last executing test programs: 12.050168341s ago: executing program 1 (id=535): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56441, 0x70b928, 0x80000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x5, 0x80000000, 0x46f, 0xfff, 0x5, 0x200}, [@TCA_NETEM_JITTER64={0xc}, @TCA_NETEM_RATE={0x14, 0x6, {0xff, 0x2, 0x6, 0x401}}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x8000) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x0) 9.259267752s ago: executing program 1 (id=542): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') unshare(0x6020400) r0 = socket(0x2b, 0x80801, 0x1) socket$nl_generic(0x10, 0x3, 0x10) bind$tipc(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) getpid() mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, 0x0, 0x0}, 0x20) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) write$cgroup_int(r5, &(0x7f0000000100)=0x1, 0x12) socket(0x1, 0x803, 0x0) 9.168912703s ago: executing program 0 (id=544): shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8) 8.926243593s ago: executing program 0 (id=545): syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) ppoll(&(0x7f0000000200)=[{r1, 0x6200}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7f, 0x6, 0x1, "42341f9b1000007e4f00"}) r2 = syz_open_pts(r1, 0x40000) dup3(r2, r1, 0x0) splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0) 8.90769408s ago: executing program 1 (id=546): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000700)=ANY=[], 0x19) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000400"], 0x50) gettid() socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8982, 0x0) remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2800000, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff) syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f00000000c0)='./file0\x00', 0x804, &(0x7f00000006c0)=ANY=[@ANYBLOB="756e695f786c6174653d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c757466383d312c6572726f72733d72656d6f756e742d726f2c636865636b3d7374726963742c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d63703934392c757466383d302c636f6465706167653d3836392c00a8c083848e73321f9801dfbaddc615fa29c04eac3de3814ed0b60507d2eb356434ab8f52dfa5d498ced1d32d399d4bd8a72813cc3ef7026a6449360c807c7b7252b89f0af8422df7ae9a966c845aa03291cd9889c4c7ad6950b1bc19f680ee64eec3b4e734f1094591acb6dc3dd17df828333ce719cf03c78268de6080d71f4417b812201d8627ee2322f6c25bce1116a6", @ANYRESOCT=r3], 0xfe, 0x2a8, &(0x7f0000000a80)="$eJzs3UFrI3UUAPA3yaRJ9JAePImwA3rwtGz9ArbICmJBUHJQD7q4WZAmLOxCYFXM7smLV2/e/DxexC/gB1C8WUEcmcwkmS6T0JS2ke3vd+nj/d+b/5tm2p7m389fm5zcf/j4wbNvfoteL4nWYRzGaRL70YqFp9Ho1z+a8wDA/9xpnsefealbpp6creis6UxbVz4cAHAl6n//dz0LAHA9Pvr4k/ePjo/vfphlvYjJd9NhEuXXcv3oQXwZ4xjFnRjEPxH5Uhm/+97x3Uizwn68MZlNh0Xn5LOfq+sf/R4x7z+IQew39x9kpVr/bDrsxEvV/ofjGH3wUwzileb+txr6Y7gXb75em/92DOKXL+JhjON+Ndui/9uDLHsn/+Gvrz8tskV/MpsOu8u6tKxuX/uHAwAAAAAAAAAAAAAAAAAAAADAC+t2tlQ7v+fv2omAz6//WJ3PU/avzgc6XZ7JU5jVzue5k2VZnpT1q/N90ng1rY7WAQAAAAAAAAAAAAAAAAAAgBvu8ZOvTu6Nx6NHlxosXutvWIp/z2a6EXHxvW6dq7izykS7Gm2cRGy3Vye68851NcVNl5n2llfuF/OMHiVpNNa0N2y6NkiWmX596VaUexWZfhnUMufeIs/zvGmpF0XQXzxdJ/eS9R9uOg96TQ/JJQR5w+PXPlvTmk84z+w93764hYYr9zfsvvfyhWbOB2uWkojoLL+Zm6/T2bTF299v+/Ne1j+9jl9CAAAAAAAAAAAAAAAAAADA3Oql34bFZzsYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2YPX//7cIZlXzupq8XQRpVJkd3yIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3wH8BAAD//ws5aeA=") creat(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x264900, 0x108) getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) keyctl$session_to_parent(0x12) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) 7.78287411s ago: executing program 1 (id=548): openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000340), 0x1, 0x525, &(0x7f0000000980)="$eJzs3U9vI2cZAPBnJvFudjfFLiBUKlEqWrRbYO2koW2EEJQLnCoB5b6ExImi2HEUO2UTVZCKb4CQQOLEiQsSHwCp6oEPgCpVggvigACBEGzhgAR0kMdjunHsJNUm9jb+/aR3/cx4Zp73Ha9fz7/MBDC1noyIFyNiJiKeiYhyMT4tShz2Sne6t++9utotSWTZy39LIinG9ZfVXcZsRNwoZpuLiK9/JeJbyUDST0W09w+2VhqN+m4xqtZp7tTa+we3N5srG/WN+vbS0uLzyy8sP7e8kBUeqJ2VfvDTL3/h9c98+/d3/nLrO91qff4jUYqBdpynXtNL+bro666j3YtINgH9z7w06YoAAHAm3W38D0bEJ/Lt/3LM5FtzA2YmUTMAAADgvGRfnI//JBEZAAAAcGmlETEfSVotrgWYjzS9Uhwb+HBcTxutdufT66297bXuexGVKKXrm436QnGtcCVKSXd4sbjGtj/87MDwUkQ8GhE/KF/Lh6urrcbahI99AAAAwLS4MbD//89ymsenG/J3AgAAAMDDqzJyAAAAALgs7PIDAADA5Te4///6hOoBAAAAXIivvvRSt2T951+vvbK/t9V65fZavb1Vbe6tVldbuzvVjVZrI79nX/O05TVarZ3Pxvbe3Vqn3u7U2vsHd5qtve3Onc0jj8AGAAAAxujRj7/xmyQiDj93LS9R3AcQ4Ig/TroCwHmamXQFgIlxF2+YXqVJVwCYuOSU9128AwAA7383P3r8/H//+f+ODcDl5lofAJg+zv/D9Cq5AhCmWpZl2Qd64dV3xx49MjDy/P+vzp4l4s3y/WMcXwQAgPGaz0uSVost/vlI02o14pGItBKlZH2zUV+IiO7+wa/Lpavd4cV8zuTUa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sS/L7fwMAAACXV0T65yS/m3/EzfLT84PHB64k/yrHn4qBH7/8w7srnc7uYnf83/NneV2JiM6PivHPXh378QsAAACYWsnhyLd6++nF6+JYawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAFHj73qur/TLOvH/9UkRUhuWfjbn8dS5KEXH9H0nM3jdfEhEz55D/8LWIeGxY/iTeybKsUtRiMH8aEdcuOH8lXzWj8984h/wwzd7o9j8vDvv+pfFk/jr8+zdblAc1uv9Li8yP5f3csP7vkWNLaw7N8fhbP6+NzP9axOOzw/uffv+bjMj/1LGl/TvLsuM5vvmNg4NR+bOfRNwc+vuTHMlV6zR3au39g9ubzZWN+kZ9e2lp8fnlF5afW16orW826sW/Q3N8/2O/eOek9l8fkv93v+31vye1/+lRCx3w37fu3vtQLywNy3/rqaG/v3MxIn9a/PZ9soi779/sx4e9+H5P/OzNJ05q/9qI9X/a53/rjO1/5mvf+8MZJwUAxqC9f7C10mjUd08I5s4wzZHgakSceeLJBb+ceyiq8R6D7Lu9T25MSZOLWnJ65D9Jv1UTX71HgmxsuWbiIWny/4OJdksAAMAFeHej/z3Peh6nvwEAAAAAAAAAAAAAAAAAAIAz3v/vQYPBnIeTaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIn+FwAA//+CbuI8") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x100, 0x0) open_by_handle_at(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="0800000002000000"], 0x0) 7.074087845s ago: executing program 1 (id=550): close(0x3) r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0x3, 0x1, 0x8}, 0x20) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000000)={0x73}, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000040)=0x2005, 0x4) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100)={0xa, 0x4e20, 0x80000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfffffffb}, 0x1c, 0x0}, 0x40000) 6.874258844s ago: executing program 1 (id=552): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x1}, 0x8) setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000040)=0x8000, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) 5.77907729s ago: executing program 0 (id=554): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') unshare(0x6020400) r0 = socket(0x2b, 0x80801, 0x1) socket$nl_generic(0x10, 0x3, 0x10) bind$tipc(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) getpid() mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, &(0x7f0000000300), 0x0}, 0x20) mkdir(0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) write$cgroup_int(r5, &(0x7f0000000100)=0x1, 0x12) socket(0x1, 0x803, 0x0) 5.445866503s ago: executing program 0 (id=556): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd28, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x8, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004) 5.156677253s ago: executing program 0 (id=557): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0022a100000083640000000b11330000b374"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x9, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x5}, 0x50) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x51, &(0x7f0000000480)={0x0, 0x32}}, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r2, &(0x7f0000000480), 0x0}, 0x20) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close_range(r3, 0xffffffffffffffff, 0x0) 5.125253267s ago: executing program 3 (id=559): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x106f) 3.618229349s ago: executing program 2 (id=561): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x17) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c00000000006113660000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) 2.737366199s ago: executing program 3 (id=562): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r6, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x45, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$kcm(0x11, 0x3, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 2.600484191s ago: executing program 2 (id=563): shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8) 2.406212441s ago: executing program 2 (id=564): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') unshare(0x6020400) r0 = socket(0x2b, 0x80801, 0x1) socket$nl_generic(0x10, 0x3, 0x10) bind$tipc(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) getpid() mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, &(0x7f0000000300), 0x0}, 0x20) mkdir(0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) write$cgroup_int(r5, &(0x7f0000000100)=0x1, 0x12) socket(0x1, 0x803, 0x0) 2.322526504s ago: executing program 2 (id=565): r0 = syz_io_uring_setup(0x12ac, &(0x7f00000002c0)={0x0, 0x7495, 0x0, 0x2, 0x29e}, 0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r2 = socket$l2tp(0x2, 0x2, 0x73) syz_io_uring_submit(0x0, r1, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f00000000c0)=@in={0x2, 0x4e21, @multicast1}, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.214020412s ago: executing program 3 (id=566): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x12, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r6, {0xffff}, {}, {0x2, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x40098}, 0x0) 2.126289774s ago: executing program 2 (id=567): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) lseek(0xffffffffffffffff, 0x289e0cb5, 0x0) 1.931538214s ago: executing program 3 (id=568): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd28, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x8, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004) 1.694832266s ago: executing program 3 (id=569): r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)={0x73}, 0x8) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x2005, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000100)={0xa, 0x4e20, 0x80000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfffffffb}, 0x1c, 0x0}, 0x40000) 