last executing test programs: 23.81907542s ago: executing program 0 (id=1773): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) eventfd2(0xa82, 0xc0800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) modify_ldt$write(0x1, &(0x7f00000000c0)={0x4, 0x20000800, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x20000000002, &(0x7f0000000040)) ptrace$cont(0x21, r3, 0x80000001, 0x4) 20.948184078s ago: executing program 0 (id=1777): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) mmap(&(0x7f0000a92000/0x3000)=nil, 0x3000, 0x0, 0x10010, 0xffffffffffffffff, 0x9fc34000) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @remote}, 0x10) 14.509194013s ago: executing program 0 (id=1786): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x862b01) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/rcu_expedited', 0x169282, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x70, 0x0, 0x9, 0x401, 0x0, 0x0, {0xa}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x16}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}]}, 0x70}}, 0x4008000) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000880)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000480)=ANY=[@ANYBLOB='-', @ANYRESDEC=r5], 0x27) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) connect$can_j1939(r2, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000003c0)={0x57, 0x0, 0x4, {0xffff, 0x1}, {0x45, 0x5}, @cond=[{0x2, 0x5388, 0x6, 0x800, 0x80cb, 0x7}, {0x0, 0x5, 0x1, 0x3, 0x6, 0x1}]}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000000200)=""/88) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0x2) ptrace$pokeuser(0x6, r0, 0x358, 0xafe8) 14.005356342s ago: executing program 3 (id=1790): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x40f, &(0x7f0000000000), &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x2bac, &(0x7f0000000340), &(0x7f0000000100)=0x0, &(0x7f0000000000)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0xc, 0x4000, @fd_index=0x6, 0x8, 0x0, 0x0, 0x4}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x80000004, 0x0, 0x4) io_uring_enter(r3, 0x349e, 0xe5a7, 0x9, 0x0, 0x0) 10.784257711s ago: executing program 2 (id=1792): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0xe, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x2c, r5, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xf1}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4091}, 0x4c0d8) 10.783618971s ago: executing program 3 (id=1793): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) futex(0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, 0xfffffffffffffffc, 0x4040000) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000022c0)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000001705000008004ef02d3501000000000095003200000000006916000000000000bf67000000000000350605000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d39d25991b085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e5671c888fb126a163f16f920ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e17417a249a2cd8ff62aa6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a122822bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c6310121ecb9029e7f835420f8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000000000bc12b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35349fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a511007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d3743a0be77b64961753faba6131c136fb14b1963960f2f7f118bc451a18b216bf26c3cec2575a059da60baede629711a5f11c347fcbca73440d27b1147b44fb15106c00669da23964fd9de079d1a9077848100f6e75d29b2d60016abc6ef1542bd3062f599676bb04e64decb6c843a407f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 10.749485992s ago: executing program 4 (id=1794): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) getcwd(0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_delroute={0x44, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_ID={0xc, 0x1, 0x4}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0) 10.691367236s ago: executing program 1 (id=1795): socket$kcm(0xa, 0x3, 0x87) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000002c0)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026", 0x39}], 0x2}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/66, 0x42}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 8.325280944s ago: executing program 2 (id=1796): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) 8.322643084s ago: executing program 4 (id=1797): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x2, 0x5, 0x9, 0x7, 0xc, 0x2, 0x4, 0x2, 0xf, 0x6, 0x0, 0x3, 0x2, 0x6, 0x1, 0x4], 0x3, [0x8b, 0x101, 0x200, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x1, 0x5, 0x6, 0x9, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x8, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r8) socket$unix(0x1, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r9 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x4) 8.311618895s ago: executing program 1 (id=1798): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = syz_open_procfs(0x0, 0x0) ptrace$setregs(0xf, r0, 0x8b6, &(0x7f0000000280)="e27c8450e3af5fae226e552a9550413dea0365437a2652603004e994870db10c1f40786b42c57a3a10af7af2c92568fac28891eec6ac34538d84d170ca5cfc63") read$FUSE(r3, &(0x7f00000076c0)={0x2020}, 0x2020) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401000000000000000000090002002f797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) 7.998846023s ago: executing program 3 (id=1799): syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140), &(0x7f0000000280)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r3, &(0x7f00000013c0)="bd31", 0x2, 0x0, 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) 7.465859494s ago: executing program 4 (id=1800): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[], 0xb90}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) 7.436111646s ago: executing program 1 (id=1801): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) r6 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x44}}, 0x2) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000314000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0xa888}], 0x2}, 0x4005) 7.402858228s ago: executing program 4 (id=1802): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700ff01000000000000000000000000000108000a00", @ANYRES32=r10], 0x54}}, 0x0) r11 = socket(0x10, 0x3, 0x0) write(r11, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000490000000000000008000f00", 0x20) 7.088948716s ago: executing program 2 (id=1803): prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_mptcp(0xa, 0x1, 0x106) listen(0xffffffffffffffff, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000ac0)}], 0x1}}], 0x1, 0x41) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x10) 6.467439703s ago: executing program 1 (id=1804): fsmount(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 6.467187532s ago: executing program 3 (id=1805): write(0xffffffffffffffff, &(0x7f0000000240), 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x104}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x20000000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x60081, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0x10) 6.429527385s ago: executing program 4 (id=1806): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vxcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r5, &(0x7f0000000080)={0x1d, r6, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 6.380502377s ago: executing program 0 (id=1807): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0xe, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x2c, r5, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xf1}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4091}, 0x4c0d8) 1.497080293s ago: executing program 0 (id=1808): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) getcwd(0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_delroute={0x44, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_ID={0xc, 0x1, 0x4}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0) 1.495860402s ago: executing program 2 (id=1809): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x104}, 0x1, 0x0, 0x0, 0x91}, 0x24008000) recvmmsg$unix(r4, &(0x7f0000004ac0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000003c0)=""/67, 0x43}], 0x1}}], 0x1, 0x2124, 0x0) 1.402968658s ago: executing program 1 (id=1810): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100), 0x2a80c1, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)='decodes', 0x7}], 0x1, 0x8, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) fsopen(0x0, 0x1) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x1}, 0x10) bind$tipc(r1, 0x0, 0x0) close(r1) 1.402147488s ago: executing program 4 (id=1811): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffeaf, &(0x7f00000002c0)=0x2) ptrace$ARCH_SET_CPUID(0x1e, r0, 0x1, 0x1012) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000005, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 559.854627ms ago: executing program 2 (id=1812): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[], 0xb90}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) 471.629452ms ago: executing program 3 (id=1813): openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x3, 0x8069}, 0x0, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x40080, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0x3, 0x300) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x1, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x797, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xe, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x4, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xfffffed2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x1000007, 0x0, 0x10, 0x5, 0x2, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x7ffffffe, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x5, 0x4, 0x9, 0x5, 0x3, 0x2, 0x3, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x1000068], [0x1, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x405, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0xa, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x3, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x0, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x9, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x407, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x7fffffff, 0x5, 0x3, 0x201, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0x11b, 0x996, 0x5, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x10000400, 0x9, 0x5, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x2e1}, &(0x7f00000002c0)=0x0, &(0x7f0000000640)=0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 452.425583ms ago: executing program 2 (id=1814): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9a\b\x00\x00\x00\b\x84\xa2{\x00\v\x18\x004\x03\x96\x00\x00\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xc83\x12\xd7\xdb\x93\xcc]x\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x81\x01\xe5\x98\r\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9\xf0I{\xf0:\xd7\x802\xf3\r|\x86\x82\xf1\xb2\x06\xb0\x06\xbe\xb1\x0f\xa2\xa6\xedA\xb7\x0f\xda\x9d<\xd6l\xbcF\xcb\xec\x83#?\xf4\x81\x16+\x14\xd0\xb8\x88`W\xa9\xef\'\xe1\xd9[\xac^', 0x1) r1 = dup(r0) r2 = fanotify_init(0x10, 0x80000) fanotify_mark(r2, 0x1, 0x4800102a, r1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000680)=ANY=[], 0x28) sendfile(r0, r1, &(0x7f0000000280)=0x3, 0x33f1) 13.187889ms ago: executing program 0 (id=1815): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) r6 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x44}}, 0x2) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000314000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0xa888}], 0x2}, 0x4005) 12.808339ms ago: executing program 1 (id=1816): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) recvmsg$unix(r5, &(0x7f00000003c0)={0x0, 0xffffffffffffff04, &(0x7f0000002380)=[{&(0x7f0000002480)=""/195, 0xc3}], 0x1}, 0x2000) shutdown(r4, 0x2) 0s ago: executing program 3 (id=1817): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\x00\x00\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\xe7\xf6\t\x9dJ\xa4^m\xf3\xb5Y\f\x8f\r\xd5)>A\xe9\xf59\'G[\xf0`\xf3\'\xe4\xb2\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I?^\xf3,\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW', 0x6) fallocate(r4, 0x0, 0x0, 0x400001) fcntl$addseals(r4, 0x409, 0xc) kernel console output (not intermixed with test programs): v6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.067757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.088402][ T4185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.110689][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.125701][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.183524][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.199176][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.210508][ T4185] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.242056][ T4195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.260731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.278013][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.287449][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.294996][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.304058][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.334380][ T4195] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.376532][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.395792][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.405678][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.420274][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.441546][ T4267] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.448758][ T4267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.457386][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.466614][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.475879][ T4267] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.483223][ T4267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.491277][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.502546][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.511689][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.520665][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.529562][ T4267] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.536929][ T4267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.545178][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.588253][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.604268][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.614424][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.624593][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.632795][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.641182][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.650664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.660509][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.676158][ T4186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.699387][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.706569][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.717747][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.726940][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.737991][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.746073][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.753767][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.764031][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.781298][ T4185] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.796622][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.814305][ T4188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.834207][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.842700][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.853097][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.867752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.869713][ T4240] Bluetooth: hci3: command 0x041b tx timeout [ 61.876633][ T4250] Bluetooth: hci4: command 0x041b tx timeout [ 61.888734][ T4250] Bluetooth: hci1: command 0x041b tx timeout [ 61.891197][ T4240] Bluetooth: hci0: command 0x041b tx timeout [ 61.897395][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.905467][ T4240] Bluetooth: hci2: command 0x041b tx timeout [ 61.930623][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.946132][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.958234][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.974413][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.007896][ T4188] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.015593][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.025963][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.035145][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.045588][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.054933][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.062960][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.076920][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.087075][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.097067][ T4195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.147856][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.169983][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.185643][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.194646][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.201780][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.210114][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.218974][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.228064][ T301] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.236018][ T301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.244601][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.253527][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.265032][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.275337][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.284142][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.301142][ T4186] device veth0_vlan entered promiscuous mode [ 62.324599][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.334635][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.344783][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.356685][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.366563][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.376369][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.420237][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.428258][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.437311][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.448850][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.457815][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.467014][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.475850][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.483721][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.492143][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.503073][ T4186] device veth1_vlan entered promiscuous mode [ 62.517405][ T4195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.540514][ T4184] device veth0_vlan entered promiscuous mode [ 62.547831][ T4185] device veth0_vlan entered promiscuous mode [ 62.561734][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.576633][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.586820][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.605243][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.614279][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.624362][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.640063][ T4184] device veth1_vlan entered promiscuous mode [ 62.650014][ T4188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.667217][ T4185] device veth1_vlan entered promiscuous mode [ 62.687160][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 62.701958][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.711591][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.720579][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 62.760009][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 62.771322][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 62.782110][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.798599][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.813919][ T4186] device veth0_macvtap entered promiscuous mode [ 62.837098][ T4185] device veth0_macvtap entered promiscuous mode [ 62.870913][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 62.887090][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.898630][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.912081][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.921464][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.931494][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 62.941433][ T4185] device veth1_macvtap entered promiscuous mode [ 62.951122][ T4184] device veth0_macvtap entered promiscuous mode [ 62.970051][ T4186] device veth1_macvtap entered promiscuous mode [ 62.977762][ T4184] device veth1_macvtap entered promiscuous mode [ 62.996575][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.015468][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.024836][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.036272][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.045764][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.055167][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.064609][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.090252][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.106510][ T4185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.116666][ T4185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.126422][ T4185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.136449][ T4185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.154186][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.164309][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.173806][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.183461][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.194787][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.207356][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.220729][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.249567][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.258566][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.270725][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.280380][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.291224][ T4186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.302838][ T4186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.315135][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.325089][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.336024][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.346926][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.357980][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.370422][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.377920][ T4195] device veth0_vlan entered promiscuous mode [ 63.390600][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.399459][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.407611][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.417140][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.426303][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.436846][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.451681][ T4186] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.461482][ T4186] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.471286][ T4186] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.483661][ T4186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.496005][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.507058][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.517436][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.528622][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.541390][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.567916][ T4195] device veth1_vlan entered promiscuous mode [ 63.583142][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.593115][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.601866][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.612059][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.621913][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.630897][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.642503][ T4184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.654716][ T4184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.663813][ T4184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.673255][ T4184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.736446][ T4188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.757320][ T4195] device veth0_macvtap entered promiscuous mode [ 63.787537][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.797990][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.816565][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.852794][ T4195] device veth1_macvtap entered promiscuous mode [ 63.900114][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.908419][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.918627][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.948845][ T301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.953283][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.959291][ T4249] Bluetooth: hci2: command 0x040f tx timeout [ 63.971337][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.980054][ T301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.987604][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.994282][ T4249] Bluetooth: hci1: command 0x040f tx timeout [ 64.002537][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.007446][ T4249] Bluetooth: hci0: command 0x040f tx timeout [ 64.019089][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.021921][ T4249] Bluetooth: hci3: command 0x040f tx timeout [ 64.031749][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.037983][ T4249] Bluetooth: hci4: command 0x040f tx timeout [ 64.056927][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.068690][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.081836][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.116169][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.116310][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.135066][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.137871][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.151908][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.162199][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.171579][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.180792][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.189008][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.197374][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.205919][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.217976][ T4188] device veth0_vlan entered promiscuous mode [ 64.238208][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.250668][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.261580][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.274694][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.284653][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.295535][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.307364][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.325330][ T4188] device veth1_vlan entered promiscuous mode [ 64.338435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.348234][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.371191][ T4195] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.380645][ T4195] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.391180][ T4195] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.401846][ T4195] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.428383][ T4287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.440935][ T4287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.452530][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.472912][ T4267] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.493202][ T4267] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.513417][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.525744][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.535850][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.547284][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.607247][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.616200][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.632507][ T4188] device veth0_macvtap entered promiscuous mode [ 64.653049][ T301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.659736][ T4188] device veth1_macvtap entered promiscuous mode [ 64.692697][ T301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.737377][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.760485][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.776065][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.792483][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.803839][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.821293][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.834536][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.848733][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.861889][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.885823][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.897658][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.914615][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.946605][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.956224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.987876][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.006852][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.017521][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.034249][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.045426][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.062800][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.079249][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.097256][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.109425][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.146074][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.155856][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.179911][ T4188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.189158][ T4188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.198094][ T4188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.209231][ T4188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.227602][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.268523][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.323038][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.430124][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.460398][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.489169][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.513140][ T4287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.528021][ T4287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.551608][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.934704][ T4308] team0: Port device team_slave_0 removed [ 66.029645][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 