last executing test programs: 6.042954161s ago: executing program 3 (id=130): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) 5.723003257s ago: executing program 3 (id=135): memfd_create(&(0x7f0000000540)='\x02A\xbb\xcc\xeb\x14\x16\xe8m\x14oSaW', 0x0) inotify_init1(0x800) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x805, 0x0) socket$alg(0x26, 0x5, 0x0) fanotify_init(0x1a, 0x800) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8) syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') socket(0x400000000010, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="440f20c0350b000000440f22c0360f09c4217d700c9d0000000028b8010000000f01c166b82e000f00d80f20d835080000000f22d82e0f019885000000b9b1060000b86f8d0000ba0000000066b8b5008ec036363ef3420f51a600000000b9e30b0000b8f233278fba000000000f30", 0x6f}], 0x1, 0x13, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x21) r3 = eventfd2(0x8001, 0x80001) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000000)={0x4, r3, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000150000/0x18000)=nil, &(0x7f0000005700)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000165000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000100)="0f01cb0f2226baf80c66b895cd308666ef8340730cec0f8500000f01c366b9750100000f326767660f382570a5360fc76a8726f30f6fc3660f38807d00", 0x3d}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.04271777s ago: executing program 3 (id=147): rt_sigprocmask(0x2, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffefffffff7ffffc]}, 0x8, 0x800) r1 = syz_io_uring_setup(0xbd7, &(0x7f0000000040)={0x0, 0xe14f, 0x8, 0x1, 0x4000032f, 0x0, r0}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd=r0, 0xa, &(0x7f0000000100)=[{&(0x7f0000000400)=""/203, 0xcb}], 0x1}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8b19, &(0x7f0000000000)) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) 4.912255347s ago: executing program 2 (id=149): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xffffffffffff2836) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), 0x0}, 0x20) recvmmsg(r0, &(0x7f0000005b80)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/163, 0xa3}], 0x1}, 0x6}], 0x1, 0x21, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000280)=0x1, 0x4) 4.713100487s ago: executing program 2 (id=152): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)={0x2c, 0x9, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000484) 4.63432849s ago: executing program 2 (id=155): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r0, 0x3) accept4$bt_l2cap(r0, 0x0, 0x0, 0x800) 1.952465723s ago: executing program 1 (id=179): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x161, 0x0, &(0x7f00000001c0)="e300c0678bb60a00fd85b6437a21cc6663127fea9f9e09886f4aec9fb68a0000f400000000bd86ddece156d0f9421c617dd2206d3e037652465d82a75b8a4e358d85bd744edf53e823bd97b020166ad5f9bbc091243c08f2af557ef535d4d857663cac95b075e056864c6ee21a36d39c175998704b7f9a024551fcf649c674b89258234b82fa031d0b418d6ee4b606dbd3c96ee47730d8cf85dfc69271fee3c6ce0074c5217780d2a4ac888c1221a5414ddd44527306368b62fcbd20b99223a6f11d4c095556fa090f7e54f36f266b1dc94a5679866ece1f4d666ca0f60b6d36c2aafe33be9d766b0797322c6d33c44d3289321f2bc92df8f592f16b3334efd7b12c39a6068154a9f403631c095f7dfa420c4eb0b6753916dace7f303b25ca2d1d94f3eb118c6e1aacfc7caf0b2606109c918e02067c65f12259a4d61e2d99a0affa82427648ac8ee77f71c0e93e1b5dea4ce7a26896dc023313a67ee7af589663", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2}, 0x50) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x2) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 1.789223472s ago: executing program 1 (id=182): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00) 1.588546341s ago: executing program 3 (id=183): memfd_create(&(0x7f0000000540)='\x02A\xbb\xcc\xeb\x14\x16\xe8m\x14oSaW', 0x0) inotify_init1(0x800) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x805, 0x0) socket$alg(0x26, 0x5, 0x0) fanotify_init(0x1a, 0x800) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8) syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') socket(0x400000000010, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="440f20c0350b000000440f22c0360f09c4217d700c9d0000000028b8010000000f01c166b82e000f00d80f20d835080000000f22d82e0f019885000000b9b1060000b86f8d0000ba0000000066b8b5008ec036363ef3420f51a600000000b9e30b0000b8f233278fba000000000f30", 0x6f}], 0x1, 0x13, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x21) r1 = eventfd2(0x8001, 0x80001) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4, r1, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000150000/0x18000)=nil, &(0x7f0000005700)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000165000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000100)="0f01cb0f2226baf80c66b895cd308666ef8340730cec0f8500000f01c366b9750100000f326767660f382570a5360fc76a8726f30f6fc3660f38807d00", 0x3d}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 1.445464148s ago: executing program 2 (id=186): syz_open_dev$tty1(0xc, 0x4, 0x1) io_uring_setup(0x3c93, &(0x7f0000000300)={0x0, 0xd6eb, 0x1, 0x1000, 0x60}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x7, 0x2, 0x3, 0x100, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x7, 0x2, 0x9, 0x0, r0, 0x100}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1, 0xd}, 0x50) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) userfaultfd(0x80801) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x42, 0x18) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 1.41595836s ago: executing program 0 (id=187): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xffffffffffff2836) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20) recvmmsg(r0, 0x0, 0x0, 0x21, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000280)=0x1, 0x4) 1.357129493s ago: executing program 1 (id=188): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x18000000000002a0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0xfe5, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xbb}, 0x7a) r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) r1 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) ioctl$int_in(r1, 0x5452, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x5, 0xc, 0x8001, 0x0, 0x9}) capget(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x8001, 0x3, 0xa7f4, 0xf, 0x9, 0xc}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x86) fchdir(r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r4, 0x0, 0xee01) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@o_path={0x0, 0x0, 0x8, r2}, 0x18) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') fstat(r5, &(0x7f0000000140)) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) 1.356820623s ago: executing program 4 (id=189): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, &(0x7f0000000480)={0x7, 0x0, [{0xb, 0xffffffff, 0x4, 0xffffff89, 0x6, 0x6, 0x2}, {0x1, 0x4, 0x0, 0x8, 0x0, 0x5, 0x5}, {0x0, 0x8, 0x0, 0x3ff, 0x7ffffdff, 0x8005, 0x31}, {0x80000019, 0xe5f, 0x1, 0x7, 0xdf3, 0x6, 0x80000001}, {0x80000000, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0x400}, {0xc0000000, 0x100, 0x4, 0x6, 0x400003, 0x40000002, 0x100003}, {0x80000001, 0x2, 0x3f91c194927b8e21, 0xfffffff7, 0xfffffff9, 0x800000ff, 0x6}]}) close_range(r0, 0xffffffffffffffff, 0x0) 1.261600058s ago: executing program 0 (id=190): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000800)={0xf7b, 0x1f, 0x7}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x1, 0x1, 0x7}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x2, 0x2, 0x140003}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x6, 0x8161, 0x6}) fcntl$dupfd(r2, 0x0, r1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x30000, 0x1, 0x7}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) close_range(r0, 0xffffffffffffffff, 0x0) 1.186312111s ago: executing program 2 (id=191): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getresgid(&(0x7f00000016c0), &(0x7f0000001700), 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) syz_fuse_handle_req(r1, 0x0, 0x0, 0x0) stat(0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000001680), 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x3, 0x9, '\x00', 0x214a}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_HEADER(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001580)={0x28, 0xc, 0x6, 0x801, 0x0, 0x0, {0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020000}, 0x40000) 1.177750912s ago: executing program 1 (id=192): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x161, 