DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2 forked to background, child pid 3187 [ 24.179898][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.196369][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. 2022/09/21 11:35:34 fuzzer started 2022/09/21 11:35:34 dialing manager at 10.128.0.169:44249 syzkaller login: [ 39.026855][ T3612] cgroup: Unknown subsys name 'net' [ 39.128581][ T3612] cgroup: Unknown subsys name 'rlimit' 2022/09/21 11:35:35 syscalls: 3697 2022/09/21 11:35:35 code coverage: enabled 2022/09/21 11:35:35 comparison tracing: enabled 2022/09/21 11:35:35 extra coverage: enabled 2022/09/21 11:35:35 delay kcov mmap: enabled 2022/09/21 11:35:35 setuid sandbox: enabled 2022/09/21 11:35:35 namespace sandbox: enabled 2022/09/21 11:35:35 Android sandbox: /sys/fs/selinux/policy does not exist 2022/09/21 11:35:35 fault injection: enabled 2022/09/21 11:35:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2022/09/21 11:35:35 net packet injection: enabled 2022/09/21 11:35:35 net device setup: enabled 2022/09/21 11:35:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/21 11:35:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/21 11:35:35 NIC VF setup: PCI device 0000:00:11.0 is not available 2022/09/21 11:35:35 USB emulation: enabled 2022/09/21 11:35:35 hci packet injection: enabled 2022/09/21 11:35:35 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220921-syzkaller) 2022/09/21 11:35:35 802.15.4 emulation: enabled 2022/09/21 11:35:35 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/21 11:35:35 fetching corpus: 50, signal 47096/50626 (executing program) 2022/09/21 11:35:35 fetching corpus: 100, signal 71358/76267 (executing program) 2022/09/21 11:35:36 fetching corpus: 150, signal 94249/100303 (executing program) 2022/09/21 11:35:36 fetching corpus: 200, signal 105052/112378 (executing program) 2022/09/21 11:35:37 fetching corpus: 249, signal 113644/122169 (executing program) 2022/09/21 11:35:37 fetching corpus: 298, signal 123114/132705 (executing program) 2022/09/21 11:35:37 fetching corpus: 345, signal 129680/140373 (executing program) 2022/09/21 11:35:38 fetching corpus: 395, signal 135921/147718 (executing program) 2022/09/21 11:35:38 fetching corpus: 444, signal 142917/155722 (executing program) 2022/09/21 11:35:38 fetching corpus: 494, signal 147368/161203 (executing program) 2022/09/21 11:35:39 fetching corpus: 544, signal 154461/169144 (executing program) 2022/09/21 11:35:39 fetching corpus: 594, signal 159655/175208 (executing program) 2022/09/21 11:35:39 fetching corpus: 643, signal 166650/182940 (executing program) 2022/09/21 11:35:40 fetching corpus: 693, signal 173644/190551 (executing program) 2022/09/21 11:35:40 fetching corpus: 743, signal 180014/197537 (executing program) 2022/09/21 11:35:41 fetching corpus: 793, signal 185057/203192 (executing program) 2022/09/21 11:35:41 fetching corpus: 842, signal 189334/208070 (executing program) 2022/09/21 11:35:41 fetching corpus: 892, signal 196167/215308 (executing program) 2022/09/21 11:35:41 fetching corpus: 942, signal 201048/220738 (executing program) 2022/09/21 11:35:42 fetching corpus: 992, signal 205303/225518 (executing program) 2022/09/21 11:35:42 fetching corpus: 1039, signal 209245/229985 (executing program) 2022/09/21 11:35:43 fetching corpus: 1085, signal 213672/234857 (executing program) 2022/09/21 11:35:43 fetching corpus: 1133, signal 216918/238604 (executing program) 2022/09/21 11:35:43 fetching corpus: 1183, signal 222060/244025 (executing program) 2022/09/21 11:35:44 fetching corpus: 1231, signal 225190/247645 (executing program) 2022/09/21 11:35:44 fetching corpus: 1280, signal 228359/251229 (executing program) 2022/09/21 11:35:44 fetching corpus: 1329, signal 233350/256345 (executing program) 2022/09/21 11:35:45 fetching corpus: 1379, signal 236173/259572 (executing program) 2022/09/21 11:35:45 fetching corpus: 1429, signal 239666/263342 (executing program) 2022/09/21 11:35:45 fetching corpus: 1479, signal 242281/266354 (executing program) 2022/09/21 11:35:46 fetching corpus: 1528, signal 245368/269706 (executing program) 2022/09/21 11:35:46 fetching corpus: 1578, signal 247839/272527 (executing program) 2022/09/21 11:35:46 fetching corpus: 1626, signal 249298/274471 (executing program) 2022/09/21 11:35:47 fetching corpus: 1674, signal 253243/278449 (executing program) 2022/09/21 11:35:47 fetching corpus: 1720, signal 256308/281711 (executing program) 2022/09/21 11:35:47 fetching corpus: 1769, signal 257792/283645 (executing program) 2022/09/21 11:35:48 fetching corpus: 1816, signal 260206/286303 (executing program) 2022/09/21 11:35:48 fetching corpus: 1864, signal 262566/288876 (executing program) 2022/09/21 11:35:48 fetching corpus: 1912, signal 265282/291738 (executing program) 2022/09/21 11:35:49 fetching corpus: 1961, signal 268071/294595 (executing program) 2022/09/21 11:35:49 fetching corpus: 2007, signal 271015/297539 (executing program) 2022/09/21 11:35:50 fetching corpus: 2055, signal 273022/299763 (executing program) 2022/09/21 11:35:50 fetching corpus: 2105, signal 276201/302854 (executing program) 2022/09/21 11:35:50 fetching corpus: 2155, signal 279378/305919 (executing program) 2022/09/21 11:35:51 fetching corpus: 2205, signal 281154/307898 (executing program) 2022/09/21 11:35:51 fetching corpus: 2255, signal 283433/310232 (executing program) 2022/09/21 11:35:52 fetching corpus: 2302, signal 285241/312154 (executing program) 2022/09/21 11:35:52 fetching corpus: 2349, signal 287632/314504 (executing program) 2022/09/21 11:35:53 fetching corpus: 2399, signal 290948/317569 (executing program) 2022/09/21 11:35:54 fetching corpus: 2446, signal 293621/320093 (executing program) 2022/09/21 11:35:54 fetching corpus: 2492, signal 294976/321642 (executing program) 2022/09/21 11:35:54 fetching corpus: 2542, signal 297118/323708 (executing program) 2022/09/21 11:35:54 fetching corpus: 2589, signal 298883/325513 (executing program) 2022/09/21 11:35:55 fetching corpus: 2639, signal 300609/327273 (executing program) 2022/09/21 11:35:55 fetching corpus: 2687, signal 303054/329629 (executing program) 2022/09/21 11:35:55 fetching corpus: 2732, signal 304758/331316 (executing program) 2022/09/21 11:35:56 fetching corpus: 2776, signal 306571/333064 (executing program) 2022/09/21 11:35:56 fetching corpus: 2826, signal 310010/335962 (executing program) 2022/09/21 11:35:57 fetching corpus: 2876, signal 311681/337595 (executing program) 2022/09/21 11:35:57 fetching corpus: 2922, signal 314342/339889 (executing program) 2022/09/21 11:35:57 fetching corpus: 2971, signal 316308/341670 (executing program) 2022/09/21 11:35:58 fetching corpus: 3018, signal 318260/343396 (executing program) 2022/09/21 11:35:58 fetching corpus: 3068, signal 319589/344683 (executing program) 2022/09/21 11:35:58 fetching corpus: 3117, signal 320608/345768 (executing program) 2022/09/21 11:35:58 fetching corpus: 3166, signal 322576/347462 (executing program) 2022/09/21 11:35:59 fetching corpus: 3215, signal 324278/349021 (executing program) 2022/09/21 11:35:59 fetching corpus: 3264, signal 326655/350990 (executing program) 2022/09/21 11:36:00 fetching corpus: 3311, signal 328768/352760 (executing program) 2022/09/21 11:36:00 fetching corpus: 3359, signal 330171/353998 (executing program) 2022/09/21 11:36:00 fetching corpus: 3406, signal 331387/355124 (executing program) 2022/09/21 11:36:01 fetching corpus: 3456, signal 334053/357129 (executing program) 2022/09/21 11:36:01 fetching corpus: 3502, signal 336567/359007 (executing program) 2022/09/21 11:36:02 fetching corpus: 3550, signal 338151/360318 (executing program) 2022/09/21 11:36:02 fetching corpus: 3598, signal 339536/361527 (executing program) 2022/09/21 11:36:02 fetching corpus: 3647, signal 341044/362795 (executing program) 2022/09/21 11:36:03 fetching corpus: 3696, signal 343455/364567 (executing program) 2022/09/21 11:36:03 fetching corpus: 3743, signal 344689/365570 (executing program) 2022/09/21 11:36:04 fetching corpus: 3793, signal 346232/366768 (executing program) 2022/09/21 11:36:04 fetching corpus: 3843, signal 347555/367885 (executing program) 2022/09/21 11:36:04 fetching corpus: 3893, signal 348830/368903 (executing program) 2022/09/21 11:36:04 fetching corpus: 3942, signal 351254/370598 (executing program) 2022/09/21 11:36:05 fetching corpus: 3991, signal 352277/371427 (executing program) 2022/09/21 11:36:05 fetching corpus: 4039, signal 353579/372481 (executing program) 2022/09/21 11:36:05 fetching corpus: 4087, signal 354290/373138 (executing program) 2022/09/21 11:36:06 fetching corpus: 4137, signal 355446/373985 (executing program) 2022/09/21 11:36:06 fetching corpus: 4185, signal 356658/374882 (executing program) 2022/09/21 11:36:06 fetching corpus: 4235, signal 358027/375875 (executing program) 2022/09/21 11:36:07 fetching corpus: 4277, signal 359287/376788 (executing program) [ 71.205977][ T1236] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.212294][ T1236] ieee802154 phy1 wpan1: encryption failed: -22 2022/09/21 11:36:07 fetching corpus: 4326, signal 363253/379135 (executing program) 2022/09/21 11:36:07 fetching corpus: 4374, signal 364224/379848 (executing program) 2022/09/21 11:36:08 fetching corpus: 4423, signal 365816/380875 (executing program) 2022/09/21 11:36:08 fetching corpus: 4471, signal 367561/381982 (executing program) 2022/09/21 11:36:09 fetching corpus: 4518, signal 369656/383284 (executing program) 2022/09/21 11:36:09 fetching corpus: 4568, signal 370950/384104 (executing program) 2022/09/21 11:36:09 fetching corpus: 4616, signal 372221/384911 (executing program) 2022/09/21 11:36:10 fetching corpus: 4666, signal 373627/385793 (executing program) 2022/09/21 11:36:10 fetching corpus: 4712, signal 374583/386420 (executing program) 2022/09/21 11:36:11 fetching corpus: 4760, signal 376159/387338 (executing program) 2022/09/21 11:36:11 fetching corpus: 4805, signal 377022/387916 (executing program) 2022/09/21 11:36:12 fetching corpus: 4854, signal 378622/388801 (executing program) [ 76.325089][ T7] cfg80211: failed to load regulatory.db 2022/09/21 11:36:12 fetching corpus: 4902, signal 380608/389872 (executing program) 2022/09/21 11:36:12 fetching corpus: 4950, signal 383132/391184 (executing program) 2022/09/21 11:36:13 fetching corpus: 4998, signal 384728/392049 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/392718 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/392789 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/392860 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/392924 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/392979 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393037 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393099 