1.498582116s ago: executing program 3 (id=570): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x40000000000029a, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r3 = dup(r2) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x3c}, 0x2, @in=@empty, 0x3504, 0x4, 0x3, 0x0, 0x0, 0xfffffffe, 0x20000}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ftruncate(r4, 0x200004) sendfile(r3, r4, 0x0, 0x80001d00c0d1) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x20000000) 1.384824802s ago: executing program 0 (id=571): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x17) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c00000000006113660000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) 0s ago: executing program 2 (id=572): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.204' (ED25519) to the list of known hosts. [ 68.905583][ T5753] cgroup: Unknown subsys name 'net' [ 69.052298][ T5753] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 70.706342][ T5753] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.641787][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.648589][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.234352][ T5766] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.243170][ T5766] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.254370][ T5766] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.268188][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.276410][ T5772] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.285980][ T5772] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.294674][ T5772] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.317042][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.317297][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.325308][ T5775] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.333472][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.346084][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.348081][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.354276][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.361572][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.368494][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.375717][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.389511][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.390632][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.404286][ T5778] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.406628][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.420430][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.421028][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.435223][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.842857][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 72.982686][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 73.013788][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 73.071561][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.079542][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.087830][ T5768] bridge_slave_0: entered allmulticast mode [ 73.095304][ T5768] bridge_slave_0: entered promiscuous mode [ 73.128006][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.135517][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.142693][ T5768] bridge_slave_1: entered allmulticast mode [ 73.149916][ T5768] bridge_slave_1: entered promiscuous mode [ 73.173248][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 73.214275][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.235791][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.270691][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.278182][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.285445][ T5769] bridge_slave_0: entered allmulticast mode [ 73.292779][ T5769] bridge_slave_0: entered promiscuous mode [ 73.320754][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.328106][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.335615][ T5769] bridge_slave_1: entered allmulticast mode [ 73.342425][ T5769] bridge_slave_1: entered promiscuous mode [ 73.389994][ T5768] team0: Port device team_slave_0 added [ 73.399503][ T5768] team0: Port device team_slave_1 added [ 73.417550][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.424914][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.432042][ T5765] bridge_slave_0: entered allmulticast mode [ 73.439623][ T5765] bridge_slave_0: entered promiscuous mode [ 73.487744][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.497867][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.505282][ T5765] bridge_slave_1: entered allmulticast mode [ 73.512162][ T5765] bridge_slave_1: entered promiscuous mode [ 73.539865][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.547606][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.555175][ T5770] bridge_slave_0: entered allmulticast mode [ 73.562001][ T5770] bridge_slave_0: entered promiscuous mode [ 73.572137][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.584919][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.597867][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.604897][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.633822][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.654090][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.661894][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.669574][ T5770] bridge_slave_1: entered allmulticast mode [ 73.676615][ T5770] bridge_slave_1: entered promiscuous mode [ 73.694033][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.701312][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.727430][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.748442][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.762816][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.796075][ T5769] team0: Port device team_slave_0 added [ 73.825965][ T5769] team0: Port device team_slave_1 added [ 73.854277][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.878067][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.899266][ T5765] team0: Port device team_slave_0 added [ 73.906921][ T5765] team0: Port device team_slave_1 added [ 73.943791][ T5768] hsr_slave_0: entered promiscuous mode [ 73.950758][ T5768] hsr_slave_1: entered promiscuous mode [ 73.981825][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.989246][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.015666][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.028049][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.035787][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.061862][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.077497][ T5770] team0: Port device team_slave_0 added [ 74.087705][ T5770] team0: Port device team_slave_1 added [ 74.094191][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.102545][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.129163][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.170436][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.177841][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.204514][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.258253][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.265323][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.291469][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.316284][ T5769] hsr_slave_0: entered promiscuous mode [ 74.322834][ T5769] hsr_slave_1: entered promiscuous mode [ 74.329129][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.337137][ T5769] Cannot create hsr debugfs directory [ 74.354031][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.361388][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.390572][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.434020][ T5765] hsr_slave_0: entered promiscuous mode [ 74.440747][ T5765] hsr_slave_1: entered promiscuous mode [ 74.448004][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.456264][ T5765] Cannot create hsr debugfs directory [ 74.515561][ T5778] Bluetooth: hci3: command tx timeout [ 74.516355][ T5766] Bluetooth: hci2: command tx timeout [ 74.521293][ T5778] Bluetooth: hci0: command tx timeout [ 74.527144][ T51] Bluetooth: hci1: command tx timeout [ 74.631489][ T5770] hsr_slave_0: entered promiscuous mode [ 74.638885][ T5770] hsr_slave_1: entered promiscuous mode [ 74.645730][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.653316][ T5770] Cannot create hsr debugfs directory [ 74.947171][ T5768] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.958719][ T5768] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.970148][ T5768] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.992555][ T5768] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.054135][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.080369][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.091969][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.102093][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.196887][ T5765] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.216703][ T5765] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.230710][ T5765] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.259576][ T5765] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.318772][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.331120][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.341885][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.352484][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.397902][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.457064][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.498888][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.506368][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.520082][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.527314][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.608905][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.664451][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.676791][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.722357][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.729700][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.770556][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.780081][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.794474][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.839152][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.870784][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.878038][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.925006][ T1069] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.932215][ T1069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.978343][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.008591][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.015894][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.045704][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.052899][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.120752][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.218607][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.352645][ T5768] veth0_vlan: entered promiscuous mode [ 76.397763][ T5768] veth1_vlan: entered promiscuous mode [ 76.527479][ T5768] veth0_macvtap: entered promiscuous mode [ 76.556764][ T5768] veth1_macvtap: entered promiscuous mode [ 76.597491][ T51] Bluetooth: hci3: command tx timeout [ 76.602978][ T51] Bluetooth: hci1: command tx timeout [ 76.609517][ T5772] Bluetooth: hci2: command tx timeout [ 76.609537][ T5766] Bluetooth: hci0: command tx timeout [ 76.633233][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.668119][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.682148][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.716865][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.740941][ T5768] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.751641][ T5768] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.763305][ T5768] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.772518][ T5768] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.818882][ T5765] veth0_vlan: entered promiscuous mode [ 76.888556][ T5765] veth1_vlan: entered promiscuous mode [ 76.906104][ T5769] veth0_vlan: entered promiscuous mode [ 76.942738][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.986879][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.997897][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.011446][ T5769] veth1_vlan: entered promiscuous mode [ 77.054290][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.077714][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.108279][ T5765] veth0_macvtap: entered promiscuous mode [ 77.137865][ T5765] veth1_macvtap: entered promiscuous mode [ 77.267242][ T5770] veth0_vlan: entered promiscuous mode [ 77.273992][ T5769] veth0_macvtap: entered promiscuous mode [ 77.296204][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.314825][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.332090][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.372787][ T5769] veth1_macvtap: entered promiscuous mode [ 77.382019][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.406206][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.422274][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.432383][ T5770] veth1_vlan: entered promiscuous mode [ 77.458952][ T5765] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.469450][ T5765] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.480571][ T5765] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.491340][ T5765] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.567647][ T5829] syz.0.6[5829]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.583197][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.620686][ T5829] loop0: detected capacity change from 0 to 128 [ 77.632734][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.644124][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.662515][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.672879][ T5829] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 77.685937][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.737961][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.751992][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.755778][ T5829] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 77.763319][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.784323][ T5829] FAT-fs (loop0): Filesystem has been set read-only [ 77.788015][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.792314][ T5829] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 77.811304][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.832174][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.851774][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.867637][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.879347][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.927361][ T5770] veth0_macvtap: entered promiscuous mode [ 77.982617][ T5770] veth1_macvtap: entered promiscuous mode [ 77.987135][ T5831] loop0: detected capacity change from 0 to 512 [ 78.026943][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.043684][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.074050][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.087129][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.097757][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.108854][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.119866][ T5831] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 78.120702][ T5831] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.136363][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.149669][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.149976][ T5831] Quota error (device loop0): dq_insert_tree: Quota tree root isn't allocated! [ 78.163680][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.172867][ T5831] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 78.208282][ T5831] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.7: Failed to acquire dquot type 1 [ 78.222322][ T5831] EXT4-fs (loop0): Remounting filesystem read-only [ 78.229537][ T5831] EXT4-fs (loop0): 1 truncate cleaned up [ 78.243300][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.257315][ T5831] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 78.265701][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.295363][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.306459][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.317280][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.339498][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.352782][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.384308][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.390392][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.408249][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.485349][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.494770][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.513064][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.541123][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.550678][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.561854][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.672791][ T3294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.681436][ T5766] Bluetooth: hci1: command tx timeout [ 78.681492][ T5766] Bluetooth: hci2: command tx timeout [ 78.681524][ T5766] Bluetooth: hci3: command tx timeout [ 78.687022][ T5778] Bluetooth: hci0: command tx timeout [ 78.786097][ T3294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.860065][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.879337][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.950271][ T5838] loop0: detected capacity change from 0 to 4096 [ 79.039741][ T5838] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.079066][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.093957][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.420276][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.835668][ T5861] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 79.927000][ T5863] netlink: 84 bytes leftover after parsing attributes in process `syz.3.14'. [ 80.708661][ T5876] mmap: syz.0.17 (5876) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.728640][ T5876] loop0: detected capacity change from 0 to 256 [ 80.762653][ T5778] Bluetooth: hci0: command tx timeout [ 80.769451][ T5766] Bluetooth: hci3: command tx timeout [ 80.775537][ T5778] Bluetooth: hci2: command tx timeout [ 80.782266][ T5766] Bluetooth: hci1: command tx timeout [ 81.534559][ C1] sched: RT throttling activated [ 81.848016][ T5886] loop0: detected capacity change from 0 to 128 [ 81.871689][ T5880] syzkaller0: entered promiscuous mode [ 81.907057][ T5880] syzkaller0: entered allmulticast mode [ 83.026986][ T5893] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 83.149732][ T5897] netlink: 84 bytes leftover after parsing attributes in process `syz.0.24'. [ 84.095688][ T5917] syzkaller0: entered promiscuous mode [ 84.101234][ T5917] syzkaller0: entered allmulticast mode [ 85.855590][ T5934] netlink: 84 bytes leftover after parsing attributes in process `syz.0.38'. [ 85.877432][ T5934] Zero length message leads to an empty skb [ 87.830250][ T8] cfg80211: failed to load regulatory.db [ 88.054959][ T5966] netlink: 84 bytes leftover after parsing attributes in process `syz.2.50'. [ 88.181966][ T5963] syzkaller0: entered promiscuous mode [ 88.191207][ T5963] syzkaller0: entered allmulticast mode [ 88.609835][ T5981] loop2: detected capacity change from 0 to 512 [ 88.687955][ T5981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.724925][ T5981] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.786738][ T5981] EXT4-fs (loop2): shut down requested (1) [ 88.828779][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.514004][ T5999] loop2: detected capacity change from 0 to 1024 [ 89.538265][ T5999] ======================================================= [ 89.538265][ T5999] WARNING: The mand mount option has been deprecated and [ 89.538265][ T5999] and is ignored by this kernel. Remove the mand [ 89.538265][ T5999] option from the mount to silence this warning. [ 89.538265][ T5999] ======================================================= [ 89.564082][ T6001] syzkaller0: entered promiscuous mode [ 89.584844][ T6001] syzkaller0: entered allmulticast mode [ 89.682841][ T5999] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 89.724905][ T5999] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.819112][ T5999] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 3) [ 89.863458][ T6005] loop3: detected capacity change from 0 to 1024 [ 89.887106][ T6005] EXT4-fs: inline encryption not supported [ 89.912636][ T6005] EXT4-fs: Ignoring removed nobh option [ 89.931045][ T6005] EXT4-fs: Ignoring removed bh option [ 89.935831][ T5999] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 89.994405][ T6005] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.011452][ T5999] EXT4-fs (loop2): This should not happen!! Data will be lost [ 90.011452][ T5999] [ 90.029446][ T6009] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.082279][ T6009] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.118265][ T5998] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.186768][ T5998] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.221383][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.245721][ T5998] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.295096][ T6009] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.356863][ T6009] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.388023][ T6009] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 90.432267][ T5998] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.61: lblock 3 mapped to illegal pblock 3 (length 1) [ 91.142560][ T6030] syzkaller0: entered promiscuous mode [ 91.174861][ T6030] syzkaller0: entered allmulticast mode [ 91.259421][ T6035] syzkaller0: entered promiscuous mode [ 91.265179][ T6035] syzkaller0: entered allmulticast mode [ 91.342261][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 91.555820][ T6045] netlink: 24 bytes leftover after parsing attributes in process `syz.2.76'. [ 91.673053][ T6048] loop3: detected capacity change from 0 to 512 [ 91.723343][ T6048] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.784753][ T6048] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.866757][ T6059] 8021q: VLANs not supported on hsr0 [ 91.903335][ T6048] EXT4-fs error (device loop3): ext4_xattr_block_list:766: inode #15: comm syz.3.80: corrupted xattr block 33: invalid header [ 92.057003][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.124400][ T6065] loop1: detected capacity change from 0 to 128 [ 92.372382][ T6072] syzkaller0: entered promiscuous mode [ 92.378247][ T6072] syzkaller0: entered allmulticast mode [ 92.556266][ T6076] netlink: 24 bytes leftover after parsing attributes in process `syz.0.90'. [ 92.865676][ T6082] loop0: detected capacity change from 0 to 512 [ 92.933118][ T6082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.791522][ T6092] loop1: detected capacity change from 0 to 512 [ 95.830106][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.860898][ T6092] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.885861][ T6092] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.988989][ T6092] EXT4-fs error (device loop1): ext4_xattr_block_list:766: inode #15: comm syz.1.94: corrupted xattr block 33: invalid header [ 96.130783][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.279016][ T6109] tipc: Started in network mode [ 96.284091][ T6109] tipc: Node identity 4, cluster identity 4711 [ 96.315153][ T6109] tipc: Node number set to 4 [ 96.615311][ T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 96.860435][ T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.915819][ T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.944784][ T42] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 96.982242][ T42] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 96.998739][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.013565][ T42] usb 2-1: config 0 descriptor?? [ 97.435598][ T6155] loop0: detected capacity change from 0 to 1024 [ 97.465765][ T6155] EXT4-fs: Ignoring removed orlov option [ 97.476782][ T42] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 97.504901][ T6155] EXT4-fs: Ignoring removed nobh option [ 97.577689][ T6155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.593150][ T42] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 97.720649][ T6164] syz.3.112 uses obsolete (PF_INET,SOCK_PACKET) [ 97.745939][ T6164] syzkaller1: entered promiscuous mode [ 97.751595][ T6164] syzkaller1: entered allmulticast mode [ 97.887390][ T42] usb 2-1: USB disconnect, device number 2 [ 97.904132][ T6169] plantronics 0003:047F:FFFF.0001: usb_submit_urb(ctrl) failed: -19 [ 98.339820][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.403635][ T6187] loop3: detected capacity change from 0 to 1024 [ 98.467021][ T6187] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 98.530668][ T6187] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.737940][ T6187] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 3: comm syz.3.117: lblock 3 mapped to illegal pblock 3 (length 3) [ 98.786354][ T6187] EXT4-fs (loop3): Remounting filesystem read-only [ 99.106063][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 100.037504][ T6216] syz.2.121 (6216) used greatest stack depth: 16016 bytes left [ 100.499949][ T6237] loop1: detected capacity change from 0 to 512 [ 100.589936][ T6237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.654496][ T6237] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.713988][ T6237] EXT4-fs error (device loop1): ext4_xattr_block_list:766: inode #15: comm syz.1.129: corrupted xattr block 33: invalid header [ 100.735998][ T5809] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.842698][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.978504][ T5809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.035092][ T5809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.064630][ T5809] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 101.087621][ T6259] loop1: detected capacity change from 0 to 128 [ 101.099378][ T5809] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 101.110790][ T5809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.138199][ T5809] usb 1-1: config 0 descriptor?? [ 101.652486][ T5809] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 101.716109][ T5809] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 102.350050][ T6272] loop3: detected capacity change from 0 to 1024 [ 102.394586][ T5809] usb 1-1: USB disconnect, device number 2 [ 102.401296][ T6274] plantronics 0003:047F:FFFF.0002: usb_submit_urb(ctrl) failed: -19 [ 102.428047][ T6272] EXT4-fs: Ignoring removed orlov option [ 102.532499][ T6276] fido_id[6276]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 102.534268][ T6272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.822700][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.948240][ T6292] loop1: detected capacity change from 0 to 256 [ 104.243365][ T6306] loop1: detected capacity change from 0 to 512 [ 104.286874][ T6307] netlink: 12 bytes leftover after parsing attributes in process `syz.0.146'. [ 104.333254][ T6307] vlan2: entered promiscuous mode [ 104.338723][ T6307] veth1_to_bridge: entered promiscuous mode [ 105.141034][ T6306] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.314787][ T6306] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.454181][ T6306] EXT4-fs error (device loop1): ext4_xattr_block_list:766: inode #15: comm syz.1.150: corrupted xattr block 33: invalid header [ 105.785043][ T5809] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 106.076242][ T5809] usb 4-1: device descriptor read/64, error -71 [ 106.273511][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.477949][ T6325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.156'. [ 106.496444][ T6325] bond_slave_0: entered promiscuous mode [ 106.502524][ T6325] bond_slave_1: entered promiscuous mode [ 106.523189][ T6325] vlan1: entered promiscuous mode [ 106.528476][ T5755] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 106.533275][ T6325] bond0: entered promiscuous mode [ 106.536195][ T5809] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 106.722044][ T5809] usb 4-1: device descriptor read/64, error -71 [ 106.759590][ T5755] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.782547][ T5755] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.804448][ T5755] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 106.831952][ T5755] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 106.846553][ T5755] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.861455][ T5809] usb usb4-port1: attempt power cycle [ 106.862563][ T6337] netlink: 8 bytes leftover after parsing attributes in process `syz.2.159'. [ 106.882881][ T6338] loop1: detected capacity change from 0 to 128 [ 106.891756][ T5755] usb 1-1: config 0 descriptor?? [ 106.942395][ T6338] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.967711][ T6338] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.084288][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.313424][ T5809] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 107.343155][ T5755] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 108.531527][ T5809] usb 4-1: device descriptor read/8, error -71 [ 108.560874][ T5755] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 108.683188][ T5755] usb 1-1: USB disconnect, device number 3 [ 108.837972][ T6356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'. [ 108.896253][ T6352] fido_id[6352]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 112.244162][ T6402] syzkaller0: entered promiscuous mode [ 112.266481][ T6402] syzkaller0: entered allmulticast mode [ 121.965799][ T6384] Set syz1 is full, maxelem 65536 reached [ 122.130602][ T6466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'. [ 122.152564][ T6466] team_slave_0: entered promiscuous mode [ 122.158765][ T6466] team_slave_1: entered promiscuous mode [ 122.166717][ T6466] vlan1: entered promiscuous mode [ 122.171828][ T6466] team0: entered promiscuous mode [ 122.201034][ T6469] loop0: detected capacity change from 0 to 1024 [ 122.266714][ T6469] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 122.304786][ T6469] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.466046][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 122.972409][ T6480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 123.111707][ T6486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 123.511112][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.202'. [ 124.036743][ T6501] netlink: 256 bytes leftover after parsing attributes in process `syz.0.206'. [ 124.059463][ T6501] netlink: 72 bytes leftover after parsing attributes in process `syz.0.206'. [ 124.266016][ T6508] netlink: 16 bytes leftover after parsing attributes in process `syz.0.207'. [ 124.293255][ T6510] loop3: detected capacity change from 0 to 1024 [ 124.293511][ T6508] syzkaller0: entered promiscuous mode [ 124.337334][ T6508] syzkaller0: entered allmulticast mode [ 124.350225][ T6510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 124.384439][ T6510] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.451092][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 124.898026][ T6523] loop3: detected capacity change from 0 to 512 [ 124.995441][ T27] audit: type=1800 audit(1771964228.967:2): pid=6523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.211" name="file2" dev="loop3" ino=1048599 res=0 errno=0 [ 126.500799][ T6551] loop0: detected capacity change from 0 to 1024 [ 126.529504][ T6550] netlink: 16 bytes leftover after parsing attributes in process `syz.3.218'. [ 126.641858][ T6551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 126.658995][ T6551] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.682879][ T6551] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 3) [ 126.714108][ T6551] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 126.744066][ T6551] EXT4-fs (loop0): This should not happen!! Data will be lost [ 126.744066][ T6551] [ 126.777132][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 126.874265][ T6546] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 126.993996][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.122690][ T6546] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.180442][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.200920][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.271426][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.305197][ T6563] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.354769][ T6546] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #15: block 3: comm syz.0.220: lblock 3 mapped to illegal pblock 3 (length 1) [ 127.569555][ T3453] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 127.634583][ T3453] EXT4-fs (loop0): This should not happen!! Data will be lost [ 127.634583][ T3453] [ 127.856660][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 128.076634][ T6590] loop3: detected capacity change from 0 to 1024 [ 128.288328][ T6590] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 128.327344][ T6590] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.415950][ T6597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.231'. [ 129.001389][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 129.016434][ T6576] 9pnet_fd: Insufficient options for proto=fd [ 129.779815][ T6606] loop1: detected capacity change from 0 to 8192 [ 129.839822][ T6606] loop1: p1 p2 p3 [ 129.850837][ T6606] loop1: partition table partially beyond EOD, truncated [ 129.859553][ T6606] loop1: p1 start 17825536 is beyond EOD, truncated [ 129.886147][ T6606] loop1: p3 size 100663552 extends beyond EOD, truncated [ 130.035306][ T6618] netlink: 4 bytes leftover after parsing attributes in process `syz.3.237'. [ 130.200532][ T6473] udevd[6473]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 130.223172][ T6622] loop1: detected capacity change from 0 to 1764 [ 130.234308][ T6467] udevd[6467]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 130.292339][ T6622] ISOFS: unable to read i-node block [ 130.321628][ T6624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.240'. [ 130.377251][ T6624] vlan1: entered promiscuous mode [ 130.975033][ T6631] netlink: 16 bytes leftover after parsing attributes in process `syz.0.243'. [ 131.804965][ T6643] loop3: detected capacity change from 0 to 512 [ 131.821787][ T6644] process 'syz.1.248' launched './file0' with NULL argv: empty string added [ 131.894380][ T6643] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.247: corrupted in-inode xattr: e_value out of bounds [ 131.998365][ T6643] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.247: couldn't read orphan inode 15 (err -117) [ 132.082904][ T6643] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.132742][ T6649] loop0: detected capacity change from 0 to 1024 [ 132.177155][ T6643] EXT4-fs warning (device loop3): ext4_resize_begin:74: won't resize using backup superblock at 1 [ 132.187232][ T6649] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.242564][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.356247][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.083963][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.106572][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.345223][ T6682] bridge0: entered promiscuous mode [ 140.035616][ T6733] loop0: detected capacity change from 0 to 8192 [ 140.161308][ T6740] loop1: detected capacity change from 0 to 1024 [ 140.279810][ T6740] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 140.327163][ T6740] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.482298][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 142.098583][ T6784] loop1: detected capacity change from 0 to 512 [ 142.170125][ T6784] EXT4-fs (loop1): orphan cleanup on readonly fs [ 142.218446][ T6784] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #11: block 1: comm syz.1.285: lblock 0 mapped to illegal pblock 1 (length 1) [ 142.399582][ T6784] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 142.501784][ T6784] EXT4-fs error (device loop1): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.1.285: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 142.542980][ T6784] EXT4-fs warning (device loop1): ext4_xattr_inode_dec_ref_all:1231: inode #11: comm syz.1.285: ea_inode dec ref err=-117 [ 142.565434][ T6784] EXT4-fs (loop1): 1 orphan inode deleted [ 142.587923][ T6784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 142.895004][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.557291][ T6819] netlink: 16 bytes leftover after parsing attributes in process `syz.0.297'. [ 146.503542][ T6852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.308'. [ 146.706096][ T6858] loop0: detected capacity change from 0 to 512 [ 146.751507][ T6858] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.311: inode has both inline data and extents flags [ 146.791500][ T6858] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.311: couldn't read orphan inode 15 (err -117) [ 146.837170][ T6858] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.001253][ T6867] loop3: detected capacity change from 0 to 1024 [ 147.108594][ T6867] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 147.177882][ T6867] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.230881][ T6867] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 3) [ 147.249257][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.336979][ T6867] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 147.394297][ T6867] EXT4-fs (loop3): This should not happen!! Data will be lost [ 147.394297][ T6867] [ 147.421398][ T6872] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.462551][ T6866] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.497555][ T6876] xt_hashlimit: size too large, truncated to 1048576 [ 147.505512][ T6872] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.548921][ T6866] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.589932][ T6872] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.627550][ T6866] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.660388][ T6872] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.705581][ T6866] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.753380][ T6866] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.314: lblock 3 mapped to illegal pblock 3 (length 1) [ 148.308263][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 148.475100][ T6884] loop3: detected capacity change from 0 to 256 [ 148.567209][ T6884] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00007372) [ 149.564161][ T6892] syzkaller0: entered promiscuous mode [ 149.603499][ T6892] syzkaller0: entered allmulticast mode [ 149.699102][ T6894] netlink: 16 bytes leftover after parsing attributes in process `syz.1.322'. [ 150.103270][ T6903] loop3: detected capacity change from 0 to 512 [ 152.296576][ T6927] loop3: detected capacity change from 0 to 1024 [ 152.339656][ T6927] EXT4-fs: Ignoring removed mblk_io_submit option [ 152.553576][ T6927] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.560276][ T6932] syzkaller0: entered promiscuous mode [ 152.573541][ T6932] syzkaller0: entered allmulticast mode [ 152.632903][ T6927] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 152.684189][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.812952][ T6936] loop1: detected capacity change from 0 to 1024 [ 152.832861][ T6936] EXT4-fs: Ignoring removed nobh option [ 152.850523][ T6936] EXT4-fs: Ignoring removed nomblk_io_submit option [ 152.912113][ T6936] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.965471][ T6936] EXT4-fs (loop1): shut down requested (0) [ 152.974254][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.335'. [ 153.045209][ T6938] 8021q: VLANs