66.039318][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!! [ 66.049094][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!! [ 66.054837][ T4187] Bluetooth: hci0: command 0x0419 tx timeout [ 66.058834][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!! [ 66.065243][ T4187] Bluetooth: hci1: command 0x0419 tx timeout [ 66.142847][ T4187] Bluetooth: hci2: command 0x0419 tx timeout [ 66.811832][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 66.821380][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 66.852806][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 66.862079][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 66.871307][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 66.880754][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 67.546403][ T13] Bluetooth: hci4: command 0x0419 tx timeout [ 67.562836][ T13] Bluetooth: hci3: command 0x0419 tx timeout [ 68.845003][ T4341] device syzkaller0 entered promiscuous mode [ 71.556139][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.563386][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.194990][ T4374] syz.3.20 uses obsolete (PF_INET,SOCK_PACKET) [ 73.421738][ T4378] loop1: detected capacity change from 0 to 16 [ 74.347231][ T4386] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 74.379474][ T4389] loop4: detected capacity change from 0 to 16 [ 74.393034][ T4372] syz.2.22 (4372): drop_caches: 2 [ 74.403343][ T4378] erofs: (device loop1): mounted with root inode @ nid 36. [ 74.417361][ T4389] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 74.668341][ T4382] loop0: detected capacity change from 0 to 8192 [ 74.713459][ T4378] erofs: (device loop1): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 74.979165][ T4174] loop0: p1 p2 [ 74.983359][ T4174] loop0: partition table partially beyond EOD, truncated [ 75.074300][ T4174] loop0: p1 start 16777216 is beyond EOD, truncated [ 75.146625][ T4174] loop0: p2 size 515840 extends beyond EOD, truncated [ 75.459367][ T4382] loop0: p1 p2 [ 75.462987][ T4382] loop0: partition table partially beyond EOD, truncated [ 75.506429][ T4382] loop0: p1 start 16777216 is beyond EOD, truncated [ 75.542342][ T4382] loop0: p2 size 515840 extends beyond EOD, truncated [ 78.155740][ T4418] loop3: detected capacity change from 0 to 256 [ 78.260693][ T4418] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 78.769659][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 79.020334][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 81.425317][ T4443] Zero length message leads to an empty skb [ 82.422525][ T7] cfg80211: failed to load regulatory.db [ 82.928757][ T4455] Illegal XDP return value 2122678588, expect packet loss! [ 84.047587][ T4463] device syzkaller1 entered promiscuous mode [ 84.489541][ T4475] netlink: 'syz.3.53': attribute type 21 has an invalid length. [ 84.552148][ T4475] netlink: 132 bytes leftover after parsing attributes in process `syz.3.53'. [ 84.589870][ T4477] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.620621][ T4475] netlink: 'syz.3.53': attribute type 1 has an invalid length. [ 84.629378][ T4475] netlink: 12 bytes leftover after parsing attributes in process `syz.3.53'. [ 84.702607][ T4478] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 84.834957][ T26] audit: type=1804 audit(1770081948.042:2): pid=4483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.55" name="bus" dev="ramfs" ino=32456 res=1 errno=0 [ 84.994463][ T26] audit: type=1804 audit(1770081948.042:3): pid=4483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.55" name="bus" dev="ramfs" ino=32456 res=1 errno=0 [ 86.154655][ T4499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.60'. [ 87.667878][ T4520] device bond_slave_0 entered promiscuous mode [ 87.674890][ T4520] device bond_slave_1 entered promiscuous mode [ 87.717161][ T4520] device vlan2 entered promiscuous mode [ 87.734847][ T4520] device bond0 entered promiscuous mode [ 87.811519][ T4526] loop4: detected capacity change from 0 to 256 [ 88.077755][ T4526] FAT-fs (loop4): Unrecognized mount option "shorname=mixed" or missing value [ 88.836059][ T4522] netlink: 40 bytes leftover after parsing attributes in process `syz.3.64'. [ 88.879656][ T4522] netlink: 40 bytes leftover after parsing attributes in process `syz.3.64'. [ 90.282674][ T4522] netlink: 40 bytes leftover after parsing attributes in process `syz.3.64'. [ 90.327208][ T4522] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 90.748418][ T4542] netlink: 'syz.2.71': attribute type 1 has an invalid length. [ 90.801561][ T4542] 8021q: VLANs not supported on wg0 [ 92.134526][ T4565] Set syz0 is full, maxelem 0 reached [ 92.480575][ T4568] 8021q: adding VLAN 0 to HW filter on device bond1 [ 92.562679][ T4570] device macvlan2 entered promiscuous mode [ 93.121728][ T4570] device bond_slave_0 entered promiscuous mode [ 93.128064][ T4570] device bond_slave_1 entered promiscuous mode [ 93.149930][ T4570] device bond0 entered promiscuous mode [ 93.158345][ T4570] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 93.232465][ T4570] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 93.253254][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 93.638359][ T4644] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 96.122028][ T4684] loop2: detected capacity change from 0 to 256 [ 96.141934][ T4687] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 96.201777][ T4687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 96.214423][ T4687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 96.222455][ T4684] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 96.289513][ T4692] loop4: detected capacity change from 0 to 512 [ 96.293537][ T4687] device bridge_slave_0 left promiscuous mode [ 96.306217][ T4684] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x43f9f21b, utbl_chksum : 0xe619d30d) [ 96.360396][ T4687] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.376197][ T4692] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 96.520701][ T4692] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 97.283327][ T4692] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002] [ 97.329273][ T4692] System zones: 1-12 [ 97.376495][ T4687] device bridge_slave_1 left promiscuous mode [ 97.395903][ T4692] EXT4-fs (loop4): 1 truncate cleaned up [ 97.419860][ T4692] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,errors=remount-ro,jqfmt=vfsv0,nodioread_nolock,debug,noquota,. Quota mode: none. [ 97.438345][ T4687] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.617198][ T4687] bond0: (slave bond_slave_0): Releasing backup interface [ 97.708850][ T4687] device bond_slave_0 left promiscuous mode [ 97.799255][ T4708] ======================================================= [ 97.799255][ T4708] WARNING: The mand mount option has been deprecated and [ 97.799255][ T4708] and is ignored by this kernel. Remove the mand [ 97.799255][ T4708] option from the mount to silence this warning. [ 97.799255][ T4708] ======================================================= [ 97.834628][ C1] vkms_vblank_simulate: vblank timer overrun [ 97.852783][ T4687] bond0: (slave bond_slave_1): Releasing backup interface [ 97.894683][ T4687] device bond_slave_1 left promiscuous mode [ 97.987258][ T4687] team0: Port device team_slave_0 removed [ 98.049582][ T4708] overlayfs: failed to resolve './file0': -2 [ 98.058516][ T4687] team0: Port device team_slave_1 removed [ 98.072873][ T4687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.086606][ T4687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.112747][ T4687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.124740][ T4687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.178781][ T4687] bond1: (slave macvlan2): Releasing backup interface [ 98.217069][ T4687] device bond0 left promiscuous mode [ 98.429747][ T4687] syz.0.97 (4687) used greatest stack depth: 21104 bytes left [ 99.662337][ T4719] loop4: detected capacity change from 0 to 16384 [ 100.808620][ T4719] UDF-fs: bad mount option "async" or missing value [ 102.134815][ T4755] loop2: detected capacity change from 0 to 1024 [ 104.833560][ T4770] netlink: 'syz.0.119': attribute type 1 has an invalid length. [ 104.895697][ T4770] 8021q: adding VLAN 0 to HW filter on device bond2 [ 105.047100][ T4772] bond2: (slave gretap1): making interface the new active one [ 105.107963][ T4772] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 105.173963][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 105.236427][ T4774] device syzkaller0 entered promiscuous mode [ 106.697461][ T4772] syz.0.119 (4772) used greatest stack depth: 20976 bytes left [ 106.988599][ T4785] loop0: detected capacity change from 0 to 8192 [ 107.099267][ T4785] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 107.219800][ T4785] REISERFS (device loop0): using ordered data mode [ 107.226462][ T4785] reiserfs: using flush barriers [ 107.253221][ T4785] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 107.279273][ T4795] loop2: detected capacity change from 0 to 512 [ 107.298253][ T4785] REISERFS (device loop0): checking transaction log (loop0) [ 107.435257][ T4795] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 107.605675][ T4785] REISERFS (device loop0): Using r5 hash to sort names [ 107.700853][ T4785] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 107.742376][ T4795] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.874120][ T4785] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 108.423471][ T4785] reiserfs filesystem being mounted at /26/bus supports timestamps until 2106-02-07 (0xffffffff) [ 109.629623][ T4795] syz.2.127 (4795) used greatest stack depth: 18512 bytes left [ 110.953760][ T4825] loop1: detected capacity change from 0 to 512 [ 110.957383][ T4831] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 111.040675][ T4831] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 111.327121][ T4825] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.136: Invalid inode bitmap blk 4 in block_group 0 [ 112.125577][ T4825] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,resuid=0x0000000000000000,grpquota,noload,nobarrier,usrquota,,errors=continue. Quota mode: writeback. [ 112.450897][ T4856] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 113.363681][ T4841] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 13: invalid block bitmap [ 113.400383][ T4851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.142'. [ 114.857528][ T4885] syz.4.150 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 115.991927][ T4888] loop4: detected capacity change from 0 to 128 [ 120.052450][ T4930] loop4: detected capacity change from 0 to 512 [ 120.210153][ T4930] EXT4-fs (loop4): error: journal path ./file1 is not a block device [ 121.335884][ T4951] netlink: zone id is out of range [ 121.396563][ T4951] netlink: zone id is out of range [ 121.509305][ T4951] netlink: zone id is out of range [ 121.514619][ T4951] netlink: zone id is out of range [ 121.520192][ T4951] netlink: zone id is out of range [ 121.525732][ T4951] netlink: zone id is out of range [ 121.531307][ T4951] netlink: zone id is out of range [ 121.537376][ T4951] netlink: zone id is out of range [ 121.544400][ T4951] netlink: zone id is out of range [ 121.550029][ T4951] netlink: zone id is out of range [ 121.814553][ T4959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.714521][ T4967] netlink: 'syz.2.179': attribute type 1 has an invalid length. [ 122.827734][ T4967] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.878739][ T4968] bond1: (slave vlan2): making interface the new active one [ 122.897127][ T4968] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 122.937261][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 122.945059][ T4303] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 123.140424][ T4971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'. [ 123.180242][ T4954] loop4: detected capacity change from 0 to 32768 [ 123.225762][ T4954] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.173 (4954) [ 123.240205][ T4303] usb 2-1: Using ep0 maxpacket: 16 [ 123.260932][ T4971] device hsr_slave_0 left promiscuous mode [ 123.405563][ T4303] usb 2-1: config 0 has no interfaces? [ 123.414192][ T4303] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 123.436517][ T4303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.512675][ T4977] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 124.449791][ T4303] usb 2-1: config 0 descriptor?? [ 124.502970][ T4954] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 124.519266][ T4954] BTRFS info (device loop4): using free space tree [ 124.539788][ T4954] BTRFS info (device loop4): has skinny extents [ 124.728233][ T4954] BTRFS error (device loop4): open_ctree failed: -12 [ 125.089540][ T23] usb 2-1: USB disconnect, device number 2 [ 125.759110][ T5031] device syzkaller0 entered promiscuous mode [ 126.929569][ T5043] loop2: detected capacity change from 0 to 128 [ 127.051057][ T5043] vfat filesystem being mounted at /36/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2107-12-31 (0x10391447e) [ 129.256488][ T5064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.202'. [ 129.489240][ T5064] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.525276][ T5064] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.689554][ T5064] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.697388][ T5064] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.023433][ T5085] loop0: detected capacity change from 0 to 512 [ 132.235073][ T5085] FAT-fs (loop0): Unrecognized mount option "/dev/comedi5" or missing value [ 133.978344][ T5103] trusted_key: encrypted_key: master key parameter '|{E' is invalid [ 134.418705][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.428334][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.468130][ T26] audit: type=1326 audit(3917565645.671:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ded734eb9 code=0x7ffc0000 [ 135.132173][ T26] audit: type=1326 audit(3917565645.731:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x7ffc0000 [ 135.157220][ C1] vkms_vblank_simulate: vblank timer overrun [ 135.259695][ T26] audit: type=1326 audit(3917565645.741:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ded6d62d9 code=0x7ffc0000 [ 135.330397][ T26] audit: type=1326 audit(3917565645.741:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x7ffc0000 [ 135.378577][ T5121] loop0: detected capacity change from 0 to 1024 [ 135.399123][ T26] audit: type=1326 audit(3917565645.741:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ded6d62d9 code=0x7ffc0000 [ 135.449804][ T26] audit: type=1326 audit(3917565645.911:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x7ffc0000 [ 135.579151][ T26] audit: type=1326 audit(3917565645.931:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ded6d62d9 code=0x7ffc0000 [ 135.655263][ T26] audit: type=1326 audit(3917565646.011:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x7ffc0000 [ 135.759104][ T26] audit: type=1326 audit(3917565646.021:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ded6d62d9 code=0x7ffc0000 [ 135.849425][ T26] audit: type=1326 audit(3917565646.041:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5106 comm="syz.4.