0x0, &(0x7f00000001c0)="e300c0678bb60a00fd85b6437a21cc6663127fea9f9e09886f4aec9fb68a0000f400000000bd86ddece156d0f9421c617dd2206d3e037652465d82a75b8a4e358d85bd744edf53e823bd97b020166ad5f9bbc091243c08f2af557ef535d4d857663cac95b075e056864c6ee21a36d39c175998704b7f9a024551fcf649c674b89258234b82fa031d0b418d6ee4b606dbd3c96ee47730d8cf85dfc69271fee3c6ce0074c5217780d2a4ac888c1221a5414ddd44527306368b62fcbd20b99223a6f11d4c095556fa090f7e54f36f266b1dc94a5679866ece1f4d666ca0f60b6d36c2aafe33be9d766b0797322c6d33c44d3289321f2bc92df8f592f16b3334efd7b12c39a6068154a9f403631c095f7dfa420c4eb0b6753916dace7f303b25ca2d1d94f3eb118c6e1aacfc7caf0b2606109c918e02067c65f12259a4d61e2d99a0affa82427648ac8ee77f71c0e93e1b5dea4ce7a26896dc023313a67ee7af589663", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2}, 0x50) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x2) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 1.101283076s ago: executing program 4 (id=193): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) fchdir(r1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0x7fff}, {0x400000b1, 0x0, 0x8}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 972.853662ms ago: executing program 2 (id=194): socket$nl_route(0x10, 0x3, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x1c}}, 0x4000054) syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) socket$l2tp(0x2, 0x2, 0x73) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x15, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000fcffffff", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000207b8ae8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bind$l2tp(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 954.966433ms ago: executing program 0 (id=195): r0 = io_uring_setup(0x136a, &(0x7f0000000080)={0x0, 0x1f8a, 0x0, 0x3, 0x28c}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008041}, 0xc040841) close_range(r0, 0xffffffffffffffff, 0x100000000000000) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0) 890.102496ms ago: executing program 1 (id=196): r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b1, 0x800, 0x8000, 0x8000028d}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x16, 0x1}) io_uring_enter(r1, 0xd44, 0x44c1, 0x7, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) 740.035903ms ago: executing program 0 (id=197): connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x3}, 0x1c) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x3, 0x800fff}) pwrite64(0xffffffffffffffff, &(0x7f00000001c0)="c0", 0x1, 0x80c60) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x2, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x26, 0x0, 0x2000000, 0x10000, 0x400000000001c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x44101}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 739.053863ms ago: executing program 4 (id=198): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={r0, r1, 0x5, 0x0, @void}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001080)={r2, r0, 0x4, r0}, 0x7) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000340)={0x200006, 0x0, 0x1, 0x0, 0x4}) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x500, 0xfffffffc, 0x0, 0x0, [0x2, 0xfff], [0xd]}}) 641.240358ms ago: executing program 1 (id=199): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r0, 0x3) accept4$bt_l2cap(r0, 0x0, 0x0, 0x800) 559.066563ms ago: executing program 0 (id=200): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xffffffffffff2836) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20) recvmmsg(r0, &(0x7f0000005b80), 0x0, 0x21, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000280)=0x1, 0x4) 467.258637ms ago: executing program 4 (id=201): syz_open_dev$tty1(0xc, 0x4, 0x1) io_uring_setup(0x3c93, &(0x7f0000000300)={0x0, 0xd6eb, 0x1, 0x1000, 0x60}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x7, 0x2, 0x3, 0x100, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x7, 0x2, 0x9, 0x0, r0, 0x100}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1, 0xd}, 0x50) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) userfaultfd(0x80801) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x42, 0x18) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 335.607614ms ago: executing program 0 (id=202): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x1) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f0000000040)={@empty, @broadcast}, &(0x7f0000000080)=0xc) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @rand_addr, 0x1}, 0x1c) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0xc044000}, 0x4000) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) socket$igmp6(0xa, 0x3, 0x2) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) r6 = socket$kcm(0x2, 0xa, 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x1, @none, 0x0, 0x1}, 0xe) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r8, 0x0, 0x0) bind$x25(r3, &(0x7f0000000080), 0x12) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6}) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) 335.007393ms ago: executing program 4 (id=203): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000000)=""/171, 0xab}], 0x1, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 253.010948ms ago: executing program 3 (id=204): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000000000014000000000000002900000034000000fdffffff00000000180000000000000029000000040000000400000000000000d80000000000000029000000360000005e17000000000000000100000100010800000000000000000728000000030800ff0f66090000000000000700000000000000010000000000000001000000000000000864c8a110995d439fbf"], 0x188}}], 0x1, 0x810) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd4}}, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000002c0)=0x7) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000200)=0xa) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="10000000001d83000744d63c000100000008"], 0x10}, 0x40000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 78.847556ms ago: executing program 3 (id=205): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r1, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r2, 0x8914, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x5, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 0s ago: executing program 4 (id=206): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x161, 0x0, &(0x7f00000001c0)="e300c0678bb60a00fd85b6437a21cc6663127fea9f9e09886f4aec9fb68a0000f400000000bd86ddece156d0f9421c617dd2206d3e037652465d82a75b8a4e358d85bd744edf53e823bd97b020166ad5f9bbc091243c08f2af557ef535d4d857663cac95b075e056864c6ee21a36d39c175998704b7f9a024551fcf649c674b89258234b82fa031d0b418d6ee4b606dbd3c96ee47730d8cf85dfc69271fee3c6ce0074c5217780d2a4ac888c1221a5414ddd44527306368b62fcbd20b99223a6f11d4c095556fa090f7e54f36f266b1dc94a5679866ece1f4d666ca0f60b6d36c2aafe33be9d766b0797322c6d33c44d3289321f2bc92df8f592f16b3334efd7b12c39a6068154a9f403631c095f7dfa420c4eb0b6753916dace7f303b25ca2d1d94f3eb118c6e1aacfc7caf0b2606109c918e02067c65f12259a4d61e2d99a0affa82427648ac8ee77f71c0e93e1b5dea4ce7a26896dc023313a67ee7af589663", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2}, 0x50) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x2) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. syzkaller login: [ 66.776739][ T4171] cgroup: Unknown subsys name 'net' [ 66.942330][ T4171] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.527445][ T4171] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 70.132206][ T4194] chnl_net:caif_netlink_parms(): no params data found [ 70.165114][ T4192] chnl_net:caif_netlink_parms(): no params data found [ 70.242547][ T4184] chnl_net:caif_netlink_parms(): no params data found [ 70.283068][ T4185] chnl_net:caif_netlink_parms(): no params data found [ 70.312302][ T4187] chnl_net:caif_netlink_parms(): no params data found [ 70.348622][ T4194] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.357681][ T4194] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.366880][ T4194] device bridge_slave_0 entered promiscuous mode [ 70.421403][ T4194] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.429760][ T4194] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.438318][ T4194] device bridge_slave_1 entered promiscuous mode [ 70.454226][ T4192] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.464599][ T4192] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.473089][ T4192] device bridge_slave_0 entered promiscuous mode [ 70.491652][ T4192] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.499297][ T4192] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.508230][ T4192] device bridge_slave_1 entered promiscuous mode [ 70.542892][ T4184] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.550527][ T4184] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.559470][ T4184] device bridge_slave_0 entered promiscuous mode [ 70.593114][ T4184] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.601005][ T4184] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.609708][ T4184] device bridge_slave_1 entered promiscuous mode [ 70.620737][ T4192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.638678][ T4194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.663664][ T4192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.681022][ T4194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.742291][ T4185] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.750885][ T4185] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.760470][ T4185] device bridge_slave_0 entered promiscuous mode [ 70.770896][ T4184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.790614][ T4187] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.798522][ T4187] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.807320][ T4187] device bridge_slave_0 entered promiscuous mode [ 70.827229][ T4184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.837073][ T4185] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.845022][ T4185] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.853393][ T4185] device bridge_slave_1 entered promiscuous mode [ 70.864159][ T4192] team0: Port device team_slave_0 added [ 70.873039][ T4187] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.882648][ T4187] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.892724][ T4187] device bridge_slave_1 entered promiscuous mode [ 70.917699][ T4194] team0: Port device team_slave_0 added [ 70.932631][ T4192] team0: Port device team_slave_1 added [ 70.962028][ T4194] team0: Port device team_slave_1 added [ 70.986082][ T4184] team0: Port device team_slave_0 added [ 70.997540][ T4187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.019041][ T4185] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.030957][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.039239][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.068184][ T4192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.083140][ T4184] team0: Port device team_slave_1 added [ 71.093733][ T4187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.119122][ T4185] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.129732][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.138134][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.168872][ T4192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.203523][ T4194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.212098][ T4194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.240596][ T4194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.268332][ T4187] team0: Port device team_slave_0 added [ 71.284631][ T4187] team0: Port device team_slave_1 added [ 71.291705][ T4194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.306727][ T4194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.343466][ T4194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.370140][ T4184] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.382728][ T4184] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.424927][ T4184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.471093][ T4185] team0: Port device team_slave_0 added [ 71.478776][ T4184] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.487988][ T4184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.519185][ T4184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.544773][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.553079][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.586189][ T4187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.606504][ T4192] device hsr_slave_0 entered promiscuous mode [ 71.614241][ T4192] device hsr_slave_1 entered promiscuous mode [ 71.623710][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.631387][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.642875][ T4185] team0: Port device team_slave_1 added [ 71.664678][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.672606][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.701832][ T4187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.765569][ T4196] Bluetooth: hci2: command 0x0409 tx timeout [ 71.765569][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 71.793268][ T4196] Bluetooth: hci3: command 0x0409 tx timeout [ 71.801036][ T4185] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.802520][ T4196] Bluetooth: hci1: command 0x0409 tx timeout [ 71.819757][ T4185] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.849834][ T4196] Bluetooth: hci4: command 0x0409 tx timeout [ 71.850557][ T4185] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.875967][ T4194] device hsr_slave_0 entered promiscuous mode [ 71.887575][ T4194] device hsr_slave_1 entered promiscuous mode [ 71.896847][ T4194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.905947][ T4194] Cannot create hsr debugfs directory [ 71.938033][ T4185] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.948810][ T4185] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.979409][ T4185] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.000570][ T4187] device hsr_slave_0 entered promiscuous mode [ 72.009425][ T4187] device hsr_slave_1 entered promiscuous mode [ 72.016943][ T4187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.024945][ T4187] Cannot create hsr debugfs directory [ 72.039993][ T4184] device hsr_slave_0 entered promiscuous mode [ 72.048935][ T4184] device hsr_slave_1 entered promiscuous mode [ 72.057274][ T4184] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.066310][ T4184] Cannot create hsr debugfs directory [ 72.170943][ T4185] device hsr_slave_0 entered promiscuous mode [ 72.179048][ T4185] device hsr_slave_1 entered promiscuous mode [ 72.186886][ T4185] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.195234][ T4185] Cannot create hsr debugfs directory [ 72.513533][ T4192] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 72.533249][ T4192] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 72.547295][ T4192] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 72.559149][ T4192] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 72.626187][ T4184] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.639515][ T4184] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.660548][ T4184] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.670760][ T4184] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.761040][ T4194] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 72.776560][ T4194] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 72.796092][ T4194] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 72.812155][ T4194] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 72.842731][ T4192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.910876][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.922553][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.938519][ T4192] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.963252][ T4184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.983228][ T4187] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 73.009404][ T4187] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 73.024911][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.038255][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.052240][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.060758][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.088195][ T4187] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 73.106871][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.117698][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.130686][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.142189][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.150552][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.163413][ T4187] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 73.193885][ T4184] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.224212][ T4185] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.247921][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.263767][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.272730][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.282474][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.296833][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.310105][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.323957][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.333398][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.343252][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.362630][ T4185] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.385472][ T4185] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.413142][ T4194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.428531][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.439678][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.452251][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.474736][ T4185] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.495497][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.508849][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.521977][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.530278][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.539811][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.551704][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.562735][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.572741][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.583287][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.592902][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.602988][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.612294][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.626399][ T4192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.657388][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.676547][ T4194] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.697374][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.707368][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.725932][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.733673][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.750199][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.764162][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.784259][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.793389][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.823364][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.832545][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.845730][ T4173] Bluetooth: hci1: command 0x041b tx timeout [ 73.854124][ T4173] Bluetooth: hci3: command 0x041b tx timeout [ 73.862329][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.873908][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.882404][ T4173] Bluetooth: hci2: command 0x041b tx timeout [ 73.882506][ T4173] Bluetooth: hci0: command 0x041b tx timeout [ 73.902927][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.913408][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.934682][ T4227] Bluetooth: hci4: command 0x041b tx timeout [ 73.954828][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.963528][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.988913][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.008446][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.027125][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.049311][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.062466][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.086627][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.122738][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.134032][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.148959][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.160741][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.171390][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.181614][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.192222][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.214011][ T4192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.262470][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.282800][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.307142][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.330602][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.346780][ T4187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.384819][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.399152][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.469794][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.487228][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.518297][ T4192] device veth0_vlan entered promiscuous mode [ 74.533842][ T4187] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.553474][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.572212][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.590780][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.602339][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.629892][ T4185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.647879][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.664221][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.678437][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.688548][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.702251][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.713811][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.721179][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.731918][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.742134][ T4192] device veth1_vlan entered promiscuous mode [ 74.753077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.763246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.775201][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.785548][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.794051][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.809496][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.817709][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.868262][ T4185] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.896002][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.906359][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.916208][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.927217][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.935264][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.943388][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.953129][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.975612][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.986822][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.996514][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.008620][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.019503][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.029542][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.045326][ T4194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.073064][ T4187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.089740][ T4187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.100524][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.110273][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.120398][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.130523][ T4240] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.137867][ T4240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.148430][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.158760][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.169190][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.178507][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.188497][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.199056][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.226975][ T4184] device veth0_vlan entered promiscuous mode [ 75.235423][ T4192] device veth0_macvtap entered promiscuous mode [ 75.250228][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.261200][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.272714][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.285255][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.294245][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.318892][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.329066][ T4240] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.336898][ T4240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.346229][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.361383][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.400979][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.412830][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.427988][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.440853][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.462495][ T4192] device veth1_macvtap entered promiscuous mode [ 75.508458][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.517293][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.530171][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.539788][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.550278][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.562801][ T4184] device veth1_vlan entered promiscuous mode [ 75.583213][ T4194] device veth0_vlan entered promiscuous mode [ 75.602327][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.613422][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.623204][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.633480][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.650136][ T4185] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.669014][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.687682][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.698165][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.712319][ T4194] device veth1_vlan entered