last executing test programs: 22.544259177s ago: executing program 0 (id=228): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c) 22.265899872s ago: executing program 0 (id=232): r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x80045510, 0x0) 22.09245646s ago: executing program 0 (id=235): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 22.069795196s ago: executing program 0 (id=238): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x200000, &(0x7f0000000480)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@nodelalloc}, {@mb_optimize_scan}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") 21.846035293s ago: executing program 0 (id=240): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x70000000, 0x0, 0x3f00, 0x0, 0x0, 0x1000, 0xff600000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23000000}, 0x3b) 20.140200164s ago: executing program 0 (id=252): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r0, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) 20.044121914s ago: executing program 32 (id=252): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r0, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) 18.052137659s ago: executing program 4 (id=279): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c085) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400010404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 17.932043002s ago: executing program 4 (id=281): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000680)=""/98, 0x62}, {&(0x7f0000000700)=""/120, 0x78}, {&(0x7f00000014c0)=""/4076, 0xfec}, {&(0x7f00000036c0)=""/4089, 0xff9}, {&(0x7f0000000780)=""/201, 0xc9}, {&(0x7f0000000140)=""/117, 0x75}, {&(0x7f0000000200)=""/15, 0xf}, {&(0x7f0000000440)=""/53, 0x35}], 0x8}, 0x2) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) 17.484470212s ago: executing program 1 (id=285): r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0xb, &(0x7f0000000040), 0x2) sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001880)=[{&(0x7f0000000580)='i', 0x1}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x40010100) sendmsg$inet(r0, &(0x7f0000000f80)={&(0x7f0000000800)={0x2, 0x3, @local}, 0x10, &(0x7f0000000e40)=[{&(0x7f0000000000)="0f", 0x1}], 0x1}, 0x0) 16.646523315s ago: executing program 1 (id=286): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0}, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}], 0x10, 0x100, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000007f"], 0x48) r4 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10) 16.600807983s ago: executing program 1 (id=287): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c) setsockopt$sock_attach_bpf(r0, 0x1, 0x2f, &(0x7f0000000080), 0x24) sendmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)="76ea7db0642ce13e78ee31410b37da516bb046fc07429187fe85a9", 0x1b}], 0x1}, 0x4000814) 16.351569211s ago: executing program 4 (id=288): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0xffa0}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x18, 0x29, 0x36}}, @ip_tos_u8={{0x38, 0x29, 0x3b}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x50}, 0x0) 16.314244127s ago: executing program 4 (id=290): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="9fedcb7968ddc36c8f26340800"], 0xfdef) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 16.196434732s ago: executing program 3 (id=292): r0 = socket$kcm(0x2, 0x1, 0x106) setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000000), 0x4) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 16.194431288s ago: executing program 3 (id=294): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x18) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_DETACH(0x22, 0x0, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000005c0)={r3, r0, 0x4, r0}, 0x10) 16.047882429s ago: executing program 4 (id=296): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@ll={0x11, 0x19, r2, 0x1, 0x7, 0x6, @broadcast}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="2703020001f314000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000001280)="63f805d7649496db72959832930469edc7b700c9e37eed5653edb716cdb8981cd819af0b330900000000000000789d94becf65c0e0d33330e2ef36205dd154e363bcadf8f2638cfeb9f79c742f10930a4d18260e5a08ffd35ed8371ce778119319f1a476d3b24c5d46b979fdb2b62c7cd9378c73ae90c801681f02ef26cb0000000086fb000000000000", 0x8a}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd93a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c4391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dc031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d783ed9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d86bb1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413", 0x4fd}], 0x3}, 0x4000) 16.009802812s ago: executing program 2 (id=297): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000280)=""/48, 0x30}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000000940)=""/121, 0x79}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f0000000140)=""/125, 0x7d}], 0x7}, 0x0) 15.944265057s ago: executing program 4 (id=298): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) syz_clone(0x80000800, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000022c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ef5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1869d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f33ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff799a29459aff1374df5c49ca11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc006b340658342d2d9e06008c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e9dffd8918de33aed5bb09cb2a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf422b7473c24b93085c51e02af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00bb02000000000000c84799aa792cdaeb607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee127ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c435c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fceea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfe089e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cf594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f5bce1cdaa99705a8fa48f61071f548d411353965615c24c1860790dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9776f89c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba26bb91d7b1b98f11fb7a77b03206c151b00015305af815f7da19872085b503a21cbe722842c26ad8dd6b83018300000000000000000000f4ffffffffffffff000000000000000000000000000000000000798d011c62dbfdbad9e58e07d371e3a2399f2369631138ad4fb3aeb3f51233922b4c700fb163efbc55c912276685a774f2dce9bb9c54fd1f505eccf06323fad86c37adafb5e80b96ba9f925a6fd57de5fedf691e8b41c9835a840d12a224ed233c93ed92603401e5a61298294e9cab078c231121d4e32fb8286478fb12f5804d13c7bcff5dcffccd1d520dc04910239efc397b7736682e1c0ef0d001c17ec1441026ed4b1395b8e88a58d667a65cec1ddee1b30bcc96652a238c990a2701e2ee0915335fa4b8c33372bd00021f17c012451519ad56594c9469f164bb915edb1fd4ce76fb37bb9512632e9c9e7dcc772128c280c6e6cc0e859bd65c666e8b7732a2c2d517af56f4cde502f364922f3c2bbf9f4ced5c6f3d33428775b7399e6c6cf52bc8d5b48079700db251c7cdad3836c1e137b11917cff00e0ecc5e93fd7e8bdd83313a27197651c92f2f9be4a6f83662fa948c46632a979e8c66d22777a06601c5f5d3ab28b9f9e39543d2bb9de6ce57a6c1c3a635a0515c87abd11988cae405b9495f54b8d89503a8c9e96bdf08eb563e4cffe00e27272ca6e392ffca16b172ce8b6ee542ec9135e969b7b029beaeba12836110fcb686d82c066d0fc67fee8a00acda99a302a7aac9e920e34174323e7c6aeefd0a092545274fb164f21ac2f46849a6d0b51ad5a230a5ffab7a66e7dde5a335aeaa9736678319f344a32c99ac748bf200368963de24c237873ff5a01f14335de9a6d06c8b49ff27ddf0f13d5fe0901355765c397ce52791339d666eec141f0d33ca51f7b8aa6e9937631269b064d9c7323df8b7154f76708b912e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000001c0)=r3) write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c980128846360864666702c1ffe800000000000"], 0xffdd) 15.944016704s ago: executing program 3 (id=299): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000008400000005"], 0x18}, 0x0) 15.853747819s ago: executing program 3 (id=300): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x10000) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) recvmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x700, 0x0}, 0x0) 15.827197923s ago: executing program 2 (id=301): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 15.712294601s ago: executing program 2 (id=302): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 15.711997517s ago: executing program 1 (id=303): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x7e, 0xa, 0xa, 0x0, 0x0, 0x61, 0x10, 0x3c}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x19}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 15.70006007s ago: executing program 2 (id=304): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 15.647312098s ago: executing program 1 (id=305): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="5c00000014006b", 0x7}, {&(0x7f00000017c0)="00000000ffffffff1f01a0c9a1171aa56a7f9138a6c073e99f8f2ffed6bd642c1238663e9e5189a46cb56c776afa8ec3d4d4d9c0648fc18bad3a6b5656235d60cb5af5c5a69e10ed9fd4ea", 0x4b}, {&(0x7f0000001840)="9a9245a259250adbc6e2", 0xa}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0) 15.565404045s ago: executing program 3 (id=306): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 15.492696203s ago: executing program 1 (id=307): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000004c0)='tlb_flush\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1282, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) 15.492069579s ago: executing program 3 (id=308): r0 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000000800)=""/217, 0xd9}, {&(0x7f0000000100)=""/22, 0x16}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f0000000340)=""/124, 0x7c}], 0x5}, 0x40002000) write$cgroup_subtree(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1d100000120091ef"], 0xfe33) 15.467027891s ago: executing program 2 (id=309): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x10023) 15.424894822s ago: executing program 2 (id=310): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d", 0x15}], 0x1, 0x0, 0x0, 0x5865}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d", 0x5}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[], 0xfe33) 147.025092ms ago: executing program 33 (id=307): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000004c0)='tlb_flush\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1282, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) 95.714547ms ago: executing program 34 (id=310): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d", 0x15}], 0x1, 0x0, 0x0, 0x5865}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d", 0x5}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[], 0xfe33) 50.201791ms ago: executing program 35 (id=308): r0 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000000800)=""/217, 0xd9}, {&(0x7f0000000100)=""/22, 0x16}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f0000000340)=""/124, 0x7c}], 0x5}, 0x40002000) write$cgroup_subtree(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1d100000120091ef"], 0xfe33) 0s ago: executing program 36 (id=298): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) syz_clone(0x80000800, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000022c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ef5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1869d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f33ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff799a29459aff1374df5c49ca11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc006b340658342d2d9e06008c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e9dffd8918de33aed5bb09cb2a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf422b7473c24b93085c51e02af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00bb02000000000000c84799aa792cdaeb607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee127ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c435c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fceea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfe089e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cf594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f5bce1cdaa99705a8fa48f61071f548d411353965615c24c1860790dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9776f89c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba26bb91d7b1b98f11fb7a77b03206c151b00015305af815f7da19872085b503a21cbe722842c26ad8dd6b83018300000000000000000000f4ffffffffffffff000000000000000000000000000000000000798d011c62dbfdbad9e58e07d371e3a2399f2369631138ad4fb3aeb3f51233922b4c700fb163efbc55c912276685a774f2dce9bb9c54fd1f505eccf06323fad86c37adafb5e80b96ba9f925a6fd57de5fedf691e8b41c9835a840d12a224ed233c93ed92603401e5a61298294e9cab078c231121d4e32fb8286478fb12f5804d13c7bcff5dcffccd1d520dc04910239efc397b7736682e1c0ef0d001c17ec1441026ed4b1395b8e88a58d667a65cec1ddee1b30bcc96652a238c990a2701e2ee0915335fa4b8c33372bd00021f17c012451519ad56594c9469f164bb915edb1fd4ce76fb37bb9512632e9c9e7dcc772128c280c6e6cc0e859bd65c666e8b7732a2c2d517af56f4cde502f364922f3c2bbf9f4ced5c6f3d33428775b7399e6c6cf52bc8d5b48079700db251c7cdad3836c1e137b11917cff00e0ecc5e93fd7e8bdd83313a27197651c92f2f9be4a6f83662fa948c46632a979e8c66d22777a06601c5f5d3ab28b9f9e39543d2bb9de6ce57a6c1c3a635a0515c87abd11988cae405b9495f54b8d89503a8c9e96bdf08eb563e4cffe00e27272ca6e392ffca16b172ce8b6ee542ec9135e969b7b029beaeba12836110fcb686d82c066d0fc67fee8a00acda99a302a7aac9e920e34174323e7c6aeefd0a092545274fb164f21ac2f46849a6d0b51ad5a230a5ffab7a66e7dde5a335aeaa9736678319f344a32c99ac748bf200368963de24c237873ff5a01f14335de9a6d06c8b49ff27ddf0f13d5fe0901355765c397ce52791339d666eec141f0d33ca51f7b8aa6e9937631269b064d9c7323df8b7154f76708b912e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000001c0)=r3) write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c980128846360864666702c1ffe800000000000"], 0xffdd) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts. [ 34.126712][ T6403] cgroup: Unknown subsys name 'net' [ 34.351791][ T6403] cgroup: Unknown subsys name 'cpuset' [ 34.355163][ T6403] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 34.722668][ T6403] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 36.119349][ T6416] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 36.121860][ T6416] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 36.124302][ T6416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 36.126171][ T6416] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 36.128193][ T6416] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 36.137876][ T6418] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 36.147491][ T6416] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 36.150719][ T6420] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 36.157658][ T6424] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 36.161841][ T6420] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 36.163366][ T6427] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 36.163779][ T6420] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 36.165838][ T6427] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 36.167404][ T6420] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 36.169447][ T6427] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 36.169884][ T6420] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 36.171327][ T6427] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 36.173772][ T6420] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 36.174692][ T6427] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 36.176899][ T6420] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 36.179965][ T6420] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 36.189535][ T6427] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 36.189582][ T6420] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 36.195532][ T6420] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 36.197812][ T6420] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 36.201656][ T6420] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 36.204728][ T6420] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 36.206300][ T6420] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 36.210243][ T6418] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 36.216227][ T6420] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 36.424708][ T6414] chnl_net:caif_netlink_parms(): no params data found [ 36.472892][ T6422] chnl_net:caif_netlink_parms(): no params data found [ 36.571602][ T6414] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.573066][ T6414] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.574609][ T6414] bridge_slave_0: entered allmulticast mode [ 36.576846][ T6414] bridge_slave_0: entered promiscuous mode [ 36.582252][ T6414] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.583804][ T6414] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.585303][ T6414] bridge_slave_1: entered allmulticast mode [ 36.587129][ T6414] bridge_slave_1: entered promiscuous mode [ 36.591209][ T6415] chnl_net:caif_netlink_parms(): no params data found [ 36.601509][ T6421] chnl_net:caif_netlink_parms(): no params data found [ 36.604530][ T6426] chnl_net:caif_netlink_parms(): no params data found [ 36.623008][ T6422] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.624582][ T6422] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.626037][ T6422] bridge_slave_0: entered allmulticast mode [ 36.627747][ T6422] bridge_slave_0: entered promiscuous mode [ 36.634847][ T6422] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.636321][ T6422] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.637883][ T6422] bridge_slave_1: entered allmulticast mode [ 36.642389][ T6422] bridge_slave_1: entered promiscuous mode [ 36.675751][ T6414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.706084][ T6414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.710770][ T6422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.734880][ T6422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.771789][ T6414] team0: Port device team_slave_0 added [ 36.775567][ T6422] team0: Port device team_slave_0 added [ 36.790664][ T6426] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.792367][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.794000][ T6426] bridge_slave_0: entered allmulticast mode [ 36.795763][ T6426] bridge_slave_0: entered promiscuous mode [ 36.798171][ T6426] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.800281][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.801976][ T6426] bridge_slave_1: entered allmulticast mode [ 36.803683][ T6426] bridge_slave_1: entered promiscuous mode [ 36.806460][ T6414] team0: Port device team_slave_1 added [ 36.808763][ T6422] team0: Port device team_slave_1 added [ 36.810939][ T6415] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.812467][ T6415] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.813935][ T6415] bridge_slave_0: entered allmulticast mode [ 36.815924][ T6415] bridge_slave_0: entered promiscuous mode [ 36.837139][ T6415] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.838641][ T6415] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.840703][ T6415] bridge_slave_1: entered allmulticast mode [ 36.842466][ T6415] bridge_slave_1: entered promiscuous mode [ 36.844095][ T6421] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.845603][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.847187][ T6421] bridge_slave_0: entered allmulticast mode [ 36.848872][ T6421] bridge_slave_0: entered promiscuous mode [ 36.862492][ T6414] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.864008][ T6414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.870085][ T6414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.878041][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.880153][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.885557][ T6422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.898085][ T6421] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.903759][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.905312][ T6421] bridge_slave_1: entered allmulticast mode [ 36.907160][ T6421] bridge_slave_1: entered promiscuous mode [ 36.910662][ T6426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.912802][ T6414] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.914250][ T6414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.919167][ T6414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.924817][ T6422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.926266][ T6422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.932119][ T6422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.936397][ T6415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.955578][ T6426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.958825][ T6421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.963045][ T6421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.971678][ T6415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.995995][ T6421] team0: Port device team_slave_0 added [ 37.003697][ T6415] team0: Port device team_slave_0 added [ 37.007603][ T6426] team0: Port device team_slave_0 added [ 37.010714][ T6415] team0: Port device team_slave_1 added [ 37.012706][ T6421] team0: Port device team_slave_1 added [ 37.027264][ T6426] team0: Port device team_slave_1 added [ 37.081284][ T6414] hsr_slave_0: entered promiscuous mode [ 37.119931][ T6414] hsr_slave_1: entered promiscuous mode [ 37.173892][ T6421] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.175389][ T6421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.181575][ T6421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.184729][ T6415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.186105][ T6415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.191856][ T6415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.240902][ T6422] hsr_slave_0: entered promiscuous mode [ 37.279730][ T6422] hsr_slave_1: entered promiscuous mode [ 37.319436][ T6422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.321186][ T6422] Cannot create hsr debugfs directory [ 37.322941][ T6426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.324509][ T6426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.330081][ T6426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.333836][ T6421] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.335217][ T6421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.341091][ T6421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.344197][ T6415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.345625][ T6415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.351252][ T6415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.364696][ T6426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.366241][ T6426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.372095][ T6426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.471223][ T6421] hsr_slave_0: entered promiscuous mode [ 37.509747][ T6421] hsr_slave_1: entered promiscuous mode [ 37.569330][ T6421] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.571010][ T6421] Cannot create hsr debugfs directory [ 37.621052][ T6415] hsr_slave_0: entered promiscuous mode [ 37.659710][ T6415] hsr_slave_1: entered promiscuous mode [ 37.699397][ T6415] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.701125][ T6415] Cannot create hsr debugfs directory [ 37.800989][ T6426] hsr_slave_0: entered promiscuous mode [ 37.839755][ T6426] hsr_slave_1: entered