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393168 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393239 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393320 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393383 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393445 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393522 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393597 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393657 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393746 (executing program) 2022/09/21 11:36:13 fetching corpus: 5030, signal 385781/393818 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385784/393902 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385785/393964 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385785/394030 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394106 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394187 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394240 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394314 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394372 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394450 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394512 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394592 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394653 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394726 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394799 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394883 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/394948 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395005 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395071 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395135 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395195 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395280 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395362 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395439 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395515 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395577 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395641 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395698 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395760 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395826 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395903 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/395981 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396062 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396130 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396199 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396262 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396321 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396395 (executing program) 2022/09/21 11:36:13 fetching corpus: 5031, signal 385790/396469 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396561 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396628 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396680 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396754 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396818 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396877 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/396937 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397024 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397082 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397148 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397212 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397272 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397339 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397398 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397481 (executing program) 2022/09/21 11:36:13 fetching corpus: 5033, signal 385805/397546 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397603 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397677 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397749 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397818 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397883 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/397963 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398039 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398126 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398194 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398266 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398325 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398399 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398461 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398533 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398588 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398653 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398721 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398785 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385805/398841 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/398920 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/398972 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/399046 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/399108 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/399170 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/399212 (executing program) 2022/09/21 11:36:14 fetching corpus: 5033, signal 385835/399212 (executing program) 2022/09/21 11:36:16 starting 6 fuzzer processes 11:36:16 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) 11:36:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000140)={0x9909cb}) 11:36:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:16 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f00000008c0)=""/145, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='writeback_bdi_register\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 11:36:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "d8692720e41733e9"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0xfffffffffffffffc}}]}, 0x34}}, 0x0) 11:36:16 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) [ 81.850514][ T3636] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.857841][ T3636] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.865113][ T3638] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.872466][ T3638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.879834][ T3638] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.887294][ T3638] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.895086][ T3630] Bluetooth: hci0: HCI_REQ-0x0c1a [ 81.936593][ T49] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.944974][ T49] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.952305][ T49] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.960106][ T49] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.968192][ T49] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.981363][ T3636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.988611][ T3636] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.996003][ T3636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.000019][ T3630] chnl_net:caif_netlink_parms(): no params data found [ 82.003637][ T3632] Bluetooth: hci1: HCI_REQ-0x0c1a [ 82.023916][ T3648] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.031098][ T3648] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.038934][ T3648] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.044318][ T3649] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.046730][ T3648] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.053617][ T3649] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.061177][ T3648] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.067521][ T3649] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.081212][ T3648] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.081568][ T3649] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.088316][ T3648] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 82.096283][ T3649] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.102711][ T3648] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.109790][ T3649] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.116736][ T3648] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.123804][ T3649] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.130887][ T3648] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.137916][ T3635] Bluetooth: hci3: HCI_REQ-0x0c1a [ 82.144367][ T3648] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.156367][ T3649] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 82.156834][ T3648] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 82.163599][ T3631] Bluetooth: hci2: HCI_REQ-0x0c1a [ 82.170608][ T3648] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.175988][ T3649] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.189716][ T3633] Bluetooth: hci4: HCI_REQ-0x0c1a [ 82.195890][ T3634] Bluetooth: hci5: HCI_REQ-0x0c1a [ 82.325231][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.332351][ T3630] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.340130][ T3630] device bridge_slave_0 entered promiscuous mode [ 82.355807][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.362877][ T3630] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.370855][ T3630] device bridge_slave_1 entered promiscuous mode [ 82.458119][ T3630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.504634][ T3630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.549695][ T3630] team0: Port device team_slave_0 added [ 82.565803][ T3630] team0: Port device team_slave_1 added [ 82.582361][ T3635] chnl_net:caif_netlink_parms(): no params data found [ 82.638580][ T3634] chnl_net:caif_netlink_parms(): no params data found [ 82.647585][ T3630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.654538][ T3630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.680647][ T3630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.695010][ T3630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.701951][ T3630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.728030][ T3630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.740327][ T3631] chnl_net:caif_netlink_parms(): no params data found [ 82.748570][ T3633] chnl_net:caif_netlink_parms(): no params data found [ 82.846598][ T3632] chnl_net:caif_netlink_parms(): no params data found [ 82.874199][ T3631] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.881688][ T3631] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.889274][ T3631] device bridge_slave_0 entered promiscuous mode [ 82.897339][ T3635] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.904406][ T3635] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.912407][ T3635] device bridge_slave_0 entered promiscuous mode [ 82.932212][ T3630] device hsr_slave_0 entered promiscuous mode [ 82.938805][ T3630] device hsr_slave_1 entered promiscuous mode [ 82.950052][ T3631] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.957351][ T3631] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.965058][ T3631] device bridge_slave_1 entered promiscuous mode [ 82.975947][ T3635] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.983009][ T3635] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.990890][ T3635] device bridge_slave_1 entered promiscuous mode [ 82.997810][ T3634] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.005354][ T3634] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.013059][ T3634] device bridge_slave_0 entered promiscuous mode [ 83.040313][ T3633] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.047500][ T3633] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.055260][ T3633] device bridge_slave_0 entered promiscuous mode [ 83.067667][ T3634] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.074735][ T3634] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.082438][ T3634] device bridge_slave_1 entered promiscuous mode [ 83.098825][ T3631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.109171][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.116387][ T3633] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.123948][ T3633] device bridge_slave_1 entered promiscuous mode [ 83.148390][ T3631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.168647][ T3635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.178795][ T3634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.203944][ T3635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.218538][ T3634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.235816][ T3633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.245905][ T3631] team0: Port device team_slave_0 added [ 83.266812][ T3632] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.273862][ T3632] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.281717][ T3632] device bridge_slave_0 entered promiscuous mode [ 83.291246][ T3633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.301404][ T3631] team0: Port device team_slave_1 added [ 83.316486][ T3635] team0: Port device team_slave_0 added [ 83.326312][ T3632] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.333357][ T3632] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.342562][ T3632] device bridge_slave_1 entered promiscuous mode [ 83.361389][ T3635] team0: Port device team_slave_1 added [ 83.372226][ T3634] team0: Port device team_slave_0 added [ 83.404217][ T3634] team0: Port device team_slave_1 added [ 83.412145][ T3633] team0: Port device team_slave_0 added [ 83.424472][ T3631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.431719][ T3631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.457837][ T3631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.470087][ T3632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.479574][ T3635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.486557][ T3635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.512500][ T3635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.529637][ T3633] team0: Port device team_slave_1 added [ 83.540357][ T3632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.556539][ T3631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.563508][ T3631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.589475][ T3631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.603678][ T3635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.610894][ T3635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.637226][ T3635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.683988][ T3634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.691212][ T3634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.717197][ T3634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.730567][ T3634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.737703][ T3634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.764194][ T3634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.775627][ T3633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.782581][ T3633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.808996][ T3633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.821072][ T3632] team0: Port device team_slave_0 added [ 83.838616][ T3631] device hsr_slave_0 entered promiscuous mode [ 83.845591][ T3631] device hsr_slave_1 entered promiscuous mode [ 83.852059][ T3631] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.859897][ T3631] Cannot create hsr debugfs directory [ 83.883198][ T3633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.890941][ T3633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.917188][ T3633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.927832][ T3642] Bluetooth: hci0: command 0x0409 tx timeout [ 83.935323][ T3632] team0: Port device team_slave_1 added [ 83.966924][ T3635] device hsr_slave_0 entered promiscuous mode [ 83.974233][ T3635] device hsr_slave_1 entered promiscuous mode [ 83.981068][ T3635] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.989004][ T3635] Cannot create hsr debugfs directory [ 84.038142][ T3634] device hsr_slave_0 entered promiscuous mode [ 84.044741][ T3634] device hsr_slave_1 entered promiscuous mode [ 84.051438][ T3634] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.059449][ T3634] Cannot create hsr debugfs directory [ 84.098658][ T3630] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.112419][ T3632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.119798][ T3632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.145950][ T3632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.164849][ T3642] Bluetooth: hci3: command 0x0409 tx timeout [ 84.172773][ T3633] device hsr_slave_0 entered promiscuous mode [ 84.180982][ T3633] device hsr_slave_1 entered promiscuous mode [ 84.187629][ T3633] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.196341][ T3633] Cannot create hsr debugfs directory [ 84.204278][ T3630] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.213001][ T3632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.220076][ T3632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.246143][ T3642] Bluetooth: hci1: command 0x0409 tx timeout [ 84.252179][ T3632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.254955][ T3648] Bluetooth: hci2: command 0x0409 tx timeout [ 84.268752][ T3642] Bluetooth: hci4: command 0x0409 tx timeout [ 84.268761][ T3649] Bluetooth: hci5: command 0x0409 tx timeout [ 84.291606][ T3630] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.312424][ T3630] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.396926][ T3632] device hsr_slave_0 entered promiscuous mode [ 84.403476][ T3632] device hsr_slave_1 entered promiscuous mode [ 84.410609][ T3632] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.418438][ T3632] Cannot create hsr debugfs directory [ 84.524863][ T3631] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.533908][ T3631] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.548508][ T3631] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.562193][ T3631] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.587217][ T3630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.611332][ T3635] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 84.623044][ T3630] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.639073][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.647121][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.654678][ T3635] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 84.685166][ T3635] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 84.694576][ T3635] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 84.707181][ T3633] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.715905][ T3633] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.724723][ T3633] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.748506][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.758009][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.766560][ T3685] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.773597][ T3685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.782484][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.792852][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.803710][ T3685] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.810810][ T3685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.819212][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.832368][ T3633] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.852359][ T3634] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.904899][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.913631][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.927510][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.938186][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.950463][ T3631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.959193][ T3634] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.979337][ T3634] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.988535][ T3634] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.004565][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.012856][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.021757][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.059189][ T3630] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 85.078293][ T3630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.096112][ T3631] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.135651][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.143925][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.152572][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.161602][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.169830][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.177459][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.186368][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.195446][ T3632] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 85.204599][ T3632] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 85.223669][ T3635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.243313][ T3632] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 85.260109][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.269175][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.277855][ T3690] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.284990][ T3690] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.292995][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.301977][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.311255][ T3690] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.318367][ T3690] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.326447][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.335210][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.349910][ T3635] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.367678][ T3632] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 85.379740][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.387926][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.397142][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.406221][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.415905][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.424399][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.433233][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.442144][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.449220][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.456999][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.465710][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.489370][ T3633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.510165][ T3630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.520669][ T3631] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 85.531887][ T3631] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.547273][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.555066][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.562802][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.571333][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.579706][ T3685] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.586791][ T3685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.594275][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.602965][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.611696][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.619987][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.628165][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.635720][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.643080][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.651352][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.688047][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.695990][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.703668][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.712554][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.721436][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.730011][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.738533][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.746973][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.755257][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.763300][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.771919][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.780436][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.798763][ T3633] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.813982][ T3630] device veth0_vlan entered promiscuous mode [ 85.845696][ T3635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.862449][ T3634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.872727][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.884763][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.893642][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.901862][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.912245][ T3630] device veth1_vlan entered promiscuous mode [ 85.926303][ T3632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.939272][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.947065][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.954565][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.974553][ T3632] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.988919][ T3634] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.004070][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 86.011710][ T3648] Bluetooth: hci0: command 0x041b tx timeout [ 86.021123][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.029972][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.038434][ T3690] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.045582][ T3690] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.053075][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.060959][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.068591][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 86.076350][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 86.083760][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.091671][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.100032][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 86.110352][ T3631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.125874][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.134449][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.142992][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.150059][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.158061][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.166764][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.175636][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.182695][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.190461][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.198969][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.207602][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.216241][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.223277][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.244183][ T3634] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 86.255445][ T3642] Bluetooth: hci3: command 0x041b tx timeout [ 86.257983][ T3634] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.284741][ T3630] device veth0_macvtap entered promiscuous mode [ 86.305736][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 86.313493][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.322199][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.330527][ T3648] Bluetooth: hci2: command 0x041b tx timeout [ 86.330533][ T3642] Bluetooth: hci5: command 0x041b tx timeout [ 86.335839][ T3642] Bluetooth: hci4: command 0x041b tx timeout [ 86.336542][ T3648] Bluetooth: hci1: command 0x041b tx timeout [ 86.355440][ T3687] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.362538][ T3687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.370294][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.378963][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.387388][ T3687] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.394445][ T3687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.402067][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.410630][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.419258][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.427626][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.436122][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.444460][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.452938][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 86.461189][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.469717][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 86.478015][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.486319][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.494733][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.503257][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 86.511666][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.520076][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.528494][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.560690][ T3630] device veth1_macvtap entered promiscuous mode [ 86.572759][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 86.581417][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.589542][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.597487][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 86.605566][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.613495][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.623223][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.631608][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.640057][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.648830][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.657295][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 86.665859][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.679828][ T3633] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 86.695083][ T3633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.727279][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.737937][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 86.747445][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.757760][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 86.766477][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.783288][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 86.790946][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 86.799055][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.807862][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.817645][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.825339][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 86.833838][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.846184][ T3635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.858178][ T3630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.870206][ T3631] device veth0_vlan entered promiscuous mode [ 86.882926][ T3632] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.900661][ T3632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.917027][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.927718][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.936682][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 86.945194][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.953610][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 86.963884][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.975447][ T3630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.984097][ T3630] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.994759][ T3630] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.003760][ T3630] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.012541][ T3630] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.028709][ T3631] device veth1_vlan entered promiscuous mode [ 