last executing test programs: 7.124196893s ago: executing program 0 (id=460): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_LINK={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40) 6.982464374s ago: executing program 0 (id=461): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_mpls={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4, 0x21}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) 6.737008265s ago: executing program 0 (id=464): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, 0x0, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x5) write$dsp(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) 5.666397851s ago: executing program 0 (id=468): openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x1000000, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000400)={0x93, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)=""/228, 0xe4}], &(0x7f0000000280), 0x1}, 0x20) 5.268351143s ago: executing program 0 (id=470): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0) 5.178039753s ago: executing program 0 (id=471): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffdae, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.502578792s ago: executing program 3 (id=488): r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="cc000000000000001b"]) 1.436202903s ago: executing program 2 (id=489): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x40080) ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6) 1.254637953s ago: executing program 2 (id=491): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@allocspi={0x104, 0x16, 0x411, 0xffffffff, 0x0, {{{@in6=@private2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffd, 0x0, 0x10, 0x200, 0x2}, {@in=@multicast1, 0x0, 0x32}, @in=@local, {0x380, 0x0, 0x0, 0x400, 0x0, 0x0, 0xfffffffffffffffd}, {0x5d4}, {0x0, 0x0, 0x8}, 0x8000, 0xfffffffe, 0x2, 0x2}, 0x0, 0x6}, [@lastused={0xc, 0xf, 0x9}]}, 0x104}, 0x1, 0x0, 0x0, 0x881}, 0x0) 1.254550873s ago: executing program 3 (id=492): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 1.142443774s ago: executing program 3 (id=494): write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000002c0)={0x6, 0x118, 0xfa00, {{0x10b040, 0x1, "597991de14a8c44bd1c6ebdff8f0b2419870a194f6760e57c8f51426bc9b9ea4fb19d0c7fc5a07822b9588e6d4782a7c8d04c9ac1023170865f0511c6e220366c3121068b43a99047ff3ee76c1d0e6e048775377df7bd58def1bbea38401b1367056a6276f9883d8b9f6b6f0d54a89ffe889fda29dddc8b3388c951db8418a3a450898a3c9941b341279d2f1b94ca54b7199de8130fc0548b47b0d8ed9fa45394596d6aa869186ffa358ac8ddaaec9e862b5044a51c13d7eb4b812ec66bc628ef4c8588986ee69087fcd4f283f2038ad4ded7aa2cfca51e3ca825e8cc877995884325693818b2651971f7a62e872ebb8ca7ce0157701fe1c14b9b5d8509a15bb", 0xc4, 0x3, 0x4, 0x2, 0xc1, 0x54, 0x8, 0x1}}}, 0x120) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61707400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}}, 0x20050800) 1.133954404s ago: executing program 2 (id=495): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x1, 0x0, &(0x7f0000002c40)=0xfffffe78) 1.038199495s ago: executing program 2 (id=498): syz_emit_vhci(&(0x7f0000001500)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_num_supported_adv_sets={{0x2}, {0x5}}}}, 0x8) 1.003448875s ago: executing program 3 (id=499): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$bfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x800a, &(0x7f0000000040)={[{'\''}, {'bfs\x00'}, {'5\x00Rl\x00\xc0'}, {'bfs\x00'}, {'bfs\x00'}]}, 0x1, 0x6c, &(0x7f0000000140)="$eJzszrEJQkEQBNDxkgtFMBcswB4sRQw1M1Ks0RLswMAKNFgNzgaEz3uwC7OT7K2nzJPXoOd0vhx2x9phklqSRZJlktW68mNb3ezT35/X/Xeq6X/9GQAAAAAAAAAYtWx+83B4BwAA///WxR5U") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000280)='./bus\x00', &(0x7f0000000000)='omfs\x00', 0x8004, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x880, &(0x7f0000000280)={[{@nobarrier}, {@part={'part', 0x3d, 0x3}}, {@nobarrier}, {@nls={'nls', 0x3d, 'iso8859-14'}}, {@uid}, {@gid}, {@nobarrier}, {@uid}]}, 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbGLHDiLdpElTEBJWOYAakdjeyAQJCSgFWahClbj0aiWb2somjewtcntAAXFu/wEO5WDOHLiAgpQDZ/4Fox4R3H0LmtlZ78bZbO3Uza7bz0eafe/tm/fmN7/MTmZmZW2Ar6zVdzLzKEVWr7y1XbZ3d1qd3Z3W3X49yZkkjWQuSVG+/dcknyYP0lvyjX7HOMXHqzfXH350udeaq5dqXHGY8ePtx9LsxVqVxzXf8ueeb7CHC0ku1CVM3OO+f4/s/pyfSwBgmhXJqVHvN5Oz9cV6eR/QuyruXWNPhfmvP9+4B8cdCAAAAEyhl/ayl+2cm3QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcJLUv/9f1EujX19I0f/9/9n6vdT1E+3RpAMAAAAAAAAAgGPw7b3sZTvn+u3HRfWd/2tV42L1+rW8n620s5mr2c5auulmM0tJmkMTzW6vdbubS4cYuTxy5PKL2V8AAAAAAAAA+JL6fVYH3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0KJJTvaJaLvbrzTROJ5lLMluu9yB52K+fZI8mHQAAAAC8AC/tZS/bOddvPy6qe/5Xqvv+ubyfe+lmI9100s6t6llA766/sbvT6uzutO6Wy9Pz/vR/RwqjmjG9Zw+jt7xYrXFpf8RqfpFf50oW8nY2s5HfZC3dtLOQN6vaWoo066cXzX6co+P9yROttz8r1lerSOZzOxtVbFdzM++lk1tpVPtQrTN+i78rs1P8uHbIHN2qy3KPflmX06FZZWRmPyOLde7LbJwfn4kjHicHt7SUxv4zqItfQM7P1mWZ6zcnkPPGM3sOZmJ56Oh7ZXwmksXl/95f79y7s35768r0HEbP6WAmWkOZuPyVysRsnY3eWfRoZ8vXqrHnspFf5b3cSjs3spgbWcn1tLKSH2ZlKK+XDvFZaxzts/ad79WVmSQ/r8vpUOb1/FBeh890zapv+J1Bli4c/xnp9DfrSnmwvjF1/wucP3Bu7mfi5fGZ+NPj8nWrc+/O5vra/UNu77t1WWbgZ1OVifJ4uVD+Y1WtJ4+Osu/lkX1LVd/F/b7GU32X9vs+65M6W1/DPT3TctV3eWRfq+p7dahv1FUOAFPv7OtnZ+f/M/+v+U/m/zC/Pv/W3Btnbpz51mxm/nn676f+0vhz40fF6/kkvx3c/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM9v64MP76x1Ou1Nleep/O2PyRSEUVf6v5w1LfGonODKhE9MwBfuWvfu/WtbH3z4/Y27a++2323fu760snz9+uLKD25cu73RaS/2XicdJgBwjAYX/ZOOBAAAAAAAAAAAAAAAeJYX8efEk95HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgy231ncw8SpGlxauLZXt3p9Upl359sOZckqKs/CPJp8mD9JY0h6YrnrWd4uPVm+sPP7o8mGuuv34xbtzhPBFL40BMT2gcfb7lcfMdymAPF5JcqEuYuP8HAAD//9F4/7E=") syz_mount_image$fuse(0x0, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 882.617826ms ago: executing program 2 (id=500): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/92, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000003380)) r1 = eventfd2(0x76, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000140)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=""/4091}) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 792.986356ms ago: executing program 4 (id=504): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 669.077797ms ago: executing program 4 (id=505): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@allocspi={0x104, 0x16, 0x411, 0xffffffff, 0x0, {{{@in6=@private2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffd, 0x0, 0x10, 0x200, 0x2}, {@in=@multicast1, 0x0, 0x32}, @in=@local, {0x380, 0x0, 0x0, 0x400, 0x0, 0x0, 0xfffffffffffffffd}, {0x5d4}, {0x0, 0x0, 0x8}, 0x8000, 0xfffffffe, 0x2, 0x2}, 0x0, 0x6}, [@lastused={0xc, 0xf, 0x9}]}, 0x104}, 0x1, 0x0, 0x0, 0x881}, 0x0) 668.346337ms ago: executing program 3 (id=506): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x2) setsockopt$ax25_int(r0, 0x101, 0x3, &(0x7f0000000140)=0xa45, 0x4) 603.122177ms ago: executing program 4 (id=508): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20020, &(0x7f0000000500)={[{@gid}]}) 601.653237ms ago: executing program 1 (id=509): semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x3, 0x1800}, {0x2, 0x6}], 0x2, 0x0) semctl$GETZCNT(0x0, 0x0, 0x10, 0x0) 513.573117ms ago: executing program 1 (id=510): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c00000002060108000000000000bfd4f99200000d0003006c6973743a736574000000000500050000000000050001000700000005000400000000000900020073797a320000000014000780080006400000000008001740"], 0x5c}}, 0x0) 434.640488ms ago: executing program 3 (id=511): syz_open_dev$vim2m(&(0x7f0000000000), 0xfff, 0x2) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r2, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) 434.524938ms ago: executing program 1 (id=512): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) recvmsg(r0, &(0x7f0000002880)={0x0, 0x0, 0x0}, 0x2020) 284.898368ms ago: executing program 1 (id=513): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x52, &(0x7f0000000200)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@timestamp={0x44, 0x10, 0x33, 0x0, 0x4, [0x8, 0xf38e, 0x5]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x1, 0x6}]}}}}}}}, 0x0) 181.446059ms ago: executing program 1 (id=514): madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x7ac}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x15) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) r2 = socket$inet6(0x10, 0x3, 0x0) write(r2, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 138.556369ms ago: executing program 4 (id=515): prlimit64(0x0, 0xe, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1c, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x4004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_procfs(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYRES32], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 110.83408ms ago: executing program 4 (id=516): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x101, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000100)={0x3, 0x1, 0x0, "cdf922c1d6edb8c40b20f2d448d6662fb024cf64cea94ee5d4fa20c641c6e2e1", 0x584e4f53}) 32.71256ms ago: executing program 1 (id=517): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[], 0x68}}, 0x0) 760.59µs ago: executing program 4 (id=518): prctl$PR_MCE_KILL(0x4b, 0x0, 0x0) 0s ago: executing program 2 (id=519): socket$nl_route(0x10, 0x3, 0x0) unshare(0x400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(anubis-generic)\x00'}, 0x58) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r2, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000500)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r7, 0x25, &(0x7f0000000040)={0x0, 0x1, 0x42, 0xfffffffffffffffc}) fcntl$lock(r7, 0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x81}) r8 = add_key$fscrypt_provisioning(&(0x7f0000004e40), &(0x7f0000004e80)={'syz', 0x3}, &(0x7f0000004ec0)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffffe) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r9, 0x4018aee3, 0x0) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000004f00)={r8}, &(0x7f0000004f40)={'enc=', 'pkcs1', ' hash=', {'sha3-512-generic\x00'}}, 0x0, 0x0) syz_emit_ethernet(0x5a, &(0x7f00000000c0)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.33' (ED25519) to the list of known hosts. [ 56.934060][ T4155] cgroup: Unknown subsys name 'net' [ 57.071569][ T4155] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.537766][ T4155] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 59.853916][ T4165] chnl_net:caif_netlink_parms(): no params data found [ 59.906655][ T4171] chnl_net:caif_netlink_parms(): no params data found [ 59.984396][ T4176] chnl_net:caif_netlink_parms(): no params data found [ 60.057081][ T4172] chnl_net:caif_netlink_parms(): no params data found [ 60.109926][ T4165] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.117648][ T4165] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.126448][ T4165] device bridge_slave_0 entered promiscuous mode [ 60.139306][ T4165] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.146425][ T4165] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.154582][ T4165] device bridge_slave_1 entered promiscuous mode [ 60.162437][ T4169] chnl_net:caif_netlink_parms(): no params data found [ 60.179598][ T4171] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.186881][ T4171] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.194803][ T4171] device bridge_slave_0 entered promiscuous mode [ 60.203068][ T4171] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.210279][ T4171] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.218086][ T4171] device bridge_slave_1 entered promiscuous mode [ 60.279987][ T4165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.289371][ T4176] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.297272][ T4176] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.305563][ T4176] device bridge_slave_0 entered promiscuous mode [ 60.332890][ T4165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.342461][ T4176] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.349849][ T4176] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.358024][ T4176] device bridge_slave_1 entered promiscuous mode [ 60.367442][ T4171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.403180][ T4171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.422823][ T4176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.459057][ T4176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.472947][ T4172] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.480345][ T4172] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.488708][ T4172] device bridge_slave_0 entered promiscuous mode [ 60.499124][ T4165] team0: Port device team_slave_0 added [ 60.507629][ T4165] team0: Port device team_slave_1 added [ 60.535987][ T4172] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.543065][ T4172] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.551470][ T4172] device bridge_slave_1 entered promiscuous mode [ 60.569266][ T4171] team0: Port device team_slave_0 added [ 60.606247][ T4171] team0: Port device team_slave_1 added [ 60.612796][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.619890][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.645888][ T4165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.660036][ T4176] team0: Port device team_slave_0 added [ 60.668251][ T4176] team0: Port device team_slave_1 added [ 60.674157][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.681318][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.689761][ T4169] device bridge_slave_0 entered promiscuous mode [ 60.712788][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.719903][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.746426][ T4165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.764295][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.771688][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.779944][ T4169] device bridge_slave_1 entered promiscuous mode [ 60.788968][ T4172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.827784][ T4172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.837737][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.844946][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.871399][ T4171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.884484][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.891606][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.917631][ T4171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.930240][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.937286][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.963381][ T4176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.011791][ T4176] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.018903][ T4176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.044896][ T4176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.063353][ T4169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.081566][ T4172] team0: Port device team_slave_0 added [ 61.107438][ T4169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.123935][ T4172] team0: Port device team_slave_1 added [ 61.140666][ T4171] device hsr_slave_0 entered promiscuous mode [ 61.148088][ T4171] device hsr_slave_1 entered promiscuous mode [ 61.166095][ T4165] device hsr_slave_0 entered promiscuous mode [ 61.172768][ T4165] device hsr_slave_1 entered promiscuous mode [ 61.179712][ T4165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.187613][ T4165] Cannot create hsr debugfs directory [ 61.211805][ T4176] device hsr_slave_0 entered promiscuous mode [ 61.218636][ T4176] device hsr_slave_1 entered promiscuous mode [ 61.225654][ T4176] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.233249][ T4176] Cannot create hsr debugfs directory [ 61.272665][ T4169] team0: Port device team_slave_0 added [ 61.290586][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.297834][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.324152][ T4172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.339238][ T4172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.346392][ T4172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.372409][ T4172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.385019][ T4169] team0: Port device team_slave_1 added [ 61.433527][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.440577][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.465812][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 61.473222][ T4169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.513757][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.520843][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.544872][ T23] Bluetooth: hci1: command 0x0409 tx timeout [ 61.547874][ T4169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.609438][ T4172] device hsr_slave_0 entered promiscuous mode [ 61.616749][ T4172] device hsr_slave_1 entered promiscuous mode [ 61.623218][ T4172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.625442][ T23] Bluetooth: hci3: command 0x0409 tx timeout [ 61.631410][ T13] Bluetooth: hci4: command 0x0409 tx timeout [ 61.643107][ T4172] Cannot create hsr debugfs directory [ 61.643563][ T23] Bluetooth: hci2: command 0x0409 tx timeout [ 61.709238][ T4169] device hsr_slave_0 entered promiscuous mode [ 61.716861][ T4169] device hsr_slave_1 entered promiscuous mode [ 61.723542][ T4169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.731229][ T4169] Cannot create hsr debugfs directory [ 61.924034][ T4165] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.940675][ T4165] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.950336][ T4165] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.964530][ T4165] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.005592][ T4176] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.015855][ T4176] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.039828][ T4176] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.049460][ T4176] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.108803][ T4171] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.128255][ T4171] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.161754][ T4171] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.191222][ T4169] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.201910][ T4171] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.230594][ T4169] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.253476][ T4169] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.264188][ T4169] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.287143][ T4165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.306615][ T4172] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.325671][ T4172] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.335644][ T4172] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.347525][ T4172] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.400555][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.411883][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.421631][ T4165] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.455829][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.466611][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.476043][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.483222][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.492669][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.501705][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.510945][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.518099][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.529562][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.554025][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.568277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.591366][ T4176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.608477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.619028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.632686][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.664976][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.673840][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.682698][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.690870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.702016][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.710516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.730778][ T4169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.741676][ T4171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.751491][ T4176] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.773981][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.783477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.792208][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.799315][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.807444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.818208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.827850][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.834973][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.842706][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.857478][ T4165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.871071][ T4165] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.883673][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.899246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.927079][ T4171] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.948572][ T4169] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.961793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.970726][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.981972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.991852][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.000228][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.010582][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.020062][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.029326][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.038921][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.048053][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.057401][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.087330][ T4176] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.099502][ T4176] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.112865][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.121955][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.131694][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.138832][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.147900][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.157016][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.165910][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.172994][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.181364][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.190774][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.199550][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.209440][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.218380][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.225504][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.233375][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.242039][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.250545][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.258817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.266625][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.277597][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.293736][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.303277][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.312344][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.319466][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.329943][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.354350][ T4172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.367798][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.380218][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.418574][ T4172] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.434974][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.444308][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.453666][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.461752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.470601][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.478442][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.486246][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.495290][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.503843][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.512898][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.523946][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.546984][ T4208] Bluetooth: hci0: command 0x041b tx timeout [ 63.553414][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.570980][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.583748][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.593443][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.608174][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.615304][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.622993][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.632726][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.634953][ T4208] Bluetooth: hci1: command 0x041b tx timeout [ 63.642483][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.655741][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.664212][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.671329][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.680794][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.689405][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.697958][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.706351][ T4208] Bluetooth: hci2: command 0x041b tx timeout [ 63.707492][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.712640][ T4208] Bluetooth: hci3: command 0x041b tx timeout [ 63.726894][ T4208] Bluetooth: hci4: command 0x041b tx timeout [ 63.727569][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.747186][ T4165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.765701][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.782896][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.792510][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.802304][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.829748][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.840672][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.849535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.860020][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.868854][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.882172][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.890882][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.899874][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.908897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.917827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.926391][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.935969][ T4169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.966952][ T4172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.987452][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.003928][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.040361][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.063946][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.095982][ T4165] device veth0_vlan entered promiscuous mode [ 64.132091][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.150965][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.176849][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.190159][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.206419][ T4176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.219359][ T4165] device veth1_vlan entered promiscuous mode [ 64.241565][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.253921][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.277445][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.290156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.310253][ T4169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.342146][ T4172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.364348][ T4165] device veth0_macvtap entered promiscuous mode [ 64.372751][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.381174][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.389056][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.398434][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.408134][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.433380][ T4171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.450515][ T4165] device veth1_macvtap entered promiscuous mode [ 64.491562][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.502490][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.513054][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.538609][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.550451][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.559698][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.569198][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.607613][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.617649][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.628188][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.639284][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.647579][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.656419][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.666550][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.679332][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.688402][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.701822][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.711928][ T4171] device veth0_vlan entered promiscuous mode [ 64.720569][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.729505][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.738514][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.746952][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.756244][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.766193][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.775117][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.782927][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.791486][ T4169] device veth0_vlan entered promiscuous mode [ 64.799749][ T4172] device veth0_vlan entered promiscuous mode [ 64.809473][ T4165] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.819155][ T4165] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.829329][ T4165] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.839517][ T4165] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.855062][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.863840][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.877824][ T4169] device veth1_vlan entered promiscuous mode [ 64.903233][ T4172] device veth1_vlan entered promiscuous mode [ 64.912647][ T4171] device veth1_vlan entered promiscuous mode [ 65.000154][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.010319][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.019462][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.028466][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.037599][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.047595][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.056561][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.065041][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.073728][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.083932][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.093066][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.102356][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.113573][ T4176] device veth0_vlan entered promiscuous mode [ 65.126690][ T4171] device veth0_macvtap entered promiscuous mode [ 65.136428][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.146753][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.155917][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.179518][ T4176] device veth1_vlan entered promiscuous mode [ 65.205778][ T4169] device veth0_macvtap entered promiscuous mode [ 65.213925][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.225679][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.234345][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.247162][ T4172] device veth0_macvtap entered promiscuous mode [ 65.267390][ T4171] device veth1_macvtap entered