] ? child_wait_callback+0x230/0x230 [ 435.814307][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 435.820177][ C1] ? _raw_spin_unlock+0x40/0x40 [ 435.825007][ C1] do_wait+0x2f8/0xac0 [ 435.829057][ C1] kernel_wait4+0x1ab/0x270 [ 435.833548][ C1] ? __ia32_sys_waitid+0xc0/0xc0 [ 435.838456][ C1] ? handle_mm_fault+0x2b8f/0x43c0 [ 435.843642][ C1] ? kernel_waitid+0x370/0x370 [ 435.848379][ C1] __x64_sys_wait4+0x130/0x1e0 [ 435.853215][ C1] ? kernel_wait+0x160/0x160 [ 435.857870][ C1] ? lock_chain_count+0x20/0x20 [ 435.862852][ C1] ? vtime_user_exit+0x2dc/0x400 [ 435.867877][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 435.873103][ C1] do_syscall_64+0x4c/0xa0 [ 435.877503][ C1] ? clear_bhb_loop+0x30/0x80 [ 435.882160][ C1] ? clear_bhb_loop+0x30/0x80 [ 435.887038][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 435.892966][ C1] RIP: 0033:0x7f05a643c407 [ 435.897384][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 435.917261][ C1] RSP: 002b:00007ffd3e873400 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 435.925762][ C1] RAX: ffffffffffffffda RBX: 00007f05a62ecc80 RCX: 00007f05a643c407 [ 435.933840][ C1] RDX: 0000000000000000 RSI: 00007ffd3e87346c RDI: ffffffffffffffff [ 435.941798][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 435.950353][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00005649c07134c0 [ 435.958569][ C1] R13: 0000000000000001 R14: 00005649c070b910 R15: 00007f05a6656460 [ 435.966533][ C1] [ 435.969805][ C1] Kernel Offset: disabled [ 435.974123][ C1] Rebooting in 86400 seconds..