promiscuous mode [ 37.889435][ T6426] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.891053][ T6426] Cannot create hsr debugfs directory [ 38.026094][ T6414] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.031924][ T6414] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.035878][ T6414] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.048150][ T6414] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.075580][ T6421] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.085652][ T6421] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.096222][ T6421] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.099951][ T6421] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.120271][ T6422] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.144114][ T6422] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.147270][ T6422] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.157033][ T6422] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.191083][ T6415] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.197281][ T6415] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.208518][ T6414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.210830][ T6415] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.213912][ T6415] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.240034][ T6424] Bluetooth: hci1: command tx timeout [ 38.240038][ T6420] Bluetooth: hci2: command tx timeout [ 38.249853][ T6424] Bluetooth: hci4: command tx timeout [ 38.249878][ T6420] Bluetooth: hci3: command tx timeout [ 38.251170][ T6424] Bluetooth: hci0: command tx timeout [ 38.255712][ T6426] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.259055][ T6426] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.278876][ T6421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.282870][ T6426] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.286133][ T6426] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.293297][ T6414] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.297900][ T4259] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.299669][ T4259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.325453][ T6421] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.332301][ T537] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.333886][ T537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.350501][ T537] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.352084][ T537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.355014][ T537] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.356446][ T537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.368653][ T6415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.406477][ T6415] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.432413][ T537] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.434004][ T537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.436519][ T537] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.438123][ T537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.455672][ T6422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.474392][ T6422] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.491629][ T537] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.493154][ T537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.499250][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.500892][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.534300][ T6426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.571551][ T6426] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.592431][ T4259] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.593937][ T4259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.627818][ T6421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.634466][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.636098][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.668390][ T6426] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 38.671509][ T6426] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.684928][ T6414] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.748475][ T6421] veth0_vlan: entered promiscuous mode [ 38.766080][ T6421] veth1_vlan: entered promiscuous mode [ 38.774164][ T6415] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.793873][ T6414] veth0_vlan: entered promiscuous mode [ 38.798313][ T6414] veth1_vlan: entered promiscuous mode [ 38.832761][ T6421] veth0_macvtap: entered promiscuous mode [ 38.837755][ T6421] veth1_macvtap: entered promiscuous mode [ 38.848540][ T6422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.867245][ T6421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.887708][ T6421] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.898512][ T6414] veth0_macvtap: entered promiscuous mode [ 38.903457][ T6421] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.905352][ T6421] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.907213][ T6421] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.909076][ T6421] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.922873][ T6422] veth0_vlan: entered promiscuous mode [ 38.926756][ T6422] veth1_vlan: entered promiscuous mode [ 38.932169][ T6414] veth1_macvtap: entered promiscuous mode [ 38.948071][ T6426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.962823][ T6414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.965117][ T6414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.967787][ T6414] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.970060][ T6422] veth0_macvtap: entered promiscuous mode [ 38.974965][ T6414] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.977116][ T6414] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.982659][ T6414] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.992830][ T6422] veth1_macvtap: entered promiscuous mode [ 38.996401][ T6414] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.998131][ T6414] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.000780][ T6414] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.002738][ T6414] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.048749][ T6426] veth0_vlan: entered promiscuous mode [ 39.051920][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.054127][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.056291][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.058438][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.062207][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.068595][ T6426] veth1_vlan: entered promiscuous mode [ 39.080580][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.082692][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.084821][ T6422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.086960][ T6422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.090780][ T6422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.094439][ T6422] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.096238][ T6422] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.098329][ T6422] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.102833][ T6422] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.121711][ T6415] veth0_vlan: entered promiscuous mode [ 39.149182][ T6415] veth1_vlan: entered promiscuous mode [ 39.157554][ T250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.160807][ T250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.174255][ T6426] veth0_macvtap: entered promiscuous mode [ 39.177713][ T6426] veth1_macvtap: entered promiscuous mode [ 39.225128][ T4259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.226772][ T4259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.238628][ T6415] veth0_macvtap: entered promiscuous mode [ 39.242376][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.244475][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.246646][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.248852][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.253657][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.255769][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.258624][ T6426] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.265797][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.266715][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.267351][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.270241][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.273480][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.275689][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.277851][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.282641][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.285409][ T6426] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.310772][ T6415] veth1_macvtap: entered promiscuous mode [ 39.323729][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.325235][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.325662][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.328786][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.334837][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.337115][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.339121][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.342443][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.344446][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.346695][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.350721][ T6415] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.353221][ T6426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.355056][ T6426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.356819][ T6426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.358557][ T6426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.362087][ T6421] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.380188][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.382478][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.384509][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.386811][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.388728][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.393321][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.395229][ T6415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.397529][ T6415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.401101][ T6415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.422566][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.424122][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.441670][ T6415] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.443697][ T6415] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.445559][ T6415] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.447267][ T6415] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.476942][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.479417][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.637505][ T4259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.641006][ T4259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.723172][ T6503] loop2: detected capacity change from 0 to 64 [ 39.937238][ T6503] overlayfs: upper fs needs to support d_type. [ 39.946704][ T6503] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 39.948493][ T6503] overlayfs: failed to set xattr on upper [ 39.949996][ T6503] overlayfs: ...falling back to redirect_dir=nofollow. [ 39.951629][ T6503] overlayfs: ...falling back to index=off. [ 39.952979][ T6503] overlayfs: ...falling back to uuid=null. [ 40.272195][ T6507] loop3: detected capacity change from 0 to 1024 [ 40.284546][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.286224][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.338642][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.340352][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.358096][ T6418] Bluetooth: hci4: command tx timeout [ 40.359623][ T6418] Bluetooth: hci2: command tx timeout [ 40.360974][ T6418] Bluetooth: hci0: command tx timeout [ 40.361619][ T4259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.363948][ T6418] Bluetooth: hci1: command tx timeout [ 40.365814][ T6424] Bluetooth: hci3: command tx timeout [ 40.369366][ T4259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.381876][ T6421] Trying to free block not in datazone [ 40.383045][ T6421] Trying to free block not in datazone [ 40.388211][ T6421] Trying to free block not in datazone [ 40.589681][ T6514] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1'. [ 40.755692][ T6514] loop0: detected capacity change from 0 to 32768 [ 40.807233][ T6518] loop1: detected capacity change from 0 to 4096 [ 40.809030][ T6518] ======================================================= [ 40.809030][ T6518] WARNING: The mand mount option has been deprecated and [ 40.809030][ T6518] and is ignored by this kernel. Remove the mand [ 40.809030][ T6518] option from the mount to silence this warning. [ 40.809030][ T6518] ======================================================= [ 40.831288][ T6518] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 40.838365][ T6514] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1 (6514) [ 40.853400][ T6514] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 40.855698][ T6514] BTRFS info (device loop0): using crc32c (crc32c-arm64) checksum algorithm [ 40.868244][ T6514] BTRFS info (device loop0): using free-space-tree [ 40.874921][ T6519] loop2: detected capacity change from 0 to 64 [ 40.898492][ T6518] ntfs3(loop1): Failed to load $Extend (-22). [ 40.900287][ T6518] ntfs3(loop1): Failed to initialize $Extend. [ 40.930662][ T6518] netlink: 'syz.1.7': attribute type 12 has an invalid length. [ 41.103941][ T6514] BTRFS info (device loop0): rebuilding free space tree [ 41.236497][ T6540] loop4: detected capacity change from 0 to 256 [ 41.242362][ T6540] exfat: Deprecated parameter 'namecase' [ 41.243883][ T6540] exfat: Deprecated parameter 'utf8' [ 41.416418][ T6540] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 41.909580][ T6514] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1'. [ 41.986036][ T6545] loop2: detected capacity change from 0 to 4096 [ 42.010179][ T6544] loop1: detected capacity change from 0 to 4096 [ 42.067284][ T6544] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 42.263435][ T6551] loop4: detected capacity change from 0 to 256 [ 42.268903][ T6551] exfat: Deprecated parameter 'namecase' [ 42.270292][ T6551] exfat: Deprecated parameter 'utf8' [ 42.331576][ T6551] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 42.484138][ T6424] Bluetooth: hci3: command tx timeout [ 42.491560][ T6424] Bluetooth: hci1: command tx timeout [ 42.493444][ T6424] Bluetooth: hci0: command tx timeout [ 42.495869][ T6424] Bluetooth: hci2: command tx timeout [ 42.525873][ T6424] Bluetooth: hci4: command tx timeout [ 42.701124][ T6426] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 42.828269][ T6507] hfsplus: bad catalog entry type [ 42.894676][ T6554] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 43.412153][ T6556] hfsplus: b-tree write err: -5, ino 4 [ 43.419900][ T6545] cifs: Unknown parameter 'Ü[—Íñ¦bšÿÿÿITäŒ&¬æ:ÅèÙ"‚Õëï1:ºÃÃÓ­'Ä4,Zz-#FÇ<æõ]%gCžÊ [ 43.419900][ T6545] SÃȘØÈžZ§6ŸÂ' [ 43.465187][ T6545] netlink: 44 bytes leftover after parsing attributes in process `syz.2.10'. [ 44.421953][ T6565] loop3: detected capacity change from 0 to 32768 [ 44.427416][ T6565] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.13 (6565) [ 44.431527][ T6465] IPVS: starting estimator thread 0... [ 44.435989][ T6565] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 44.438127][ T6565] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 44.440059][ T6565] BTRFS info (device loop3): using free-space-tree [ 44.529522][ T6568] IPVS: using max 34 ests per chain, 81600 per kthread [ 44.561037][ T6420] Bluetooth: hci4: command tx timeout [ 44.562407][ T6420] Bluetooth: hci2: command tx timeout [ 44.563583][ T6420] Bluetooth: hci0: command tx timeout [ 44.564919][ T6420] Bluetooth: hci1: command tx timeout [ 44.566097][ T6420] Bluetooth: hci3: command tx timeout [ 44.592742][ T6578] loop0: detected capacity change from 0 to 2048 [ 44.682964][ T6558] loop4: detected capacity change from 0 to 32768 [ 44.728158][ T6578] process 'syz.0.12' launched '/dev/fd/3' with NULL argv: empty string added [ 45.424511][ T6558] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 45.427908][ T6558] bcachefs (loop4): initializing new filesystem [ 45.434099][ T6558] bcachefs (loop4): going read-write [ 45.450765][ T6422] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 45.479967][ T6558] bcachefs (loop4): marking superblocks [ 45.518101][ T6558] bcachefs (loop4): initializing freespace [ 45.546734][ T6558] bcachefs (loop4): done initializing freespace [ 45.561048][ T6558] bcachefs (loop4): reading snapshots table [ 45.562440][ T6558] bcachefs (loop4): reading snapshots done [ 45.611659][ T6558] bcachefs (loop4): done starting filesystem [ 46.211573][ T6612] loop3: detected capacity change from 0 to 1024 [ 46.584883][ T6605] loop1: detected capacity change from 0 to 32768 [ 46.597157][ T6605] XFS: attr2 mount option is deprecated. [ 46.598484][ T6605] XFS: noikeep mount option is deprecated. [ 46.613400][ T6590] loop2: detected capacity change from 0 to 32768 [ 46.649314][ T6418] Bluetooth: hci0: command 0x0406 tx timeout [ 46.659745][ T6590] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.17 (6590) [ 46.675805][ T4259] hfsplus: b-tree write err: -5, ino 4 [ 46.691177][ T6603] loop0: detected capacity change from 0 to 32768 [ 46.698754][ T6590] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 46.701833][ T6590] BTRFS info (device loop2): using crc32c (crc32c-arm64) checksum algorithm [ 46.711992][ T6590] BTRFS info (device loop2): disk space caching is enabled [ 46.713498][ T6605] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 46.713677][ T6590] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 46.717467][ T6603] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 46.740185][ T6605] XFS (loop1): Quotacheck needed: Please wait. [ 46.773676][ T6405] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x50/0xf0, xfs_rmapbt block 0x14 [ 46.775849][ T6405] XFS (loop1): Unmount and run xfs_repair [ 46.777018][ T6405] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 46.778437][ T6405] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 46.782481][ T6405] 00000010: 00 00 02 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 46.784442][ T6405] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 46.786207][ T6405] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 46.788225][ T6405] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 46.790089][ T6405] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 46.792023][ T6405] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 46.793833][ T6405] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 46.795641][ T11] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x274/0x434" at daddr 0x14 len 4 error 74 [ 46.804424][ T6415] bcachefs (loop4): shutting down [ 46.805609][ T6415] bcachefs (loop4): going read-only [ 46.809158][ T6415] bcachefs (loop4): finished waiting for writes to stop [ 46.827201][ T11] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x590/0xae8 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 46.832302][ T11] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 46.863306][ T6605] XFS (loop1): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 46.865788][ T6603] XFS (loop0): Ending clean mount [ 46.876102][ T6603] XFS (loop0): Quotacheck needed: Please wait. [ 46.902016][ T6414] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 46.905825][ T6415] bcachefs (loop4): flushing journal and stopping allocators, journal seq 24 [ 46.964058][ T6648] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 46.965618][ T6648] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 46.972657][ T6648] hsr_slave_0: left promiscuous mode [ 46.976514][ T6603] XFS (loop0): Quotacheck: Done. [ 46.993597][ T6415] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 27 [ 46.996465][ T6590] BTRFS info (device loop2): rebuilding free space tree [ 47.010670][ T6415] bcachefs (loop4): shutdown complete, journal seq 28 [ 47.017142][ T6415] bcachefs (loop4): marking filesystem clean [ 47.020343][ T6648] hsr_slave_1: left promiscuous mode [ 47.052839][ T6590] BTRFS info (device loop2): disabling free space tree [ 47.054441][ T6590] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 47.056664][ T6590] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 47.077131][ T6415] bcachefs (loop4): shutdown complete [ 47.138947][ T6653] loop1: detected capacity change from 0 to 4096 [ 47.146970][ T6653] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 47.266304][ T6653] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 47.486493][ T6655] evm: overlay not supported [ 47.792609][ T6663] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 47.794097][ T6663] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 47.797072][ T6663] vhci_hcd vhci_hcd.0: Device attached [ 48.090630][ T6665] vhci_hcd: connection closed [ 48.193564][ T4259] vhci_hcd: stop threads [ 48.196015][ T4259] vhci_hcd: release socket [ 48.197821][ T4259] vhci_hcd: disconnect device [ 48.219663][ T1768] usb 4-1: new low-speed USB device number 2 using vhci_hcd [ 48.221326][ T1768] usb 4-1: enqueue for inactive port 0 [ 48.246699][ T6662] loop3: detected capacity change from 0 to 32768 [ 48.260790][ T6662] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.25 (6662) [ 48.275275][ T6662] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 48.277571][ T6662] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 48.280295][ T6662] BTRFS info (device loop3): using free-space-tree [ 48.285272][ T6421] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 48.291806][ T1768] vhci_hcd: vhci_device speed not set [ 48.321179][ T6426] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 48.440820][ T6682] netlink: 'syz.0.27': attribute type 10 has an invalid length. [ 48.505574][ T6662] BTRFS info (device loop3): rebuilding free space tree [ 48.536340][ T6682] team0: Port device geneve1 added [ 48.705631][ T13] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 48.789172][ T6695] loop1: detected capacity change from 0 to 512 [ 49.100957][ T6700] loop0: detected capacity change from 0 to 256 [ 49.105753][ T6700] exfat: Deprecated parameter 'namecase' [ 49.107348][ T6700] exfat: Deprecated parameter 'utf8' [ 49.126721][ T6700] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 49.244316][ T6695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.528145][ T6691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25'. [ 49.577625][ T6695] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 49.587765][ T6695] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 49.595225][ T6695] EXT4-fs (loop1): This should not happen!! Data will be lost [ 49.595225][ T6695] [ 49.597288][ T6695] EXT4-fs (loop1): Total free blocks count 0 [ 49.598841][ T6695] EXT4-fs (loop1): Free/Dirty block details [ 49.605786][ T6695] EXT4-fs (loop1): free_blocks=65280 [ 49.606905][ T6695] EXT4-fs (loop1): dirty_blocks=1 [ 49.607953][ T6695] EXT4-fs (loop1): Block reservation details [ 49.612425][ T6695] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 49.622869][ T6686] loop2: detected capacity change from 0 to 32768 [ 49.736049][ T6414] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.744553][ T6422] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 51.996186][ T6725] tipc: Started in network mode [ 51.997416][ T6725] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 52.009510][ T6725] tipc: Enabled bearer , priority 10 [ 52.127657][ T6718] loop2: detected capacity change from 0 to 262144 [ 52.172782][ T6718] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.32 (6718) [ 52.192470][ T6722] loop0: detected capacity change from 0 to 32768 [ 52.211239][ T6722] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.36 (6722) [ 52.219659][ T6718] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 52.221763][ T6718] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 52.223680][ T6718] BTRFS info (device loop2): using free-space-tree [ 52.226140][ T6722] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 52.228429][ T6722] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 53.188282][ T6405] tipc: Node number set to 8432298 [ 53.197671][ T6722] BTRFS info (device loop0): using free-space-tree [ 54.011784][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 54.012361][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 54.019572][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 54.021547][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 54.023481][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 54.025422][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 54.027395][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 54.082078][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 54.086340][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 54.090249][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 54.094088][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 54.098172][ T6718] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 54.453544][ T6722] BTRFS info (device loop0): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 54.526783][ T6776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41'. [ 54.553112][ T6718] BTRFS error (device loop2): open_ctree failed [ 54.566056][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41'. [ 54.567744][ T6776] xfrm1: entered promiscuous mode [ 54.568904][ T6776] xfrm1: entered allmulticast mode [ 54.801349][ T6426] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 54.899161][ T6779] loop1: detected capacity change from 0 to 40427 [ 54.908694][ T6779] F2FS-fs (loop1): Invalid log blocks per segment (4278190089) [ 54.910486][ T6779] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 54.935477][ T6779] F2FS-fs (loop1): invalid crc value [ 55.041503][ T6779] F2FS-fs (loop1): Found nat_bits in checkpoint [ 55.065711][ T6779] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 55.067237][ T6779] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 55.107683][ T6779] syz.1.43: attempt to access beyond end of device [ 55.107683][ T6779] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 55.127393][ T6779] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 55.257711][ T6804] loop3: detected capacity change from 0 to 4096 [ 55.517483][ T6817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.565270][ T6817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.152718][ T6852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.154744][ T6852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.191033][ T6850] Zero length message leads to an empty skb [ 57.165826][ T6871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.79'. [ 57.276611][ T6878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.278567][ T6878] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.417747][ T6868] loop3: detected capacity change from 0 to 32768 [ 57.427174][ T6868] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.78 (6868) [ 58.361376][ T6420] Bluetooth: hci4: command 0x0405 tx timeout [ 58.407078][ T6868] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 58.409490][ T6868] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 59.390484][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 59.395064][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 59.399298][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 59.403750][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 59.408918][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 59.413510][ T6868] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 59.517126][ T6868] BTRFS error (device loop3): open_ctree failed [ 61.692636][ T6934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.95'. [ 62.298554][ T6940] loop1: detected capacity change from 0 to 512 [ 62.315995][ T6940] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 62.319363][ T6940] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 62.338657][ T6940] EXT4-fs (loop1): 1 orphan inode deleted [ 62.348262][ T6940] EXT4-fs (loop1): 1 truncate cleaned up [ 62.350173][ T6940] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.577924][ T6956] loop4: detected capacity change from 0 to 64 [ 62.589360][ T1768] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 63.860372][ T1768] usb 1-1: Using ep0 maxpacket: 8 [ 63.882045][ T6414] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.892341][ T1768] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 63.894411][ T1768] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.896108][ T1768] usb 1-1: Product: syz [ 63.896982][ T1768] usb 1-1: Manufacturer: syz [ 63.897932][ T1768] usb 1-1: SerialNumber: syz [ 63.928047][ T1768] usb 1-1: config 0 descriptor?? [ 64.193075][ T1768] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 64.494750][ T2349] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.496776][ T2349] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.063802][ T6996] loop3: detected capacity change from 0 to 64 [ 65.088813][ T6996] syz.3.117: attempt to access beyond end of device [ 65.088813][ T6996] loop3: rw=2049, sector=161, nr_sectors = 1 limit=64 [ 65.105052][ T6996] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 65.107006][ T6996] syz.3.117: attempt to access beyond end of device [ 65.107006][ T6996] loop3: rw=2049, sector=162, nr_sectors = 1 limit=64 [ 65.109707][ T6996] Buffer I/O error on dev loop3, logical block 162, lost async page write [ 65.111572][ T6996] syz.3.117: attempt to access beyond end of device [ 65.111572][ T6996] loop3: rw=2049, sector=163, nr_sectors = 1 limit=64 [ 65.115517][ T6996] Buffer I/O error on dev loop3, logical block 163, lost async page write [ 65.117216][ T6996] syz.3.117: attempt to access beyond end of device [ 65.117216][ T6996] loop3: rw=2049, sector=167, nr_sectors = 1 limit=64 [ 65.121035][ T6996] Buffer I/O error on dev loop3, logical block 167, lost async page write [ 65.123047][ T6996] syz.3.117: attempt to access beyond end of device [ 65.123047][ T6996] loop3: rw=2049, sector=169, nr_sectors = 1 limit=64 [ 65.125792][ T6996] Buffer I/O error on dev loop3, logical block 169, lost async page write [ 65.127692][ T6996] syz.3.117: attempt to access beyond end of device [ 65.127692][ T6996] loop3: rw=2049, sector=171, nr_sectors = 1 limit=64 [ 65.130629][ T6996] Buffer I/O error on dev loop3, logical block 171, lost async page write [ 65.132498][ T6996] syz.3.117: attempt to access beyond end of device [ 65.132498][ T6996] loop3: rw=2049, sector=172, nr_sectors = 1 limit=64 [ 65.135361][ T6996] Buffer I/O error on dev loop3, logical block 172, lost async page write [ 66.182335][ T6998] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 66.184137][ T6998] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 66.237964][ T6998] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 66.252742][ T6998] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 66.254128][ T6998] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 66.276082][ T6998] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 66.277897][ T6998] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 66.286417][ T6998] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 66.289473][ T6998] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 66.290862][ T6998] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 66.292720][ T6998] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 66.295163][ T6998] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 66.296603][ T6998] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 66.298552][ T6998] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 66.352377][ T7005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.354502][ T7005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.564642][ T7015] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 67.534552][ T1768] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 67.540807][ T1768] usb 1-1: USB disconnect, device number 2 [ 67.824565][ T7032] capability: warning: `syz.0.126' uses deprecated v2 capabilities in a way that may be insecure [ 68.641950][ T6420] Bluetooth: hci1: command 0x0c1a tx timeout [ 68.643486][ T6420] Bluetooth: hci2: command 0x0c1a tx timeout [ 68.644949][ T6420] Bluetooth: hci0: command 0x0406 tx timeout [ 68.646333][ T6420] Bluetooth: hci4: command 0x0405 tx timeout [ 68.647656][ T6420] Bluetooth: hci3: command 0x0c1a tx timeout [ 69.116103][ T7043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.118038][ T7043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.365774][ T7056] random: crng reseeded on system resumption [ 70.263543][ T7059] Bluetooth: MGMT ver 1.23 [ 70.264898][ T7059] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 70.330381][ T10] cfg80211: failed to load regulatory.db [ 70.433834][ T7061] pimreg: entered allmulticast mode [ 70.761137][ T6418] Bluetooth: hci3: command 0x0c1a tx timeout [ 70.762583][ T6420] Bluetooth: hci4: command 0x0405 tx timeout [ 70.763932][ T6420] Bluetooth: hci0: command 0x0406 tx timeout [ 70.765252][ T6420] Bluetooth: hci2: command 0x0c1a tx timeout [ 70.766559][ T6420] Bluetooth: hci1: command 0x0c1a tx timeout [ 70.840848][ T7069] loop0: detected capacity change from 0 to 256 [ 70.842788][ T7069] exfat: Deprecated parameter 'namecase' [ 70.911472][ T7045] loop1: detected capacity change from 0 to 32768 [ 70.938654][ T7069] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 70.948174][ T7045] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.131 (7045) [ 71.071607][ T7045] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 71.073813][ T7045] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 71.076078][ T7045] BTRFS info (device loop1): using free-space-tree [ 71.282576][ T7091] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 71.334162][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.406742][ T6414] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 71.550778][ T7104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.552836][ T7104] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.631542][ T7110] netlink: 20 bytes leftover after parsing attributes in process `syz.1.151'. [ 72.173781][ T4259] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 72.230075][ T4259] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 72.232108][ T7121] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 72.602253][ T7130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.604208][ T7130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.667235][ T7117] loop0: detected capacity change from 0 to 40427 [ 72.672847][ T7117] F2FS-fs (loop0): heap/no_heap options were deprecated [ 72.675630][ T7117] F2FS-fs (loop0): invalid crc value [ 72.678259][ T7117] F2FS-fs (loop0): Found nat_bits in checkpoint [ 72.705485][ T7117] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 72.756766][ T7128] loop4: detected capacity change from 0 to 32768 [ 72.796682][ T7128] XFS (loop4): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 