87.039429][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.048304][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.056895][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.064966][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.072825][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.082028][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.135978][ T3634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.156209][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.163675][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.184754][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.193375][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.221229][ T3631] device veth0_macvtap entered promiscuous mode [ 87.235772][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.243893][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.254622][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.264541][ T3633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.281662][ T3631] device veth1_macvtap entered promiscuous mode 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.319905][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.327950][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.349354][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.370464][ T3631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.390967][ T3631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.402869][ T3631] batman_adv: batadv0: Interface activated: batadv_slave_0 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.417937][ T3631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.435487][ T3631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.450144][ T3631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.461982][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.471769][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.480819][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.494456][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.506956][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.515961][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.524774][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.541110][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.563989][ T3634] device veth0_vlan entered promiscuous mode 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.590526][ T3631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.599556][ T3631] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.612613][ T3631] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.622038][ T3631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 11:36:23 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 87.641030][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.654427][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.662748][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.673922][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.694965][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.702667][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.713179][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.725701][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.741162][ T3634] device veth1_vlan entered promiscuous mode [ 87.751136][ T3633] device veth0_vlan entered promiscuous mode [ 87.759129][ T3635] device veth0_vlan entered promiscuous mode [ 87.780225][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.788712][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.797011][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.805308][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.812733][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.820763][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.829298][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.843837][ T3632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.870300][ T3633] device veth1_vlan entered promiscuous mode [ 87.882745][ T3635] device veth1_vlan entered promiscuous mode [ 87.893931][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.902801][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.911089][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.919165][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.927826][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.941384][ T3634] device veth0_macvtap entered promiscuous mode [ 87.974411][ T3634] device veth1_macvtap entered promiscuous mode [ 87.988859][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.999066][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 88.008221][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 88.016932][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 88.025082][ T3754] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.041229][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 88.049942][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.063013][ T3635] device veth0_macvtap entered promiscuous mode [ 88.082752][ T3633] device veth0_macvtap entered promiscuous mode [ 88.089355][ T3642] Bluetooth: hci0: command 0x040f tx timeout [ 88.120789][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 88.135465][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 88.143984][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.162570][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 88.184079][ T3633] device veth1_macvtap entered promiscuous mode [ 88.195893][ T3634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.207404][ T3634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.217734][ T3634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.229394][ T3634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.240256][ T3634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.251359][ T3635] device veth1_macvtap entered promiscuous mode [ 88.270294][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.281676][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.291581][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.309208][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.319687][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.331114][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.335011][ T3642] Bluetooth: hci3: command 0x040f tx timeout [ 88.345534][ T3633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.354362][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 88.363460][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 88.372051][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.381572][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.390321][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.399630][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.407795][ T3642] Bluetooth: hci1: command 0x040f tx timeout [ 88.415082][ T3651] Bluetooth: hci2: command 0x040f tx timeout [ 88.415089][ T3648] Bluetooth: hci5: command 0x040f tx timeout [ 88.417268][ T3634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.421119][ T3642] Bluetooth: hci4: command 0x040f tx timeout [ 88.429422][ T3634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.453582][ T3634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.464089][ T3634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.474767][ T3634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.498362][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.510270][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.520360][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.532104][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.542182][ T3633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.554041][ T3633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.565433][ T3633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.572998][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.581519][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.590348][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 88.599072][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 88.607576][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.616457][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.628453][ T3634] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.637217][ T3634] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.647093][ T3634] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.657336][ T3634] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.672136][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.683233][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.693541][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.704227][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.714331][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.725110][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.736145][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.746735][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.759074][ T3635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.768930][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.779908][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.790202][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.800978][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.811513][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.822145][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.833308][ T3635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.843877][ T3635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.857050][ T3635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.864408][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 88.872624][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 88.881102][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.889613][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.898417][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.906939][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.916382][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 88.923958][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 88.936576][ T3633] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.945452][ T3633] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.954147][ T3633] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.962876][ T3633] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.974148][ T3632] device veth0_vlan entered promiscuous mode [ 89.001806][ T3635] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.010613][ T3635] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.019492][ T3635] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.028437][ T3635] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.043105][ T3632] device veth1_vlan entered promiscuous mode [ 