[ 101.859144][ T780] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.160' (ED25519) to the list of known hosts. 2024/04/10 15:38:16 fuzzer started 2024/04/10 15:38:17 dialing manager at 10.128.0.169:30002 [ 103.508746][ T5074] cgroup: Unknown subsys name 'net' [ 103.662275][ T5074] cgroup: Unknown subsys name 'rlimit' 2024/04/10 15:38:20 code coverage: enabled 2024/04/10 15:38:20 comparison tracing: enabled 2024/04/10 15:38:20 extra coverage: enabled 2024/04/10 15:38:20 delay kcov mmap: enabled 2024/04/10 15:38:20 setuid sandbox: enabled 2024/04/10 15:38:20 namespace sandbox: enabled 2024/04/10 15:38:20 Android sandbox: /sys/fs/selinux/policy does not exist 2024/04/10 15:38:20 fault injection: enabled 2024/04/10 15:38:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2024/04/10 15:38:20 net packet injection: enabled 2024/04/10 15:38:20 net device setup: enabled 2024/04/10 15:38:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/04/10 15:38:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/04/10 15:38:20 NIC VF setup: PCI device 0000:00:11.0 is not available 2024/04/10 15:38:20 USB emulation: enabled 2024/04/10 15:38:20 hci packet injection: enabled 2024/04/10 15:38:20 wifi device emulation: enabled 2024/04/10 15:38:20 802.15.4 emulation: enabled 2024/04/10 15:38:20 swap file: enabled [ 105.877188][ T5074] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/04/10 15:38:20 starting 6 executor processes [ 107.852054][ T5091] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 107.871445][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 107.879620][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 107.888723][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 107.896914][ T5093] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 107.906095][ T5093] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 107.924434][ T5094] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 107.932121][ T5094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 107.935188][ T5093] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 107.949398][ T5093] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 107.961297][ T5093] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 107.969055][ T5093] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 108.026675][ T5094] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 108.036532][ T5094] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 108.047618][ T5094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 108.068642][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 108.077528][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 108.091859][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 108.104331][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 108.111828][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 108.122470][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 108.130321][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 108.137628][ T5104] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 108.139764][ T5104] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 108.146814][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 108.153935][ T5104] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 108.160031][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 108.168883][ T5104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 108.185282][ T5104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 108.193890][ T5106] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 108.202167][ T5106] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 108.213151][ T5106] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 108.218898][ T5102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 108.221788][ T5106] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 108.255833][ T5094] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 108.264947][ T5094] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 109.340082][ T5088] chnl_net:caif_netlink_parms(): no params data found [ 109.670515][ T5096] chnl_net:caif_netlink_parms(): no params data found [ 109.865834][ T5098] chnl_net:caif_netlink_parms(): no params data found [ 109.920678][ T5090] chnl_net:caif_netlink_parms(): no params data found [ 109.937899][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.946807][ T5088] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.954420][ T5088] bridge_slave_0: entered allmulticast mode [ 109.962983][ T5088] bridge_slave_0: entered promiscuous mode [ 110.015529][ T5093] Bluetooth: hci0: command tx timeout [ 110.015573][ T5094] Bluetooth: hci1: command tx timeout [ 110.080094][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.087602][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.095656][ T5088] bridge_slave_1: entered allmulticast mode [ 110.104476][ T5088] bridge_slave_1: entered promiscuous mode [ 110.173694][ T5101] chnl_net:caif_netlink_parms(): no params data found [ 110.255191][ T5094] Bluetooth: hci5: command tx timeout [ 110.255234][ T5093] Bluetooth: hci2: command tx timeout [ 110.334300][ T5094] Bluetooth: hci4: command tx timeout [ 110.334539][ T5093] Bluetooth: hci3: command tx timeout [ 110.421360][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.429278][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.437224][ T5096] bridge_slave_0: entered allmulticast mode [ 110.446244][ T5096] bridge_slave_0: entered promiscuous mode [ 110.456771][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.464322][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.472310][ T5096] bridge_slave_1: entered allmulticast mode [ 110.482217][ T5096] bridge_slave_1: entered promiscuous mode [ 110.656348][ T5088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.743727][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.759528][ T5088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.868246][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.932849][ T5088] team0: Port device team_slave_0 added [ 110.939860][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.947742][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.955094][ T5098] bridge_slave_0: entered allmulticast mode [ 110.963126][ T5098] bridge_slave_0: entered promiscuous mode [ 110.985300][ T5095] chnl_net:caif_netlink_parms(): no params data found [ 111.002243][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.009805][ T5090] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.017955][ T5090] bridge_slave_0: entered allmulticast mode [ 111.026359][ T5090] bridge_slave_0: entered promiscuous mode [ 111.068648][ T5088] team0: Port device team_slave_1 added [ 111.101494][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.108953][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.117687][ T5098] bridge_slave_1: entered allmulticast mode [ 111.126202][ T5098] bridge_slave_1: entered promiscuous mode [ 111.211384][ T5090] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.218772][ T5090] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.226612][ T5090] bridge_slave_1: entered allmulticast mode [ 111.236101][ T5090] bridge_slave_1: entered promiscuous mode [ 111.251692][ T5096] team0: Port device team_slave_0 added [ 111.354498][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.361859][ T5101] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.369415][ T5101] bridge_slave_0: entered allmulticast mode [ 111.378467][ T5101] bridge_slave_0: entered promiscuous mode [ 111.416918][ T5096] team0: Port device team_slave_1 added [ 111.432559][ T5088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.439624][ T5088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.465836][ T5088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.521972][ T5098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.531843][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.539975][ T5101] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.547652][ T5101] bridge_slave_1: entered allmulticast mode [ 111.556404][ T5101] bridge_slave_1: entered promiscuous mode [ 111.746001][ T5088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.752995][ T5088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.780186][ T5088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.822280][ T5098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.882903][ T5090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.896207][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.903207][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.930689][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.989456][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.005374][ T5090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.043134][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.050700][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.076964][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.094239][ T5094] Bluetooth: hci0: command tx timeout [ 112.099776][ T5093] Bluetooth: hci1: command tx timeout [ 112.142092][ T5098] team0: Port device team_slave_0 added [ 112.155875][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.250128][ T5088] hsr_slave_0: entered promiscuous mode [ 112.258552][ T5088] hsr_slave_1: entered promiscuous mode [ 112.296361][ T5098] team0: Port device team_slave_1 added [ 112.303347][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.310978][ T5095] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.318332][ T5095] bridge_slave_0: entered allmulticast mode [ 112.328640][ T5095] bridge_slave_0: entered promiscuous mode [ 112.334838][ T5093] Bluetooth: hci2: command tx timeout [ 112.352723][ T5093] Bluetooth: hci5: command tx timeout [ 112.369754][ T5090] team0: Port device team_slave_0 added [ 112.385541][ T5090] team0: Port device team_slave_1 added [ 112.424645][ T5093] Bluetooth: hci3: command tx timeout [ 112.430197][ T5093] Bluetooth: hci4: command tx timeout [ 112.447247][ T5095] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.455203][ T5095] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.462555][ T5095] bridge_slave_1: entered allmulticast mode [ 112.471814][ T5095] bridge_slave_1: entered promiscuous mode [ 112.513324][ T5101] team0: Port device team_slave_0 added [ 112.642587][ T5101] team0: Port device team_slave_1 added [ 112.754311][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.761314][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.787414][ T5098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.802640][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.810430][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.840023][ T5098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.900033][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.907588][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.933755][ T5090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.957685][ T5096] hsr_slave_0: entered promiscuous mode [ 112.968091][ T5096] hsr_slave_1: entered promiscuous mode [ 112.975347][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.983432][ T5096] Cannot create hsr debugfs directory [ 113.018703][ T5095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.029566][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.036953][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.065903][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.083462][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.090630][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.116800][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.130760][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.138332][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.164820][ T5090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.206168][ T5095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.471316][ T5095] team0: Port device team_slave_0 added [ 113.484228][ T5095] team0: Port device team_slave_1 added [ 113.634202][ T5090] hsr_slave_0: entered promiscuous mode [ 113.641999][ T5090] hsr_slave_1: entered promiscuous mode [ 113.652003][ T5090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.659687][ T5090] Cannot create hsr