promiscuous mode [ 65.275351][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.283412][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.297524][ T4169] device veth1_macvtap entered promiscuous mode [ 65.331666][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.342786][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.354556][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.362846][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.371102][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.380250][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.389517][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.406086][ T4172] device veth1_macvtap entered promiscuous mode [ 65.429549][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.441224][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.452959][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.463663][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.477132][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.487513][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.498291][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.510289][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.529085][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.541888][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.552583][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.564045][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.576301][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.584136][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.592822][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.602404][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.611069][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.620054][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.628585][ T21] Bluetooth: hci0: command 0x040f tx timeout [ 65.629441][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.643711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.652966][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.662046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.674271][ T4176] device veth0_macvtap entered promiscuous mode [ 65.684992][ T4171] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.694141][ T4171] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.703309][ T4171] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.714007][ T4171] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.716476][ T21] Bluetooth: hci1: command 0x040f tx timeout [ 65.727823][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.739391][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.749635][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.760251][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.770992][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.781626][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.793117][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.795303][ T21] Bluetooth: hci4: command 0x040f tx timeout [ 65.806643][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.817377][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.821195][ T21] Bluetooth: hci3: command 0x040f tx timeout [ 65.826381][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.831905][ T21] Bluetooth: hci2: command 0x040f tx timeout [ 65.839266][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.855123][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.866434][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.876955][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.888366][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.899618][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.910585][ T4169] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.919561][ T4169] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.928618][ T4169] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.937683][ T4169] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.957113][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.965414][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.974046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.988792][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.997352][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.006603][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.019006][ T4172] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.029863][ T4172] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.038666][ T4172] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.047815][ T4172] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.078040][ T4176] device veth1_macvtap entered promiscuous mode [ 66.147939][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.218352][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.234780][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.254147][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.272475][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.282689][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.301349][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.311831][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.330162][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.344562][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.451731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.461137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.473184][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.484109][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.484202][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.500734][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.505539][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.538111][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.774880][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.839566][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.884480][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.997519][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.157035][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.286703][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.297779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.308681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.322289][ T4176] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.332638][ T4176] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.341606][ T4176] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.351116][ T4176] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.389537][ T1458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.405351][ T1458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.426365][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.445749][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.469469][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.490239][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.523264][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.532151][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.560795][ T1458] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.756211][ T4248] process 'syz.1.6' launched '/dev/fd/3' with NULL argv: empty string added [ 68.048017][ T4243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.318918][ T1106] Bluetooth: hci0: command 0x0419 tx timeout [ 68.334727][ T1106] Bluetooth: hci1: command 0x0419 tx timeout [ 68.364914][ T1106] Bluetooth: hci2: command 0x0419 tx timeout [ 68.370996][ T4243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.408371][ T1106] Bluetooth: hci3: command 0x0419 tx timeout [ 68.440116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.463080][ T1106] Bluetooth: hci4: command 0x0419 tx timeout [ 68.788139][ T4254] loop3: detected capacity change from 0 to 32768 [ 69.509459][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.541260][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.582664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.690861][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.750898][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.758073][ T4258] loop2: detected capacity change from 0 to 17 [ 69.765574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.773742][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.993501][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.261184][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.398246][ T4265] loop2: detected capacity change from 0 to 1024 [ 71.146169][ T4267] loop0: detected capacity change from 0 to 4096 [ 71.238309][ T4267] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 71.272225][ T4267] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 71.309100][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.315766][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.335475][ T4267] ntfs3: loop0: Failed to load $LogFile. [ 71.446720][ T4272] loop1: detected capacity change from 0 to 64 [ 71.480916][ T4276] loop4: detected capacity change from 0 to 1024 [ 71.661884][ T4276] EXT4-fs (loop4): Ignoring removed oldalloc option [ 72.330889][ T4267] loop0: detected capacity change from 0 to 4096 [ 72.406313][ T4276] EXT4-fs (loop4): mounted filesystem without journal. Opts: stripe=0x0000000000000003,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 72.479736][ T4289] loop2: detected capacity change from 0 to 128 [ 72.742541][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 72.752070][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 72.812050][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 72.845087][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 72.864646][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 72.864698][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 72.864741][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 72.864783][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 72.864942][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 72.864985][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 75.950578][ T4301] loop3: detected capacity change from 0 to 512 [ 76.049913][ T4301] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 76.084533][ T4301] EXT4-fs (loop3): invalid journal inode [ 76.162192][ T4301] EXT4-fs (loop3): can't get journal size [ 78.424421][ T4316] loop4: detected capacity change from 0 to 128 [ 78.439388][ T4316] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 78.441519][ T4301] EXT4-fs (loop3): 1 truncate cleaned up [ 78.448294][ T4316] sysv_free_block: trying to free block not in datazone [ 78.461199][ T4316] sysv_free_block: trying to free block not in datazone [ 78.472568][ T4316] sysv_free_block: trying to free block not in datazone [ 78.505041][ T4316] sysv_free_block: trying to free block not in datazone [ 78.512018][ T4316] sysv_free_block: trying to free block not in datazone [ 78.519780][ T4301] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 78.566090][ T4316] sysv_free_block: trying to free block not in datazone [ 78.624839][ T4316] sysv_free_block: trying to free block not in datazone [ 78.635664][ T4316] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 78.750467][ T4320] loop2: detected capacity change from 0 to 4096 [ 79.779184][ T4337] loop1: detected capacity change from 0 to 128 [ 79.930131][ T4337] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 80.014534][ T4337] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 81.061447][ T4323] loop4: detected capacity change from 0 to 32768 [ 81.738372][ T4348] netlink: 44 bytes leftover after parsing attributes in process `syz.0.28'. [ 81.883219][ T4323] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.23 (4323) [ 82.043374][ T1345] cfg80211: failed to load regulatory.db [ 82.126762][ T4323] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 82.130780][ T4351] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 82.157367][ T4323] BTRFS info (device loop4): force zlib compression, level 3 [ 82.182659][ T4323] BTRFS info (device loop4): turning on sync discard [ 82.240599][ T4323] BTRFS info (device loop4): setting nodatacow [ 82.268604][ T4323] BTRFS info (device loop4): enabling auto defrag [ 82.310488][ T4323] BTRFS info (device loop4): max_inline at 0 [ 82.310546][ T4323] BTRFS info (device loop4): using free space tree [ 82.310572][ T4323] BTRFS info (device loop4): has skinny extents [ 82.487100][ T4323] BTRFS error (device loop4): open_ctree failed [ 85.839384][ T4395] input: syz0 as /devices/virtual/input/input5 [ 90.813244][ T4421] loop1: detected capacity change from 0 to 1024 [ 91.194624][ C0] sched: RT throttling activated [ 91.196570][ T4423] loop3: detected capacity change from 0 to 128 [ 91.237358][ T4423] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 91.251540][ T4421] ======================================================= [ 91.251540][ T4421] WARNING: The mand mount option has been deprecated and [ 91.251540][ T4421] and is ignored by this kernel. Remove the mand [ 91.251540][ T4421] option from the mount to silence this warning. [ 91.251540][ T4421] ======================================================= [ 92.778407][ T4421] EXT4-fs warning (device loop1): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop1. [ 93.306018][ T4423] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 94.684273][ T4442] loop2: detected capacity change from 0 to 2048 [ 94.808516][ T4444] fuse: Unknown parameter 'use00000000000000000000' [ 94.971487][ T4442] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,usrjquota=,user_xattr,norecovery,auto_da_alloc,usrquota,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,,errors=continue. Quota mode: writeback. [ 95.112762][ T4442] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 96.232723][ T4458] loop1: detected capacity change from 0 to 2048 [ 97.387870][ T4458] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.466532][ T4494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.488520][ T4497] program syz.2.61 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 99.520934][ T4498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.602203][ T4494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.634464][ T4492] loop4: detected capacity change from 0 to 4096 [ 100.577961][ T4493] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.625936][ T4508] loop2: detected capacity change from 0 to 512 [ 100.767596][ T4508] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 100.836136][ T4508] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.195672][ T4518] loop2: detected capacity change from 0 to 4096 [ 101.251458][ T4518] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 102.231385][ T4526] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 102.238301][ T4526] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 102.276283][ T4526] vhci_hcd vhci_hcd.0: Device attached [ 102.478566][ T4528] vhci_hcd: connection closed [ 102.504656][ T4280] vhci_hcd: stop threads [ 102.514416][ T4280] vhci_hcd: release socket [ 102.528022][ T4280] vhci_hcd: disconnect device [ 103.789190][ T4542] loop3: detected capacity change from 0 to 4096 [ 104.149525][ T4544] IPVS: rr: SCTP 127.0.0.1:0 - no destination available [ 105.053934][ T4546] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 105.385184][ T4553] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 105.411962][ T4554] loop1: detected capacity change from 0 to 512 [ 105.514305][ T4554] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 105.581313][ T4554] EXT4-fs (loop1): invalid journal inode [ 105.618013][ T4554] EXT4-fs (loop1): can't get journal size [ 105.718625][ T4554] EXT4-fs (loop1): 1 truncate cleaned up [ 105.747268][ T4554] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 105.864170][ T4564] bridge0: port 3(gretap0) entered blocking state [ 105.886570][ T4564] bridge0: port 3(gretap0) entered disabled state [ 105.906038][ T4564] device gretap0 entered promiscuous mode [ 105.914013][ T4564] bridge0: port 3(gretap0) entered blocking state [ 105.921006][ T4564] bridge0: port 3(gretap0) entered forwarding state [ 106.080054][ T4569] loop4: detected capacity change from 0 to 1024 [ 106.103223][ T4556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'. [ 107.586264][ T4556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'. [ 107.677315][ T4569] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 107.718643][ T4569] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.736970][ T4556] device ip6gretap0 entered promiscuous mode [ 107.760966][ T4556] device batadv_slave_1 entered promiscuous mode [ 107.792254][ T4582] device vlan2 entered promiscuous mode [ 107.826934][ T4582] device dummy0 entered promiscuous mode [ 107.862570][ T1458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 107.944699][ T4556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'. [ 107.953784][ T4556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.72'. [ 108.057863][ T4556] Zero length message leads to an empty skb [ 108.943359][ T4591] loop3: detected capacity change from 0 to 1024 [ 110.198739][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 110.222525][ T4599] MPTCP: addr_signal error, rm_addr=1 [ 110.941345][ T4606] loop4: detected capacity change from 0 to 4096 [ 111.220467][ T4591] hfsplus: xattr searching failed [ 111.316702][ T4607] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.625455][ T26] audit: type=1800 audit(1732096241.109:2): pid=4591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.85" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 111.649888][ T4591] hfsplus: xattr searching failed [ 111.939714][ T4616] bridge0: port 3(gretap0) entered blocking state [ 111.946883][ T4616] bridge0: port 3(gretap0) entered disabled state [ 112.293780][ T4616] device gretap0 entered promiscuous mode [ 112.319842][ T4616] bridge0: port 3(gretap0) entered blocking state [ 112.326461][ T4616] bridge0: port 3(gretap0) entered forwarding state [ 112.791434][ T4628] device vlan2 entered promiscuous mode [ 112.974883][ T4628] device dummy0 entered promiscuous mode [ 113.091359][ T4635] tun0: tun_chr_ioctl cmd 1090556978 [ 114.495317][ T4644] capability: warning: `syz.0.108' uses 32-bit capabilities (legacy support in use) [ 114.801360][ T4650] loop1: detected capacity change from 0 to 16 [ 114.822710][ T4651] loop2: detected capacity change from 0 to 1024 [ 115.073137][ T4650] erofs: (device loop1): mounted with root inode @ nid 36. [ 115.723575][ T4660] attempt to access beyond end of device [ 115.723575][ T4660] loop1: rw=0, want=24, limit=16 [ 116.163480][ T4651] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 116.278129][ T4651] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.382672][ T4666] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 119.728660][ T4698] loop0: detected capacity change from 0 to 17 [ 121.160364][ T4706] loop0: detected capacity change from 0 to 1024 [ 123.591513][ T4733] mmap: syz.4.124 (4733) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 123.611067][ T4726] loop1: detected capacity change from 0 to 4096 [ 124.908067][ T4741] loop3: detected capacity change from 0 to 17 [ 124.950577][ T4726] Process accounting resumed [ 124.951467][ T4744] program syz.0.130 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 125.414966][ T4753] loop3: detected capacity change from 0 to 1024 [ 128.749790][ T4786] device team0 entered promiscuous mode [ 128.814831][ T4786] device team_slave_0 entered promiscuous mode [ 128.832010][ T4786] device team_slave_1 entered promiscuous mode [ 128.855029][ T4786] device dummy0 entered promiscuous mode [ 128.870922][ T4798] loop3: detected capacity change from 0 to 17 [ 128.879146][ T4786] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 128.915551][ T4786] Cannot create hsr debugfs directory [ 128.939848][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 129.155784][ T4800] loop1: detected capacity change from 0 to 1024 [ 129.783366][ T4806] loop0: detected capacity change from 0 to 128 [ 129.971708][ T4800] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 130.031048][ T4806] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.170695][ T4806] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 130.586573][ T4800] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,dioread_nolock,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback. [ 133.520750][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.527228][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.911657][ T4861] loop2: detected capacity change from 0 to 128 [ 136.007432][ T4861] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 136.050054][ T4861] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 137.902334][ T144] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 138.386399][ T4887] loop2: detected capacity change from 0 to 128 [ 139.009986][ T4887] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 139.045322][ T4887] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 140.519277][ T4899] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 140.642600][ T7] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 140.652307][ T7] Bluetooth: hci2: Injecting HCI hardware error event [ 140.660839][ T4166] Bluetooth: hci2: hardware error 0x00 [ 141.283209][ T4914] loop4: detected capacity change from 0 to 1024 [ 141.526707][ T4921] loop2: detected capacity change from 0 to 1024 [ 143.176955][ T1458] hfsplus: b-tree write err: -5, ino 4 [ 143.352360][ T4280] hfsplus: b-tree write err: -5, ino 4 [ 144.368318][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 144.689184][ T4972] netlink: 'syz.0.203': attribute type 1 has an invalid length. [ 145.854114][ T4983] loop3: detected capacity change from 0 to 2048 [ 146.331203][ T4952] loop2: detected capacity change from 0 to 32768 [ 146.513947][ T4983] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 146.541411][ T4983] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 146.574757][ T4983] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 146.585245][ T4983] UDF-fs: Scanning with blocksize 512 failed [ 146.630900][ T4992] netlink: 4 bytes leftover after parsing attributes in process `syz.4.211'. [ 146.657346][ T4983] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 148.192199][ T5013] netlink: 20 bytes leftover after parsing attributes in process `syz.2.218'. [ 149.556062][ T1345] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 149.564372][ T4204] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 150.208174][ T5031] loop4: detected capacity change from 0 to 16 [ 150.334749][ T4204] usb 1-1: Using ep0 maxpacket: 16 [ 150.340078][ T1345] usb 3-1: Using ep0 maxpacket: 16 [ 150.364727][ T5031] erofs: (device loop4): mounted with root inode @ nid 36. [ 150.475398][ T4204] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 151.191097][ T1345] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.210742][ T4204] usb 1-1: config 0 has no interface number 0 [ 151.298823][ T1345] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 151.320910][ T4204] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.335280][ T1345] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 151.344533][ T4204] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.406996][ T4204] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 151.418177][ T5037] loop3: detected capacity change from 0 to 512 [ 151.424748][ T4204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.528722][ T4204] usb 1-1: config 0 descriptor?? [ 151.565850][ T1345] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 151.595595][ T5037] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,grpid,nouid32,,errors=continue. Quota mode: writeback. [ 151.603317][ T1345] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.618570][ T5037] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 151.728133][ T1345] usb 3-1: Product: syz [ 151.756747][ T1345] usb 3-1: Manufacturer: syz [ 151.777629][ T1345] usb 3-1: SerialNumber: syz [ 152.063183][ T5050] device bond1 entered promiscuous mode [ 152.074357][ T5050] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.143073][ T5050] bond1 (unregistering): Released all slaves [ 152.216526][ T1345] usb 3-1: 0:2 : does not exist [ 152.245157][ T4204] uclogic 0003:28BD:0071.0001: failed retrieving string descriptor #100: -71 [ 152.259485][ T4204] uclogic 0003:28BD:0071.0001: failed retrieving pen parameters: -71 [ 152.294287][ T4204] uclogic 0003:28BD:0071.0001: pen probing failed: -71 [ 152.325446][ T1345] usb 3-1: USB disconnect, device number 2 [ 152.333004][ T4204] uclogic 0003:28BD:0071.0001: failed probing parameters: -71 [ 152.353886][ T4204] uclogic: probe of 0003:28BD:0071.0001 failed with error -71 [ 152.389880][ T4204] usb 1-1: USB disconnect, device number 2 [ 152.412015][ T5057] device bond0 entered promiscuous mode [ 152.424844][ T5057] device bond_slave_0 entered promiscuous mode [ 152.459444][ T5057] device bond_slave_1 entered promiscuous mode [ 152.575483][ T4166] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 152.723776][ T5066] loop3: detected capacity change from 0 to 512 [ 153.155692][ T5077] netlink: 24 bytes leftover after parsing attributes in process `syz.2.237'. [ 153.349093][ T5066] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 153.463540][ T5066] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 154.458499][ T5094] loop2: detected capacity change from 0 to 17 [ 154.752419][ T5102] netlink: 'syz.3.247': attribute type 29 has an invalid length. [ 154.781659][ T5102] netlink: 'syz.3.247': attribute type 29 has an invalid length. [ 154.801819][ T5102] netlink: 'syz.3.247': attribute type 29 has an invalid length. [ 154.933959][ T5104] loop2: detected capacity change from 0 to 1024 [ 154.941074][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 155.204877][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 155.325348][ T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 155.347165][ T23] usb 2-1: config 0 has no interface number 0 [ 155.400245][ T23] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.469085][ T23] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.480079][ T26] audit: type=1326 audit(1732096284.969:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 155.500763][ T23] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 155.586881][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.654984][ T26] audit: type=1326 audit(1732096284.969:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 155.696197][ T26] audit: type=1326 audit(1732096284.969:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 155.776405][ T26] audit: type=1326 audit(1732096284.969:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 155.934381][ T23] usb 2-1: config 0 descriptor?? [ 157.267977][ T23] uclogic 0003:28BD:0071.0002: failed retrieving string descriptor #100: -71 [ 157.278307][ T23] uclogic 0003:28BD:0071.0002: failed retrieving pen parameters: -71 [ 157.445376][ T23] uclogic 0003:28BD:0071.0002: pen probing failed: -71 [ 157.454741][ T23] uclogic 0003:28BD:0071.0002: failed probing parameters: -71 [ 157.462377][ T5124] loop4: detected capacity change from 0 to 1024 [ 158.337970][ T23] uclogic: probe of 0003:28BD:0071.0002 failed with error -71 [ 158.471041][ T23] usb 2-1: USB disconnect, device number 2 [ 158.632572][ T5135] loop3: detected capacity change from 0 to 2048 [ 160.017208][ T5135] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 160.044132][ T4343] hfsplus: b-tree write err: -5, ino 4 [ 160.078327][ T5148] loop2: detected capacity change from 0 to 16 [ 160.293293][ T5148] erofs: (device loop2): mounted with root inode @ nid 36. [ 160.317634][ T5148] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 160.335240][ T5148] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -35 in[64, 4032] out[1851] [ 160.348599][ T5148] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 160.918353][ T5151] loop1: detected capacity change from 0 to 256 [ 161.229860][ T5151] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 161.259988][ T5151] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 161.352843][ T5151] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 161.414916][ T5151] UDF-fs: Scanning with blocksize 512 failed [ 161.473225][ T5151] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 161.531840][ T5151] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.783243][ T5164] : renamed from ipvlan1 [ 163.713421][ T5176] loop3: detected capacity change from 0 to 128 [ 163.821696][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 163.898647][ T5176] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 163.934765][ T5176] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 163.974642][ T5176] UDF-fs: Scanning with blocksize 512 failed [ 164.035016][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 164.065605][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 164.097373][ T5176] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 164.161362][ T5193] capability: warning: `syz.1.278' uses deprecated v2 capabilities in a way that may be insecure [ 164.302252][ T5176] UDF-fs: Scanning with blocksize 1024 failed [ 164.337193][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 164.645010][ T13] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 165.185552][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 165.216118][ T5176] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 165.235863][ T5176] UDF-fs: Scanning with blocksize 2048 failed [ 165.280344][ T5208] syz.0.282 uses obsolete (PF_INET,SOCK_PACKET) [ 165.397221][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 165.435650][ T5176] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 165.905282][ T13] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 166.126737][ T13] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.161990][ T5176] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 166.170228][ T13] usb 2-1: Product: syz [ 166.175220][ T13] usb 2-1: Manufacturer: syz [ 166.180000][ T13] usb 2-1: SerialNumber: syz [ 166.204812][ T5176] UDF-fs: Scanning with blocksize 4096 failed [ 166.205034][ T13] r8152-cfgselector 2-1: config 0 descriptor?? [ 166.240831][ T5176] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 166.462357][ T5218] loop3: detected capacity change from 0 to 512 [ 166.523859][ T5218] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 166.536925][ T5218] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 166.549142][ T5218] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 166.558677][ T5218] System zones: 0-2, 18-18, 34-34 [ 166.566267][ T5218] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.285: bad orphan inode 15 [ 166.578429][ T5218] ext4_test_bit(bit=14, block=18) = 1 [ 166.583958][ T5218] is_bad_inode(inode)=0 [ 166.588799][ T5218] NEXT_ORPHAN(inode)=2264924160 [ 166.607215][ T5218] max_ino=32 [ 166.610430][ T5218] i_nlink=0 [ 166.613809][ T5218] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 166.681232][ T5218] EXT4-fs error (device loop3): ext4_do_update_inode:5174: inode #15: comm syz.3.285: corrupted inode contents [ 166.704897][ T13] r8152-cfgselector 2-1: Unknown version 0x0000 [ 166.717541][ T13] r8152-cfgselector 2-1: bad CDC descriptors [ 166.733994][ T5218] EXT4-fs error (device loop3): ext4_dirty_inode:6010: inode #15: comm syz.3.285: mark_inode_dirty error [ 166.772281][ T5218] EXT4-fs error (device loop3): ext4_do_update_inode:5174: inode #15: comm syz.3.285: corrupted inode contents [ 166.790613][ T13] r8152-cfgselector 2-1: Unknown version 0x0000 [ 166.797913][ T5218] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2961: inode #15: comm syz.3.285: mark_inode_dirty error [ 166.815969][ T13] r8152-cfgselector 2-1: USB disconnect, device number 3 [ 166.833779][ T5218] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2964: inode #15: comm syz.3.285: mark inode dirty (error -117) [ 166.860520][ T5218] EXT4-fs warning (device loop3): ext4_evict_inode:302: xattr delete (err -117) [ 166.885202][ T5218] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,,errors=continue. Quota mode: none. [ 166.939644][ T5218] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.285: bg 0: block 80: padding at end of block bitmap is not set [ 166.961744][ T5224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'. [ 167.300041][ T5231] loop3: detected capacity change from 0 to 2048 [ 167.719358][ T5231] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 170.084754][ T13] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 170.216890][ T26] audit: type=1326 audit(1732096299.709:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 170.394644][ T13] usb 2-1: Using ep0 maxpacket: 8 [ 170.584827][ T13] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 170.614317][ T13] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 170.630827][ T26] audit: type=1326 audit(1732096300.059:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.394648][ T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.421604][ T13] usb 2-1: config 0 descriptor?? [ 171.477817][ T5276] netlink: 'syz.0.303': attribute type 29 has an invalid length. [ 171.494358][ T26] audit: type=1326 audit(1732096300.059:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.517940][ T26] audit: type=1326 audit(1732096300.059:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.517979][ T26] audit: type=1326 audit(1732096300.059:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.518013][ T26] audit: type=1326 audit(1732096300.059:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.518046][ T26] audit: type=1326 audit(1732096300.059:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.518080][ T26] audit: type=1326 audit(1732096300.059:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.518113][ T26] audit: type=1326 audit(1732096300.059:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.518145][ T26] audit: type=1326 audit(1732096300.059:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5263 comm="syz.2.