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x7ffc0000 [ 135.994424][ T5140] loop4: detected capacity change from 0 to 512 [ 136.102475][ T5140] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 136.135876][ T5140] EXT4-fs (loop4): Unrecognized mount option "dax=inode.." or missing value [ 136.361212][ T5145] hfsplus: bad catalog entry type [ 136.401630][ T5142] net_ratelimit: 23 callbacks suppressed [ 136.404529][ T5142] netlink: zone id is out of range [ 136.992979][ T5142] netlink: zone id is out of range [ 137.106041][ T5142] netlink: zone id is out of range [ 137.183797][ T5142] netlink: zone id is out of range [ 137.264513][ T5142] netlink: zone id is out of range [ 137.293760][ T4228] hfsplus: b-tree write err: -5, ino 4 [ 137.305951][ T5142] netlink: zone id is out of range [ 137.571195][ T5142] netlink: zone id is out of range [ 138.215153][ T5142] netlink: zone id is out of range [ 138.259984][ T5142] netlink: zone id is out of range [ 138.265161][ T5142] netlink: zone id is out of range [ 139.225862][ T5166] device syzkaller0 entered promiscuous mode [ 141.852437][ T5194] netlink: 'syz.1.240': attribute type 1 has an invalid length. [ 142.084569][ T5196] bond1: (slave gretap1): making interface the new active one [ 142.141419][ T5196] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 143.359249][ T4623] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.750113][ T5219] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 144.988946][ T5206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.244'. [ 147.024137][ T5247] xt_connbytes: Forcing CT accounting to be enabled [ 147.032791][ T5247] set match dimension is over the limit! [ 148.011863][ T5241] loop4: detected capacity change from 0 to 8192 [ 148.034041][ T5261] netlink: 'syz.3.260': attribute type 13 has an invalid length. [ 150.008798][ T5261] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.561660][ T5261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.620188][ T5261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.943195][ T5261] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.953923][ T5261] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.964792][ T5261] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.974722][ T5261] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.084812][ T5270] netlink: 'syz.4.264': attribute type 1 has an invalid length. [ 151.142679][ T5273] bridge0: port 1(netdevsim0) entered blocking state [ 151.150975][ T5273] bridge0: port 1(netdevsim0) entered disabled state [ 151.161028][ T5273] device netdevsim0 entered promiscuous mode [ 151.181554][ T5273] bridge0: port 1(netdevsim0) entered blocking state [ 151.189535][ T5273] bridge0: port 1(netdevsim0) entered forwarding state [ 152.223555][ T5289] process 'syz.3.271' launched './file2' with NULL argv: empty string added [ 154.924688][ T5335] device syzkaller0 entered promiscuous mode [ 156.867982][ T5344] Invalid option length (1047662) for dns_resolver key [ 157.123522][ T5349] loop0: detected capacity change from 0 to 128 [ 157.235098][ T5352] netlink: 12 bytes leftover after parsing attributes in process `syz.3.287'. [ 157.248123][ T5349] UDF-fs: bad mount option "3[cJ@a\;ubfSBq" or missing value [ 157.369441][ T5352] HTB: quantum of class 4000A is big. Consider r2q change. [ 157.387906][ T5352] HTB: quantum of class 4000A is big. Consider r2q change. [ 159.865971][ T5368] sched: RT throttling activated [ 161.024972][ T5384] loop4: detected capacity change from 0 to 512 [ 161.128121][ T5387] xt_TPROXY: Can be used only with -p tcp or -p udp [ 162.195776][ T5366] ODEBUG: Out of memory. ODEBUG disabled [ 164.311917][ T5384] EXT4-fs warning (device loop4): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop4. [ 167.382892][ T5413] bridge0: port 1(netdevsim0) entered disabled state [ 167.508055][ T5422] netlink: 'syz.0.304': attribute type 16 has an invalid length. [ 167.519789][ T5422] netlink: 'syz.0.304': attribute type 17 has an invalid length. [ 167.595805][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 167.647696][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 167.691261][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 167.769499][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 167.797661][ T5422] net_ratelimit: 23 callbacks suppressed [ 167.797673][ T5422] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 169.710625][ T5431] tipc: Started in network mode [ 169.715789][ T5431] tipc: Node identity 4, cluster identity 4711 [ 169.722514][ T5431] tipc: Node number set to 4 [ 170.066709][ T5452] loop4: detected capacity change from 0 to 64 [ 171.117070][ T5452] minix filesystem being mounted at /71/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 172.367264][ T5465] Trying to free block not in datazone [ 173.047045][ T5478] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000 [ 173.104341][ T5481] netlink: 'syz.2.324': attribute type 11 has an invalid length. [ 173.857404][ T5486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.325'. [ 175.956157][ T5518] mmap: syz.1.334 (5518) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 180.015331][ T5563] 9p filesystem being mounted at /67/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 182.182341][ T23] Bluetooth: hci0: command 0x0406 tx timeout [ 182.230260][ T4350] Bluetooth: hci3: command 0x0406 tx timeout [ 182.237618][ T4350] Bluetooth: hci2: command 0x0406 tx timeout [ 182.259774][ T4350] Bluetooth: hci1: command 0x0406 tx timeout [ 182.268324][ T23] Bluetooth: hci4: command 0x0406 tx timeout [ 182.728411][ T5593] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 184.982109][ T5648] capability: warning: `syz.1.366' uses deprecated v2 capabilities in a way that may be insecure [ 185.395946][ T5656] netlink: 24 bytes leftover after parsing attributes in process `syz.0.367'. [ 186.220842][ T5658] binder: BINDER_SET_CONTEXT_MGR already set [ 186.829206][ T5658] binder: 5654:5658 ioctl 4018620d 2000000002c0 returned -16 [ 188.892721][ T5676] xt_policy: output policy not valid in PREROUTING and INPUT [ 191.000253][ T5697] loop0: detected capacity change from 0 to 8192 [ 191.020667][ T5697] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 191.040239][ T5697] REISERFS (device loop0): using ordered data mode [ 191.200485][ T5697] reiserfs: using flush barriers [ 191.419739][ T5697] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 191.628937][ T5697] REISERFS (device loop0): checking transaction log (loop0) [ 191.680878][ T5697] REISERFS warning (device loop0): vs-13075 reiserfs_read_locked_inode: dead inode read from disk [1 2 0x0 SD]. This is likely to be race with knfsd. Ignore [ 194.448650][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.465906][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.730921][ T5773] xt_l2tp: missing protocol rule (udp|l2tpip) [ 198.380773][ T5780] overlayfs: failed to clone upperpath [ 198.594116][ T5784] overlayfs: missing 'lowerdir' [ 198.721310][ T5789] overlayfs: failed to clone upperpath [ 201.226019][ T5820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.418'. [ 202.081019][ T5826] xt_policy: neither incoming nor outgoing policy selected [ 202.721372][ T5820] netlink: 12 bytes leftover after parsing attributes in process `syz.0.418'. [ 202.910540][ T5834] sctp: [Deprecated]: syz.1.421 (pid 5834) Use of struct sctp_assoc_value in delayed_ack socket option. [ 202.910540][ T5834] Use struct sctp_sack_info instead [ 202.952802][ T4458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.981868][ T4458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.074687][ T5842] loop0: detected capacity change from 0 to 32768 [ 206.094343][ T5842] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.425 (5842) [ 206.383980][ T5842] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 206.422876][ T5842] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 206.443139][ T5842] BTRFS info (device loop0): trying to use backup root at mount time [ 206.489064][ T5842] BTRFS info (device loop0): setting nodatasum [ 206.517184][ T5842] BTRFS info (device loop0): force zlib compression, level 3 [ 206.569054][ T5842] BTRFS info (device loop0): setting nodatacow [ 206.585603][ T5842] BTRFS info (device loop0): turning on flush-on-commit [ 206.626128][ T5842] BTRFS info (device loop0): disabling tree log [ 206.657588][ T5842] BTRFS info (device loop0): using free space tree [ 206.668876][ T5842] BTRFS info (device loop0): has skinny extents [ 207.406890][ T5842] BTRFS error (device loop0): open_ctree failed: -12 [ 208.616850][ T5909] netlink: 8 bytes leftover after parsing attributes in process `syz.4.440'. [ 208.808953][ T4174] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by udevd (4174) [ 209.159453][ T5926] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 209.170928][ T5926] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 210.232090][ T5935] binder_alloc: 5932: pid 5932 spamming oneway? 2 buffers allocated for a total size of 5120 [ 211.714122][ T5949] netlink: 24 bytes leftover after parsing attributes in process `syz.1.452'. [ 213.124506][ T5965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'. [ 213.172539][ T5970] netlink: 'syz.0.458': attribute type 1 has an invalid length. [ 213.601807][ T5973] bond3: (slave bridge2): making interface the new active one [ 213.662306][ T5973] bond3: (slave bridge2): Enslaving as an active interface with an up link [ 213.716235][ T5975] device macvlan3 entered promiscuous mode [ 213.751627][ T5975] device bond3 entered promiscuous mode [ 213.795500][ T5975] device bridge2 entered promiscuous mode [ 213.807869][ T5975] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 213.816261][ T5975] bond3: (slave macvlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 213.833687][ T5975] device bond3 left promiscuous mode [ 213.839761][ T5975] device bridge2 left promiscuous mode [ 214.676910][ T5997] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 214.748177][ T6003] loop0: detected capacity change from 0 to 512 [ 214.806543][ T5997] netlink: 16 bytes leftover after parsing attributes in process `syz.2.465'. [ 214.903778][ T6003] msdos filesystem being mounted at /92/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 214.912376][ T6008] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 218.178909][ T6039] netlink: 'syz.2.477': attribute type 1 has an invalid length. [ 218.421678][ T6049] UBIFS error (pid: 6049): cannot open "ubifs", error -22 [ 219.312831][ T6043] bond2: (slave bridge1): making interface the new active one [ 219.368303][ T6043] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 219.422893][ T6048] device macvlan2 entered promiscuous mode [ 219.441980][ T6048] device bond2 entered promiscuous mode [ 219.447745][ T6048] device bridge1 entered promiscuous mode [ 219.475028][ T6048] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 219.632248][ T6048] bond2: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 219.659565][ T6048] device bond2 left promiscuous mode [ 219.666291][ T6048] device bridge1 left promiscuous mode [ 221.674455][ T6083] loop0: detected capacity change from 0 to 512 [ 221.709155][ T6083] EXT4-fs (loop0): Ignoring removed oldalloc option [ 221.732756][ T6083] EXT4-fs (loop0): mounted filesystem without journal. Opts: acl,nodiscard,oldalloc,,errors=continue. Quota mode: none. [ 228.346481][ T6156] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 228.358397][ T6156] F2FS-fs (loop3): Unable to read 1th superblock [ 228.365839][ T6156] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 228.377567][ T6156] F2FS-fs (loop3): Unable to read 2th superblock [ 229.189653][ T6139] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.197310][ T6139] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.362119][ T6139] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.371207][ T6139] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.380850][ T6139] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.390145][ T6139] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.579044][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'. [ 230.677800][ T6182] netlink: 'syz.4.506': attribute type 1 has an invalid length. [ 230.762621][ T6190] bond1: (slave bridge1): making interface the new active one [ 230.775451][ T6190] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 232.707786][ T6221] device syzkaller0 entered promiscuous mode [ 235.556916][ T6247] netlink: 'syz.0.536': attribute type 4 has an invalid length. [ 255.215901][ T6461] netlink: 'syz.1.582': attribute type 13 has an invalid length. [ 255.784568][ T6475] xt_connbytes: Forcing CT accounting to be enabled [ 255.792055][ T6475] Cannot find set identified by id 0 to match [ 255.883302][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.890447][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.003313][ T6499] overlayfs: failed to clone upperpath [ 258.971031][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.979368][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.262587][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.286274][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.613533][ T6461] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.622573][ T6461] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.632082][ T6461] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.641472][ T6461] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.776338][ T6501] netlink: 'syz.3.591': attribute type 1 has an invalid length. [ 260.818543][ T6515] netlink: 4 bytes leftover after parsing attributes in process `syz.4.596'. [ 261.435471][ T6538] xt_connbytes: Forcing CT accounting to be enabled [ 261.442593][ T6538] set match dimension is over the limit! [ 261.478672][ T6540] device bridge_slave_0 left promiscuous mode [ 262.559816][ T6540] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.585843][ T6540] device bridge_slave_1 left promiscuous mode [ 262.625486][ T6540] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.669765][ T6540] bond0: (slave bond_slave_0): Releasing backup interface [ 262.677982][ T6540] device bond_slave_0 left promiscuous mode [ 262.690533][ T6540] bond0: (slave bond_slave_1): Releasing backup interface [ 264.765545][ T6540] device bond_slave_1 left promiscuous mode [ 264.804080][ T6540] team0: Port device team_slave_1 removed [ 264.822021][ T6540] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 264.845828][ T6540] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 264.873129][ T6540] bond1: (slave gretap1): Releasing active interface [ 264.977758][ T6534] team0: Mode changed to "loadbalance" [ 265.048030][ T6542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.602'. [ 265.123040][ T6558] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 265.132269][ T6558] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 265.174527][ T6564] 9pnet: Insufficient options for proto=fd [ 268.210185][ T6582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.616'. [ 268.304328][ T6582] netlink: 32 bytes leftover after parsing attributes in process `syz.1.616'. [ 268.443028][ T6592] capability: warning: `syz.1.620' uses 32-bit capabilities (legacy support in use) [ 268.546154][ T6594] batman_adv: batadv0: Adding interface: dummy0 [ 268.582526][ T6594] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.679268][ T6594] batman_adv: batadv0: Interface activated: dummy0 [ 268.754522][ T6599] batadv0: mtu less than device minimum [ 268.764135][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.778061][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.791315][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.804587][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.817565][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.830748][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.843887][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.856775][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.869707][ T6599] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 268.919137][ T6603] device syzkaller0 left promiscuous mode [ 270.025003][ T6622] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 271.175227][ T6639] overlayfs: failed to clone upperpath [ 272.293424][ T6637] chnl_net:caif_netlink_parms(): no params data found [ 272.807145][ T6637] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.896148][ T6637] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.005320][ T6637] device bridge_slave_0 entered promiscuous mode [ 273.055140][ T6637] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.124753][ T6637] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.140229][ T6637] device bridge_slave_1 entered promiscuous mode [ 273.229875][ T5899] Bluetooth: hci2: command 0x0409 tx timeout [ 274.155477][ T6637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.223264][ T6637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.447399][ T6637] team0: Port device team_slave_0 added [ 274.519511][ T6637] team0: Port device team_slave_1 added [ 274.701715][ T6637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.751943][ T6637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.779400][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.868853][ T6637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.882164][ T6637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.892093][ T6637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.320765][ T5899] Bluetooth: hci2: command 0x041b tx timeout [ 275.491955][ T6637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.508958][ C1] hrtimer: interrupt took 31552 ns [ 275.611986][ T6637] device hsr_slave_0 entered promiscuous mode [ 275.659390][ T6637] device hsr_slave_1 entered promiscuous mode [ 275.669807][ T6637] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 275.677493][ T6637] Cannot create hsr debugfs directory [ 277.998349][ T5224] Bluetooth: hci2: command 0x040f tx timeout [ 278.009605][ T6637] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.816965][ T6637] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.636722][ T5224] Bluetooth: hci2: command 0x0419 tx timeout [ 280.723229][ T6637] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.765590][ T6723] netlink: 'syz.2.666': attribute type 10 has an invalid length. [ 280.784735][ T6723] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 282.007194][ T6637] bridge0: port 1(netdevsim0) entered disabled state [ 282.095066][ T6637] device netdevsim0 left promiscuous mode [ 282.107409][ T6637] bridge0: port 1(netdevsim0) entered disabled state [ 282.134364][ T6637] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.168206][ T6729] netlink: 14 bytes leftover after parsing attributes in process `syz.2.666'. [ 282.212366][ T6729] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.227982][ T6729] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.243995][ T6729] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 282.276137][ T6729] bond0 (unregistering): Released all slaves [ 282.297584][ T6728] netlink: 24 bytes leftover after parsing attributes in process `syz.3.657'. [ 282.380352][ T4350] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 282.487439][ T6637] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 282.505552][ T6637] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 282.519730][ T6637] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 282.541049][ T6637] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 282.627803][ T6637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.648198][ T4643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.664795][ T4643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.641372][ T6637] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.697718][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 283.736488][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 283.763778][ T4528] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.771076][ T4528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.839069][ T4350] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 284.017009][ T4350] usb 2-1: config 0 interface 0 has no altsetting 0 [ 284.076193][ T4350] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 284.086791][ T4350] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.819167][ T4350] usb 2-1: config 0 descriptor?? [ 285.056427][ T6637] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 285.067077][ T6637] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 285.090520][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 285.104302][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 285.115644][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 285.309564][ T4350] usbhid 2-1:0.0: can't add hid device: -71 [ 285.325831][ T4350] usbhid: probe of 2-1:0.0 failed with error -71 [ 285.491382][ T4528] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.498894][ T4528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.972275][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.007619][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 286.061075][ T6779] loop2: detected capacity change from 0 to 7 [ 286.076509][ T4350] usb 2-1: USB disconnect, device number 3 [ 286.109282][ T6779] Dev loop2: unable to read RDB block 7 [ 286.133101][ T6779] loop2: unable to read partition table [ 286.149520][ T6779] loop2: partition table beyond EOD, truncated [ 286.157135][ T6779] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 286.251358][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.268017][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.277511][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.314569][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.210555][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.219490][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.228723][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.237646][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.280239][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.292885][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 290.457644][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 290.484633][ T6812] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 290.544106][ T6812] overlayfs: failed to set xattr on upper [ 290.569655][ T6812] overlayfs: ...falling back to index=off,metacopy=off. [ 290.608334][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 290.687638][ T6637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.443267][ T6637] device veth0_vlan entered promiscuous mode [ 291.499294][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 291.555408][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 291.565607][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 291.575407][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 291.588316][ T6637] device veth1_vlan entered promiscuous mode [ 291.598375][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 291.608735][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 294.831149][ T6637] device veth0_macvtap entered promiscuous mode [ 294.886249][ T6637] device veth1_macvtap entered promiscuous mode [ 294.942417][ T6637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.972681][ T6637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.004641][ T6637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.038522][ T6637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.067874][ T6637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.205669][ T6637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.246022][ T6637] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.320448][ T6637] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.329562][ T6637] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.338552][ T6637] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.350080][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 295.361201][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 295.649892][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 295.886628][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 296.242027][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 296.254750][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 296.280652][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 296.394671][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 296.531266][ T4643] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.551579][ T4643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.598138][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 296.623759][ T4643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.659340][ T4643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.676493][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 296.866199][ T6874] netlink: 24 bytes leftover after parsing attributes in process `syz.3.695'. [ 302.349774][ T6927] netlink: 'syz.2.714': attribute type 10 has an invalid length. [ 302.957537][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.965097][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.076744][ T6930] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 303.095436][ T6930] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.379254][ T6930] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.405250][ T6930] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.458094][ T6930] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.497899][ T6930] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.353113][ T6957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.722'. [ 305.568419][ T6957] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.578177][ T6957] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.587677][ T6957] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.596606][ T6957] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 306.876383][ T26] kauditd_printk_skb: 21 callbacks suppressed [ 306.876400][ T26] audit: type=1326 audit(3917565818.081:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6978 comm="syz.4.729" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1ded734eb9 code=0x0 [ 308.922892][ T26] audit: type=1326 audit(3917565820.131:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 308.973418][ T26] audit: type=1326 audit(3917565820.131:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.060643][ T26] audit: type=1326 audit(3917565820.131:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.156121][ T26] audit: type=1326 audit(3917565820.131:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.158230][ T7010] 9pnet: Insufficient options for proto=fd [ 309.272909][ T26] audit: type=1326 audit(3917565820.131:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.274332][ T7014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.737'. [ 309.377190][ T26] audit: type=1326 audit(3917565820.131:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.428198][ T26] audit: type=1326 audit(3917565820.131:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.459255][ T26] audit: type=1326 audit(3917565820.131:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.492662][ T26] audit: type=1326 audit(3917565820.131:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6997 comm="syz.1.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7fc00000 [ 309.669336][ T7012] bridge1: port 1(veth5) entered blocking state [ 310.374928][ T7012] bridge1: port 1(veth5) entered disabled state [ 310.384096][ T7012] device veth5 entered promiscuous mode [ 310.414576][ T7024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.742'. [ 310.547224][ T7012] bridge1: port 2(veth7) entered blocking state [ 310.554352][ T7012] bridge1: port 2(veth7) entered disabled state [ 310.572935][ T7012] device veth7 entered promiscuous mode [ 310.635286][ T7031] No such timeout policy "syz1" [ 312.111198][ T7039] xt_policy: output policy not valid in PREROUTING and INPUT [ 315.726566][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.763'. [ 317.340136][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.347289][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.936325][ T1108] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 319.839228][ T1108] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 319.856235][ T1108] usb 2-1: can't read configurations, error -71 [ 323.295912][ T7160] netlink: 64 bytes leftover after parsing attributes in process `syz.1.785'. [ 323.359148][ T7160] device syzkaller1 entered promiscuous mode [ 324.598164][ T7188] loop7: detected capacity change from 0 to 7 [ 324.608455][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 324.619852][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 324.628504][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 324.639922][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 324.845610][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 324.857288][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 324.872833][ T7195] syz.0.797 sent an empty control message without MSG_MORE. [ 325.293183][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.305349][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.400848][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.413134][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.422273][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.435083][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.468495][ T7202] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.476357][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.477944][ T7202] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.489310][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.493598][ T7133] ldm_validate_partition_table(): Disk read failed. [ 325.498269][ T7202] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.523093][ T7202] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.539142][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.550274][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.582095][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.593474][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.600968][ T7202] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 325.773397][ C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 325.785111][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 325.799607][ T7133] Dev loop7: unable to read RDB block 0 [ 325.806662][ T7133] loop7: unable to read partition table [ 325.812857][ T7133] loop7: partition table beyond EOD, truncated [ 327.118637][ T7188] ldm_validate_partition_table(): Disk read failed. [ 327.185095][ T7188] Dev loop7: unable to read RDB block 0 [ 327.191792][ T7188] loop7: unable to read partition table [ 327.198023][ T7188] loop7: partition table beyond EOD, truncated [ 327.264076][ T7188] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 334.537989][ T7297] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 7297 comm: syz.4.829) [ 334.899329][ T3519] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 335.548470][ T3519] usb 1-1: config 0 has no interfaces? [ 336.851849][ T3519] usb 1-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 0.02 [ 336.863131][ T3519] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 337.822332][ T3519] usb 1-1: SerialNumber: syz [ 337.912251][ T3519] usb 1-1: config 0 descriptor?? [ 337.930543][ T3519] usb 1-1: can't set config #0, error -71 [ 338.119723][ T3519] usb 1-1: USB disconnect, device number 2 [ 339.095461][ T7350] netlink: 4 bytes leftover after parsing attributes in process `syz.4.844'. [ 346.997168][ T7438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 347.054550][ T7438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 347.086376][ T7438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 347.117453][ T7438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 347.157165][ T7442] netlink: 'syz.3.871': attribute type 1 has an invalid length. [ 347.233353][ T7445] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 347.257381][ T7451] netlink: 'syz.1.872': attribute type 9 has an invalid length. [ 347.265695][ T7451] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.872'. [ 347.444243][ T4631] net_ratelimit: 10 callbacks suppressed [ 347.444264][ T4631] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 347.495673][ T7448] 8021q: adding VLAN 0 to HW filter on device bond1 [ 347.809883][ T4528] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 347.965271][ T7456] sch_tbf: burst 480 is lower than device lo mtu (65550) ! [ 348.010144][ T7454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.874'. [ 349.113786][ T7444] ipt_CLUSTERIP: Please specify destination IP [ 349.123611][ T7477] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 7477 comm: syz.0.880) [ 350.449750][ T21] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 351.006787][ T21] usb 1-1: config 128 interface 0 has no altsetting 0 [ 351.016768][ T21] usb 1-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 351.098958][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.499077][ T21] usb 1-1: string descriptor 0 read error: -71 [ 351.514468][ T21] usb 1-1: selecting invalid altsetting 3 [ 351.521362][ T21] comedi comedi5: could not set alternate setting 3 in high speed [ 351.529716][ T21] usbduxsigma 1-1:128.0: driver 'usbduxsigma' failed to auto-configure device. [ 352.260560][ T7520] tipc: Started in network mode [ 352.277825][ T7520] tipc: Node identity 4, cluster identity 4711 [ 352.312967][ T7520] tipc: Node number set to 4 [ 352.334101][ T21] usbduxsigma: probe of 1-1:128.0 failed with error -22 [ 352.349229][ T21] usb 1-1: USB disconnect, device number 3 [ 352.634846][ T7526] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 354.785080][ T7546] netlink: 24 bytes leftover after parsing attributes in process `syz.0.901'. [ 357.651014][ T7596] fuse: Invalid rootmode [ 357.664105][ T7600] 8021q: adding VLAN 0 to HW filter on device bond1 [ 357.702690][ T7600] bond1: (slave ip6gretap1): making interface the new active one [ 357.720193][ T7600] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 357.739234][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 358.086059][ T7614] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 359.269449][ T7631] device syzkaller0 entered promiscuous mode [ 359.277145][ T7633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.923'. [ 359.341556][ T7633] netlink: 32 bytes leftover after parsing attributes in process `syz.4.923'. [ 359.703595][ T7642] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.924'. [ 361.279667][ T7658] 9pnet: Insufficient options for proto=fd [ 361.688796][ T7664] binder: transaction release 51 bad handle 1, ret = -22 [ 366.766772][ T7698] netlink: 'syz.1.942': attribute type 10 has an invalid length. [ 366.965800][ T7698] device wlan1 entered promiscuous mode [ 367.955264][ T7698] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 367.972206][ T7701] netlink: 14 bytes leftover after parsing attributes in process `syz.1.942'. [ 368.233162][ T7701] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 368.260039][ T7701] device wlan1 left promiscuous mode [ 368.980454][ T7701] bond0 (unregistering): Released all slaves [ 369.014233][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.021746][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.032561][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.044592][ T7709] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 369.058379][ T7709] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 369.086016][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.095502][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.103063][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.110675][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.118447][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.125855][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 369.133438][ T7709] virt_wifi0 speed is unknown, defaulting to 1000 [ 370.822880][ T7730] batman_adv: batadv0: Adding interface: dummy0 [ 370.872175][ T7730] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.032607][ T7733] netlink: 'syz.2.954': attribute type 4 has an invalid length. [ 371.060454][ T7730] batman_adv: batadv0: Interface activated: dummy0 [ 371.089173][ T7733] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.954'. [ 373.490501][ T7759] tipc: Started in network mode [ 373.524729][ T7759] tipc: Node identity 4, cluster identity 4711 [ 373.586185][ T7759] tipc: Node number set to 4 [ 373.873264][ T7769] batman_adv: batadv0: Interface deactivated: dummy0 [ 373.901281][ T7769] batman_adv: batadv0: Removing interface: dummy0 [ 378.105318][ T7814] tipc: Started in network mode [ 378.142608][ T7814] tipc: Node identity 4, cluster identity 4711 [ 378.149876][ T7814] tipc: Node number set to 4 [ 379.351196][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.357845][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.865223][ T7840] netlink: 24 bytes leftover after parsing attributes in process `syz.4.983'. [ 385.338383][ T7879] virt_wifi0 speed is unknown, defaulting to 1000 [ 386.227401][ T7893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.999'. [ 396.832657][ T26] kauditd_printk_skb: 51 callbacks suppressed [ 396.832677][ T26] audit: type=1326 audit(3917566164.030:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.1020" exe="/root/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7f1ded72ecd7 code=0x0 [ 396.869171][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 397.204657][ T7983] lo speed is unknown, defaulting to 1000 [ 397.226895][ T7983] lo speed is unknown, defaulting to 1000 [ 397.239265][ T7983] lo speed is unknown, defaulting to 1000 [ 397.631494][ T7983] infiniband syz2: set down [ 397.636554][ T7983] infiniband syz2: added lo [ 397.654679][ T21] lo speed is unknown, defaulting to 1000 [ 397.711596][ T7983] RDS/IB: syz2: added [ 397.717166][ T7983] smc: adding ib device syz2 with port count 1 [ 397.724298][ T7983] smc: ib device syz2 port 1 has pnetid [ 397.755001][ T7983] lo speed is unknown, defaulting to 1000 [ 397.860836][ T21] lo speed is unknown, defaulting to 1000 [ 397.925817][ T7983] lo speed is unknown, defaulting to 1000 [ 398.202638][ T7983] lo speed is unknown, defaulting to 1000 [ 398.302679][ T7983] lo speed is unknown, defaulting to 1000 [ 398.851243][ T7983] lo speed is unknown, defaulting to 1000 [ 399.043955][ T7983] lo speed is unknown, defaulting to 1000 [ 399.146099][ T7983] lo speed is unknown, defaulting to 1000 [ 399.410570][ T26] audit: type=1326 audit(3917566166.620:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8000 comm="syz.2.1029" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f2c23eb9 code=0x0 [ 399.610662][ T21] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 400.589253][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 400.711791][ T21] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 400.899618][ T21] usb 1-1: config 0 has no interface number 0 [ 400.918984][ T21] usb 1-1: config 0 interface 133 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 402.885084][ T8028] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1038'. [ 403.049039][ T21] usb 1-1: string descriptor 0 read error: -71 [ 403.055382][ T21] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 403.066519][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.097277][ T21] usb 1-1: config 0 descriptor?? [ 403.121827][ T21] usb 1-1: can't set config #0, error -71 [ 403.465363][ T21] usb 1-1: USB disconnect, device number 4 [ 403.547487][ T8042] siw: device registration error -23 [ 403.571589][ T8047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1042'. [ 403.696685][ T8052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1045'. [ 403.740693][ T8052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1045'. [ 403.805667][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'. [ 403.883307][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'. [ 404.447495][ T8057] virt_wifi0 speed is unknown, defaulting to 1000 [ 404.477314][ T8057] lo speed is unknown, defaulting to 1000 [ 407.654142][ T8096] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1058'. [ 407.727725][ C0] Unknown status report in ack skb [ 407.744205][ T8096] netlink: 'syz.0.1058': attribute type 12 has an invalid length. [ 414.590000][ C0] EXT4-fs (loop1): error count since last fsck: 2 [ 414.597291][ C0] EXT4-fs (loop1): initial error at time 3917565622: ext4_read_inode_bitmap:140 [ 414.607345][ C0] EXT4-fs (loop1): last error at time 3917565624: ext4_validate_block_bitmap:429 [ 420.224059][ T8209] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 420.263566][ T8207] device syzkaller0 entered promiscuous mode [ 422.737309][ T8233] netlink: 'syz.3.1099': attribute type 1 has an invalid length. [ 422.762548][ T8234] tipc: Can't bind to reserved service type 0 [ 422.811215][ T8233] 8021q: adding VLAN 0 to HW filter on device bond2 [ 422.836570][ T8241] batman_adv: batadv0: Interface deactivated: dummy0 [ 422.873514][ T8241] batman_adv: batadv0: Removing interface: dummy0 [ 422.953045][ T8241] bond2: (slave dummy0): making interface the new active one [ 422.989759][ T8241] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 423.000294][ T4620] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 425.674262][ T8283] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1109'. [ 427.453035][ T8298] ip6t_srh: unknown srh invflags 7F00 [ 428.069214][ T8309] netlink: 'syz.0.1114': attribute type 1 has an invalid length. [ 428.077255][ T8309] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1114'. [ 428.944486][ T8305] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1116'. [ 431.588358][ T8334] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1123'. [ 435.018062][ T8364] batman_adv: batadv0: Adding interface: dummy0 [ 435.049100][ T8364] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.316495][ T8364] batman_adv: batadv0: Interface activated: dummy0 [ 436.520276][ T8374] batadv0: mtu less than device minimum [ 436.556971][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.569953][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.582813][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.595971][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.608958][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.621693][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.634956][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.648188][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 436.660938][ T8374] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.261707][ T8395] xt_time: unknown flags 0xc [ 440.192600][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.199447][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.332793][ T8425] binder: BINDER_SET_CONTEXT_MGR already set [ 441.367177][ T8425] binder: 8424:8425 ioctl 4018620d 200000000040 returned -16 [ 441.428069][ T8425] binder: 8424:8425 ioctl c0306201 200000000240 returned -11 [ 444.949208][ T8462] tipc: Failed to remove unknown binding: 66,0,0/4:1631199102/1631199103 [ 444.961613][ T8462] tipc: Failed to remove unknown binding: 66,0,0/4:1631199102/1631199103 [ 447.093901][ T4249] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 447.479324][ T4249] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 447.577621][ T4249] usb 1-1: New USB device found, idVendor=067b, idProduct=331a, bcdDevice=9d.94 [ 447.732830][ T4249] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.814327][ T4249] usb 1-1: config 0 descriptor?? [ 447.861556][ T8494] overlayfs: failed to clone upperpath [ 448.011464][ T4249] pl2303 1-1:0.0: required endpoints missing [ 448.082358][ T4350] usb 1-1: USB disconnect, device number 5 [ 450.080996][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1172'. [ 450.207822][ T26] audit: type=1326 audit(3917566217.410:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 450.281776][ T26] audit: type=1326 audit(3917566217.410:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 450.321942][ T26] audit: type=1326 audit(3917566217.450:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 450.371890][ T26] audit: type=1326 audit(3917566217.450:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 451.876278][ T26] audit: type=1326 audit(3917566217.450:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 451.898898][ C1] vkms_vblank_simulate: vblank timer overrun [ 452.253525][ T26] audit: type=1326 audit(3917566217.450:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 452.277856][ T26] audit: type=1326 audit(3917566217.450:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 452.301070][ C1] vkms_vblank_simulate: vblank timer overrun [ 452.323038][ T8531] overlayfs: failed to clone lowerpath [ 452.348599][ T26] audit: type=1326 audit(3917566217.450:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 453.322196][ T26] audit: type=1326 audit(3917566217.460:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 454.501358][ T26] audit: type=1326 audit(3917566217.460:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.3.1179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 455.305073][ T8574] sctp: [Deprecated]: syz.3.1193 (pid 8574) Use of struct sctp_assoc_value in delayed_ack socket option. [ 455.305073][ T8574] Use struct sctp_sack_info instead [ 458.058833][ T8594] netlink: 'syz.4.1201': attribute type 1 has an invalid length. [ 458.152937][ T8594] 8021q: adding VLAN 0 to HW filter on device bond2 [ 459.199867][ T8598] device veth3 entered promiscuous mode [ 459.224755][ T8598] bond2: (slave veth3): Enslaving as an active interface with a down link [ 459.260866][ T8594] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 461.672179][ T8636] device vlan2 entered promiscuous mode [ 461.690884][ T8636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1214'. [ 464.634159][ T8656] ptrace attach of "./syz-executor exec"[6637] was attempted by ""[8656] [ 466.742181][ T8664] device batadv0 entered promiscuous mode [ 468.048255][ T8664] device dummy0 entered promiscuous mode [ 468.062194][ T8664] device dummy0 left promiscuous mode [ 468.067906][ T8664] device batadv0 left promiscuous mode [ 468.084437][ T8678] device vlan2 entered promiscuous mode [ 468.156099][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1224'. [ 469.550060][ T8711] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1236'. [ 469.970245][ T8714] overlayfs: failed to clone lowerpath [ 470.676124][ T8722] fuse: Bad value for 'fd' [ 470.727434][ T8722] overlayfs: failed to clone lowerpath [ 470.752187][ T8730] netlink: 'syz.2.1242': attribute type 1 has an invalid length. [ 470.789007][ T8730] device bond0 entered promiscuous mode [ 470.794991][ T8730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.855985][ T8737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1245'. [ 471.627148][ T8730] bond0: (slave veth3): Enslaving as an active interface with a down link [ 472.007589][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1251'. [ 475.209719][ T8785] overlayfs: failed to clone lowerpath [ 485.893984][ T8889] device ip6gre1 entered promiscuous mode [ 485.922917][ T8900] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 485.967558][ T5008] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 485.981846][ T5008] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 485.997877][ T8910] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1292'. [ 486.008025][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1289'. [ 486.017494][ T1108] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 486.063929][ T8912] netlink: 'syz.2.1287': attribute type 29 has an invalid length. [ 486.209080][ T8912] netlink: 'syz.2.1287': attribute type 29 has an invalid length. [ 486.239963][ T8915] netlink: 'syz.2.1287': attribute type 29 has an invalid length. [ 487.137656][ T1108] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 487.438133][ T1108] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 487.773353][ T8944] device batadv0 entered