debugfs directory [ 113.716875][ T5098] hsr_slave_0: entered promiscuous mode [ 113.724998][ T5098] hsr_slave_1: entered promiscuous mode [ 113.731847][ T5098] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.740873][ T5098] Cannot create hsr debugfs directory [ 113.791284][ T5101] hsr_slave_0: entered promiscuous mode [ 113.799510][ T5101] hsr_slave_1: entered promiscuous mode [ 113.807519][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.815647][ T5101] Cannot create hsr debugfs directory [ 113.860097][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.867839][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.894397][ T5095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.976166][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.983172][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.009817][ T5095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.174374][ T5094] Bluetooth: hci0: command tx timeout [ 114.180042][ T5093] Bluetooth: hci1: command tx timeout [ 114.326517][ T5095] hsr_slave_0: entered promiscuous mode [ 114.333994][ T5095] hsr_slave_1: entered promiscuous mode [ 114.341446][ T5095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 114.349828][ T5095] Cannot create hsr debugfs directory [ 114.424640][ T5094] Bluetooth: hci2: command tx timeout [ 114.430212][ T5093] Bluetooth: hci5: command tx timeout [ 114.494124][ T5093] Bluetooth: hci4: command tx timeout [ 114.499693][ T5094] Bluetooth: hci3: command tx timeout [ 114.821092][ T5088] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.914304][ T5088] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 115.015600][ T5088] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 115.032599][ T5088] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 115.277784][ T5096] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 115.302144][ T5096] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 115.325986][ T5096] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 115.363916][ T5096] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 115.476391][ T5090] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.505525][ T5090] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.536090][ T5090] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 115.550895][ T5090] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 115.807792][ T5098] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 115.822109][ T5098] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 115.870567][ T5088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.878698][ T5098] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 115.892583][ T5098] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 116.047785][ T5095] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 116.070687][ T5095] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 116.091554][ T5095] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 116.113706][ T5095] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 116.166642][ T5088] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.266040][ T5094] Bluetooth: hci1: command tx timeout [ 116.266054][ T5093] Bluetooth: hci0: command tx timeout [ 116.338223][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.345877][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.421687][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.494482][ T5093] Bluetooth: hci5: command tx timeout [ 116.494790][ T5094] Bluetooth: hci2: command tx timeout [ 116.511070][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.518410][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.528484][ T5101] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 116.547808][ T5101] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 116.563810][ T5101] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 116.574236][ T5094] Bluetooth: hci4: command tx timeout [ 116.584834][ T5094] Bluetooth: hci3: command tx timeout [ 116.630758][ T5101] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 116.858255][ T5096] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.981360][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.989016][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.045715][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.053553][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.090946][ T5090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.120236][ T5098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.383312][ T5090] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.400402][ T5098] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.552787][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.560191][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.583963][ T5095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.630807][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.638261][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.659927][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.667265][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.718254][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.749368][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.756784][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.832983][ T5095] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.970818][ T5101] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.991451][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.998760][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.042351][ T5088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.166528][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.173903][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.202413][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.209774][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.432592][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.439975][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.652451][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.403577][ T5096] veth0_vlan: entered promiscuous mode [ 119.472237][ T5090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.647959][ T5096] veth1_vlan: entered promiscuous mode [ 119.668208][ T5088] veth0_vlan: entered promiscuous mode [ 119.809120][ T5088] veth1_vlan: entered promiscuous mode [ 119.957883][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.035861][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.141257][ T5096] veth0_macvtap: entered promiscuous mode [ 120.229780][ T5090] veth0_vlan: entered promiscuous mode [ 120.270949][ T5096] veth1_macvtap: entered promiscuous mode [ 120.343706][ T5098] veth0_vlan: entered promiscuous mode [ 120.360920][ T5090] veth1_vlan: entered promiscuous mode [ 120.379395][ T5095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.453323][ T5088] veth0_macvtap: entered promiscuous mode [ 120.526939][ T5101] veth0_vlan: entered promiscuous mode [ 120.539063][ T5098] veth1_vlan: entered promiscuous mode [ 120.583979][ T5088] veth1_macvtap: entered promiscuous mode [ 120.686920][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.733847][ T5101] veth1_vlan: entered promiscuous mode [ 120.788538][ T5090] veth0_macvtap: entered promiscuous mode [ 120.803769][ T5088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.816900][ T5088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.830531][ T5088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.851643][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.911546][ T5088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.931975][ T5088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.947619][ T5088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.969101][ T5090] veth1_macvtap: entered promiscuous mode [ 121.037135][ T5088] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.046568][ T5088] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.057392][ T5088] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.068406][ T5088] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.093238][ T5098] veth0_macvtap: entered promiscuous mode [ 121.114917][ T5101] veth0_macvtap: entered promiscuous mode [ 121.127978][ T5096] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.138997][ T5096] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.151271][ T5096] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.160479][ T5096] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.218813][ T5098] veth1_macvtap: entered promiscuous mode [ 121.235535][ T5101] veth1_macvtap: entered promiscuous mode [ 121.268968][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.282993][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.293762][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.306930][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.320355][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.368150][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.398517][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.408901][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.420234][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.432659][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.522053][ T5090] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.531070][ T5090] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.541722][ T5090] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.552336][ T5090] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.645250][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.656277][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.669633][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.683261][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.697810][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.710096][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.723183][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.773785][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.786023][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.797399][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.808573][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.818506][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.829106][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.839037][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.849767][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.862950][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.962002][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.976260][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.990767][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.001466][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.011765][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.023355][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.037578][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.046469][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.058172][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.068456][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.080027][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.091884][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.111499][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.121434][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.132502][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.145905][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.223825][ T5098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.233821][ T5098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.242875][ T5098] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.252464][ T5098] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.273644][ T5095] veth0_vlan: entered promiscuous mode [ 122.305016][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.329677][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.332102][ T5101] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.357172][ T5101] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.366103][ T5101] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.377672][ T5101] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.474292][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.482176][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.573677][ T5095] veth1_vlan: entered promiscuous mode [ 122.589308][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.598520][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.742917][ T5063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.774912][ T5063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 15:38:37 executing program 4: syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904000001c5b3e30009050b32eb"], 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x0) [ 122.934530][ T5156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.942414][ T5156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 15:38:37 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="64656275672c696e6f64655f7265616461686561645f626c6b733d3078303030303030303030303030343030302c696e69745f697461626c652c6572726f72733d72656d6f756e742d726f2c6e6f6c617a7974696d65006e6f6175746f5f64615f616c6c6f632c64656275672c6a71666d743d76667376312c6572726f72733d636f6e74696e75652c6d696e5f62617463685f74696d653d3078303030303030303030303030303734352c7573726a71756f74613d2e2f66696c65302c6d626c6b5f696f5f7375626d69742c2c0fa0d573e1c33a72b588fab602ec621d9c565880382ef7aa52e52eb0b3c3085fc6ab8a25a811325a3f37d441d223c5c435ddaf0b7c5762b422f4d6279ed46cbc4490bf4ccc7e696002618eba2b9fddca178502aa11cd6abf5be3f0c47dce7cfc830f6405852a2386c9ad46b38993b1ea1093a43257cc9d4a9f4206c049acf282058524ac4e025c30c81675686ba52e25558987ec1b6921dd25bf10d4d1710100010000000000b6728ac868085d21029fbc82b4f6d70c6ba6564929"], 0x2, 0x4df, &(0x7f0000000740)="$eJzs3FtvFFUcAPD/TC9QoLbilYuyisZGI6Xl+uADGE14MTHRGHxc20KQAoauCZBGqjGY+KDhE3h5M/ET+KQvRo0PGl81vhoTYvoC+mDWzO5s3XZ3e2PbUvr7JVPOmTkz55yZOew5Z3Y2gA2rkP1JIrZFxK8R0VeNzk5QqP5za3py5O/pyZEkyuVX/koq6W5OT47Uktb225pHBtKI9P0kdjXJd+LylbPF8fGxi3l8sJTmoXPF02Onx84PHz168EDPkcPDh9pSz6xMN3e+c2H3jhOvX39p5OT1N77/MitvOd9eX4+q/iXm0NGwphCF2eeyzpNLPPqdrrcunHRmf9O1KwyLlt212eXqqrT/vuioxKr64sX31rRwwIoql8vlTQ1rZz7Lpsr1kqS6A3CXSDRp2KBqH/Q3p7OR6uRI4zj47nbjeFRGQFm9b+VLdUtnZQRb6K+OjbpWKP/7I+Lk1D+fZEs0nYcAAGivr49HbMn7HbWluiWNB+vS3ZM/G+qPiHsjYntE3Jf3Xx6IqKR9KCIertundxFPAQpz4o39n5978kB9d7Vtsv7fc/mzrdn9v5mS93fksd5K/buSU2fGx/bn52QgujZl8aHGQ89Mq33zwi8ft8q/UNf/y5Ys/1pfMC/Hn51zJuhGi6Xi7da75sa7lRN7tbH+SXQmtVDEjojYuYzjZ+fszNNf7G61fVb9s3o21P+j1gfvXEaB5ih/FvFU9fpPxZz6Z7rz0GDp3FuDE5evPHum/vnk0JHDw4cGN8f42P7B2l3R6Iefrr2cBxuGEQtf/5WVXf8tTe//mSeX/Un989qJpedx7bcPWo5plnv/dyevVsLd+bpLxVLp4lBEdzLVuH74/30vFXtmpc/qP7C3efvfHvHvp/l+uyIiu4kfiYhHI2JPXvbHIuLxiNg7T/2/e/6JN1sNIe+E6z+6pOvfKnDsx4jmmzrOfvtVQ8YfFhZZ/+z6H6yEBvI1o8XS5oXqNV9J6wO3fQIBAABgHdgTEdsiSfflc5zbIk337YvYOjODMlF65tSFt8+PVt8R6I+utDbT1Vc3HzqUzw1n8Wyv4bp4tv1AZd64XC6Xe7J4Nn4f713bqsOGt7VF+8/80fhKC3C3WdJztFZvtAHr0vKfo7f/CxnA6mrD92iAdUr7h41r0e1/pd6CA9ZMs/Z/NeLWGhQFWGXN2v9rDWuOrUpZgNVl/A8b1/Lbvy8DwHrn8x82pEW9JL+MwPYT86RJOlcm09aBNOb/FYD+iNqaWp9m/gP+nka0p4Qdba1pz6xrmjZNsznakVekC6bpXMIPMaxuIL0zilENbIqIBe7emZvtai1wZaULVmkEn6/t/04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC3778AAAD//xyK03E=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) [ 123.125862][ T5151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.151729][ T5151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.209969][ T5095] veth0_macvtap: entered promiscuous mode [ 123.278330][ T5200] loop1: detected capacity change from 0 to 512 [ 123.318952][ T5095] veth1_macvtap: entered promiscuous mode [ 123.355309][ T5200] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e02c, mo2=0002] [ 123.370948][ T5200] System zones: 1-12 [ 123.405736][ T5200] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm syz-executor.1: bg 0: block 361: padding at end of block bitmap is not set [ 123.424472][ T5063] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 123.439989][ T5200] EXT4-fs (loop1): Remounting filesystem read-only [ 123.453526][ T5200] EXT4-fs (loop1): 1 truncate cleaned up [ 123.461874][ T5200] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.498137][ T5200] EXT4-fs warning (device loop1): dx_probe:822: inode #2: lblock 0: comm syz-executor.1: error -117 reading directory block [ 123.523530][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 15:38:37 executing program 1: signalfd(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x20}) write$cgroup_int(r0, &(0x7f0000000040), 0xfea0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x2880008, r0, 0x0, 0x0, 0xa}) [ 123.558288][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.611471][ T5096] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.669741][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.704293][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.728542][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.748052][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.765095][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.787296][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.802107][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.817232][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.832789][ T5063] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 235 [ 123.850565][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.875177][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.890199][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.021093][ T5154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.030668][ T5063] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 124.045658][ T5154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.053773][ T5063] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.080945][ T5063] usb 5-1: Product: syz [ 124.108067][ T5063] usb 5-1: Manufacturer: syz [ 124.126646][ T5063] usb 5-1: SerialNumber: syz [ 124.170912][ T5063] usb 5-1: config 0 descriptor?? [ 124.189286][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.210151][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.223591][ T5197] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 