89.134875][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 89.143062][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 89.159693][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 89.168393][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 89.178693][ T3632] device veth0_macvtap entered promiscuous mode [ 89.207778][ T3632] device veth1_macvtap entered promiscuous mode [ 89.236598][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.247539][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.257604][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.268257][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.278677][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.290609][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.300735][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.311482][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.321780][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.332374][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.343957][ T3632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.353266][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 89.361254][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 89.369558][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 89.378316][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 89.388848][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.399593][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.409708][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.422716][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.432880][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.444557][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.454642][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.465613][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.475608][ T3632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.486298][ T3632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.497569][ T3632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.507059][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 89.516053][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 89.529827][ T3632] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.539728][ T3632] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.548700][ T3632] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 11:36:25 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000140)={0x9909cb}) 11:36:25 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) 11:36:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "d8692720e41733e9"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0xfffffffffffffffc}}]}, 0x34}}, 0x0) 11:36:25 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f00000008c0)=""/145, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='writeback_bdi_register\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 11:36:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) [ 89.557767][ T3632] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 11:36:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "d8692720e41733e9"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0xfffffffffffffffc}}]}, 0x34}}, 0x0) 11:36:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) 11:36:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "d8692720e41733e9"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0xfffffffffffffffc}}]}, 0x34}}, 0x0) 11:36:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) 11:36:25 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f00000008c0)=""/145, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='writeback_bdi_register\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 11:36:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) 11:36:25 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000140)={0x9909cb}) 11:36:25 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x91, &(0x7f00000008c0)=""/145, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='writeback_bdi_register\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 11:36:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) 11:36:25 executing program 1: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) 11:36:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:25 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000140)={0x9909cb}) 11:36:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:26 executing program 5: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) 11:36:26 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000040000000a2c000000060a01040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0) 11:36:26 executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2}, 0x10) 11:36:26 executing program 4: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)={0x120, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0x10f, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57e0915111313062485318148698e39aeb49f4"]}]}, 0x120}], 0x1}, 0x0) [ 90.164972][ T3649] Bluetooth: hci0: command 0x0419 tx timeout 11:36:26 executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2}, 0x10) 11:36:26 executing program 5: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) [ 90.220934][ T3832] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 90.295335][ T3832] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.4'. [ 90.405529][ T3649] Bluetooth: hci3: command 0x0419 tx timeout 11:36:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:26 executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2}, 0x10) 11:36:26 executing program 4: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)={0x120, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0x10f, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57e0915111313062485318148698e39aeb49f4"]}]}, 0x120}], 0x1}, 0x0) [ 90.485330][ T3649] Bluetooth: hci5: command 0x0419 tx timeout [ 90.491396][ T3649] Bluetooth: hci4: command 0x0419 tx timeout [ 90.498086][ T3642] Bluetooth: hci2: command 0x0419 tx timeout [ 90.504106][ T3642] Bluetooth: hci1: command 0x0419 tx timeout [ 90.559987][ T3843] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 90.579624][ T3843] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.4'. 11:36:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:26 executing program 5: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgrp(0xffffffffffffffff) waitid(0x2, r1, 0x0, 0x8, &(0x7f00000001c0)) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, &(0x7f0000000280)=""/163) 11:36:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:26 executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty=0x2}, 0x10) 11:36:26 executing program 4: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)={0x120, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0x10f, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57e0915111313062485318148698e39aeb49f4"]}]}, 0x120}], 0x1}, 0x0) 11:36:26 executing program 1: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) [ 90.731284][ T3852] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 90.753005][ T3852] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.4'. 11:36:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:26 executing program 4: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)={0x120, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0x10f, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57e0915111313062485318148698e39aeb49f4"]}]}, 0x120}], 0x1}, 0x0) [ 90.856837][ T3869] netlink: 'syz-executor.4': attribute type 1 has an invalid length. 11:36:26 executing program 0: munmap(&(0x7f0000cb5000/0x2000)=nil, 0x2000) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000cb5000/0x4000)=nil], &(0x7f0000000040), &(0x7f0000000040), 0x0) [ 91.050805][ T3875] loop5: detected capacity change from 0 to 16383 11:36:27 executing program 1: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) [ 91.229807][ T3869] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.4'. 11:36:27 executing program 4: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) 11:36:27 executing program 0: munmap(&(0x7f0000cb5000/0x2000)=nil, 0x2000) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000cb5000/0x4000)=nil], &(0x7f0000000040), &(0x7f0000000040), 0x0) 11:36:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:27 executing program 4: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) 11:36:27 executing program 1: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) 11:36:27 executing program 0: munmap(&(0x7f0000cb5000/0x2000)=nil, 0x2000) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000cb5000/0x4000)=nil], &(0x7f0000000040), &(0x7f0000000040), 0x0) 11:36:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x15\xf7^\xf9\x12\x0f\xbd+\xa7\xce\xfa%\x98\xc6\x1e\x1e\xf8\x0213s5Q\x96\xce\x89x\xb6\x9b\xfbp\x9f\xd5\x9d\b\r\xf9\x9c5\xc9\x12\xb01\xa8\x1e\xdb\xea+\xfd\x8d\xe7\xdc\x90\x90\xa8\x1a\xa6%\xc2\x85d?\x15W\xc0\xb9\xfb\x01&\xbb\xce6\xe7\x96\xf2\xf5\n!\xc5\xe2\xef\xce\xff\xec\xac9\x98\xb4<', 0x0) ftruncate(r1, 0x8007999) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 11:36:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:27 executing program 4: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) 11:36:27 executing program 0: munmap(&(0x7f0000cb5000/0x2000)=nil, 0x2000) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000cb5000/0x4000)=nil], &(0x7f0000000040), &(0x7f0000000040), 0x0) 11:36:27 executing program 1: pipe2(&(0x7f00000016c0), 0x0) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmat(r0, &(0x7f0000ff5000/0xb000)=nil, 0x0) 11:36:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) [ 91.975826][ T3912] loop5: detected capacity change from 0 to 16383 11:36:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) [ 93.757617][ T3920] loop0: detected capacity change from 0 to 16383 [ 93.844761][ T3918] loop4: detected capacity change from 0 to 16383 11:36:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) [ 95.572731][ T3935] loop3: detected capacity change from 0 to 16383 [ 95.610019][ T3803] I/O error, dev loop4, sector 16128 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 96.254272][ T3944] loop1: detected capacity change from 0 to 16383 [ 97.536453][ T3956] loop0: detected capacity change from 0 to 16383 [ 97.563648][ T3957] loop5: detected capacity change from 0 to 16383 11:36:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:33 executing program 2: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x6f, 0x0) read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000500)={'ip6gre0\x00', &(0x7f0000002100)={'syztnl2\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @empty, @local}}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x41c, &(0x7f0000000540)=[{&(0x7f0000010000)="200000000002000019000000600100000f040000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010003000000ddf4655f000000000000000001000000000000000b0000000001000020000000d26400004003", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0xfeb1, 