promiscuous mode [ 75.731392][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.757011][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.767623][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.778177][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.789834][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.803858][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.830275][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.843269][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.867961][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.883539][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.912503][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.922661][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.932103][ T4227] Bluetooth: hci0: command 0x040f tx timeout [ 75.938869][ T4227] Bluetooth: hci2: command 0x040f tx timeout [ 75.946688][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.955232][ T4227] Bluetooth: hci3: command 0x040f tx timeout [ 75.961722][ T4227] Bluetooth: hci1: command 0x040f tx timeout [ 75.984209][ T4192] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.993570][ T4192] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.003748][ T4192] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.013465][ T4227] Bluetooth: hci4: command 0x040f tx timeout [ 76.023567][ T4192] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.036518][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.058157][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.074977][ T4184] device veth0_macvtap entered promiscuous mode [ 76.094241][ T4194] device veth0_macvtap entered promiscuous mode [ 76.127782][ T4184] device veth1_macvtap entered promiscuous mode [ 76.155037][ T4194] device veth1_macvtap entered promiscuous mode [ 76.208286][ T4194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.253258][ T4194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.277801][ T4194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.290774][ T4194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.304257][ T4194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.319209][ T4194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.338524][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.350588][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.360365][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.370046][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.379231][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.390469][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.400205][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.413858][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.425872][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.443653][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.455386][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.475321][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.509930][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.527034][ T4194] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.541141][ T4194] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.552195][ T4194] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.567315][ T4194] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.590053][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.600564][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.612082][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.620844][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.632687][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.651949][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.662988][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.674153][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.687012][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.703944][ T4184] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.713022][ T4184] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.721976][ T4184] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.732916][ T4184] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.750782][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.759138][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.768635][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.852930][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.864051][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.876384][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.887116][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.918304][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.927376][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.950038][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.013176][ T4187] device veth0_vlan entered promiscuous mode [ 77.033765][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.042958][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.052717][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.062919][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.071851][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.080781][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.094972][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.103283][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.112965][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.119153][ T4185] device veth0_vlan entered promiscuous mode [ 77.135503][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.161495][ T4187] device veth1_vlan entered promiscuous mode [ 77.172773][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.189449][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.205056][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.218214][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.228611][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.251871][ T4185] device veth1_vlan entered promiscuous mode [ 77.342280][ T4240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.354322][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.363178][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.378987][ T4240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.409039][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.431021][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.443070][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.458093][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.471518][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.480666][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.496655][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.519832][ T4187] device veth0_macvtap entered promiscuous mode [ 77.552091][ T4267] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 77.596021][ T4187] device veth1_macvtap entered promiscuous mode [ 77.618428][ T4185] device veth0_macvtap entered promiscuous mode [ 77.630590][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.642109][ T4185] device veth1_macvtap entered promiscuous mode [ 77.649237][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.659155][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.689559][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.736974][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.746513][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.774087][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.801885][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.822231][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.841127][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.862135][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.885769][ T4267] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 77.890227][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.895039][ T4267] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 77.925788][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.954072][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.968116][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.005117][ T4196] Bluetooth: hci1: command 0x0419 tx timeout [ 78.013505][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.023944][ T4196] Bluetooth: hci3: command 0x0419 tx timeout [ 78.040268][ T4196] Bluetooth: hci2: command 0x0419 tx timeout [ 78.050949][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.056033][ T4196] Bluetooth: hci0: command 0x0419 tx timeout [ 78.083356][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.087323][ T4196] Bluetooth: hci4: command 0x0419 tx timeout [ 