promiscuous mode [ 487.792020][ T8944] device dummy0 entered promiscuous mode [ 487.814698][ T8944] device dummy0 left promiscuous mode [ 487.889296][ T8944] device batadv0 left promiscuous mode [ 489.140659][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.159414][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.175071][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.187938][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.206219][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.233608][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.249972][ T8966] netlink: 'syz.0.1307': attribute type 29 has an invalid length. [ 489.709012][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 492.060602][ T8996] validate_nla: 1 callbacks suppressed [ 492.060622][ T8996] netlink: 'syz.3.1316': attribute type 1 has an invalid length. [ 492.095632][ T8989] bad cache= option: nonw [ 492.095632][ T8989] [ 492.102706][ T8989] CIFS: VFS: bad cache= option: nonw [ 492.193144][ T8996] 8021q: adding VLAN 0 to HW filter on device bond3 [ 492.283291][ T9000] device vlan2 entered promiscuous mode [ 492.313001][ T9000] device bond3 entered promiscuous mode [ 492.425175][ T9003] bond3: (slave bridge2): making interface the new active one [ 492.432881][ T9003] device bridge2 entered promiscuous mode [ 492.440009][ T9003] bond3: (slave bridge2): Enslaving as an active interface with an up link [ 492.495864][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 492.555323][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 493.417756][ T9025] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1324'. [ 493.899623][ T9031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1324'. [ 494.313139][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1324'. [ 494.390380][ T9031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1324'. [ 496.117341][ T9048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'. [ 496.342771][ T9048] 9pnet: Insufficient options for proto=fd [ 497.149051][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 504.039201][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 504.045721][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.228987][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 511.901144][ T9170] overlayfs: failed to clone upperpath [ 515.222837][ T9182] UBIFS error (pid: 9182): cannot open "./file0", error -22 [ 520.966112][ T9233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1378'. [ 521.049240][ T9233] chnl_net:caif_netlink_parms(): no params data found [ 526.322967][ T9275] xt_time: unknown flags 0xc [ 527.841670][ T9297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1395'. [ 529.548694][ T9316] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1399'. [ 530.253714][ T9327] tipc: Started in network mode [ 530.259063][ T9327] tipc: Node identity 080211000001, cluster identity 4711 [ 530.266980][ T9327] tipc: Enabled bearer , priority 0 [ 532.070478][ T4292] tipc: Node number set to 134418688 [ 534.316416][ T9368] netlink: 'syz.0.1411': attribute type 3 has an invalid length. [ 534.324545][ T9368] netlink: 'syz.0.1411': attribute type 1 has an invalid length. [ 535.158231][ T9376] fuse: Bad value for 'fd' [ 535.186226][ T9382] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.1418'. [ 539.373383][ T9409] overlayfs: failed to clone upperpath [ 539.388971][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 540.129062][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'. [ 544.542972][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1438'. [ 547.791423][ T9478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 547.820638][ T9478] bond0: (slave rose0): Enslaving as an active interface with an up link [ 549.505567][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 553.862492][ T9524] overlayfs: failed to clone upperpath [ 557.419682][ T9560] overlayfs: failed to clone lowerpath [ 558.281888][ T9554] overlayfs: failed to clone lowerpath [ 558.459501][ T9567] netlink: 'syz.4.1469': attribute type 4 has an invalid length. [ 558.503276][ T9570] netlink: 'syz.0.1470': attribute type 1 has an invalid length. [ 559.201981][ T9570] 8021q: adding VLAN 0 to HW filter on device bond2 [ 559.283603][ T9587] device gretap1 entered promiscuous mode [ 559.301693][ T9587] bond2: (slave gretap1): making interface the new active one [ 559.317109][ T9587] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 560.812605][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 561.210160][ T9619] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1476'. [ 563.124428][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.130838][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.489467][ T9668] netlink: 1004 bytes leftover after parsing attributes in process `syz.4.1489'. [ 576.704527][ T9747] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.1506'. [ 584.571260][ T9811] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.1523'. [ 587.734508][ T9863] netlink: 1004 bytes leftover after parsing attributes in process `syz.3.1539'. [ 589.729489][ T9899] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 592.824621][ T9941] netlink: 'syz.3.1556': attribute type 10 has an invalid length. [ 593.257113][ T9941] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 593.851132][ T9951] tipc: Enabled bearer , priority 0 [ 593.902322][ T9951] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1558'. [ 593.953196][ T9951] tipc: Resetting bearer [ 597.802071][ T9996] device vlan2 entered promiscuous mode [ 597.830491][ T9996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1571'. [ 598.862548][ T9998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1570'. [ 599.301529][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 599.435351][T10008] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.446181][T10008] net_ratelimit: 10 callbacks suppressed [ 599.446192][T10008] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 603.400264][T10030] fuse: Bad value for 'fd' [ 603.506401][T10034] tipc: Enabling of bearer rejected, already enabled [ 603.833600][T10039] tipc: Enabling of bearer rejected, already enabled [ 605.460346][T10063] tipc: Enabled bearer , priority 0 [ 606.047130][T10073] UBIFS error (pid: 10073): cannot open "./file0", error -22 [ 608.720533][T10107] tipc: Enabled bearer , priority 10 [ 611.572029][T10137] UBIFS error (pid: 10137): cannot open "./file0", error -22 [ 616.155204][T10173] netlink: 'syz.2.1620': attribute type 1 has an invalid length. [ 616.223473][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 616.223493][ T26] audit: type=1326 audit(2000000158.130:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 616.440207][ T26] audit: type=1326 audit(2000000158.130:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 616.443060][T10178] tipc: Enabling of bearer rejected, already enabled [ 616.467938][ T26] audit: type=1326 audit(2000000158.140:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 616.693944][T10174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1619'. [ 616.733660][T10174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 616.752136][ T26] audit: type=1326 audit(2000000158.140:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 616.842190][ T26] audit: type=1326 audit(2000000158.140:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 616.935818][T10182] tipc: Enabling of bearer rejected, already enabled [ 617.005599][ T26] audit: type=1326 audit(2000000158.140:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 617.034177][ T26] audit: type=1326 audit(2000000158.140:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 617.059197][ T26] audit: type=1326 audit(2000000158.140:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 617.082462][ T26] audit: type=1326 audit(2000000158.140:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 617.131316][ T26] audit: type=1326 audit(2000000158.140:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10168 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6784d7eb9 code=0x7ffc0000 [ 617.362961][T10194] UBIFS error (pid: 10194): cannot open "./file0", error -22 [ 623.917584][T10230] tipc: Enabling of bearer rejected, already enabled [ 624.217051][T10235] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1635'. [ 624.239866][T10235] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 625.084185][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.090572][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.684918][T10260] delete_channel: no stack [ 629.241056][T10279] tipc: Enabling of bearer rejected, failed to enable media [ 630.819679][T10302] tipc: Enabling of bearer rejected, already enabled [ 631.909547][T10315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1661'. [ 632.040729][T10315] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 632.051114][T10315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.071926][T10318] tipc: Enabling of bearer rejected, failed to enable media [ 638.829232][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 638.838358][ T26] audit: type=1326 audit(2000000179.280:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 639.402739][T10376] netlink: 'syz.3.1678': attribute type 12 has an invalid length. [ 639.629045][ T26] audit: type=1326 audit(2000000179.280:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 639.653291][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.684318][T10376] netlink: 'syz.3.1678': attribute type 12 has an invalid length. [ 639.845450][ T26] audit: type=1326 audit(2000000179.280:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 640.116171][ T26] audit: type=1326 audit(2000000179.289:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 642.506418][ T26] audit: type=1326 audit(2000000179.289:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 642.549709][ T26] audit: type=1326 audit(2000000179.289:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 642.574868][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.582556][ T26] audit: type=1326 audit(2000000179.289:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 642.607035][ T26] audit: type=1326 audit(2000000179.289:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 643.370421][ T26] audit: type=1326 audit(2000000179.289:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 643.394239][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.517832][ T26] audit: type=1326 audit(2000000179.289:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10365 comm="syz.3.1674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef02357eb9 code=0x7ffc0000 [ 645.793097][T10422] tipc: Enabling of bearer rejected, already enabled [ 648.684824][T10445] tipc: Enabling of bearer rejected, already enabled [ 648.764065][T10446] tipc: Enabling of bearer rejected, already enabled [ 648.897042][T10451] tipc: Enabling of bearer rejected, already enabled [ 648.913552][T10449] tipc: Enabling of bearer rejected, already enabled [ 649.158052][T10457] tipc: Enabling of bearer rejected, already enabled [ 650.242570][T10467] tipc: Enabling of bearer rejected, already enabled [ 650.729430][T10475] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1705'. [ 650.767926][T10475] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 650.777005][T10475] CPU: 1 PID: 10475 Comm: syz.3.1705 Not tainted syzkaller #0 [ 650.786342][T10475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 650.796975][T10475] Call Trace: [ 650.800372][T10475] [ 650.803758][T10475] dump_stack_lvl+0x188/0x250 [ 650.808732][T10475] ? show_regs_print_info+0x20/0x20 [ 650.814146][T10475] ? load_image+0x400/0x400 [ 650.819043][T10475] sysfs_warn_dup+0x8a/0xa0 [ 650.823786][T10475] sysfs_do_create_link_sd+0xc0/0x110 [ 650.829353][T10475] device_add+0x7ed/0xfb0 [ 650.834139][T10475] wiphy_register+0x1e81/0x2c30 [ 650.839321][T10475] ? cfg80211_event_work+0x40/0x40 [ 650.844930][T10475] ? minstrel_ht_alloc+0x808/0x980 [ 650.850348][T10475] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 650.856620][T10475] ieee80211_register_hw+0x2aa1/0x3af0 [ 650.862228][T10475] ? ieee80211_tasklet_handler+0x20/0x20 [ 650.868150][T10475] ? rcu_is_watching+0x11/0xa0 [ 650.873140][T10475] ? memset+0x1e/0x40 [ 650.877145][T10475] ? hrtimer_init+0x10c/0x220 [ 650.882025][T10475] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 650.888235][T10475] hwsim_new_radio_nl+0xa6f/0xc40 [ 650.893522][T10475] genl_rcv_msg+0xcea/0xf90 [ 650.898146][T10475] ? genl_bind+0x380/0x380 [ 650.902589][T10475] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 650.908773][T10475] ? lock_chain_count+0x20/0x20 [ 650.913924][T10475] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 650.919767][T10475] ? lockdep_hardirqs_on+0x94/0x140 [ 650.924986][T10475] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 650.930647][T10475] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 650.937277][T10475] ? lock_acquire+0x208/0x400 [ 650.942077][T10475] netlink_rcv_skb+0x1f5/0x440 [ 650.946863][T10475] ? genl_bind+0x380/0x380 [ 650.951612][T10475] ? netlink_ack+0xb50/0xb50 [ 650.956401][T10475] ? __lock_acquire+0x7d10/0x7d10 [ 650.961683][T10475] ? down_read+0x1aa/0x2e0 [ 650.966232][T10475] genl_rcv+0x24/0x40 [ 650.970379][T10475] netlink_unicast+0x774/0x920 [ 650.975817][T10475] netlink_sendmsg+0x8ba/0xbe0 [ 650.981112][T10475] ? netlink_getsockopt+0x570/0x570 [ 650.987792][T10475] ? aa_sock_msg_perm+0x94/0x150 [ 650.993035][T10475] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 650.998342][T10475] ? security_socket_sendmsg+0x7c/0xa0 [ 651.004747][T10475] ? netlink_getsockopt+0x570/0x570 [ 651.010354][T10475] ____sys_sendmsg+0x5b7/0x8f0 [ 651.016394][T10475] ? __sys_sendmsg_sock+0x30/0x30 [ 651.022485][T10475] ? import_iovec+0x6f/0xa0 [ 651.027305][T10475] ___sys_sendmsg+0x236/0x2e0 [ 651.032021][T10475] ? __sys_sendmsg+0x2a0/0x2a0 [ 651.036857][T10475] __se_sys_sendmsg+0x1af/0x290 [ 651.042337][T10475] ? __x64_sys_sendmsg+0x80/0x80 [ 651.047664][T10475] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 651.053785][T10475] ? lockdep_hardirqs_on+0x94/0x140 [ 651.059220][T10475] do_syscall_64+0x4c/0xa0 [ 651.063688][T10475] ? clear_bhb_loop+0x30/0x80 [ 651.068662][T10475] ? clear_bhb_loop+0x30/0x80 [ 651.073376][T10475] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 651.079291][T10475] RIP: 0033:0x7fef02357eb9 [ 651.083917][T10475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 651.103705][T10475] RSP: 002b:00007fef00571028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 651.112374][T10475] RAX: ffffffffffffffda RBX: 00007fef025d3180 RCX: 00007fef02357eb9 [ 651.120912][T10475] RDX: 0000000000000e00 RSI: 0000200000000000 RDI: 0000000000000003 [ 651.129149][T10475] RBP: 00007fef023c5c1f R08: 0000000000000000 R09: 0000000000000000 [ 651.137146][T10475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.145134][T10475] R13: 00007fef025d3218 R14: 00007fef025d3180 R15: 00007ffe80552c88 [ 651.153999][T10475] [ 651.157418][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.644885][T10478] Cannot find add_set index 0 as target [ 653.725571][T10491] tipc: Enabling of bearer rejected, failed to enable media [ 657.821444][T10528] tipc: Enabling of bearer rejected, failed to enable media [ 669.613551][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 669.613572][ T26] audit: type=1326 audit(2000000208.081:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe1eb3e9eb9 code=0x0 [ 670.476276][ T26] audit: type=1326 audit(2000000208.895:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 671.034321][ T26] audit: type=1326 audit(2000000208.923:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 671.268432][ T26] audit: type=1326 audit(2000000208.951:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 671.441910][ T26] audit: type=1326 audit(2000000208.951:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 671.466055][ T26] audit: type=1326 audit(2000000209.072:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 671.488931][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.503947][ T26] audit: type=1326 audit(2000000209.082:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 674.722213][ T26] audit: type=1326 audit(2000000209.100:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 674.771507][ T26] audit: type=1326 audit(2000000209.100:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 674.802099][ T26] audit: type=1326 audit(2000000209.100:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10618 comm="syz.1.