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f41122759 code=0x7ffc0000 [ 171.535087][ T5276] netlink: 'syz.0.303': attribute type 29 has an invalid length. [ 171.535420][ T5280] netlink: 'syz.0.303': attribute type 29 has an invalid length. [ 171.623571][ T5284] loop2: detected capacity change from 0 to 256 [ 171.778077][ T13] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 171.797883][ T5284] exfat: Unknown parameter 'keep_last_dots' [ 172.761272][ T4428] usb 2-1: USB disconnect, device number 4 [ 172.797311][ T4428] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 173.978808][ T5314] netlink: 14 bytes leftover after parsing attributes in process `syz.0.317'. [ 174.017820][ T5311] ptrace attach of "./syz-executor exec"[5315] was attempted by ""[5311] [ 174.288649][ T5327] loop3: detected capacity change from 0 to 256 [ 174.385519][ T5327] exfat: Unknown parameter 'keep_last_dots' [ 174.493094][ T5333] netlink: 24 bytes leftover after parsing attributes in process `syz.0.324'. [ 174.565610][ T4206] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 175.563175][ T5338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 175.644966][ T4206] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.687111][ T4206] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.717562][ T4206] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 175.757969][ T4206] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.801546][ T4206] usb 3-1: config 0 descriptor?? [ 176.609314][ T5357] netlink: 28 bytes leftover after parsing attributes in process `syz.4.333'. [ 176.874849][ T4206] pyra 0003:1E7D:2CF6.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 177.159787][ T4378] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 177.159837][ T4204] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 177.575746][ T4204] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 177.715135][ T4204] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 177.757342][ T4204] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 177.794828][ T4204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.874740][ T4378] usb 4-1: config 0 has no interfaces? [ 177.879165][ T5374] 9pnet: p9_fd_create_tcp (5374): problem connecting socket to 127.0.0.1 [ 177.880272][ T4378] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=64.46 [ 177.899061][ T5363] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 177.917997][ T4378] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.969248][ T4378] usb 4-1: config 0 descriptor?? [ 178.110896][ T5378] lo speed is unknown, defaulting to 1000 [ 178.142755][ T5378] lo speed is unknown, defaulting to 1000 [ 178.165019][ T4206] pyra 0003:1E7D:2CF6.0003: couldn't init struct pyra_device [ 178.172577][ T5378] lo speed is unknown, defaulting to 1000 [ 178.174789][ T4206] pyra 0003:1E7D:2CF6.0003: couldn't install mouse [ 178.185382][ T4204] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 178.211688][ T4204] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input7 [ 178.227380][ T4206] pyra: probe of 0003:1E7D:2CF6.0003 failed with error -71 [ 178.271916][ T4206] usb 3-1: USB disconnect, device number 3 [ 178.308511][ T4204] usb 1-1: USB disconnect, device number 3 [ 178.314698][ C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 178.476318][ T21] usb 4-1: USB disconnect, device number 2 [ 178.626234][ T4378] lo speed is unknown, defaulting to 1000 [ 178.639918][ T5378] infiniband syz1: set active [ 178.645497][ T5378] infiniband syz1: added lo [ 178.793551][ T5378] RDS/IB: syz1: added [ 178.867359][ T5378] smc: adding ib device syz1 with port count 1 [ 178.873795][ T5378] smc: ib device syz1 port 1 has pnetid [ 178.899924][ T4204] lo speed is unknown, defaulting to 1000 [ 178.919635][ T5378] lo speed is unknown, defaulting to 1000 [ 179.104768][ T21] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 179.192755][ T263] block nbd3: Attempted send on invalid socket [ 179.200131][ T263] blk_update_request: I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 179.328071][ T263] block nbd3: Attempted send on invalid socket [ 179.334400][ T263] blk_update_request: I/O error, dev nbd3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 179.380451][ T5378] lo speed is unknown, defaulting to 1000 [ 179.536841][ T21] usb 3-1: Using ep0 maxpacket: 32 [ 179.695503][ T21] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 179.736620][ T21] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 179.912948][ T21] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 180.114976][ T21] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 180.209989][ T21] usb 3-1: config 0 interface 0 has no altsetting 0 [ 180.312060][ T5403] raw_sendmsg: syz.1.350 forgot to set AF_INET. Fix it! [ 180.346145][ T5399] binder: 5397:5399 ioctl c0306201 20000140 returned -14 [ 180.360493][ T5378] lo speed is unknown, defaulting to 1000 [ 180.430175][ T21] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 180.442522][ T5407] rdma_rxe: rxe creation allowed on top of a real device only [ 180.463053][ T21] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 180.491363][ T21] usb 3-1: Product: syz [ 180.501669][ T21] usb 3-1: Manufacturer: syz [ 180.507978][ T21] usb 3-1: SerialNumber: syz [ 180.523835][ T21] usb 3-1: config 0 descriptor?? [ 180.587374][ T21] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 180.615643][ T21] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 180.760372][ T5378] lo speed is unknown, defaulting to 1000 [ 180.936155][ T5378] lo speed is unknown, defaulting to 1000 [ 181.146010][ T4378] usb 3-1: USB disconnect, device number 4 [ 181.193458][ T4378] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 182.293459][ T5406] infiniband syz0: set active [ 182.314171][ T5406] infiniband syz0: added bond_slave_1 [ 182.362874][ T5406] infiniband syz0: Couldn't open port 1 [ 182.396258][ T5440] netlink: 16 bytes leftover after parsing attributes in process `syz.3.364'. [ 182.473494][ T5406] RDS/IB: syz0: added [ 182.488968][ T5406] smc: adding ib device syz0 with port count 1 [ 182.528585][ T5406] smc: ib device syz0 port 1 has pnetid [ 182.580869][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 182.580883][ T26] audit: type=1326 audit(1732096312.069:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 182.645172][ T26] audit: type=1326 audit(1732096312.079:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 182.710639][ T26] audit: type=1326 audit(1732096312.079:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 182.811457][ T26] audit: type=1326 audit(1732096312.079:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 182.880492][ T26] audit: type=1326 audit(1732096312.079:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 182.902638][ C0] vkms_vblank_simulate: vblank timer overrun [ 183.442752][ T26] audit: type=1326 audit(1732096312.079:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 183.718378][ T5464] program syz.1.375 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.745959][ T26] audit: type=1326 audit(1732096312.079:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 183.791180][ T26] audit: type=1326 audit(1732096312.079:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 183.813765][ T26] audit: type=1326 audit(1732096312.079:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 183.835986][ C0] vkms_vblank_simulate: vblank timer overrun [ 183.873805][ T26] audit: type=1326 audit(1732096312.079:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5447 comm="syz.3.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb32fb0759 code=0x7ffc0000 [ 184.270596][ T5496] netlink: 24 bytes leftover after parsing attributes in process `syz.2.387'. [ 184.540880][ T5509] netlink: 'syz.3.390': attribute type 32 has an invalid length. [ 184.557129][ T5511] netlink: 40 bytes leftover after parsing attributes in process `syz.2.391'. [ 184.941872][ T5537] xt_hashlimit: size too large, truncated to 1048576 [ 185.433152][ T5555] device syzkaller1 entered promiscuous mode [ 185.643901][ T5560] af_packet: tpacket_rcv: packet too big, clamped from 74 to 4294967286. macoff=82 [ 187.246806][ T5599] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 187.396765][ T5604] loop2: detected capacity change from 0 to 17 [ 187.695915][ T5604] loop2: detected capacity change from 0 to 1024 [ 187.909967][ T4378] Bluetooth: hci0: command 0x0406 tx timeout [ 187.946972][ T4378] Bluetooth: hci1: command 0x0406 tx timeout [ 188.522899][ T5644] lo speed is unknown, defaulting to 1000 [ 188.693978][ T5651] loop4: detected capacity change from 0 to 17 [ 189.009113][ T5651] loop4: detected capacity change from 0 to 1024 [ 189.400910][ T5666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.449'. [ 189.695736][ T5685] loop2: detected capacity change from 0 to 17 [ 189.995335][ T5685] loop2: detected capacity change from 0 to 1024 [ 191.756398][ T5720] xt_hashlimit: size too large, truncated to 1048576 [ 192.426682][ T5727] loop2: detected capacity change from 0 to 17 [ 194.192300][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.201864][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.833890][ T5748] kvm: emulating exchange as write [ 194.960475][ T5751] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 195.126683][ T5755] tipc: Enabling of bearer rejected, failed to enable media [ 195.127880][ T5757] loop2: detected capacity change from 0 to 17 [ 195.320013][ T5762] 9pnet: p9_fd_create_tcp (5762): problem connecting socket to 127.0.0.1 [ 195.329620][ T5757] loop2: detected capacity change from 0 to 1024 [ 