not supported on caif0 [ 153.186798][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.412399][ T6961] loop3: detected capacity change from 0 to 256 [ 155.485434][ T6961] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 155.646457][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.345'. [ 155.679981][ T6964] 8021q: VLANs not supported on caif0 [ 156.007747][ T6974] loop1: detected capacity change from 0 to 1024 [ 156.099698][ T6974] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 156.145087][ T6974] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.219910][ T6974] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 3) [ 156.277057][ T6974] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 156.338309][ T6974] EXT4-fs (loop1): This should not happen!! Data will be lost [ 156.338309][ T6974] [ 156.397830][ T6973] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.405451][ T6992] netlink: 12 bytes leftover after parsing attributes in process `syz.0.356'. [ 156.445301][ T6994] netlink: 12 bytes leftover after parsing attributes in process `syz.3.357'. [ 156.471588][ T6990] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.549190][ T6992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.356'. [ 156.555703][ T6990] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.560844][ T6992] 8021q: adding VLAN 0 to HW filter on device bond1 [ 156.594168][ T6973] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.600621][ T6992] macvlan2: entered promiscuous mode [ 156.617413][ T6992] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 156.633689][ T6973] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.654341][ T6990] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.684116][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.358'. [ 156.710239][ T6998] vlan1: entered promiscuous mode [ 156.720844][ T6973] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.769223][ T6973] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 156.797128][ T6990] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.350: lblock 3 mapped to illegal pblock 3 (length 1) [ 157.234005][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 157.420960][ T7018] syzkaller0: entered promiscuous mode [ 157.449931][ T7018] syzkaller0: entered allmulticast mode [ 157.470568][ T11] syzkaller0: tun_net_xmit 48 [ 157.560302][ T7018] syzkaller0: create flow: hash 4129003132 index 1 [ 157.775956][ T7031] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 157.794239][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.371'. [ 157.811995][ T7030] 8021q: VLANs not supported on caif0 [ 157.819920][ T7017] syzkaller0: delete flow: hash 4129003132 index 1 [ 160.337963][ T7036] netlink: 52 bytes leftover after parsing attributes in process `syz.0.373'. [ 160.348409][ T7038] netlink: 52 bytes leftover after parsing attributes in process `syz.0.373'. [ 160.360000][ T7052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.380'. [ 160.381088][ T7052] vlan1: entered promiscuous mode [ 161.424679][ T7077] loop3: detected capacity change from 0 to 1024 [ 161.500772][ T7077] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 161.535257][ T7081] netlink: 52 bytes leftover after parsing attributes in process `syz.0.392'. [ 161.545984][ T7081] netlink: 52 bytes leftover after parsing attributes in process `syz.0.392'. [ 161.566819][ T7077] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 161.586163][ T7077] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.391: Failed to acquire dquot type 0 [ 161.670890][ T7077] EXT4-fs (loop3): 1 truncate cleaned up [ 161.698807][ T7077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.754846][ T7077] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.816143][ T7085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.393'. [ 161.831405][ T7085] vlan1: entered promiscuous mode [ 163.079390][ T7105] netlink: 52 bytes leftover after parsing attributes in process `syz.2.402'. [ 163.095208][ T7105] netlink: 52 bytes leftover after parsing attributes in process `syz.2.402'. [ 163.445296][ T7112] loop3: detected capacity change from 0 to 1024 [ 163.463551][ T7112] EXT4-fs: Ignoring removed orlov option [ 163.505257][ T7112] EXT4-fs: Ignoring removed nobh option [ 163.533728][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.406'. [ 163.561636][ T7112] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.622340][ T7114] vlan1: entered promiscuous mode [ 163.808502][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.2.407'. [ 163.834789][ T27] audit: type=1800 audit(1771964268.824:3): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.405" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 165.315728][ T7126] sctp: failed to load transform for md5: -2 [ 165.780299][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.802186][ T7143] netlink: 52 bytes leftover after parsing attributes in process `syz.0.412'. [ 165.825777][ T7143] netlink: 52 bytes leftover after parsing attributes in process `syz.0.412'. [ 165.849644][ T7145] netlink: 16 bytes leftover after parsing attributes in process `syz.1.414'. [ 165.928273][ T7147] vlan1: entered promiscuous mode [ 166.021451][ T7150] syzkaller0: entered promiscuous mode [ 166.033483][ T7150] syzkaller0: entered allmulticast mode [ 166.742287][ T7172] __nla_validate_parse: 1 callbacks suppressed [ 166.742308][ T7172] netlink: 52 bytes leftover after parsing attributes in process `syz.2.425'. [ 166.775800][ T7172] netlink: 52 bytes leftover after parsing attributes in process `syz.2.425'. [ 166.937984][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.426'. [ 167.057526][ T7178] netlink: 8 bytes leftover after parsing attributes in process `syz.0.428'. [ 167.073247][ T7178] 8021q: VLANs not supported on caif0 [ 167.337567][ T7186] loop1: detected capacity change from 0 to 128 [ 167.415755][ T7186] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 167.438297][ T7186] ext4 filesystem being mounted at /95/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 167.478646][ T7191] netlink: 52 bytes leftover after parsing attributes in process `syz.2.434'. [ 167.497334][ T7191] netlink: 52 bytes leftover after parsing attributes in process `syz.2.434'. [ 167.706437][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 168.142047][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.2.438'. [ 168.166081][ T7205] vlan1: entered promiscuous mode [ 168.309409][ T7210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'. [ 168.383318][ T7212] netlink: 52 bytes leftover after parsing attributes in process `syz.2.443'. [ 168.394790][ T7212] netlink: 52 bytes leftover after parsing attributes in process `syz.2.443'. [ 168.980899][ T7224] loop1: detected capacity change from 0 to 1024 [ 169.017738][ T7224] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 169.565445][ T7240] 8021q: VLANs not supported on caif0 [ 169.975892][ T7261] netlink: 'syz.3.460': attribute type 3 has an invalid length. [ 170.287163][ T7274] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 170.535364][ T7283] 8021q: VLANs not supported on caif0 [ 170.935639][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 171.876867][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.897118][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.923893][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 171.971328][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 171.990153][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.015259][ T8] usb 4-1: config 0 descriptor?? [ 172.303855][ T7319] __nla_validate_parse: 8 callbacks suppressed [ 172.303874][ T7319] netlink: 52 bytes leftover after parsing attributes in process `syz.0.478'. [ 172.331073][ T7321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.479'. [ 172.341575][ T7321] 8021q: VLANs not supported on caif0 [ 172.347842][ T7319] netlink: 52 bytes leftover after parsing attributes in process `syz.0.478'. [ 172.466771][ T8] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 172.508156][ T8] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 172.535825][ T7327] netlink: 52 bytes leftover after parsing attributes in process `syz.0.482'. [ 172.560257][ T7327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 172.581992][ T7327] batadv_slave_0: entered promiscuous mode [ 172.595174][ T7327] batadv_slave_0: entered allmulticast mode [ 172.867949][ T5803] usb 4-1: USB disconnect, device number 6 [ 172.870929][ T7340] plantronics 0003:047F:FFFF.0004: usb_submit_urb(ctrl) failed: -19 [ 172.920472][ T7344] syzkaller0: entered promiscuous mode [ 172.959773][ T7344] syzkaller0: entered allmulticast mode [ 173.443021][ T7353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.486'. [ 173.460875][ T7353] vlan1: entered promiscuous mode [ 173.466222][ T7353] veth1_to_bridge: entered promiscuous mode [ 174.042910][ T7358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.489'. [ 174.063051][ T7358] 8021q: VLANs not supported on caif0 [ 174.080360][ T7356] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 174.234858][ T7364] usb usb8: usbfs: process 7364 (syz.1.492) did not claim interface 0 before use [ 174.246484][ T7361] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 174.732992][ T7379] loop1: detected capacity change from 0 to 256 [ 175.472266][ T7382] loop3: detected capacity change from 0 to 1024 [ 175.633081][ T7382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 175.654998][ T7382] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.798421][ T7382] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 3) [ 175.867622][ T7382] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 175.893899][ T7382] EXT4-fs (loop3): This should not happen!! Data will be lost [ 175.893899][ T7382] [ 175.932502][ T7378] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.054215][ T7378] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.145550][ T7390] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.224844][ T7378] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.271119][ T7390] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.413191][ T7378] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.473926][ T7390] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.574313][ T7410] syzkaller0: entered promiscuous mode [ 176.600440][ T7390] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.624318][ T7410] syzkaller0: entered allmulticast mode [ 176.667621][ T7390] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.497: lblock 3 mapped to illegal pblock 3 (length 1) [ 177.058266][ T7425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.506'. [ 177.069134][ T7425] 8021q: VLANs not supported on caif0 [ 177.178726][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 177.268494][ T7428] loop0: detected capacity change from 0 to 128 [ 177.383438][ T7428] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 177.500783][ T7428] ext4 filesystem being mounted at /115/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 177.604804][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 177.627854][ T5768] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 177.820119][ T7447] syzkaller0: entered promiscuous mode [ 177.832449][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.849731][ T7447] syzkaller0: entered allmulticast mode [ 177.860669][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.880167][ T787] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 177.911775][ T787] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 177.924913][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.940832][ T787] usb 2-1: config 0 descriptor?? [ 178.427942][ T787] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 178.477552][ T787] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 179.724251][ C1] plantronics 0003:047F:FFFF.0005: usb_submit_urb(ctrl) failed: -1 [ 180.688912][ T1187] usb 2-1: USB disconnect, device number 3 [ 181.047714][ T7462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.516'. [ 181.061190][ T7462] vlan1: entered promiscuous mode [ 181.162483][ T7466] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 181.173515][ T7469] loop3: detected capacity change from 0 to 1024 [ 181.244101][ T7469] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 181.293835][ T7469] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.324081][ T7469] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 3) [ 181.349576][ T7469] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 181.369375][ T7469] EXT4-fs (loop3): This should not happen!! Data will be lost [ 181.369375][ T7469] [ 181.398136][ T7477] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.458893][ T7477] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.532970][ T7468] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.657318][ T7477] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.772814][ T7468] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.841726][ T7468] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.868853][ T7477] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.926178][ T7477] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.965156][ T7468] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 3: comm syz.3.518: lblock 3 mapped to illegal pblock 3 (length 1) [ 181.999774][ T7485] loop1: detected capacity change from 0 to 512 [ 182.061710][ T7485] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 182.102380][ T7485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.170324][ T7485] ext4 filesystem being mounted at /121/wÅü5ÔTÕÔ)­`)YFæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.207779][ T49] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 182.222169][ T49] EXT4-fs (loop3): This should not happen!! Data will be lost [ 182.222169][ T49] [ 182.408414][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 182.435854][ T1187] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 182.657453][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.673470][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.686029][ T1187] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 182.707653][ T1187] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 182.717759][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.730530][ T7512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.529'. [ 182.741347][ T7512] 8021q: VLANs not supported on nlmon0 [ 182.756204][ T1187] usb 1-1: config 0 descriptor?? [ 182.919983][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.251507][ T1187] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 183.294035][ T1187] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 183.412422][ T7524] syzkaller0: entered promiscuous mode [ 183.418823][ T7524] syzkaller0: entered allmulticast mode [ 183.605343][ T7526] syzkaller0: entered promiscuous mode [ 183.612147][ T7526] syzkaller0: entered allmulticast mode [ 184.557155][ C1] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1 [ 185.441215][ T8] usb 1-1: USB disconnect, device number 4 [ 186.258031][ T7531] netlink: 32 bytes leftover after parsing attributes in process `syz.3.536'. [ 186.270161][ T7548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.540'. [ 186.300700][ T7548] 8021q: VLANs not supported on caif0 [ 186.926929][ T7567] loop1: detected capacity change from 0 to 256 [ 187.889653][ T7570] loop1: detected capacity change from 0 to 512 [ 187.915923][ T7570] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 188.110333][ T7570] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 188.163700][ T7570] EXT4-fs (loop1): orphan cleanup on readonly fs [ 188.193028][ T7570] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 4294967295 out of range 0-7 [ 188.212316][ T7570] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 188.224437][ T7570] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.548: Failed to acquire dquot type 1 [ 188.244153][ T7570] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #16: comm syz.1.548: corrupted inode contents [ 188.264341][ T7570] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #16: comm syz.1.548: mark_inode_dirty error [ 188.286891][ T7570] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #16: comm syz.1.548: corrupted inode contents [ 188.308284][ T7570] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.548: mark_inode_dirty error [ 188.322251][ T7570] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #16: comm syz.1.548: corrupted inode contents [ 188.340552][ T7570] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 188.356950][ T7570] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #16: comm syz.1.548: corrupted inode contents [ 188.374414][ T7570] EXT4-fs error (device loop1): ext4_truncate:4294: inode #16: comm syz.1.548: mark_inode_dirty error [ 188.393453][ T7570] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 188.407947][ T7570] EXT4-fs (loop1): 1 truncate cleaned up [ 188.421413][ T7570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-0000002a0000 ro without journal. Quota mode: writeback. [ 188.534318][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-0000002a0000. [ 191.155141][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 191.742806][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.777328][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.794609][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 191.832449][ T8] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 191.849712][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.884574][ T8] usb 1-1: config 0 descriptor?? [ 192.343193][ T8] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 192.385779][ T8] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 193.138537][ T7621] syzkaller0: entered promiscuous mode [ 193.155091][ T7621] syzkaller0: entered allmulticast mode [ 193.547974][ T7629] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 193.606762][ C0] plantronics 0003:047F:FFFF.0007: usb_submit_urb(ctrl) failed: -1 [ 193.635244][ T8] usb 1-1: USB disconnect, device number 5 [ 194.562080][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.568990][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.999936][ T5771] Bluetooth: hci0: command 0x0406 tx timeout [ 197.007411][ T5771] Bluetooth: hci2: command 0x0406 tx timeout [ 197.013634][ T5771] Bluetooth: hci3: command 0x0406 tx timeout [ 197.020510][ T5777] Bluetooth: hci1: command 0x0406 tx timeout [ 205.154158][ T5081] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 205.165648][ T5081] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 205.180289][ T5081] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 205.192700][ T5081] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 205.209961][ T5081] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 205.220807][ T5081] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 205.608106][ T7646] chnl_net:caif_netlink_parms(): no params data found [ 205.756759][ T7646] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.771010][ T7646] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.779184][ T7646] bridge_slave_0: entered allmulticast mode [ 205.793488][ T7646] bridge_slave_0: entered promiscuous mode [ 205.803271][ T7646] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.821067][ T7646] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.830614][ T7646] bridge_slave_1: entered allmulticast mode [ 205.843646][ T7646] bridge_slave_1: entered promiscuous mode [ 205.909396][ T7646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.933892][ T7646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.992408][ T7646] team0: Port device team_slave_0 added [ 206.007920][ T7646] team0: Port device team_slave_1 added [ 206.065350][ T7646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.072607][ T7646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.109840][ T7646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.126262][ T7646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.134039][ T7646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.164536][ T7646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.155247][ T1289] ================================================================== [ 210.163590][ T1289] BUG: KASAN: slab-use-after-free in tty_write_room+0x35/0x80 [ 210.171530][ T1289] Read of size 8 at addr ffff88805c17b020 by task aoe_tx0/1289 [ 210.179209][ T1289] [ 210.181604][ T1289] CPU: 0 PID: 1289 Comm: aoe_tx0 Not tainted syzkaller #0 [ 210.188750][ T1289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 210.199297][ T1289] Call Trace: [ 210.202690][ T1289] [ 210.205665][ T1289] dump_stack_lvl+0x18c/0x250 [ 210.210479][ T1289] ? __lock_acquire+0x7d40/0x7d40 [ 210.215644][ T1289] ? show_regs_print_info+0x20/0x20 [ 210.221025][ T1289] ? load_image+0x400/0x400 [ 210.226123][ T1289] ? __virt_addr_valid+0x469/0x540 [ 210.231556][ T1289] print_report+0xa8/0x210 [ 210.236018][ T1289] ? tty_write_room+0x35/0x80 [ 210.240982][ T1289] kasan_report+0x117/0x150 [ 210.245613][ T1289] ? tty_write_room+0x35/0x80 [ 210.250415][ T1289] tty_write_room+0x35/0x80 [ 210.255128][ T1289] handle_tx+0x15e/0x610 [ 210.259504][ T1289] dev_hard_start_xmit+0x246/0x740 [ 210.264852][ T1289] __dev_queue_xmit+0x1ac2/0x36b0 [ 210.269907][ T1289] ? __dev_queue_xmit+0x26b/0x36b0 [ 210.275060][ T1289] ? skb_dequeue+0x124/0x160 [ 210.279676][ T1289] ? netdev_core_pick_tx+0x340/0x340 [ 210.285096][ T1289] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 210.291186][ T1289] ? lock_chain_count+0x20/0x20 [ 210.296051][ T1289] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.301451][ T1289] ? lockdep_hardirqs_on+0x98/0x150 [ 210.307230][ T1289] tx+0x6b/0x180 [ 210.311064][ T1289] ? aoenet_xmit+0x190/0x190 [ 210.316197][ T1289] kthread+0x1d2/0x3b0 [ 210.320405][ T1289] ? aoe_ktstart+0x130/0x130 [ 210.325275][ T1289] ? do_task_dead+0xd0/0xd0 [ 210.330348][ T1289] ? __kthread_parkme+0x7a/0x1c0 [ 210.335784][ T1289] kthread+0x2fa/0x390 [ 210.340142][ T1289] ? aoe_ktstart+0x130/0x130 [ 210.344833][ T1289] ? kthread_blkcg+0xd0/0xd0 [ 210.349629][ T1289] ret_from_fork+0x48/0x80 [ 210.354069][ T1289] ? kthread_blkcg+0xd0/0xd0 [ 210.358751][ T1289] ret_from_fork_asm+0x11/0x20 [ 210.363544][ T1289] [ 210.366581][ T1289] [ 210.368913][ T1289] Allocated by task 6113: [ 210.373241][ T1289] kasan_set_track+0x4e/0x70 [ 210.378110][ T1289] __kasan_kmalloc+0x8f/0xa0 [ 210.382740][ T1289] alloc_tty_struct+0xa7/0x790 [ 210.387611][ T1289] tty_init_dev+0x59/0x4c0 [ 210.392033][ T1289] tty_open+0x866/0xd80 [ 210.396305][ T1289] chrdev_open+0x5cc/0x6a0 [ 210.400813][ T1289] do_dentry_open+0x8c6/0x1500 [ 210.405653][ T1289] path_openat+0x27f1/0x3230 [ 210.410249][ T1289] do_filp_open+0x1f5/0x430 [ 210.415016][ T1289] do_sys_openat2+0x134/0x1d0 [ 210.419821][ T1289] __x64_sys_openat+0x139/0x160 [ 210.424957][ T1289] do_syscall_64+0x55/0xa0 [ 210.429919][ T1289] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 210.436123][ T1289] [ 210.438465][ T1289] Freed by task 787: [ 210.442573][ T1289] kasan_set_track+0x4e/0x70 [ 210.447382][ T1289] kasan_save_free_info+0x2e/0x50 [ 210.452712][ T1289] ____kasan_slab_free+0x126/0x1e0 [ 210.458386][ T1289] slab_free_freelist_hook+0x130/0x1a0 [ 210.464114][ T1289] __kmem_cache_free+0xba/0x1e0 [ 210.470211][ T1289] process_scheduled_works+0xa5d/0x15d0 [ 210.475938][ T1289] worker_thread+0xa55/0xfc0 [ 210.480649][ T1289] kthread+0x2fa/0x390 [ 210.484819][ T1289] ret_from_fork+0x48/0x80 [ 210.489332][ T1289] ret_from_fork_asm+0x11/0x20 [ 210.494644][ T1289] [ 210.497513][ T1289] Last potentially related work creation: [ 210.504577][ T1289] kasan_save_stack+0x3e/0x60 [ 210.509975][ T1289] __kasan_record_aux_stack+0xaf/0xc0 [ 210.516209][ T1289] insert_work+0x3d/0x310 [ 210.521193][ T1289] __queue_work+0xc39/0x1020 [ 210.525937][ T1289] queue_work_on+0x128/0x1f0 [ 210.530830][ T1289] tty_release_struct+0xb8/0xd0 [ 210.536354][ T1289] tty_release+0xc79/0x1600 [ 210.541323][ T1289] __fput+0x234/0x970 [ 210.546682][ T1289] task_work_run+0x1d4/0x260 [ 210.552119][ T1289] do_exit+0x95a/0x2460 [ 210.556772][ T1289] do_group_exit+0x21b/0x2d0 [ 210.562301][ T1289] get_signal+0x12fc/0x13f0 [ 210.567020][ T1289] arch_do_signal_or_restart+0xc2/0x800 [ 210.572881][ T1289] exit_to_user_mode_loop+0x70/0x110 [ 210.578388][ T1289] exit_to_user_mode_prepare+0xee/0x180 [ 210.584254][ T1289] syscall_exit_to_user_mode+0x1a/0x50 [ 210.590177][ T1289] do_syscall_64+0x61/0xa0 [ 210.594700][ T1289] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 210.600710][ T1289] [ 210.603219][ T1289] The buggy address belongs to the object at ffff88805c17b000 [ 210.603219][ T1289] which belongs to the cache kmalloc-cg-2k of size 2048 [ 210.618972][ T1289] The buggy address is located 32 bytes inside of [ 210.618972][ T1289] freed 2048-byte region [ffff88805c17b000, ffff88805c17b800) [ 210.633429][ T1289] [ 210.636327][ T1289] The buggy address belongs to the physical page: [ 210.643024][ T1289] page:ffffea0001705e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c178 [ 210.653493][ T1289] head:ffffea0001705e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 210.662449][ T1289] memcg:ffff88802ac5c281 [ 210.666981][ T1289] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 210.675577][ T1289] page_type: 0xffffffff() [ 210.680114][ T1289] raw: 00fff00000000840 ffff888017c4f3c0 0000000000000000 dead000000000001 [ 210.689205][ T1289] raw: 0000000000000000 0000000000080008 00000001ffffffff ffff88802ac5c281 [ 210.698178][ T1289] page dumped because: kasan: bad access detected [ 210.704624][ T1289] page_owner tracks the page as allocated [ 210.710453][ T1289] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5858, tgid 5856 (syz.3.13), ts 79558721552, free_ts 22279073346 [ 210.733314][ T1289] post_alloc_hook+0x1c1/0x200 [ 210.738192][ T1289] get_page_from_freelist+0x1951/0x19e0 [ 210.744007][ T1289] __alloc_pages+0x1f0/0x460 [ 210.748687][ T1289] alloc_slab_page+0x5d/0x160 [ 210.753456][ T1289] new_slab+0x87/0x2d0 [ 210.757724][ T1289] ___slab_alloc+0xc5d/0x12f0 [ 210.762585][ T1289] __kmem_cache_alloc_node+0x19e/0x250 [ 210.768107][ T1289] kmalloc_trace+0x2a/0xe0 [ 210.772830][ T1289] alloc_tty_struct+0xa7/0x790 [ 210.777711][ T1289] pty_common_install+0x17b/0x750 [ 210.783007][ T1289] tty_init_dev+0xd3/0x4c0 [ 210.787519][ T1289] ptmx_open+0xdf/0x2c0 [ 210.791720][ T1289] chrdev_open+0x5cc/0x6a0 [ 210.796352][ T1289] do_dentry_open+0x8c6/0x1500 [ 210.801325][ T1289] path_openat+0x27f1/0x3230 [ 210.806101][ T1289] do_filp_open+0x1f5/0x430 [ 210.811133][ T1289] page last free stack trace: [ 210.815917][ T1289] free_unref_page_prepare+0x7b2/0x8c0 [ 210.821749][ T1289] free_unref_page+0x32/0x2e0 [ 210.826440][ T1289] free_contig_range+0xa1/0x150 [ 210.831306][ T1289] destroy_args+0x80/0x850 [ 210.835735][ T1289] debug_vm_pgtable+0x411/0x440 [ 210.840604][ T1289] do_one_initcall+0x242/0x790 [ 210.845421][ T1289] do_initcall_level+0x137/0x1f0 [ 210.850396][ T1289] do_initcalls+0x69/0xd0 [ 210.854757][ T1289] kernel_init_freeable+0x3ed/0x580 [ 210.860142][ T1289] kernel_init+0x1d/0x1c0 [ 210.864501][ T1289] ret_from_fork+0x48/0x80 [ 210.869129][ T1289] ret_from_fork_asm+0x11/0x20 [ 210.874087][ T1289] [ 210.876418][ T1289] Memory state around the buggy address: [ 210.882349][ T1289] ffff88805c17af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 210.890873][ T1289] ffff88805c17af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 210.899415][ T1289] >ffff88805c17b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.908012][ T1289] ^ [ 210.913248][ T1289] ffff88805c17b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.921690][ T1289] ffff88805c17b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.929868][ T1289] ================================================================== [ 210.939170][ T1289] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 210.946744][ T1289] CPU: 0 PID: 1289 Comm: aoe_tx0 Not tainted syzkaller #0 [ 210.954582][ T1289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 210.965176][ T1289] Call Trace: [ 210.969121][ T1289] [ 210.972338][ T1289] dump_stack_lvl+0x18c/0x250 [ 210.977254][ T1289] ? show_regs_print_info+0x20/0x20 [ 210.983000][ T1289] ? load_image+0x400/0x400 [ 210.987818][ T1289] panic+0x2dc/0x730 [ 210.991946][ T1289] ? bpf_jit_dump+0xd0/0xd0 [ 210.997273][ T1289] ? _raw_spin_unlock_irqrestore+0xc0/0x120 [ 211.003603][ T1289] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 211.009913][ T1289] ? _raw_spin_unlock+0x40/0x40 [ 211.014800][ T1289] ? print_memory_metadata+0x314/0x400 [ 211.020483][ T1289] ? tty_write_room+0x35/0x80 [ 211.025381][ T1289] check_panic_on_warn+0x84/0xa0 [ 211.030639][ T1289] ? tty_write_room+0x35/0x80 [ 211.035579][ T1289] end_report+0x6f/0x130 [ 211.040138][ T1289] kasan_report+0x128/0x150 [ 211.045145][ T1289] ? tty_write_room+0x35/0x80 [ 211.050671][ T1289] tty_write_room+0x35/0x80 [ 211.055326][ T1289] handle_tx+0x15e/0x610 [ 211.059794][ T1289] dev_hard_start_xmit+0x246/0x740 [ 211.064953][ T1289] __dev_queue_xmit+0x1ac2/0x36b0 [ 211.070372][ T1289] ? __dev_queue_xmit+0x26b/0x36b0 [ 211.075804][ T1289] ? skb_dequeue+0x124/0x160 [ 211.080687][ T1289] ? netdev_core_pick_tx+0x340/0x340 [ 211.086364][ T1289] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 211.092662][ T1289] ? lock_chain_count+0x20/0x20 [ 211.097646][ T1289] ? _raw_spin_unlock_irq+0x23/0x50 [ 211.102906][ T1289] ? lockdep_hardirqs_on+0x98/0x150 [ 211.108173][ T1289] tx+0x6b/0x180 [ 211.111862][ T1289] ? aoenet_xmit+0x190/0x190 [ 211.116590][ T1289] kthread+0x1d2/0x3b0 [ 211.120788][ T1289] ? aoe_ktstart+0x130/0x130 [ 211.125707][ T1289] ? do_task_dead+0xd0/0xd0 [ 211.130358][ T1289] ? __kthread_parkme+0x7a/0x1c0 [ 211.135437][ T1289] kthread+0x2fa/0x390 [ 211.139661][ T1289] ? aoe_ktstart+0x130/0x130 [ 211.144467][ T1289] ? kthread_blkcg+0xd0/0xd0 [ 211.149377][ T1289] ret_from_fork+0x48/0x80 [ 211.154281][ T1289] ? kthread_blkcg+0xd0/0xd0 [ 211.159265][ T1289] ret_from_fork_asm+0x11/0x20 [ 211.164420][ T1289] [ 211.167685][ T1289] Kernel Offset: disabled [ 211.172445][ T1289] Rebooting in 86400 seconds..