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1eb3e9eb9 code=0x7ffc0000 [ 676.257504][T10664] tipc: Enabling of bearer rejected, already enabled [ 676.388231][T10666] netlink: 'syz.3.1759': attribute type 2 has an invalid length. [ 676.410028][T10666] netlink: 'syz.3.1759': attribute type 1 has an invalid length. [ 676.505713][T10680] tipc: Enabling of bearer rejected, already enabled [ 676.641939][T10682] netlink: 856 bytes leftover after parsing attributes in process `syz.1.1762'. [ 678.397110][T10700] rdma_rxe: rxe_register_device failed with error -23 [ 678.404579][T10700] rdma_rxe: failed to add wg2 [ 683.294989][T10728] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1774'. [ 683.316472][T10728] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 684.922228][T10747] overlayfs: failed to clone upperpath [ 689.238427][T10770] infiniband !yz!: set down [ 689.243110][T10770] infiniband !yz!: added team_slave_0 [ 689.252623][T10770] infiniband !yz!: Couldn't open port 1 [ 689.274433][T10770] RDS/IB: !yz!: added [ 689.278905][T10770] smc: adding ib device !yz! with port count 1 [ 689.285831][T10770] smc: ib device !yz! port 1 has pnetid [ 690.542657][T10788] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1789'. [ 690.562861][T10788] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 691.026165][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.187436][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 697.187427][T10827] 8021q: adding VLAN 0 to HW filter on device bond3 [ 697.201885][T10833] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 697.211987][T10833] bond3: (slave macvlan2): making interface the new active one [ 697.220821][T10833] bond3: (slave macvlan2): Enslaving as an active interface with an up link [ 697.398731][T10839] netlink: 'syz.0.1786': attribute type 2 has an invalid length. [ 697.419378][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 697.446976][T10839] netlink: 'syz.0.1786': attribute type 1 has an invalid length. [ 697.460833][T10827] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1802'. [ 703.214395][T10872] tipc: Failed to remove unknown binding: 66,0,0/4:3066226182/3066226183 [ 703.508470][T10877] tipc: Failed to remove unknown binding: 66,0,0/4:3066226182/3066226183 [ 704.220659][T10889] ================================================================== [ 704.229495][T10889] BUG: KASAN: slab-out-of-bounds in ieee80211_monitor_select_queue+0x23a/0x240 [ 704.238744][T10889] Read of size 2 at addr ffff88805f85adfb by task syz.0.1815/10889 [ 704.246754][T10889] [ 704.249205][T10889] CPU: 1 PID: 10889 Comm: syz.0.1815 Not tainted syzkaller #0 [ 704.256765][T10889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 704.266930][T10889] Call Trace: [ 704.270407][T10889] [ 704.273616][T10889] dump_stack_lvl+0x188/0x250 [ 704.278500][T10889] ? show_regs_print_info+0x20/0x20 [ 704.283998][T10889] ? load_image+0x400/0x400 [ 704.288899][T10889] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 704.295022][T10889] ? ieee80211_tx+0x460/0x460 [ 704.303354][T10889] print_address_description+0x60/0x2d0 [ 704.310011][T10889] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 704.317334][T10889] kasan_report+0xdf/0x130 [ 704.321973][T10889] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 704.328293][T10889] ieee80211_monitor_select_queue+0x23a/0x240 [ 704.334431][T10889] ? ieee80211_recalc_smps_work+0x20/0x20 [ 704.340281][T10889] netdev_core_pick_tx+0x118/0x2e0 [ 704.345653][T10889] __dev_queue_xmit+0x756/0x2fd0 [ 704.350797][T10889] ? __might_fault+0xb7/0x110 [ 704.355591][T10889] ? dev_queue_xmit+0x20/0x20 [ 704.360536][T10889] ? virtio_net_hdr_to_skb+0xa6b/0x11f0 [ 704.366128][T10889] ? packet_cached_dev_get+0x270/0x270 [ 704.371635][T10889] ? skb_copy_datagram_from_iter+0x5e3/0x6a0 [ 704.378066][T10889] packet_sendmsg+0x3dba/0x5060 [ 704.383366][T10889] ? __might_sleep+0xf0/0xf0 [ 704.388372][T10889] ? aa_sk_perm+0x7dc/0x910 [ 704.392974][T10889] ? packet_getsockopt+0x9a0/0x9a0 [ 704.398101][T10889] ? aa_sock_msg_perm+0x94/0x150 [ 704.403506][T10889] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 704.408850][T10889] ? security_socket_sendmsg+0x7c/0xa0 [ 704.414440][T10889] ? packet_getsockopt+0x9a0/0x9a0 [ 704.419585][T10889] ____sys_sendmsg+0x5b7/0x8f0 [ 704.424461][T10889] ? __sys_sendmsg_sock+0x30/0x30 [ 704.429595][T10889] ? import_iovec+0x6f/0xa0 [ 704.434669][T10889] ___sys_sendmsg+0x236/0x2e0 [ 704.439544][T10889] ? __sys_sendmsg+0x2a0/0x2a0 [ 704.444443][T10889] __se_sys_sendmsg+0x1af/0x290 [ 704.449400][T10889] ? __x64_sys_sendmsg+0x80/0x80 [ 704.454521][T10889] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 704.460621][T10889] ? lockdep_hardirqs_on+0x94/0x140 [ 704.465833][T10889] do_syscall_64+0x4c/0xa0 [ 704.470607][T10889] ? clear_bhb_loop+0x30/0x80 [ 704.475574][T10889] ? clear_bhb_loop+0x30/0x80 [ 704.480443][T10889] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 704.486612][T10889] RIP: 0033:0x7fb6784d7eb9 [ 704.491304][T10889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 704.511395][T10889] RSP: 002b:00007fb676733028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 704.520747][T10889] RAX: ffffffffffffffda RBX: 00007fb678752fa0 RCX: 00007fb6784d7eb9 [ 704.529023][T10889] RDX: 0000000000004005 RSI: 0000200000000280 RDI: 0000000000000005 [ 704.537692][T10889] RBP: 00007fb678545c1f R08: 0000000000000000 R09: 0000000000000000 [ 704.546074][T10889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 704.554405][T10889] R13: 00007fb678753038 R14: 00007fb678752fa0 R15: 00007ffd299993c8 [ 704.562864][T10889] [ 704.566420][T10889] [ 704.568915][T10889] Allocated by task 7496: [ 704.573740][T10889] __kasan_kmalloc+0xb5/0xf0 [ 704.578884][T10889] ipv6_add_addr+0x42b/0xe10 [ 704.583854][T10889] add_addr+0x83/0x2c0 [ 704.588152][T10889] add_v4_addrs+0x768/0xcc0 [ 704.592754][T10889] addrconf_init_auto_addrs+0x39a/0xb00 [ 704.598762][T10889] addrconf_notify+0xa6b/0xf00 [ 704.604501][T10889] raw_notifier_call_chain+0xcb/0x160 [ 704.610170][T10889] __dev_notify_flags+0x194/0x300 [ 704.615609][T10889] rtnl_configure_link+0x21f/0x320 [ 704.620826][T10889] rtnl_newlink+0x15be/0x1a50 [ 704.626110][T10889] rtnetlink_rcv_msg+0x844/0xf30 [ 704.631389][T10889] netlink_rcv_skb+0x1f5/0x440 [ 704.639113][T10889] netlink_unicast+0x774/0x920 [ 704.643999][T10889] netlink_sendmsg+0x8ba/0xbe0 [ 704.648870][T10889] ____sys_sendmsg+0x5b7/0x8f0 [ 704.653907][T10889] ___sys_sendmsg+0x236/0x2e0 [ 704.658999][T10889] __se_sys_sendmsg+0x1af/0x290 [ 704.664005][T10889] do_syscall_64+0x4c/0xa0 [ 704.669047][T10889] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 704.675722][T10889] [ 704.678421][T10889] Last potentially related work creation: [ 704.684247][T10889] kasan_save_stack+0x35/0x60 [ 704.689406][T10889] kasan_record_aux_stack+0xb8/0x100 [ 704.695110][T10889] kvfree_call_rcu+0x105/0x7d0 [ 704.699961][T10889] addrconf_ifdown+0x126b/0x19c0 [ 704.704917][T10889] addrconf_notify+0x445/0xf00 [ 704.709818][T10889] raw_notifier_call_chain+0xcb/0x160 [ 704.715745][T10889] dev_close_many+0x29f/0x400 [ 704.720789][T10889] unregister_netdevice_many+0x481/0x19f0 [ 704.726689][T10889] rtnl_dellink+0x52b/0x7b0 [ 704.731442][T10889] rtnetlink_rcv_msg+0x844/0xf30 [ 704.736787][T10889] netlink_rcv_skb+0x1f5/0x440 [ 704.741909][T10889] netlink_unicast+0x774/0x920 [ 704.746857][T10889] netlink_sendmsg+0x8ba/0xbe0 [ 704.751797][T10889] ____sys_sendmsg+0x5b7/0x8f0 [ 704.757063][T10889] ___sys_sendmsg+0x236/0x2e0 [ 704.762012][T10889] __se_sys_sendmsg+0x1af/0x290 [ 704.766962][T10889] do_syscall_64+0x4c/0xa0 [ 704.771471][T10889] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 704.777553][T10889] [ 704.779962][T10889] Second to last potentially related work creation: [ 704.786854][T10889] kasan_save_stack+0x35/0x60 [ 704.792087][T10889] kasan_record_aux_stack+0xb8/0x100 [ 704.797494][T10889] insert_work+0x54/0x3d0 [ 704.802021][T10889] __queue_work+0x9c5/0xd50 [ 704.806836][T10889] call_timer_fn+0x17b/0x540 [ 704.811459][T10889] __run_timers+0x565/0x7f0 [ 704.816330][T10889] run_timer_softirq+0x63/0xf0 [ 704.821347][T10889] handle_softirqs+0x339/0x830 [ 704.826291][T10889] __irq_exit_rcu+0x13b/0x230 [ 704.830968][T10889] irq_exit_rcu+0x5/0x20 [ 704.835403][T10889] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 704.841542][T10889] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 704.847722][T10889] [ 704.850055][T10889] The buggy address belongs to the object at ffff88805f85ac00 [ 704.850055][T10889] which belongs to the cache kmalloc-cg-512 of size 512 [ 704.865209][T10889] The buggy address is located 507 bytes inside of [ 704.865209][T10889] 512-byte region [ffff88805f85ac00, ffff88805f85ae00) [ 704.878866][T10889] The buggy address belongs to the page: [ 704.884502][T10889] page:ffffea00017e1600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f858 [ 704.894966][T10889] head:ffffea00017e1600 order:2 compound_mapcount:0 compound_pincount:0 [ 704.903743][T10889] memcg:ffff888029fa1d01 [ 704.908088][T10889] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 704.916168][T10889] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016c42dc0 [ 704.925127][T10889] raw: 0000000000000000 0000000000100010 00000001ffffffff ffff888029fa1d01 [ 704.933774][T10889] page dumped because: kasan: bad access detected [ 704.940357][T10889] page_owner tracks the page as allocated [ 704.946193][T10889] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 154, ts 62044971269, free_ts 18516103391 [ 704.965710][T10889] get_page_from_freelist+0x1bbd/0x1ca0 [ 704.971468][T10889] __alloc_pages+0x1ee/0x480 [ 704.976270][T10889] new_slab+0xc0/0x4b0 [ 704.980341][T10889] ___slab_alloc+0x80a/0xdd0 [ 704.984928][T10889] kmem_cache_alloc_trace+0x1a5/0x2a0 [ 704.990497][T10889] ipv6_add_addr+0x42b/0xe10 [ 704.995092][T10889] addrconf_add_linklocal+0x26a/0x6c0 [ 705.000479][T10889] addrconf_addr_gen+0x559/0x6b0 [ 705.005443][T10889] addrconf_init_auto_addrs+0x747/0xb00 [ 705.011377][T10889] addrconf_notify+0xa6b/0xf00 [ 705.016340][T10889] raw_notifier_call_chain+0xcb/0x160 [ 705.022144][T10889] netdev_state_change+0xe0/0x160 [ 705.028239][T10889] linkwatch_do_dev+0x10d/0x160 [ 705.033186][T10889] __linkwatch_run_queue+0x4b1/0x7c0 [ 705.038577][T10889] linkwatch_event+0x48/0x50 [ 705.043255][T10889] process_one_work+0x85f/0x1010 [ 705.048408][T10889] page last free stack trace: [ 705.053356][T10889] free_unref_page_prepare+0x637/0x6c0 [ 705.058947][T10889] free_unref_page+0x8f/0x2a0 [ 705.063736][T10889] free_contig_range+0x96/0xf0 [ 705.068513][T10889] destroy_args+0xf0/0xa00 [ 705.073140][T10889] debug_vm_pgtable+0x321/0x380 [ 705.078078][T10889] do_one_initcall+0x272/0x730 [ 705.083037][T10889] do_initcall_level+0x137/0x1f0 [ 705.087975][T10889] do_initcalls+0x4b/0x90 [ 705.092507][T10889] kernel_init_freeable+0x3e9/0x570 [ 705.097705][T10889] kernel_init+0x19/0x1b0 [ 705.102238][T10889] ret_from_fork+0x1f/0x30 [ 705.106655][T10889] [ 705.108977][T10889] Memory state around the buggy address: [ 705.114987][T10889] ffff88805f85ac80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 705.123234][T10889] ffff88805f85ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 705.131591][T10889] >ffff88805f85ad80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 705.140214][T10889] ^ [ 705.148459][T10889] ffff88805f85ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 705.156762][T10889] ffff88805f85ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 705.165248][T10889] ================================================================== [ 705.173497][T10889] Disabling lock debugging due to kernel taint [ 705.180151][ C1] vkms_vblank_simulate: vblank timer overrun [ 705.186502][T10889] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 705.194171][T10889] CPU: 1 PID: 10889 Comm: syz.0.1815 Tainted: G B syzkaller #0 [ 705.203322][T10889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 705.214078][T10889] Call Trace: [ 705.217745][T10889] [ 705.220702][T10889] dump_stack_lvl+0x188/0x250 [ 705.225495][T10889] ? show_regs_print_info+0x20/0x20 [ 705.231520][T10889] ? load_image+0x400/0x400 [ 705.236221][T10889] panic+0x2e5/0x810 [ 705.240137][T10889] ? bpf_jit_dump+0xd0/0xd0 [ 705.244919][T10889] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 705.251209][T10889] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 705.257282][T10889] ? _raw_spin_unlock+0x40/0x40 [ 705.262173][T10889] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 705.268455][T10889] check_panic_on_warn+0x80/0xa0 [ 705.273412][T10889] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 705.279696][T10889] end_report+0x6d/0xf0 [ 705.284158][T10889] kasan_report+0x102/0x130 [ 705.288791][T10889] ? ieee80211_monitor_select_queue+0x23a/0x240 [ 705.295156][T10889] ieee80211_monitor_select_queue+0x23a/0x240 [ 705.301444][T10889] ? ieee80211_recalc_smps_work+0x20/0x20 [ 705.307544][T10889] netdev_core_pick_tx+0x118/0x2e0 [ 705.312961][T10889] __dev_queue_xmit+0x756/0x2fd0 [ 705.318016][T10889] ? __might_fault+0xb7/0x110 [ 705.322801][T10889] ? dev_queue_xmit+0x20/0x20 [ 705.327522][T10889] ? virtio_net_hdr_to_skb+0xa6b/0x11f0 [ 705.333481][T10889] ? packet_cached_dev_get+0x270/0x270 [ 705.339274][T10889] ? skb_copy_datagram_from_iter+0x5e3/0x6a0 [ 705.345415][T10889] packet_sendmsg+0x3dba/0x5060 [ 705.350387][T10889] ? __might_sleep+0xf0/0xf0 [ 705.355214][T10889] ? aa_sk_perm+0x7dc/0x910 [ 705.359759][T10889] ? packet_getsockopt+0x9a0/0x9a0 [ 705.364917][T10889] ? aa_sock_msg_perm+0x94/0x150 [ 705.369977][T10889] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 705.375554][T10889] ? security_socket_sendmsg+0x7c/0xa0 [ 705.381249][T10889] ? packet_getsockopt+0x9a0/0x9a0 [ 705.386735][T10889] ____sys_sendmsg+0x5b7/0x8f0 [ 705.391562][T10889] ? __sys_sendmsg_sock+0x30/0x30 [ 705.396719][T10889] ? import_iovec+0x6f/0xa0 [ 705.401351][T10889] ___sys_sendmsg+0x236/0x2e0 [ 705.406541][T10889] ? __sys_sendmsg+0x2a0/0x2a0 [ 705.411489][T10889] __se_sys_sendmsg+0x1af/0x290 [ 705.417026][T10889] ? __x64_sys_sendmsg+0x80/0x80 [ 705.422656][T10889] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 705.429031][T10889] ? lockdep_hardirqs_on+0x94/0x140 [ 705.434352][T10889] do_syscall_64+0x4c/0xa0 [ 705.438947][T10889] ? clear_bhb_loop+0x30/0x80 [ 705.443760][T10889] ? clear_bhb_loop+0x30/0x80 [ 705.448807][T10889] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 705.454757][T10889] RIP: 0033:0x7fb6784d7eb9 [ 705.459219][T10889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 705.479661][T10889] RSP: 002b:00007fb676733028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 705.488148][T10889] RAX: ffffffffffffffda RBX: 00007fb678752fa0 RCX: 00007fb6784d7eb9 [ 705.496157][T10889] RDX: 0000000000004005 RSI: 0000200000000280 RDI: 0000000000000005 [ 705.504687][T10889] RBP: 00007fb678545c1f R08: 0000000000000000 R09: 0000000000000000 [ 705.512954][T10889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.521142][T10889] R13: 00007fb678753038 R14: 00007fb678752fa0 R15: 00007ffd299993c8 [ 705.529612][T10889] [ 705.533371][T10889] Kernel Offset: disabled [ 705.537950][T10889] Rebooting in 86400 seconds..