195.474386][ T5764] program syz.3.488 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 195.675305][ T5772] netlink: 452 bytes leftover after parsing attributes in process `syz.3.492'. [ 195.691940][ T5774] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 195.952749][ T5786] loop3: detected capacity change from 0 to 17 [ 196.137275][ T5786] loop3: detected capacity change from 0 to 1024 [ 196.147251][ T5796] cgroup2: Unknown parameter 'pids_localevents' [ 196.772827][ T5821] netlink: 'syz.1.514': attribute type 4 has an invalid length. [ 196.803650][ T5821] netlink: 17 bytes leftover after parsing attributes in process `syz.1.514'. [ 196.997150][ T4174] ================================================================== [ 197.005831][ T4174] BUG: KASAN: use-after-free in do_raw_spin_lock+0x290/0x370 [ 197.013236][ T4174] Read of size 4 at addr ffff888063e171cc by task kworker/u5:3/4174 [ 197.021234][ T4174] [ 197.023575][ T4174] CPU: 0 PID: 4174 Comm: kworker/u5:3 Not tainted 5.15.173-syzkaller #0 [ 197.031918][ T4174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 197.041991][ T4174] Workqueue: hci4 hci_rx_work [ 197.046695][ T4174] Call Trace: [ 197.049981][ T4174] [ 197.052929][ T4174] dump_stack_lvl+0x1e3/0x2d0 [ 197.057636][ T4174] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 197.063300][ T4174] ? _printk+0xd1/0x120 [ 197.067491][ T4174] ? __wake_up_klogd+0xcc/0x100 [ 197.072375][ T4174] ? panic+0x860/0x860 [ 197.076469][ T4174] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 197.082009][ T4174] print_address_description+0x63/0x3b0 [ 197.087586][ T4174] ? do_raw_spin_lock+0x290/0x370 [ 197.092652][ T4174] kasan_report+0x16b/0x1c0 [ 197.097190][ T4174] ? do_raw_spin_lock+0x290/0x370 [ 197.102251][ T4174] do_raw_spin_lock+0x290/0x370 [ 197.107134][ T4174] ? __lock_acquire+0x1ff0/0x1ff0 [ 197.112195][ T4174] ? __rwlock_init+0x140/0x140 [ 197.116989][ T4174] ? _raw_spin_lock_irqsave+0xac/0x120 [ 197.122475][ T4174] ? lockdep_hardirqs_off+0x70/0x100 [ 197.127793][ T4174] _raw_spin_lock_irqsave+0xdd/0x120 [ 197.133106][ T4174] ? _raw_spin_lock+0x40/0x40 [ 197.137812][ T4174] ? lockdep_hardirqs_on+0x94/0x130 [ 197.143039][ T4174] ? skb_dst_force+0x55/0x3d0 [ 197.148186][ T4174] __sock_queue_rcv_skb+0x3e4/0x960 [ 197.153421][ T4174] l2cap_sock_recv_cb+0xfe/0x1e0 [ 197.158387][ T4174] l2cap_recv_frame+0x1299/0x8ae0 [ 197.163448][ T4174] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 197.168934][ T4174] ? __mutex_unlock_slowpath+0x218/0x750 [ 197.174578][ T4174] ? rcu_lock_release+0x5/0x20 [ 197.179371][ T4174] ? mutex_unlock+0x10/0x10 [ 197.183872][ T4174] ? hci_conn_enter_active_mode+0x25c/0x360 [ 197.189773][ T4174] ? l2cap_recv_acldata+0x2ea/0x1560 [ 197.195069][ T4174] hci_rx_work+0x48f/0x990 [ 197.199496][ T4174] process_one_work+0x8a1/0x10c0 [ 197.204448][ T4174] ? worker_detach_from_pool+0x260/0x260 [ 197.210084][ T4174] ? _raw_spin_lock_irqsave+0x120/0x120 [ 197.215744][ T4174] ? kthread_data+0x4e/0xc0 [ 197.221597][ T4174] ? wq_worker_running+0x97/0x170 [ 197.226634][ T4174] worker_thread+0xaca/0x1280 [ 197.231325][ T4174] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 197.237247][ T4174] kthread+0x3f6/0x4f0 [ 197.241320][ T4174] ? rcu_lock_release+0x20/0x20 [ 197.246171][ T4174] ? kthread_blkcg+0xd0/0xd0 [ 197.250766][ T4174] ret_from_fork+0x1f/0x30 [ 197.255194][ T4174] [ 197.258219][ T4174] [ 197.260536][ T4174] Allocated by task 5832: [ 197.264888][ T4174] ____kasan_kmalloc+0xba/0xf0 [ 197.269650][ T4174] __kmalloc+0x168/0x300 [ 197.273912][ T4174] sk_prot_alloc+0xe0/0x200 [ 197.278415][ T4174] sk_alloc+0x35/0x310 [ 197.282489][ T4174] l2cap_sock_alloc+0x34/0x1d0 [ 197.287264][ T4174] l2cap_sock_create+0x10d/0x1c0 [ 197.292205][ T4174] bt_sock_create+0x159/0x220 [ 197.296938][ T4174] __sock_create+0x460/0x8f0 [ 197.301546][ T4174] __sys_socket+0x132/0x370 [ 197.306054][ T4174] __x64_sys_socket+0x76/0x80 [ 197.310730][ T4174] do_syscall_64+0x3b/0xb0 [ 197.315161][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 197.321063][ T4174] [ 197.323383][ T4174] Freed by task 5831: [ 197.327359][ T4174] kasan_set_track+0x4b/0x80 [ 197.331953][ T4174] kasan_set_free_info+0x1f/0x40 [ 197.336899][ T4174] ____kasan_slab_free+0xd8/0x120 [ 197.341920][ T4174] slab_free_freelist_hook+0xdd/0x160 [ 197.347318][ T4174] kfree+0xf1/0x270 [ 197.351123][ T4174] __sk_destruct+0x58e/0x840 [ 197.355705][ T4174] l2cap_sock_release+0x157/0x1d0 [ 197.360727][ T4174] sock_close+0xcd/0x230 [ 197.364970][ T4174] __fput+0x3fe/0x8e0 [ 197.368960][ T4174] task_work_run+0x129/0x1a0 [ 197.373547][ T4174] exit_to_user_mode_loop+0x106/0x130 [ 197.378915][ T4174] exit_to_user_mode_prepare+0xb1/0x140 [ 197.384461][ T4174] syscall_exit_to_user_mode+0x5d/0x240 [ 197.390006][ T4174] do_syscall_64+0x47/0xb0 [ 197.394419][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 197.400314][ T4174] [ 197.402635][ T4174] The buggy address belongs to the object at ffff888063e17000 [ 197.402635][ T4174] which belongs to the cache kmalloc-2k of size 2048 [ 197.416692][ T4174] The buggy address is located 460 bytes inside of [ 197.416692][ T4174] 2048-byte region [ffff888063e17000, ffff888063e17800) [ 197.430065][ T4174] The buggy address belongs to the page: [ 197.435702][ T4174] page:ffffea00018f8400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63e10 [ 197.445856][ T4174] head:ffffea00018f8400 order:3 compound_mapcount:0 compound_pincount:0 [ 197.454174][ T4174] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 197.462179][ T4174] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888017042000 [ 197.470777][ T4174] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 197.479389][ T4174] page dumped because: kasan: bad access detected [ 197.485817][ T4174] page_owner tracks the page as allocated [ 197.491531][ T4174] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4171, ts 61337472948, free_ts 19443433346 [ 197.510633][ T4174] get_page_from_freelist+0x3b78/0x3d40 [ 197.516188][ T4174] __alloc_pages+0x272/0x700 [ 197.520782][ T4174] new_slab+0xbb/0x4b0 [ 197.524850][ T4174] ___slab_alloc+0x6f6/0xe10 [ 197.529437][ T4174] __kmalloc_track_caller+0x1c7/0x300 [ 197.534805][ T4174] kmemdup+0x21/0x50 [ 197.538934][ T4174] neigh_sysctl_register+0xb0/0x530 [ 197.544155][ T4174] devinet_sysctl_register+0x9d/0x1a0 [ 197.549537][ T4174] inetdev_init+0x282/0x4a0 [ 197.554053][ T4174] inetdev_event+0x29b/0x1490 [ 197.558728][ T4174] raw_notifier_call_chain+0xd0/0x170 [ 197.564102][ T4174] call_netdevice_notifiers+0x145/0x1b0 [ 197.569648][ T4174] register_netdevice+0x12e8/0x1720 [ 197.574848][ T4174] virt_wifi_newlink+0x3e1/0x7f0 [ 197.580217][ T4174] rtnl_newlink+0x14e1/0x2070 [ 197.584893][ T4174] rtnetlink_rcv_msg+0x993/0xee0 [ 197.589828][ T4174] page last free stack trace: [ 197.594490][ T4174] free_unref_page_prepare+0xc34/0xcf0 [ 197.599951][ T4174] free_unref_page+0x95/0x2d0 [ 197.604625][ T4174] free_contig_range+0x95/0xf0 [ 197.609384][ T4174] destroy_args+0xfe/0x980 [ 197.613795][ T4174] debug_vm_pgtable+0x40d/0x470 [ 197.618642][ T4174] do_one_initcall+0x22b/0x7a0 [ 197.623404][ T4174] do_initcall_level+0x157/0x210 [ 197.628338][ T4174] do_initcalls+0x49/0x90 [ 197.632663][ T4174] kernel_init_freeable+0x425/0x5c0 [ 197.637861][ T4174] kernel_init+0x19/0x290 [ 197.642190][ T4174] ret_from_fork+0x1f/0x30 [ 197.646606][ T4174] [ 197.648922][ T4174] Memory state around the buggy address: [ 197.654544][ T4174] ffff888063e17080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.662605][ T4174] ffff888063e17100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.671094][ T4174] >ffff888063e17180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.679149][ T4174] ^ [ 197.685552][ T4174] ffff888063e17200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.694040][ T4174] ffff888063e17280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.702094][ T4174] ================================================================== [ 197.710145][ T4174] Disabling lock debugging due to kernel taint [ 197.716295][ T4174] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 197.723475][ T4174] CPU: 0 PID: 4174 Comm: kworker/u5:3 Tainted: G B 5.15.173-syzkaller #0 [ 197.733269][ T4174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 197.743321][ T4174] Workqueue: hci4 hci_rx_work [ 197.747999][ T4174] Call Trace: [ 197.751272][ T4174] [ 197.754201][ T4174] dump_stack_lvl+0x1e3/0x2d0 [ 197.758877][ T4174] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 197.764504][ T4174] ? panic+0x860/0x860 [ 197.768568][ T4174] ? rcu_is_watching+0x11/0xa0 [ 197.773328][ T4174] ? lock_release+0xb9/0x9a0 [ 197.777915][ T4174] panic+0x318/0x860 [ 197.781805][ T4174] ? check_panic_on_warn+0x1d/0xa0 [ 197.786909][ T4174] ? fb_is_primary_device+0xd0/0xd0 [ 197.792102][ T4174] ? do_raw_spin_unlock+0x137/0x8b0 [ 197.797298][ T4174] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 197.803205][ T4174] ? _raw_spin_unlock+0x40/0x40 [ 197.808073][ T4174] check_panic_on_warn+0x7e/0xa0 [ 197.813019][ T4174] ? do_raw_spin_lock+0x290/0x370 [ 197.818072][ T4174] end_report+0x6d/0xf0 [ 197.822230][ T4174] kasan_report+0x18e/0x1c0 [ 197.826752][ T4174] ? do_raw_spin_lock+0x290/0x370 [ 197.831776][ T4174] do_raw_spin_lock+0x290/0x370 [ 197.836647][ T4174] ? __lock_acquire+0x1ff0/0x1ff0 [ 197.841669][ T4174] ? __rwlock_init+0x140/0x140 [ 197.846432][ T4174] ? _raw_spin_lock_irqsave+0xac/0x120 [ 197.851885][ T4174] ? lockdep_hardirqs_off+0x70/0x100 [ 197.857166][ T4174] _raw_spin_lock_irqsave+0xdd/0x120 [ 197.862455][ T4174] ? _raw_spin_lock+0x40/0x40 [ 197.867126][ T4174] ? lockdep_hardirqs_on+0x94/0x130 [ 197.872334][ T4174] ? skb_dst_force+0x55/0x3d0 [ 197.877019][ T4174] __sock_queue_rcv_skb+0x3e4/0x960 [ 197.882219][ T4174] l2cap_sock_recv_cb+0xfe/0x1e0 [ 197.887157][ T4174] l2cap_recv_frame+0x1299/0x8ae0 [ 197.892192][ T4174] ? l2cap_conn_unreliable+0x1a0/0x1a0 [ 197.897647][ T4174] ? __mutex_unlock_slowpath+0x218/0x750 [ 197.903276][ T4174] ? rcu_lock_release+0x5/0x20 [ 197.908135][ T4174] ? mutex_unlock+0x10/0x10 [ 197.912638][ T4174] ? hci_conn_enter_active_mode+0x25c/0x360 [ 197.918533][ T4174] ? l2cap_recv_acldata+0x2ea/0x1560 [ 197.923845][ T4174] hci_rx_work+0x48f/0x990 [ 197.928262][ T4174] process_one_work+0x8a1/0x10c0 [ 197.933205][ T4174] ? worker_detach_from_pool+0x260/0x260 [ 197.938838][ T4174] ? _raw_spin_lock_irqsave+0x120/0x120 [ 197.944467][ T4174] ? kthread_data+0x4e/0xc0 [ 197.948964][ T4174] ? wq_worker_running+0x97/0x170 [ 197.953985][ T4174] worker_thread+0xaca/0x1280 [ 197.958658][ T4174] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 197.964559][ T4174] kthread+0x3f6/0x4f0 [ 197.968622][ T4174] ? rcu_lock_release+0x20/0x20 [ 197.973471][ T4174] ? kthread_blkcg+0xd0/0xd0 [ 197.978057][ T4174] ret_from_fork+0x1f/0x30 [ 197.982479][ T4174] [ 197.985715][ T4174] Kernel Offset: disabled [ 197.990042][ T4174] Rebooting in 86400 seconds..