0x640}, {&(0x7f0000010400)="020000000400000005", 0xffc3, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f00000000c0)="80810000007f", 0xfc3b, 0x1600}], 0x81, &(0x7f0000002180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c00d58f67494f354626349672463eafa40900a360edb3d591d3c2a51ce31ab0f1169866027463a520333c4a00f343e84b75f1801c13a8421ca6c72cbfacb3bd25f16fdc5d0baca8100e45244b2613ae18707e94ce060105878b766678b72ee89f968c3153bffe364d78fd159f1f35bab5a7473ae87ea7e6c126f6ac4195062aa2e0f762246c62b2d209ecebb99e23d2dda59c5180990851d5b00a6d850d377be55eed239435044628513591732d25c12e058efc7e6d5e738d012343f3fb9e5db4badc92f5ac4e6b053a359dfd80473250943b8b31f3351a8319915a08dff86d5529b45ff09e36bc"], 0x0) [ 97.827480][ T3803] I/O error, dev loop5, sector 16128 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 97.865798][ T3938] I/O error, dev loop1, sector 16128 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 97.918478][ T3970] loop2: detected capacity change from 0 to 264192 11:36:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) 11:36:37 executing program 2: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x6f, 0x0) read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000500)={'ip6gre0\x00', &(0x7f0000002100)={'syztnl2\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @empty, @local}}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x41c, &(0x7f0000000540)=[{&(0x7f0000010000)="200000000002000019000000600100000f040000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010003000000ddf4655f000000000000000001000000000000000b0000000001000020000000d26400004003", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0xfeb1, 0x640}, {&(0x7f0000010400)="020000000400000005", 0xffc3, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f00000000c0)="80810000007f", 0xfc3b, 0x1600}], 0x81, &(0x7f0000002180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c00d58f67494f354626349672463eafa40900a360edb3d591d3c2a51ce31ab0f1169866027463a520333c4a00f343e84b75f1801c13a8421ca6c72cbfacb3bd25f16fdc5d0baca8100e45244b2613ae18707e94ce060105878b766678b72ee89f968c3153bffe364d78fd159f1f35bab5a7473ae87ea7e6c126f6ac4195062aa2e0f762246c62b2d209ecebb99e23d2dda59c5180990851d5b00a6d850d377be55eed239435044628513591732d25c12e058efc7e6d5e738d012343f3fb9e5db4badc92f5ac4e6b053a359dfd80473250943b8b31f3351a8319915a08dff86d5529b45ff09e36bc"], 0x0) 11:36:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="4132b3ab404b0063bf4a671c2d0f30"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 101.770973][ T3986] loop3: detected capacity change from 0 to 16383 [ 101.771069][ T3985] loop1: detected capacity change from 0 to 16383 [ 101.809227][ T3990] loop0: detected capacity change from 0 to 16383 11:36:38 executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x2, 0x141101) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) move_pages(0x0, 0x1ef7, &(0x7f0000000000)=[&(0x7f0000fea000/0x13000)=nil, &(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000040), 0x0) [ 102.446689][ T3997] loop4: detected capacity change from 0 to 16383 11:36:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xa, &(0x7f00000000c0)={0xfc6f}, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000e5ff0000000040000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) socket(0x0, 0x0, 0x0) syz_mount_image$msdos(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000000000)="ec8d2fb7b50f", 0x6, 0xfffffffffffffffe}], 0x8000, 0x0, 0x0) [ 102.580707][ T3998] loop2: detected capacity change from 0 to 264192 11:36:38 executing program 1: mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="63000000fb00000000fb"], 0x0) 11:36:38 executing program 4: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet(0x2, 0x2000080001, 0x84) syz_io_uring_complete(0x0) fstat(r0, &(0x7f00000003c0)) getresuid(&(0x7f0000000440), &(0x7f00000008c0), &(0x7f0000000900)) dup3(r1, r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00'}, 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r2, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x4020000) [ 102.688752][ T3998] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 102.706002][ T4003] I/O error, dev loop3, sector 16128 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 102.758017][ T4009] ------------[ cut here ]------------ [ 102.771941][ T3998] EXT4-fs (loop2): orphan cleanup on readonly fs [ 102.781379][ T3998] EXT4-fs error (device loop2): ext4_validate_block_bitmap:398: comm syz-executor.2: bg 0: block 2: invalid block bitmap [ 102.808324][ T4009] memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21) [ 103.230573][ T3998] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6108: Corrupt filesystem [ 103.240936][ T4009] WARNING: CPU: 0 PID: 4009 at fs/overlayfs/export.c:799 ovl_fh_to_dentry+0x880/0x950 [ 103.255821][ T3998] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2903: inode #3: comm syz-executor.2: corrupted xattr block 32 11:36:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="4132b3ab404b0063bf4a671c2d0f30"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 103.309423][ T3998] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 103.325458][ T4009] Modules linked in: [ 103.330912][ T4021] loop3: detected capacity change from 0 to 16383 [ 103.392581][ T4009] CPU: 1 PID: 4009 Comm: syz-executor.1 Not tainted 6.0.0-rc6-next-20220921-syzkaller #0 [ 103.408119][ T3998] EXT4-fs warning (device loop2): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix. [ 103.424973][ T4009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 103.496087][ T4009] RIP: 0010:ovl_fh_to_dentry+0x880/0x950 [ 103.508134][ T4009] Code: f9 ff ff e8 62 b6 ab fe b9 15 00 00 00 4c 89 f6 48 c7 c2 a0 0f 28 8a 48 c7 c7 00 10 28 8a c6 05 a7 86 fa 0a 01 e8 4d ad 76 06 <0f> 0b e9 ec f8 ff ff 49 c7 c6 ea ff ff ff bb ea ff ff ff c7 44 24 [ 103.535910][ T4009] RSP: 0018:ffffc9000542fb30 EFLAGS: 00010282 [ 103.547228][ T4009] RAX: 0000000000000000 RBX: 0000000000000060 RCX: 0000000000000000 11:36:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="4132b3ab404b0063bf4a671c2d0f30"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 103.590041][ T4009] RDX: 0000000000040000 RSI: ffffffff81620348 RDI: fffff52000a85f58 [ 103.605210][ T4009] RBP: ffff88807ff91700 R08: 0000000000000005 R09: 0000000000000000 [ 103.624146][ T4009] R10: 0000000080000000 R11: 203a7970636d656d R12: 00000000000000fb [ 103.633827][ T4009] R13: 1ffff92000a85f6e R14: 000000000000005d R15: ffff88807ff91703 [ 103.642076][ T4009] FS: 00007f055d57f700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 103.651249][ T3998] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 103.658191][ T4009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.665033][ T3998] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 103.675427][ T4009] CR2: 000000c003ccb000 CR3: 0000000026772000 CR4: 00000000003526e0 [ 103.684610][ T4009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 11:36:39 executing program 2: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x6f, 0x0) read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000500)={'ip6gre0\x00', &(0x7f0000002100)={'syztnl2\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @empty, @local}}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x41c, &(0x7f0000000540)=[{&(0x7f0000010000)="200000000002000019000000600100000f040000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010003000000ddf4655f000000000000000001000000000000000b0000000001000020000000d26400004003", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0xfeb1, 0x640}, {&(0x7f0000010400)="020000000400000005", 0xffc3, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f00000000c0)="80810000007f", 0xfc3b, 0x1600}], 0x81, &(0x7f0000002180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c00d58f67494f354626349672463eafa40900a360edb3d591d3c2a51ce31ab0f1169866027463a520333c4a00f343e84b75f1801c13a8421ca6c72cbfacb3bd25f16fdc5d0baca8100e45244b2613ae18707e94ce060105878b766678b72ee89f968c3153bffe364d78fd159f1f35bab5a7473ae87ea7e6c126f6ac4195062aa2e0f762246c62b2d209ecebb99e23d2dda59c5180990851d5b00a6d850d377be55eed239435044628513591732d25c12e058efc7e6d5e738d012343f3fb9e5db4badc92f5ac4e6b053a359dfd80473250943b8b31f3351a8319915a08dff86d5529b45ff09e36bc"], 0x0) 11:36:39 executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x2, 0x141101) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) move_pages(0x0, 0x1ef7, &(0x7f0000000000)=[&(0x7f0000fea000/0x13000)=nil, &(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000040), 0x0) [ 103.711402][ T4009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 103.732292][ T4009] Call Trace: [ 103.740094][ T4009] [ 103.745634][ T4009] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 103.753566][ T3633] EXT4-fs (loop2): unmounting filesystem. [ 103.786474][ T4009] ? __stack_depot_save+0x260/0x560 [ 103.850501][ T4009] ? ovl_get_dentry+0x6c0/0x6c0 [ 103.880298][ T4009] ? kasan_save_stack+0x31/0x40 [ 103.926261][ T4009] exportfs_decode_fh_raw+0x127/0x7d0 [ 103.952534][ T4024] kvm [4023]: vcpu0, guest rIP: 0x918d ignored wrmsr: 0x11e data 0xff750000ff26 [ 103.964426][ T4036] loop2: detected capacity change from 0 to 264192 [ 103.974208][ T4009] ? drop_caches_sysctl_handler+0x110/0x110 [ 103.995073][ T4024] kvm [4023]: vcpu0, guest rIP: 0x920d ignored wrmsr: 0x11e data 0xff740000fff9 [ 104.005838][ T4036] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 104.019970][ T4009] ? ovl_get_dentry+0x6c0/0x6c0 [ 104.035083][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 104.043171][ T4009] ? reconnect_path+0x810/0x810 [ 104.065065][ T4024] kvm [4023]: vcpu0, guest rIP: 0x928d ignored wrmsr: 0x11e data 0xff730000ffcc [ 104.074405][ T4024] kvm [4023]: vcpu0, guest rIP: 0x930d ignored wrmsr: 0x11e data 0xff720000ff9f [ 104.095045][ T4024] kvm [4023]: vcpu0, guest rIP: 0x938d ignored wrmsr: 0x11e data 0xff710000ff72 [ 104.110733][ T4009] ? futex_hash+0x12/0x200 [ 104.112952][ T4030] kvm [4029]: vcpu0, guest rIP: 0x918d ignored wrmsr: 0x11e data 0xff750000ff26 [ 104.129010][ T4036] EXT4-fs (loop2): orphan cleanup on readonly fs [ 104.137203][ T4009] ? futex_wake+0x155/0x490 [ 104.138030][ T4024] kvm [4023]: vcpu0, guest rIP: 0x940d ignored wrmsr: 0x11e data 0xff700000ff45 [ 104.151257][ T4030] kvm [4029]: vcpu0, guest rIP: 0x920d ignored wrmsr: 0x11e data 0xff740000fff9 [ 104.157815][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 104.160498][ T4030] kvm [4029]: vcpu0, guest rIP: 0x928d ignored wrmsr: 0x11e data 0xff730000ffcc [ 104.175089][ T4030] kvm [4029]: vcpu0, guest rIP: 0x930d ignored wrmsr: 0x11e data 0xff720000ff9f 11:36:40 executing program 4: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet(0x2, 0x2000080001, 0x84) syz_io_uring_complete(0x0) fstat(r0, &(0x7f00000003c0)) getresuid(&(0x7f0000000440), &(0x7f00000008c0), &(0x7f0000000900)) dup3(r1, r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00'}, 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r2, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x4020000) [ 104.177948][ T4036] EXT4-fs error (device loop2): ext4_validate_block_bitmap:398: comm syz-executor.2: bg 0: block 2: invalid block bitmap [ 104.224929][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 104.230832][ T4036] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6108: Corrupt filesystem [ 104.247735][ T4009] ? lock_acquire+0x4fc/0x630 [ 104.253021][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 104.258812][ T4009] ? lock_release+0x5cb/0x810 [ 104.263709][ T4036] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2903: inode #3: comm syz-executor.2: corrupted xattr block 32 [ 104.264915][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 104.283206][ T4036] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 104.292563][ T4036] EXT4-fs warning (device loop2): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix. [ 104.306630][ T4036] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 104.313352][ T4036] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. 