72.799722][ T6418] Bluetooth: hci3: command 0x0c1a tx timeout [ 72.801603][ T6424] Bluetooth: hci1: command 0x0c1a tx timeout [ 72.801651][ T6424] Bluetooth: hci2: command 0x0c1a tx timeout [ 72.801676][ T6424] Bluetooth: hci4: command 0x0405 tx timeout [ 72.878776][ T7128] XFS (loop4): Ending clean mount [ 72.907187][ T7144] syz.0.162 uses obsolete (PF_INET,SOCK_PACKET) [ 72.933487][ T6415] XFS (loop4): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 75.041210][ T7169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.052040][ T7169] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.067958][ T7171] nfs: Unknown parameter 'no' [ 75.086127][ T7172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.170'. [ 75.109554][ T7176] loop4: detected capacity change from 0 to 8 [ 75.148570][ T7176] SQUASHFS error: xz decompression failed, data probably corrupt [ 75.151068][ T7176] SQUASHFS error: Failed to read block 0x108: -5 [ 75.154376][ T7176] SQUASHFS error: Unable to read metadata cache entry [106] [ 75.156097][ T7176] SQUASHFS error: Unable to read inode 0x0 [ 75.216857][ T7176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.218866][ T7176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.282046][ T7187] warning: `syz.2.179' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 75.341832][ T7190] loop1: detected capacity change from 0 to 1024 [ 75.364419][ T7190] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.460325][ T3827] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 75.622836][ T3827] usb 1-1: config 0 interface 0 has no altsetting 0 [ 75.624310][ T3827] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 75.626013][ T3827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.641103][ T7203] loop3: detected capacity change from 0 to 128 [ 75.644409][ T3827] usb 1-1: config 0 descriptor?? [ 75.818818][ T6414] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.563521][ T7216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.190'. [ 76.565457][ T7216] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.566999][ T7216] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.600275][ T7216] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.601991][ T7216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.698715][ T3827] video4linux radio2: keene_cmd_set failed (-71) [ 76.702940][ T3827] radio-keene 1-1:0.0: V4L2 device registered as radio2 [ 76.709375][ T3827] usb 1-1: USB disconnect, device number 3 [ 77.784751][ T7241] netlink: 212 bytes leftover after parsing attributes in process `syz.3.196'. [ 77.995832][ T7244] loop0: detected capacity change from 0 to 2048 [ 78.127821][ T7244] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.330244][ T7260] loop2: detected capacity change from 0 to 256 [ 78.331987][ T7260] exfat: Deprecated parameter 'namecase' [ 78.423415][ T7262] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 78.760236][ T7260] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 79.100076][ T6426] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.655475][ T7317] mkiss: ax0: crc mode is auto. [ 82.869844][ T6418] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 82.905603][ T7329] netlink: 72 bytes leftover after parsing attributes in process `syz.1.226'. [ 82.913843][ T7328] tipc: Started in network mode [ 82.914874][ T7328] tipc: Node identity 7f000001, cluster identity 4711 [ 82.916636][ T7328] tipc: Enabled bearer , priority 10 [ 83.952155][ T7339] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 83.997306][ T7344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.999568][ T7344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.041766][ T25] tipc: Node number set to 2130706433 [ 84.045863][ T7349] loop3: detected capacity change from 0 to 8 [ 84.069523][ T7347] netlink: 12 bytes leftover after parsing attributes in process `syz.1.230'. [ 84.175901][ T7357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.213913][ T7357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.287008][ T7359] loop0: detected capacity change from 0 to 1024 [ 84.290836][ T7359] EXT4-fs: Ignoring removed orlov option [ 84.317625][ T7359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.684324][ T6426] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.454127][ T34] Bluetooth: (null): Too short H5 packet [ 85.456179][ T34] Bluetooth: (null): Invalid header checksum [ 85.472860][ T4259] Bluetooth: (null): Invalid header checksum [ 85.542019][ T6979] Bluetooth: (null): Invalid header checksum [ 85.650720][ T4259] Bluetooth: (null): Invalid header checksum [ 85.771240][ T4259] Bluetooth: (null): Invalid header checksum [ 85.879641][ T11] Bluetooth: (null): Invalid header checksum [ 85.940293][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.942181][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.091992][ T7393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.098900][ T7393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.107771][ T7393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.112487][ T7393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.262468][ T6418] Bluetooth: hci3: SCO packet for unknown connection handle 456 [ 86.293288][ T6420] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.303254][ T6420] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.305642][ T6420] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.313556][ T6420] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.316047][ T6420] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 86.322031][ T6420] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.383167][ T7402] netlink: 'syz.3.256': attribute type 39 has an invalid length. [ 86.393973][ T4259] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.591560][ T4259] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.696335][ T4259] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.844108][ T4259] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.045734][ T7399] chnl_net:caif_netlink_parms(): no params data found [ 87.530105][ T7444] netlink: 60 bytes leftover after parsing attributes in process `syz.3.267'. [ 87.754069][ T7439] netlink: 60 bytes leftover after parsing attributes in process `syz.3.267'. [ 87.883006][ T7445] netlink: 60 bytes leftover after parsing attributes in process `syz.3.267'. [ 87.886744][ T7399] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.888348][ T7399] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.892413][ T7399] bridge_slave_0: entered allmulticast mode [ 87.894295][ T7399] bridge_slave_0: entered promiscuous mode [ 87.929605][ T4259] bridge_slave_1: left allmulticast mode [ 87.931918][ T4259] bridge_slave_1: left promiscuous mode [ 87.934111][ T4259] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.012645][ T4259] bridge_slave_0: left allmulticast mode [ 88.013846][ T4259] bridge_slave_0: left promiscuous mode [ 88.015068][ T4259] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.400967][ T6418] Bluetooth: hci4: command tx timeout [ 88.875089][ T4259] team0: Port device geneve1 removed [ 89.684467][ T4259] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.731535][ T4259] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.771340][ T4259] bond0 (unregistering): Released all slaves [ 89.775958][ T7399] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.777701][ T7399] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.779993][ T7399] bridge_slave_1: entered allmulticast mode [ 89.781827][ T7399] bridge_slave_1: entered promiscuous mode [ 89.798922][ T7493] netlink: 60 bytes leftover after parsing attributes in process `syz.4.281'. [ 89.890374][ T7399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.907530][ T7399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.179690][ T7399] team0: Port device team_slave_0 added [ 90.186248][ T7399] team0: Port device team_slave_1 added [ 90.318192][ T7541] netlink: 'syz.2.297': attribute type 29 has an invalid length. [ 90.323893][ T7548] netlink: 'syz.2.297': attribute type 29 has an invalid length. [ 90.349530][ T7399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.361611][ T7399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.376910][ T7399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.479380][ T6418] Bluetooth: hci4: command tx timeout [ 90.563372][ T7543] syzkaller0: entered promiscuous mode [ 90.567607][ T7543] syzkaller0: entered allmulticast mode [ 90.574204][ T7399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.575676][ T7399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.611110][ T7399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.773805][ T4259] hsr_slave_0: left promiscuous mode [ 90.790839][ T4259] hsr_slave_1: left promiscuous mode [ 90.869550][ T4259] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.871378][ T4259] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.873901][ T4259] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.875740][ T4259] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.886335][ T4259] veth1_macvtap: left promiscuous mode [ 90.887782][ T4259] veth0_macvtap: left promiscuous mode [ 90.889100][ T4259] veth1_vlan: left promiscuous mode [ 90.890504][ T4259] veth0_vlan: left promiscuous mode [ 92.513174][ T4259] team0 (unregistering): Port device team_slave_1 removed [ 92.559568][ T6418] Bluetooth: hci4: command tx timeout [ 92.671965][ T4259] team0 (unregistering): Port device team_slave_0 removed [ 94.639646][ T6418] Bluetooth: hci4: command tx timeout [ 106.238329][ T6420] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 106.254091][ T6420] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 106.256361][ T6420] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 106.263362][ T6420] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 106.265424][ T6420] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 106.267204][ T6420] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 106.333707][ T6418] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 106.337844][ T6418] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 106.346938][ T6418] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 106.349189][ T6418] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 106.351637][ T6418] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 106.353272][ T6418] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 106.399738][ T6420] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 106.404789][ T6420] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 106.407158][ T6420] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 106.431162][ T6424] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 106.432104][ T53] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 106.438305][ T6424] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 106.440542][ T6424] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 106.442924][ T6424] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 106.443554][ T53] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 106.445633][ T6424] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 106.447810][ T6424] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 106.455904][ T6424] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 106.539385][ T7578] netlink: 4093 bytes leftover after parsing attributes in process `syz.3.308'. [ 106.796567][ T7399] hsr_slave_0: entered promiscuous mode [ 106.820690][ T7399] hsr_slave_1: entered promiscuous mode [ 106.849382][ T7399] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.850992][ T7399] Cannot create hsr debugfs directory [ 107.458169][ T7590] chnl_net:caif_netlink_parms(): no params data found [ 107.504535][ T7583] chnl_net:caif_netlink_parms(): no