78.122371][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.144129][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.168348][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.191849][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.215032][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.223524][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.262314][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.279132][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.291928][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.313338][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.334460][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.353916][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.375447][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.391562][ T154] Bluetooth: hci5: Frame reassembly failed (-84) [ 78.408241][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.443117][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.473642][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.499066][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.510105][ T4240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.535705][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.554434][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.580240][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.598621][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.611897][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.630866][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.642256][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.660363][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.672175][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.686952][ T4187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.696695][ T4187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.706260][ T4187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.715468][ T4187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.726458][ T4278] device syzkaller0 entered promiscuous mode [ 78.737253][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.748108][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.782226][ T4185] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.791865][ T4185] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.802920][ T4185] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.813468][ T4185] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.062304][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.077203][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.100546][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.139595][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.164841][ T4240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.173083][ T4240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.194878][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.209575][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.229292][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.281452][ T4283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.299533][ T4283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.314104][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.348840][ T4285] syz.3.8 uses obsolete (PF_INET,SOCK_PACKET) [ 79.410375][ T4173] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.617827][ T4197] Bluetooth: Wrong link type (-71) [ 79.664520][ T4173] usb 1-1: Using ep0 maxpacket: 8 [ 79.678378][ T4296] QAT: Device 4 not found [ 79.784868][ T4173] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 79.793585][ T4173] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 79.834501][ T4173] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 79.864552][ T4173] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 79.896734][ T4173] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 79.972445][ T4173] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.098216][ T4173] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 80.169933][ T4173] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.405142][ T4231] Bluetooth: hci5: command 0x1003 tx timeout [ 80.411644][ T146] Bluetooth: hci5: sending frame failed (-49) [ 80.495152][ T4173] usb 1-1: usb_control_msg returned -32 [ 80.501958][ T4173] usbtmc 1-1:16.0: can't read capabilities [ 80.680843][ T4328] fuse: Unknown parameter 'group_i00000000000000000000' [ 80.890255][ T4331] usbtmc 1-1:16.0: stb usb_control_msg returned -32 [ 80.915556][ T4231] usb 1-1: USB disconnect, device number 2 [ 81.595979][ T4347] capability: warning: `syz.0.25' uses 32-bit capabilities (legacy support in use) [ 81.618596][ T4347] program syz.0.25 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 81.956251][ T4356] fuse: Unknown parameter 'group_i00000000000000000000' [ 82.465152][ T4375] program syz.2.37 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 82.485157][ T13] Bluetooth: hci5: command 0x1001 tx timeout [ 82.499900][ T146] Bluetooth: hci5: sending frame failed (-49) [ 82.845144][ T4386] fuse: Unknown parameter 'group_id00000000000000000000' [ 83.445432][ T4405] program syz.0.49 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 83.518528][ T4414] fuse: Unknown parameter 'group_id00000000000000000000' [ 84.332585][ T4448] fuse: Unknown parameter 'group_id00000000000000000000' [ 84.454578][ T4452] program syz.4.69 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 84.564843][ T4173] Bluetooth: hci5: command 0x1009 tx timeout [ 84.905831][ T4230] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.314695][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.339403][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.381624][ T4230] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 85.414534][ T4230] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 85.444497][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.479634][ T4230] usb 5-1: config 0 descriptor?? [ 85.952578][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 86.020171][ T4230] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 86.087529][ T4230] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 86.874965][ T4483] fuse: Bad value for 'user_id' [ 86.968065][ T7] cfg80211: failed to load regulatory.db [ 87.335634][ C1] plantronics 0003:047F:FFFF.0001: usb_submit_urb(ctrl) failed: -1 [ 88.190368][ T2238] usb 5-1: USB disconnect, device number 2 [ 88.198363][ T4507] Zero length message leads to an empty skb [ 88.418791][ T4513] fuse: Bad value for 'user_id' [ 88.468620][ T4515] 9pnet_virtio: no channels available for device syz [ 88.593250][ T4517] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 88.814423][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 89.294711][ T4544] netlink: 'syz.0.102': attribute type 3 has an invalid length. [ 89.635491][ T4554] device syzkaller0 entered promiscuous mode [ 89.768183][ T4561] capability: warning: `syz.2.109' uses deprecated v2 capabilities in a way that may be insecure [ 90.380158][ T4583] tipc: Started in network mode [ 90.425647][ T4583] tipc: Node identity 4, cluster identity 4711 [ 90.460989][ T4583] tipc: Node number set to 4 [ 93.963614][ T4709] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 93.971550][ T4709] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 94.013789][ T4709] vhci_hcd vhci_hcd.0: Device attached [ 94.070781][ T4712] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8) [ 94.077802][ T4712] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 94.121764][ T4712] vhci_hcd vhci_hcd.0: Device attached [ 94.153067][ T4713] vhci_hcd: connection closed [ 94.154644][ T4710] vhci_hcd: connection closed [ 94.166773][ T155] vhci_hcd: stop threads [ 94.219040][ T155] vhci_hcd: release socket [ 94.239760][ T155] vhci_hcd: disconnect device [ 94.269604][ T155] vhci_hcd: stop threads [ 94.280990][ T155] vhci_hcd: release socket [ 94.286456][ T4230] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 94.307759][ T155] vhci_hcd: disconnect device [ 95.391913][ T4741] program syz.1.179 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 95.624665][ T4748] ======================================================= [ 95.624665][ T4748] WARNING: The mand mount option has been deprecated and [ 95.624665][ T4748] and is ignored by this kernel. Remove the mand [ 95.624665][ T4748] option from the mount to silence this warning. [ 95.624665][ T4748] ======================================================= [ 95.756941][ T4750] overlayfs: overlapping lowerdir path [ 96.183577][ T4766] program syz.1.192 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.411966][ T4807] program syz.4.206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.433239][ T4803] [ 97.435716][ T4803] ====================================================== [ 97.443172][ T4803] WARNING: possible circular locking dependency detected [ 97.450592][ T4803] syzkaller #0 Not tainted [ 97.455519][ T4803] ------------------------------------------------------ [ 97.462941][ T4803] syz.3.205/4803 is trying to acquire lock: [ 97.469116][ T4803] ffff888060361120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0 [ 