11:36:40 executing program 2: r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x6f, 0x0) read$FUSE(r0, &(0x7f00000000c0)={0x2020}, 0x2020) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000500)={'ip6gre0\x00', &(0x7f0000002100)={'syztnl2\x00', 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @empty, @local}}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x41c, &(0x7f0000000540)=[{&(0x7f0000010000)="200000000002000019000000600100000f040000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010003000000ddf4655f000000000000000001000000000000000b0000000001000020000000d26400004003", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0xfeb1, 0x640}, {&(0x7f0000010400)="020000000400000005", 0xffc3, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f00000000c0)="80810000007f", 0xfc3b, 0x1600}], 0x81, &(0x7f0000002180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c00d58f67494f354626349672463eafa40900a360edb3d591d3c2a51ce31ab0f1169866027463a520333c4a00f343e84b75f1801c13a8421ca6c72cbfacb3bd25f16fdc5d0baca8100e45244b2613ae18707e94ce060105878b766678b72ee89f968c3153bffe364d78fd159f1f35bab5a7473ae87ea7e6c126f6ac4195062aa2e0f762246c62b2d209ecebb99e23d2dda59c5180990851d5b00a6d850d377be55eed239435044628513591732d25c12e058efc7e6d5e738d012343f3fb9e5db4badc92f5ac4e6b053a359dfd80473250943b8b31f3351a8319915a08dff86d5529b45ff09e36bc"], 0x0) 11:36:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="4132b3ab404b0063bf4a671c2d0f30"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 104.364882][ T4009] ? __fget_files+0x248/0x440 [ 104.376576][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 104.387356][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 104.398689][ T3633] EXT4-fs (loop2): unmounting filesystem. [ 104.416523][ T4009] ? lock_release+0x5cb/0x810 11:36:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="4132b3ab404b0063bf4a671c2d0f30"], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 104.454172][ T4009] ? kmem_cache_free+0xea/0x5b0 [ 104.489632][ T4009] ? __might_fault+0xd1/0x170 [ 104.524997][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 104.556663][ T4009] ? __fget_files+0x26a/0x440 [ 104.561998][ T4047] loop2: detected capacity change from 0 to 264192 [ 104.575599][ T4009] ? drop_caches_sysctl_handler+0x110/0x110 [ 104.582993][ T4047] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 104.594803][ T4009] exportfs_decode_fh+0x38/0x90 [ 104.628946][ T4047] EXT4-fs (loop2): orphan cleanup on readonly fs [ 104.635518][ T4009] do_handle_open+0x2b6/0x8b0 [ 104.648390][ T4009] ? do_sys_name_to_handle+0x4c0/0x4c0 [ 104.675054][ T4009] ? syscall_enter_from_user_mode+0x22/0xb0 [ 104.681295][ T4009] ? trace_hardirqs_on+0x2d/0x160 [ 104.681387][ T4047] EXT4-fs error (device loop2): ext4_validate_block_bitmap:398: comm syz-executor.2: bg 0: block 2: invalid block bitmap [ 104.703014][ T4047] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6108: Corrupt filesystem [ 104.717401][ T4009] do_syscall_64+0x35/0xb0 [ 104.726464][ T4047] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2903: inode #3: comm syz-executor.2: corrupted xattr block 32 [ 104.735114][ T4009] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 104.755983][ T4009] RIP: 0033:0x7f055c48a649 [ 104.785403][ T4047] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 104.787011][ T4009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 104.840115][ T4047] EXT4-fs warning (device loop2): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix. [ 104.879521][ T4009] RSP: 002b:00007f055d57f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 104.891156][ T4009] RAX: ffffffffffffffda RBX: 00007f055c59bf80 RCX: 00007f055c48a649 [ 104.907215][ T4009] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 104.940739][ T4009] RBP: 00007f055c4e5560 R08: 0000000000000000 R09: 0000000000000000 [ 104.964351][ T4047] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 104.971172][ T4047] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 105.015003][ T4009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.037344][ T4009] R13: 00007ffc347099af R14: 00007f055d57f300 R15: 0000000000022000 11:36:41 executing program 2: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet(0x2, 0x2000080001, 0x84) syz_io_uring_complete(0x0) fstat(r0, &(0x7f00000003c0)) getresuid(&(0x7f0000000440), &(0x7f00000008c0), &(0x7f0000000900)) dup3(r1, r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00'}, 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) sendmsg(r2, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x4020000) 11:36:41 executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x2, 0x141101) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) move_pages(0x0, 0x1ef7, &(0x7f0000000000)=[&(0x7f0000fea000/0x13000)=nil, &(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000040), 0x0) [ 105.062917][ T3633] EXT4-fs (loop2): unmounting filesystem. [ 105.072481][ T4009] [ 105.085565][ T4009] Kernel panic - not syncing: panic_on_warn set ... [ 105.092154][ T4009] CPU: 1 PID: 4009 Comm: syz-executor.1 Not tainted 6.0.0-rc6-next-20220921-syzkaller #0 [ 105.101959][ T4009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 105.112024][ T4009] Call Trace: [ 105.115288][ T4009] [ 105.118208][ T4009] dump_stack_lvl+0xcd/0x134 [ 105.122796][ T4009] panic+0x2c8/0x622 [ 105.126684][ T4009] ? panic_print_sys_info.part.0+0x110/0x110 [ 105.132657][ T4009] ? __warn.cold+0x24b/0x350 [ 105.137231][ T4009] ? ovl_fh_to_dentry+0x880/0x950 [ 105.142242][ T4009] __warn.cold+0x25c/0x350 [ 105.146656][ T4009] ? __wake_up_klogd.part.0+0x99/0xf0 [ 105.152045][ T4009] ? ovl_fh_to_dentry+0x880/0x950 [ 105.157063][ T4009] report_bug+0x1bc/0x210 [ 105.161387][ T4009] handle_bug+0x3c/0x60 [ 105.165528][ T4009] exc_invalid_op+0x14/0x40 [ 105.170017][ T4009] asm_exc_invalid_op+0x16/0x20 [ 105.174879][ T4009] RIP: 0010:ovl_fh_to_dentry+0x880/0x950 [ 105.180507][ T4009] Code: f9 ff ff e8 62 b6 ab fe b9 15 00 00 00 4c 89 f6 48 c7 c2 a0 0f 28 8a 48 c7 c7 00 10 28 8a c6 05 a7 86 fa 0a 01 e8 4d ad 76 06 <0f> 0b e9 ec f8 ff ff 49 c7 c6 ea ff ff ff bb ea ff ff ff c7 44 24 [ 105.200105][ T4009] RSP: 0018:ffffc9000542fb30 EFLAGS: 00010282 [ 105.206167][ T4009] RAX: 0000000000000000 RBX: 0000000000000060 RCX: 0000000000000000 [ 105.214144][ T4009] RDX: 0000000000040000 RSI: ffffffff81620348 RDI: fffff52000a85f58 [ 105.222101][ T4009] RBP: ffff88807ff91700 R08: 0000000000000005 R09: 0000000000000000 [ 105.230055][ T4009] R10: 0000000080000000 R11: 203a7970636d656d R12: 00000000000000fb [ 105.238008][ T4009] R13: 1ffff92000a85f6e R14: 000000000000005d R15: ffff88807ff91703 [ 105.245968][ T4009] ? vprintk+0x88/0x90 [ 105.250029][ T4009] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 105.255832][ T4009] ? __stack_depot_save+0x260/0x560 [ 105.261028][ T4009] ? ovl_get_dentry+0x6c0/0x6c0 [ 105.265868][ T4009] ? kasan_save_stack+0x31/0x40 [ 105.270717][ T4009] exportfs_decode_fh_raw+0x127/0x7d0 [ 105.276079][ T4009] ? drop_caches_sysctl_handler+0x110/0x110 [ 105.281961][ T4009] ? ovl_get_dentry+0x6c0/0x6c0 [ 105.286801][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 105.291640][ T4009] ? reconnect_path+0x810/0x810 [ 105.296494][ T4009] ? futex_hash+0x12/0x200 [ 105.300930][ T4009] ? futex_wake+0x155/0x490 [ 105.305430][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 105.310899][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 105.316365][ T4009] ? lock_acquire+0x4fc/0x630 [ 105.321143][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 105.326593][ T4009] ? lock_release+0x5cb/0x810 [ 105.331253][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 105.336714][ T4009] ? __fget_files+0x248/0x440 [ 105.341380][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 105.346214][ T4009] ? rcu_read_lock_sched_held+0xd/0x70 [ 105.351663][ T4009] ? lock_release+0x5cb/0x810 [ 105.356322][ T4009] ? kmem_cache_free+0xea/0x5b0 [ 105.361160][ T4009] ? __might_fault+0xd1/0x170 [ 105.365823][ T4009] ? lock_downgrade+0x6e0/0x6e0 [ 105.370657][ T4009] ? __fget_files+0x26a/0x440 [ 105.375322][ T4009] ? drop_caches_sysctl_handler+0x110/0x110 [ 105.381204][ T4009] exportfs_decode_fh+0x38/0x90 [ 105.386049][ T4009] do_handle_open+0x2b6/0x8b0 [ 105.390718][ T4009] ? do_sys_name_to_handle+0x4c0/0x4c0 [ 105.396166][ T4009] ? syscall_enter_from_user_mode+0x22/0xb0 [ 105.402076][ T4009] ? trace_hardirqs_on+0x2d/0x160 [ 105.407087][ T4009] do_syscall_64+0x35/0xb0 [ 105.411497][ T4009] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.417379][ T4009] RIP: 0033:0x7f055c48a649 [ 105.421779][ T4009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 105.441367][ T4009] RSP: 002b:00007f055d57f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 105.449765][ T4009] RAX: ffffffffffffffda RBX: 00007f055c59bf80 RCX: 00007f055c48a649 [ 105.457719][ T4009] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 105.465673][ T4009] RBP: 00007f055c4e5560 R08: 0000000000000000 R09: 0000000000000000 [ 105.473640][ T4009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.481591][ T4009] R13: 00007ffc347099af R14: 00007f055d57f300 R15: 0000000000022000 [ 105.489549][ T4009] [ 105.492742][ T4009] Kernel Offset: disabled [ 105.497061][ T4009] Rebooting in 86400 seconds..