params data found [ 107.527679][ T7399] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 107.546672][ T7595] chnl_net:caif_netlink_parms(): no params data found [ 107.577151][ T7399] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 107.580507][ T7399] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 107.584801][ T7399] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 108.038358][ T7587] chnl_net:caif_netlink_parms(): no params data found [ 108.320306][ T6420] Bluetooth: hci5: command tx timeout [ 108.393046][ T4259] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.400559][ T6420] Bluetooth: hci6: command tx timeout [ 108.405275][ T7583] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.406786][ T7583] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.408397][ T7583] bridge_slave_0: entered allmulticast mode [ 108.410528][ T7583] bridge_slave_0: entered promiscuous mode [ 108.415448][ T7590] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.416938][ T7590] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.418509][ T7590] bridge_slave_0: entered allmulticast mode [ 108.420926][ T7590] bridge_slave_0: entered promiscuous mode [ 108.423346][ T7590] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.424758][ T7590] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.426304][ T7590] bridge_slave_1: entered allmulticast mode [ 108.428012][ T7590] bridge_slave_1: entered promiscuous mode [ 108.453063][ T7583] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.454496][ T7583] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.456195][ T7583] bridge_slave_1: entered allmulticast mode [ 108.458152][ T7583] bridge_slave_1: entered promiscuous mode [ 108.486148][ T6420] Bluetooth: hci8: command tx timeout [ 108.487961][ T6420] Bluetooth: hci7: command tx timeout [ 108.510420][ T4259] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.533120][ T7583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.558216][ T7595] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.560169][ T7595] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.561817][ T7595] bridge_slave_0: entered allmulticast mode [ 108.563620][ T7595] bridge_slave_0: entered promiscuous mode [ 108.573036][ T7590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.576506][ T7590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.583935][ T7583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.643478][ T4259] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.651650][ T7595] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.653140][ T7595] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.654854][ T7595] bridge_slave_1: entered allmulticast mode [ 108.657573][ T7595] bridge_slave_1: entered promiscuous mode [ 108.678953][ T7587] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.689463][ T7587] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.691101][ T7587] bridge_slave_0: entered allmulticast mode [ 108.692920][ T7587] bridge_slave_0: entered promiscuous mode [ 108.697525][ T7587] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.705590][ T7587] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.707146][ T7587] bridge_slave_1: entered allmulticast mode [ 108.708941][ T7587] bridge_slave_1: entered promiscuous mode [ 108.721242][ T7583] team0: Port device team_slave_0 added [ 108.726245][ T7590] team0: Port device team_slave_0 added [ 108.798324][ T4259] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.823147][ T7595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.826318][ T7583] team0: Port device team_slave_1 added [ 108.829000][ T7595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.833782][ T7590] team0: Port device team_slave_1 added [ 108.857688][ T7587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.889866][ T7590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.891472][ T7590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.896791][ T7590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.902609][ T7590] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.903932][ T7590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.909939][ T7590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.917180][ T7587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.923687][ T7595] team0: Port device team_slave_0 added [ 108.925947][ T7583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.927303][ T7583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.933536][ T7583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.944496][ T7399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.967075][ T7595] team0: Port device team_slave_1 added [ 108.980247][ T7583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.981630][ T7583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.986980][ T7583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.093018][ T7399] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.141285][ T7590] hsr_slave_0: entered promiscuous mode [ 109.179661][ T7590] hsr_slave_1: entered promiscuous mode [ 109.201041][ T7590] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.202687][ T7590] Cannot create hsr debugfs directory [ 109.216112][ T7587] team0: Port device team_slave_0 added [ 109.228025][ T250] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.229649][ T250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.232223][ T250] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.233741][ T250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.238104][ T7595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.239812][ T7595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.245129][ T7595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.249164][ T7595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.251511][ T7595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.257044][ T7595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.287484][ T7587] team0: Port device team_slave_1 added [ 109.341560][ T7583] hsr_slave_0: entered promiscuous mode [ 109.379739][ T7583] hsr_slave_1: entered promiscuous mode [ 109.419444][ T7583] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.421130][ T7583] Cannot create hsr debugfs directory [ 109.500558][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.502110][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.507209][ T7587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.511124][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.512490][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.517584][ T7587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.551294][ T7595] hsr_slave_0: entered promiscuous mode [ 109.589557][ T7595] hsr_slave_1: entered promiscuous mode [ 109.642815][ T7595] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.644518][ T7595] Cannot create hsr debugfs directory [ 109.688233][ T7399] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 109.690910][ T7399] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.773527][ T4259] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.921550][ T7587] hsr_slave_0: entered promiscuous mode [ 109.959779][ T7587] hsr_slave_1: entered promiscuous mode [ 109.999938][ T7587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 110.001648][ T7587] Cannot create hsr debugfs directory [ 110.071419][ T4259] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.181285][ T4259] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.293249][ T4259] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.358326][ T7399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.399677][ T6424] Bluetooth: hci5: command tx timeout [ 110.404828][ T7590] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 110.414296][ T7590] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 110.452366][ T7590] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 110.461641][ T7590] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 110.480259][ T6424] Bluetooth: hci6: command tx timeout [ 110.522360][ T4259] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.557275][ T7583] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 110.559614][ T6420] Bluetooth: hci8: command tx timeout [ 110.560858][ T6424] Bluetooth: hci7: command tx timeout [ 110.600513][ T7583] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 110.629862][ T7583] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 110.706451][ T4259] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.728380][ T7583] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 110.754829][ T7590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.820583][ T4259] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.840515][ T7595] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 110.858423][ T7399] veth0_vlan: entered promiscuous mode [ 110.864967][ T7590] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.871961][ T7595] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 110.889123][ T6556] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.890751][ T6556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.893578][ T6556] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.895045][ T6556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.951867][ T4259] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.961144][ T7595] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 110.970893][ T7595] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 110.979731][ T7587] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 110.984945][ T7587] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 111.002483][ T7587] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 111.017219][ T7399] veth1_vlan: entered promiscuous mode [ 111.046134][ T7587] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 111.084208][ T7399] veth0_macvtap: entered promiscuous mode [ 111.127884][ T7399] veth1_macvtap: entered promiscuous mode [ 111.150292][ T7590] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 111.187663][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.217307][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.220523][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.222760][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.224829][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.226829][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.238953][ T7399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.262740][ T7583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.277399][ T4259] bridge_slave_1: left allmulticast mode [ 111.278564][ T4259] bridge_slave_1: left promiscuous mode [ 111.282895][ T4259] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.286887][ T4259] bridge_slave_0: left allmulticast mode [ 111.288077][ T4259] bridge_slave_0: left promiscuous mode [ 111.299673][ T4259] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.305727][ T4259] bridge_slave_1: left allmulticast mode [ 111.306877][ T4259] bridge_slave_1: left promiscuous mode [ 111.308241][ T4259] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.317570][ T4259] bridge_slave_0: left allmulticast mode [ 111.320096][ T4259] bridge_slave_0: left promiscuous mode [ 111.321255][ T4259] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.332957][ T4259] bridge_slave_1: left allmulticast mode [ 111.334228][ T4259] bridge_slave_1: left promiscuous mode [ 111.335577][ T4259] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.350344][ T4259] bridge_slave_0: left allmulticast mode [ 111.351563][ T4259] bridge_slave_0: left promiscuous mode [ 111.352758][ T4259] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.479420][ T6424] Bluetooth: hci5: command tx timeout [ 112.560713][ T6424] Bluetooth: hci6: command tx timeout [ 112.639646][ T6420] Bluetooth: hci8: command tx timeout [ 112.640974][ T6424] Bluetooth: hci7: command tx timeout [ 114.559728][ T6424] Bluetooth: hci5: command tx timeout [ 114.639418][ T6424] Bluetooth: hci6: command tx timeout [ 114.661460][ T4259] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.702899][ T4259] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.719426][ T6420] Bluetooth: hci8: command tx timeout [ 114.720592][ T6424] Bluetooth: hci7: command tx timeout [ 114.754258][ T4259] bond0 (unregistering): Released all slaves [ 115.438542][ T4259] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.491294][ T4259] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.530877][ T4259] bond0 (unregistering): Released all slaves [ 116.195907][ T4259] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.231430][ T4259] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.291153][ T4259] bond0 (unregistering): Released all slaves [ 116.300241][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.302522][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.304553][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.306744][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.308738][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.317793][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.322656][ T7399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.370068][ T7399] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.371806][ T7399] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.373717][ T7399] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.375665][ T7399] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.391723][ T7583] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.397678][ T7595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.419516][ T537] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.421061][ T537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.423644][ T4259] tipc: Disabling bearer [ 116.425097][ T4259] tipc: Left network mode [ 116.433354][ T537] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.434701][ T537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.492051][ T7590] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.499798][ T6469] ================================================================== [ 116.501377][ T6469] BUG: KASAN: slab-use-after-free in cleanup_bearer+0x1b0/0x298 [ 116.503099][ T6469] Read of size 8 at addr ffff0000db2a3618 by task kworker/0:5/6469 [ 116.504685][ T6469] [ 116.505217][ T6469] CPU: 0 UID: 0 PID: 6469 Comm: kworker/0:5 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 [ 116.507447][ T6469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 116.509470][ T6469] Workqueue: events cleanup_bearer [ 116.510583][ T6469] Call trace: [ 116.511241][ T6469] show_stack+0x2c/0x3c (C) [ 116.512167][ T6469] dump_stack_lvl+0xe4/0x150 [ 116.513070][ T6469] print_report+0x198/0x538 [ 116.514031][ T6469] kasan_report+0xd8/0x138 [ 116.515007][ T6469] __asan_report_load8_noabort+0x20/0x2c [ 116.516203][ T6469] cleanup_bearer+0x1b0/0x298 [ 116.517182][ T6469] process_one_work+0x7a8/0x15cc [ 116.518242][ T6469] worker_thread+0x97c/0xeec [ 116.519268][ T6469] kthread+0x288/0x310 [ 116.520158][ T6469] ret_from_fork+0x10/0x20 [ 116.521107][ T6469] [ 116.521600][ T6469] Allocated by task 7328: [ 116.522484][ T6469] kasan_save_track+0x40/0x78 [ 116.523432][ T6469] kasan_save_alloc_info+0x40/0x50 [ 116.524501][ T6469] __kasan_slab_alloc+0x74/0x8c [ 116.525481][ T6469] kmem_cache_alloc_lru_noprof+0x258/0x414 [ 116.526659][ T6469] sock_alloc_inode+0x2c/0xcc [ 116.527713][ T6469] alloc_inode+0x68/0x19c [ 116.528690][ T6469] new_inode_pseudo+0x20/0x30 [ 116.529666][ T6469] __sock_create+0x134/0x908 [ 116.530636][ T6469] sock_create_kern+0x4c/0x64 [ 116.531605][ T6469] udp_sock_create4+0xd4/0x5a4 [ 116.532698][ T6469] udp_sock_create+0x94/0xc0 [ 116.533716][ T6469] tipc_udp_enable+0xb60/0x1298 [ 116.534688][ T6469] __tipc_nl_bearer_enable+0x960/0xf94 [ 116.535824][ T6469] tipc_nl_bearer_enable+0x2c/0x48 [ 116.536908][ T6469] genl_rcv_msg+0x888/0xbb0 [ 116.537871][ T6469] netlink_rcv_skb+0x214/0x3c4 [ 116.538948][ T6469] genl_rcv+0x38/0x50 [ 116.539818][ T6469] netlink_unicast+0x668/0x8a4 [ 116.540865][ T6469] netlink_sendmsg+0x7a4/0xa8c [ 116.541872][ T7595] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.541937][ T6469] ____sys_sendmsg+0x56c/0x840 [ 116.544292][ T6469] __sys_sendmsg+0x238/0x304 [ 116.545153][ T6469] __arm64_sys_sendmsg+0x80/0x94 [ 116.546197][ T6469] invoke_syscall+0x98/0x2b8 [ 116.547220][ T6469] el0_svc_common+0x130/0x23c [ 116.548125][ T6469] do_el0_svc+0x48/0x58 [ 116.549062][ T6469] el0_svc+0x54/0x168 [ 116.549879][ T6469] el0t_64_sync_handler+0x84/0x108 [ 116.551036][ T6469] el0t_64_sync+0x198/0x19c [ 116.552031][ T6469] [ 116.552530][ T6469] Freed by task 16: [ 116.553288][ T6469] kasan_save_track+0x40/0x78 [ 116.554241][ T6469] kasan_save_free_info+0x54/0x6c [ 116.555311][ T6469] __kasan_slab_free+0x64/0x8c [ 116.556234][ T6469] kmem_cache_free+0x198/0x554 [ 116.557368][ T6469] sock_free_inode+0x28/0x38 [ 116.558308][ T6469] i_callback+0x50/0x78 [ 116.559148][ T6469] rcu_core+0x898/0x1b5c [ 116.560005][ T6469] rcu_core_si+0x10/0x1c [ 116.561011][ T6469] handle_softirqs+0x320/0xd34 [ 116.561997][ T6469] run_ksoftirqd+0x70/0xc0 [ 116.563040][ T6469] smpboot_thread_fn+0x4b0/0x90c [ 116.564199][ T6469] kthread+0x288/0x310 [ 116.565018][ T6469] ret_from_fork+0x10/0x20 [ 116.565928][ T6469] [ 116.566351][ T6469] Last potentially related work creation: [ 116.567637][ T6469] kasan_save_stack+0x40/0x6c [ 116.568641][ T6469] __kasan_record_aux_stack+0xb8/0xd0 [ 116.569804][ T6469] kasan_record_aux_stack_noalloc+0x14/0x20 [ 116.571065][ T6469] call_rcu+0x104/0xb00 [ 116.571946][ T6469] evict+0x7b4/0x978 [ 116.572757][ T6469] iput+0x740/0x8e8 [ 116.573567][ T6469] sock_release+0x110/0x140 [ 116.574563][ T6469] udp_tunnel_sock_release+0x74/0x88 [ 116.575771][ T6469] cleanup_bearer+0x180/0x298 [ 116.576830][ T6469] process_one_work+0x7a8/0x15cc [ 116.577457][ T7595] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 116.577903][ T6469] worker_thread+0x97c/0xeec [ 116.581124][ T6469] kthread+0x288/0x310 [ 116.582145][ T6469] ret_from_fork+0x10/0x20 [ 116.583100][ T6469] [ 116.583557][ T6469] The buggy address belongs to the object at ffff0000db2a3600 [ 116.583557][ T6469] which belongs to the cache sock_inode_cache of size 1408 [ 116.586623][ T6469] The buggy address is located 24 bytes inside of [ 116.586623][ T6469] freed 1408-byte region [ffff0000db2a3600, ffff0000db2a3b80) [ 116.589514][ T6469] [ 116.590005][ T6469] The buggy address belongs to the physical page: [ 116.591307][ T6469] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b2a0 [ 116.593214][ T6469] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 116.595016][ T6469] memcg:ffff0000ceeee701 [ 116.595912][ T6469] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 116.597505][ T6469] page_type: f5(slab) [ 116.598399][ T6469] raw: 05ffc00000000040 ffff0000c1be5c80 dead000000000100 dead000000000122 [ 116.599252][ T7595] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.600290][ T6469] raw: 0000000000000000 0000000000150015 00000001f5000000 ffff0000ceeee701 [ 116.604604][ T6469] head: 05ffc00000000040 ffff0000c1be5c80 dead000000000100 dead000000000122 [ 116.606428][ T6469] head: 0000000000000000 0000000000150015 00000001f5000000 ffff0000ceeee701 [ 116.608229][ T6469] head: 05ffc00000000003 fffffdffc36ca801 ffffffffffffffff 0000000000000000 [ 116.609995][ T6469] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 116.611756][ T6469] page dumped because: kasan: bad access detected [ 116.613048][ T6469] [ 116.613513][ T6469] Memory state around the buggy address: [ 116.614737][ T6469] ffff0000db2a3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 116.616442][ T6469] ffff0000db2a3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 116.618212][ T6469] >ffff0000db2a3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.619851][ T6469] ^ [ 116.620795][ T6469] ffff0000db2a3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.622450][ T6469] ffff0000db2a3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.624172][ T6469] ================================================================== [ 116.630168][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.631661][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.635859][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.637247][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.673273][ T6469] Disabling lock debugging due to kernel taint [ 116.674533][ T6469] Unable to handle kernel paging request at virtual address dfff800000000006 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 116.707566][ T6469] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 116.714921][ T6469] Mem abort info: [ 116.715769][ T6469] ESR = 0x0000000096000005 [ 116.716738][ T6469] EC = 0x25: DABT (current EL), IL = 32 bits [ 116.717895][ T6469] SET = 0, FnV = 0 [ 116.718696][ T6469] EA = 0, S1PTW = 0 [ 116.726487][ T6469] FSC = 0x05: level 1 translation fault [ 116.727800][ T6469] Data abort info: [ 116.728623][ T6469] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 116.732627][ T6469] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 116.733833][ T6469] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 116.735012][ T6469] [dfff800000000006] address between user and kernel address ranges [ 116.736598][ T6469] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 116.738050][ T6469] Modules linked in: [ 116.738775][ T6469] CPU: 0 UID: 0 PID: 6469 Comm: kworker/0:5 Tainted: G B 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 [ 116.741258][ T6469] Tainted: [B]=BAD_PAGE [ 116.742212][ T6469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 116.744400][ T6469] Workqueue: events cleanup_bearer [ 116.745385][ T6469] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 116.747052][ T6469] pc : cleanup_bearer+0x1c0/0x298 [ 116.748105][ T6469] lr : cleanup_bearer+0x1bc/0x298 [ 116.749110][ T6469] sp : ffff80009c7a7aa0 [ 116.750078][ T6469] x29: ffff80009c7a7aa0 x28: ffff80008f97d600 x27: 1fffe000197943ca [ 116.751870][ T6469] x26: ffff0000c1080008 x25: ffff0000cbca2244 x24: dfff800000000000 [ 116.753491][ T6469] x23: ffff0000cbca1e40 x22: ffff0000c8b6f718 x21: 1fffe0001916dee1 [ 116.755348][ T6469] x20: 0000000000000030 x19: ffff0000c8b6f718 x18: 0000000000000008 [ 116.756940][ T6469] x17: 0000000000000000 x16: ffff80008326d65c x15: 0000000000000001 [ 116.758582][ T6469] x14: 1ffff000125cfaf0 x13: 0000000000000000 x12: 0000000000000000 [ 116.760173][ T6469] x11: ffff7000125cfaf1 x10: 0000000000ff0100 x9 : 0000000000000000 [ 116.761838][ T6469] x8 : 0000000000000006 x7 : 0000000000000001 x6 : 0000000000000001 [ 116.763461][ T6469] x5 : ffff80009c7a70d8 x4 : ffff80008fa6f860 x3 : ffff8000802f42d0 [ 116.765127][ T6469] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000 [ 116.766875][ T6469] Call trace: [ 116.767584][ T6469] cleanup_bearer+0x1c0/0x298 (P) [ 116.768738][ T6469] cleanup_bearer+0x1bc/0x298 (L) [ 116.769761][ T6469] process_one_work+0x7a8/0x15cc [ 116.770870][ T6469] worker_thread+0x97c/0xeec [ 116.771840][ T6469] kthread+0x288/0x310 [ 116.772678][ T6469] ret_from_fork+0x10/0x20 [ 116.773665][ T6469] Code: f9400288 9100c114 9414cacf d343fe88 (38786908) [ 116.775034][ T6469] ---[ end trace 0000000000000000 ]--- [ 117.320225][ T6469] Kernel panic - not syncing: Oops: Fatal exception [ 117.321504][ T6469] SMP: stopping secondary CPUs [ 117.322436][ T6469] Kernel Offset: disabled [ 117.323486][ T6469] CPU features: 0x100,00002070,00800250,82017203 [ 117.324736][ T6469] Memory Limit: none [ 117.873703][ T6469] Rebooting in 86400 seconds..