97.478869][ T4803] [ 97.478869][ T4803] but task is already holding lock: [ 97.486820][ T4803] ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 97.495408][ T4803] [ 97.495408][ T4803] which lock already depends on the new lock. [ 97.495408][ T4803] [ 97.506027][ T4803] [ 97.506027][ T4803] the existing dependency chain (in reverse order) is: [ 97.515890][ T4803] [ 97.515890][ T4803] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 97.523814][ T4803] __mutex_lock_common+0x1e3/0x2400 [ 97.529982][ T4803] mutex_lock_nested+0x17/0x20 [ 97.535983][ T4803] ax25_setsockopt+0x859/0xa60 [ 97.541974][ T4803] __sys_setsockopt+0x2bf/0x3d0 [ 97.547972][ T4803] __x64_sys_setsockopt+0xb1/0xc0 [ 97.554438][ T4803] do_syscall_64+0x4c/0xa0 [ 97.559410][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 97.567856][ T4803] [ 97.567856][ T4803] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}: [ 97.577305][ T4803] __lock_acquire+0x2c42/0x7d10 [ 97.583515][ T4803] lock_acquire+0x19e/0x400 [ 97.588867][ T4803] lock_sock_nested+0x44/0x100 [ 97.594469][ T4803] ax25_device_event+0x217/0x4f0 [ 97.600485][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 97.607127][ T4803] __dev_notify_flags+0x158/0x300 [ 97.613108][ T4803] dev_change_flags+0xe3/0x1a0 [ 97.618588][ T4803] dev_ifsioc+0x130/0xd50 [ 97.623495][ T4803] dev_ioctl+0x545/0xe30 [ 97.628795][ T4803] sock_do_ioctl+0x245/0x320 [ 97.634524][ T4803] sock_ioctl+0x4d2/0x710 [ 97.640160][ T4803] __se_sys_ioctl+0xfa/0x170 [ 97.645493][ T4803] do_syscall_64+0x4c/0xa0 [ 97.650968][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 97.658312][ T4803] [ 97.658312][ T4803] other info that might help us debug this: [ 97.658312][ T4803] [ 97.670452][ T4803] Possible unsafe locking scenario: [ 97.670452][ T4803] [ 97.678812][ T4803] CPU0 CPU1 [ 97.685252][ T4803] ---- ---- [ 97.690971][ T4803] lock(rtnl_mutex); [ 97.695790][ T4803] lock(sk_lock-AF_AX25); [ 97.703777][ T4803] lock(rtnl_mutex); [ 97.710735][ T4803] lock(sk_lock-AF_AX25); [ 97.716118][ T4803] [ 97.716118][ T4803] *** DEADLOCK *** [ 97.716118][ T4803] [ 97.726033][ T4803] 1 lock held by syz.3.205/4803: [ 97.731576][ T4803] #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 97.741485][ T4803] [ 97.741485][ T4803] stack backtrace: [ 97.747964][ T4803] CPU: 0 PID: 4803 Comm: syz.3.205 Not tainted syzkaller #0 [ 97.755477][ T4803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.766197][ T4803] Call Trace: [ 97.769618][ T4803] [ 97.772937][ T4803] dump_stack_lvl+0x188/0x250 [ 97.778482][ T4803] ? load_image+0x400/0x400 [ 97.783477][ T4803] ? show_regs_print_info+0x20/0x20 [ 97.789311][ T4803] ? print_circular_bug+0x12b/0x1a0 [ 97.795148][ T4803] check_noncircular+0x296/0x330 [ 97.800902][ T4803] ? stack_trace_snprint+0xf0/0xf0 [ 97.806816][ T4803] ? add_chain_block+0x940/0x940 [ 97.812187][ T4803] ? lockdep_lock+0xf1/0x1f0 [ 97.817463][ T4803] ? mark_lock+0x94/0x320 [ 97.822012][ T4803] __lock_acquire+0x2c42/0x7d10 [ 97.827015][ T4803] ? mark_lock+0x94/0x320 [ 97.831584][ T4803] ? verify_lock_unused+0x140/0x140 [ 97.837239][ T4803] ? verify_lock_unused+0x140/0x140 [ 97.842809][ T4803] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 97.849228][ T4803] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 97.855434][ T4803] ? mark_lock+0x94/0x320 [ 97.859974][ T4803] lock_acquire+0x19e/0x400 [ 97.864626][ T4803] ? ax25_device_event+0x217/0x4f0 [ 97.870206][ T4803] ? lock_chain_count+0x20/0x20 [ 97.875570][ T4803] ? read_lock_is_recursive+0x10/0x10 [ 97.881423][ T4803] ? __local_bh_enable_ip+0x136/0x1c0 [ 97.887248][ T4803] ? lockdep_hardirqs_on+0x94/0x140 [ 97.893325][ T4803] ? __local_bh_enable_ip+0x136/0x1c0 [ 97.899769][ T4803] ? _local_bh_enable+0xa0/0xa0 [ 97.905064][ T4803] lock_sock_nested+0x44/0x100 [ 97.911284][ T4803] ? ax25_device_event+0x217/0x4f0 [ 97.919768][ T4803] ax25_device_event+0x217/0x4f0 [ 97.926911][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 97.934705][ T4803] __dev_notify_flags+0x158/0x300 [ 97.941647][ T4803] ? __dev_change_flags+0x6a0/0x6a0 [ 97.947916][ T4803] ? __dev_change_flags+0x4d0/0x6a0 [ 97.954860][ T4803] ? dev_get_flags+0x1c0/0x1c0 [ 97.961208][ T4803] ? __mutex_lock_common+0x465/0x2400 [ 97.967873][ T4803] dev_change_flags+0xe3/0x1a0 [ 97.974841][ T4803] dev_ifsioc+0x130/0xd50 [ 97.980494][ T4803] ? dev_ioctl+0xe30/0xe30 [ 97.985687][ T4803] ? apparmor_capable+0x12c/0x190 [ 97.991717][ T4803] ? full_name_hash+0x8e/0xe0 [ 97.997373][ T4803] dev_ioctl+0x545/0xe30 [ 98.001944][ T4803] ? _copy_from_user+0x111/0x170 [ 98.007199][ T4803] sock_do_ioctl+0x245/0x320 [ 98.013510][ T4803] ? sock_show_fdinfo+0xb0/0xb0 [ 98.020934][ T4803] sock_ioctl+0x4d2/0x710 [ 98.027071][ T4803] ? sock_poll+0x410/0x410 [ 98.032937][ T4803] ? bpf_lsm_file_ioctl+0x5/0x10 [ 98.038967][ T4803] ? security_file_ioctl+0x7c/0xa0 [ 98.044755][ T4803] ? sock_poll+0x410/0x410 [ 98.049470][ T4803] __se_sys_ioctl+0xfa/0x170 [ 98.055162][ T4803] do_syscall_64+0x4c/0xa0 [ 98.059906][ T4803] ? clear_bhb_loop+0x30/0x80 [ 98.066020][ T4803] ? clear_bhb_loop+0x30/0x80 [ 98.071750][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.078989][ T4803] RIP: 0033:0x7fd2cd575799 [ 98.085260][ T4803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.108945][ T4803] RSP: 002b:00007fd2cb7cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.117796][ T4803] RAX: ffffffffffffffda RBX: 00007fd2cd7eefa0 RCX: 00007fd2cd575799 [ 98.126413][ T4803] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 98.134730][ T4803] RBP: 00007fd2cd60bc99 R08: 0000000000000000 R09: 0000000000000000 [ 98.143615][ T4803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.152091][ T4803] R13: 00007fd2cd7ef038 R14: 00007fd2cd7eefa0 R15: 00007ffca8d7c7b8 [ 98.162385][ T4803] [ 98.166795][ C0] vkms_vblank_simulate: vblank timer overrun [ 98.241362][ T4803] ================================================================== [ 98.250813][ T4803] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520 [ 98.259124][ T4803] Write of size 4 at addr ffff88807de415b8 by task syz.3.205/4803 [ 98.268664][ T4803] [ 98.272248][ T4803] CPU: 0 PID: 4803 Comm: syz.3.205 Not tainted syzkaller #0 [ 98.283189][ T4803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 98.297800][ T4803] Call Trace: [ 98.302125][ T4803] [ 98.305997][ T4803] dump_stack_lvl+0x188/0x250 [ 98.313712][ T4803] ? show_regs_print_info+0x20/0x20 [ 98.320424][ T4803] ? _printk+0xda/0x130 [ 98.326328][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 98.333096][ T4803] ? load_image+0x400/0x400 [ 98.339548][ T4803] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 98.348568][ T4803] print_address_description+0x60/0x2d0 [ 98.357612][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 98.365744][ T4803] kasan_report+0xdf/0x130 [ 98.371668][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 98.379691][ T4803] kasan_check_range+0x235/0x290 [ 98.386038][ T4803] ax25_dev_device_down+0x35e/0x520 [ 98.392707][ T4803] ax25_device_event+0x4b4/0x4f0 [ 98.398695][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 98.405268][ T4803] __dev_notify_flags+0x158/0x300 [ 98.411222][ T4803] ? __dev_change_flags+0x6a0/0x6a0 [ 98.417256][ T4803] ? __dev_change_flags+0x4d0/0x6a0 [ 98.422976][ T4803] ? dev_get_flags+0x1c0/0x1c0 [ 98.428013][ T4803] ? __mutex_lock_common+0x465/0x2400 [ 98.433704][ T4803] dev_change_flags+0xe3/0x1a0 [ 98.438994][ T4803] dev_ifsioc+0x130/0xd50 [ 98.443647][ T4803] ? dev_ioctl+0xe30/0xe30 [ 98.449519][ T4803] ? apparmor_capable+0x12c/0x190 [ 98.455736][ T4803] ? full_name_hash+0x8e/0xe0 [ 98.461941][ T4803] dev_ioctl+0x545/0xe30 [ 98.466671][ T4803] ? _copy_from_user+0x111/0x170 [ 98.472241][ T4803] sock_do_ioctl+0x245/0x320 [ 98.477702][ T4803] ? sock_show_fdinfo+0xb0/0xb0 [ 98.483117][ T4803] sock_ioctl+0x4d2/0x710 [ 98.488999][ T4803] ? sock_poll+0x410/0x410 [ 98.495311][ T4803] ? bpf_lsm_file_ioctl+0x5/0x10 [ 98.501885][ T4803] ? security_file_ioctl+0x7c/0xa0 [ 98.507534][ T4803] ? sock_poll+0x410/0x410 [ 98.512277][ T4803] __se_sys_ioctl+0xfa/0x170 [ 98.517641][ T4803] do_syscall_64+0x4c/0xa0 [ 98.522386][ T4803] ? clear_bhb_loop+0x30/0x80 [ 98.527380][ T4803] ? clear_bhb_loop+0x30/0x80 [ 98.532245][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.539016][ T4803] RIP: 0033:0x7fd2cd575799 [ 98.543889][ T4803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.566628][ T4803] RSP: 002b:00007fd2cb7cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.576179][ T4803] RAX: ffffffffffffffda RBX: 00007fd2cd7eefa0 RCX: 00007fd2cd575799 [ 98.585589][ T4803] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 98.594294][ T4803] RBP: 00007fd2cd60bc99 R08: 0000000000000000 R09: 0000000000000000 [ 98.603095][ T4803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.611308][ T4803] R13: 00007fd2cd7ef038 R14: 00007fd2cd7eefa0 R15: 00007ffca8d7c7b8 [ 98.621356][ T4803] [ 98.624919][ T4803] [ 98.627724][ T4803] Allocated by task 4470: [ 98.633306][ T4803] __kasan_kmalloc+0xb5/0xf0 [ 98.638939][ T4803] ax25_dev_device_up+0x50/0x580 [ 98.645280][ T4803] ax25_device_event+0x483/0x4f0 [ 98.650749][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 98.657367][ T4803] __dev_notify_flags+0x194/0x300 [ 98.662750][ T4803] dev_change_flags+0xe3/0x1a0 [ 98.667902][ T4803] dev_ifsioc+0x130/0xd50 [ 98.672895][ T4803] dev_ioctl+0x545/0xe30 [ 98.677728][ T4803] sock_do_ioctl+0x245/0x320 [ 98.683133][ T4803] sock_ioctl+0x4d2/0x710 [ 98.687772][ T4803] __se_sys_ioctl+0xfa/0x170 [ 98.693120][ T4803] do_syscall_64+0x4c/0xa0 [ 98.698518][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.705100][ T4803] [ 98.707642][ T4803] Freed by task 4803: [ 98.712265][ T4803] kasan_set_track+0x4b/0x70 [ 98.717364][ T4803] kasan_set_free_info+0x1f/0x40 [ 98.723298][ T4803] ____kasan_slab_free+0xd5/0x110 [ 98.729283][ T4803] slab_free_freelist_hook+0xea/0x170 [ 98.736304][ T4803] kfree+0xef/0x2a0 [ 98.740515][ T4803] ax25_dev_device_down+0x1c0/0x520 [ 98.747085][ T4803] ax25_device_event+0x4b4/0x4f0 [ 98.752279][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 98.758043][ T4803] __dev_notify_flags+0x158/0x300 [ 98.764311][ T4803] dev_change_flags+0xe3/0x1a0 [ 98.769573][ T4803] dev_ifsioc+0x130/0xd50 [ 98.774372][ T4803] dev_ioctl+0x545/0xe30 [ 98.779343][ T4803] sock_do_ioctl+0x245/0x320 [ 98.784377][ T4803] sock_ioctl+0x4d2/0x710 [ 98.789401][ T4803] __se_sys_ioctl+0xfa/0x170 [ 98.794348][ T4803] do_syscall_64+0x4c/0xa0 [ 98.799232][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.805701][ T4803] [ 98.808507][ T4803] Last potentially related work creation: [ 98.814682][ T4803] kasan_save_stack+0x35/0x60 [ 98.819947][ T4803] kasan_record_aux_stack+0xb8/0x100 [ 98.825928][ T4803] call_rcu+0x189/0x950 [ 98.830215][ T4803] __nf_register_net_hook+0x6fe/0x850 [ 98.835631][ T4803] nf_register_net_hook+0xae/0x190 [ 98.841099][ T4803] nf_register_net_hooks+0x40/0x1a0 [ 98.846513][ T4803] ip6t_register_table+0x551/0x810 [ 98.852645][ T4803] ip6table_raw_table_init+0x50/0x70 [ 98.858267][ T4803] xt_find_table_lock+0x220/0x360 [ 98.863747][ T4803] xt_request_find_table_lock+0x22/0x100 [ 98.870308][ T4803] do_ip6t_get_ctl+0x5e8/0x1120 [ 98.876197][ T4803] nf_getsockopt+0x25e/0x280 [ 98.881290][ T4803] ipv6_getsockopt+0x473/0x2470 [ 98.886503][ T4803] tcp_getsockopt+0x200/0x25a0 [ 98.892181][ T4803] __sys_getsockopt+0x1b0/0x230 [ 98.898298][ T4803] __x64_sys_getsockopt+0xb1/0xc0 [ 98.904078][ T4803] do_syscall_64+0x4c/0xa0 [ 98.909089][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 98.915747][ T4803] [ 98.918130][ T4803] The buggy address belongs to the object at ffff88807de41500 [ 98.918130][ T4803] which belongs to the cache kmalloc-192 of size 192 [ 98.933308][ T4803] The buggy address is located 184 bytes inside of [ 98.933308][ T4803] 192-byte region [ffff88807de41500, ffff88807de415c0) [ 98.947647][ T4803] The buggy address belongs to the page: [ 98.954108][ T4803] page:ffffea0001f79040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7de41 [ 98.964511][ T4803] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 98.972293][ T4803] raw: 00fff00000000200 ffffea00008ce680 0000000300000003 ffff888016c41a00 [ 98.981285][ T4803] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 98.990266][ T4803] page dumped because: kasan: bad access detected [ 98.997082][ T4803] page_owner tracks the page as allocated [ 99.003000][ T4803] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4187, ts 79364773256, free_ts 79364205809 [ 99.019640][ T4803] get_page_from_freelist+0x1bbd/0x1ca0 [ 99.025778][ T4803] __alloc_pages+0x1ee/0x480 [ 99.030520][ T4803] new_slab+0xb6/0x4b0 [ 99.035149][ T4803] ___slab_alloc+0x80a/0xdd0 [ 99.040060][ T4803] __kmalloc_node+0x200/0x3b0 [ 99.045090][ T4803] memcg_alloc_page_obj_cgroups+0x81/0x120 [ 99.050935][ T4803] slab_post_alloc_hook+0xba/0x380 [ 99.056617][ T4803] kmem_cache_alloc+0x100/0x290 [ 99.061968][ T4803] __d_alloc+0x2a/0x6f0 [ 99.066367][ T4803] d_alloc_pseudo+0x19/0x70 [ 99.071037][ T4803] alloc_file_pseudo+0xe0/0x200 [ 99.076521][ T4803] sock_alloc_file+0xb3/0x240 [ 99.082732][ T4803] __sys_socket+0x11d/0x170 [ 99.087471][ T4803] __x64_sys_socket+0x76/0x80 [ 99.093580][ T4803] do_syscall_64+0x4c/0xa0 [ 99.098396][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.104778][ T4803] page last free stack trace: [ 99.109773][ T4803] free_unref_page_prepare+0x637/0x6c0 [ 99.115467][ T4803] free_unref_page+0x8f/0x2a0 [ 99.120814][ T4803] __vunmap+0x8b9/0xa50 [ 99.125037][ T4803] do_ipt_get_ctl+0xe5e/0x1110 [ 99.130535][ T4803] nf_getsockopt+0x25e/0x280 [ 99.135521][ T4803] ip_getsockopt+0x1256/0x16a0 [ 99.141548][ T4803] tcp_getsockopt+0x200/0x25a0 [ 99.148182][ T4803] __sys_getsockopt+0x1b0/0x230 [ 99.155660][ T4803] __x64_sys_getsockopt+0xb1/0xc0 [ 99.162641][ T4803] do_syscall_64+0x4c/0xa0 [ 99.168012][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.175535][ T4803] [ 99.178515][ T4803] Memory state around the buggy address: [ 99.186578][ T4803] ffff88807de41480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 99.196829][ T4803] ffff88807de41500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.206308][ T4803] >ffff88807de41580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 99.214980][ T4803] ^ [ 99.222177][ T4803] ffff88807de41600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 99.230950][ T4803] ffff88807de41680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 99.240016][ T4803] ================================================================== [ 99.248657][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.414054][ T4803] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 99.421743][ T4803] CPU: 1 PID: 4803 Comm: syz.3.205 Tainted: G B syzkaller #0 [ 99.430999][ T4803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 99.441549][ T4803] Call Trace: [ 99.445002][ T4803] [ 99.448139][ T4803] dump_stack_lvl+0x188/0x250 [ 99.453132][ T4803] ? show_regs_print_info+0x20/0x20 [ 99.458894][ T4803] ? load_image+0x400/0x400 [ 99.463714][ T4803] panic+0x2e5/0x810 [ 99.468047][ T4803] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 99.474604][ T4803] ? bpf_jit_dump+0xd0/0xd0 [ 99.479155][ T4803] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 99.485349][ T4803] ? _raw_spin_unlock+0x40/0x40 [ 99.490351][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 99.496067][ T4803] check_panic_on_warn+0x80/0xa0 [ 99.501491][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 99.507086][ T4803] end_report+0x6d/0xf0 [ 99.511417][ T4803] kasan_report+0x102/0x130 [ 99.516511][ T4803] ? ax25_dev_device_down+0x35e/0x520 [ 99.522103][ T4803] kasan_check_range+0x235/0x290 [ 99.527173][ T4803] ax25_dev_device_down+0x35e/0x520 [ 99.533406][ T4803] ax25_device_event+0x4b4/0x4f0 [ 99.538708][ T4803] raw_notifier_call_chain+0xcb/0x160 [ 99.544328][ T4803] __dev_notify_flags+0x158/0x300 [ 99.549388][ T4803] ? __dev_change_flags+0x6a0/0x6a0 [ 99.556388][ T4803] ? __dev_change_flags+0x4d0/0x6a0 [ 99.562742][ T4803] ? dev_get_flags+0x1c0/0x1c0 [ 99.568443][ T4803] ? __mutex_lock_common+0x465/0x2400 [ 99.574488][ T4803] dev_change_flags+0xe3/0x1a0 [ 99.579940][ T4803] dev_ifsioc+0x130/0xd50 [ 99.585118][ T4803] ? dev_ioctl+0xe30/0xe30 [ 99.592344][ T4803] ? apparmor_capable+0x12c/0x190 [ 99.598582][ T4803] ? full_name_hash+0x8e/0xe0 [ 99.604396][ T4803] dev_ioctl+0x545/0xe30 [ 99.610263][ T4803] ? _copy_from_user+0x111/0x170 [ 99.616492][ T4803] sock_do_ioctl+0x245/0x320 [ 99.621492][ T4803] ? sock_show_fdinfo+0xb0/0xb0 [ 99.627129][ T4803] sock_ioctl+0x4d2/0x710 [ 99.631628][ T4803] ? sock_poll+0x410/0x410 [ 99.636438][ T4803] ? bpf_lsm_file_ioctl+0x5/0x10 [ 99.642053][ T4803] ? security_file_ioctl+0x7c/0xa0 [ 99.647217][ T4803] ? sock_poll+0x410/0x410 [ 99.651688][ T4803] __se_sys_ioctl+0xfa/0x170 [ 99.657058][ T4803] do_syscall_64+0x4c/0xa0 [ 99.661723][ T4803] ? clear_bhb_loop+0x30/0x80 [ 99.666916][ T4803] ? clear_bhb_loop+0x30/0x80 [ 99.672182][ T4803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.679528][ T4803] RIP: 0033:0x7fd2cd575799 [ 99.684753][ T4803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.706871][ T4803] RSP: 002b:00007fd2cb7cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.717055][ T4803] RAX: ffffffffffffffda RBX: 00007fd2cd7eefa0 RCX: 00007fd2cd575799 [ 99.726671][ T4803] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 99.736724][ T4803] RBP: 00007fd2cd60bc99 R08: 0000000000000000 R09: 0000000000000000 [ 99.745451][ T4803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.754437][ T4803] R13: 00007fd2cd7ef038 R14: 00007fd2cd7eefa0 R15: 00007ffca8d7c7b8 [ 99.763343][ T4803] [ 99.767649][ T4803] Kernel Offset: disabled [ 99.773896][ T4803] Rebooting in 86400 seconds..