124.233266][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.245910][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.278791][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.289772][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.300020][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.311315][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.321273][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.335058][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.348312][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_1 15:38:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "186440a383"}]}]}, 0x40}}, 0x0) [ 124.379223][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.390845][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.441226][ T5095] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.484855][ T5095] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.493672][ T5095] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.526154][ T5095] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 15:38:38 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000006ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 124.710845][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.713148][ T5063] usb 5-1: USB disconnect, device number 2 [ 124.740110][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 15:38:38 executing program 2: socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x0) 15:38:39 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f00000003c0)={0x0, [0x800007, 0x2, 0x81], [{}, {0xfffffb8d, 0x0, 0x0, 0x1}, {0x0, 0x2}], 0x20}) 15:38:39 executing program 4: r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x214}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x4b30, &(0x7f0000000000)) ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000200)) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r0, &(0x7f0000000040)=""/54, 0x36) syz_io_uring_setup(0x0, &(0x7f00000000c0), &(0x7f0000c57000), 0x0) ioctl$UFFDIO_COPY(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000c27000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x3000}) ioperm(0x0, 0xff, 0xfffffffffffffff7) timerfd_create(0x5, 0x80000) r2 = timerfd_create(0x7, 0x80000) timerfd_gettime(r2, &(0x7f0000000180)) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x29404, &(0x7f0000000080)={[{@iocharset={'iocharset', 0x3d, 'cp949'}}, {@shortname_mixed}, {@fat=@check_normal}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@shortname_lower}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@rodir}]}, 0x5, 0x27c, &(0x7f0000000380)="$eJzs3bFqW1cYB/BPllrJhiINBdNSWpV26CRsl44FmeJCqaClRUNLh5papsVyDTYY2sH2UkzfIXmFZMwayBCy5gVCIDiBLHEmDwEF+Sq2pEjCQrlRTH6/RZ/OPX+dc4/QvWjQ0e8fbW6sbe2sHx8fRaGQiVw1qnGSiVLMRDYSBzFAflAjAHAZnLRa8aSVuFCgmvqUAICUjX3/BwAuvVH3/8zBWduPr39mAEBaJvr+P5PKlACAlP38y6/fL9dqKz+Vy4WIzcPd+m49eUyOL6/HX9GMRixEMZ5FtM4k9bff1VYWym0PS1HY3O/k93fr2d78YhSjNDi/WE5EvTv/Tsx18vfmohFLUYz3B+eXBubfjS8+i1huT6I9fiWKcfeP2IpmrEU7m+TzEbG3WC5/80OtL58/7QcAAAAAAAAAAAAAAAAAAAAAAGmolM+Ueve/SfbvqVSGHU/y3fsDzY7cH6h/f55cfJib7rkDAAAAAAAAAAAAAAAAAADAm2Lnn383VpvNxnZS/Pfx51/3trSLv+9cu3WUTwJ9h8YtMp1xx0sdTjZoX5E9Hf29Tx9cGdBnZuT6dBet/MSrMbC4+ckrfsE0ittHf37w5c78V8P6RK675f+I6O0zZOlyoxZ8kuJxMSKl1bj+oqg+falP50MTje3Zab9x81erqzf27j+6aGrERaOVTeVaBAAAAAAAAAAAAAAAAAAAb7vzH/0mz3+b9oQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYArO//9/3CIfPS2FoZ0Ppn2OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPAAA//+gaJj/") 15:38:39 executing program 3: r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001700)=[{{0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x1030000}], 0x40000000000035c, 0x0) [ 125.169473][ T5215] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.2'. 15:38:39 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)={0x28, r1, 0x1, 0x0, 0x0, {{0x28}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}}, 0x0) [ 125.227207][ T5215] bridge_slave_1: left allmulticast mode [ 125.250541][ T5215] bridge_slave_1: left promiscuous mode [ 125.256853][ T5218] udevd[5218]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 125.335688][ T5215] bridge0: port 2(bridge_slave_1) entered disabled state 15:38:39 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="0d000000010000", 0x7) [ 125.400319][ T5215] bridge_slave_0: left allmulticast mode [ 125.400394][ T5215] bridge_slave_0: left promiscuous mode [ 125.400780][ T5215] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.572415][ T5231] Bluetooth: MGMT ver 1.22 [ 125.608226][ T5224] loop4: detected capacity change from 0 to 256 15:38:39 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='workqueue_queue_work\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 15:38:39 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e80)={&(0x7f0000000cc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func_proto, @func={0x2, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x34}, 0x20) 15:38:39 executing program 2: mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) setxattr$trusted_overlay_opaque(&(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, 0x0, 0x2) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0x5450, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000002140), 0x0, &(0x7f00000021c0)) getgid() write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000002200)={0xa0, 0x0, r0, {{0x800002, 0x0, 0x3, 0x9, 0x8, 0x5, {0x0, 0x7f, 0x3, 0x4, 0x2, 0x0, 0x0, 0x2, 0x8, 0x2000, 0x1, 0x0, 0x0, 0x5, 0x9}}, {0x0, 0xa}}}, 0xa0) socket(0xa, 0x2, 0x0) r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x0, 0x0) r2 = epoll_create1(0x0) dup3(r2, r1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, 0x0) epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r1) connect$packet(0xffffffffffffffff, 0x0, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) pipe2(&(0x7f0000000080), 0x10000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$KDGKBMODE(0xffffffffffffffff, 0x5451, 0x0) r4 = mq_open(&(0x7f0000000040)='*\x00', 0x842, 0x40, 0x0) ioctl$VT_GETMODE(r4, 0x5450, 0x0) 15:38:39 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@d, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) [ 125.827307][ T780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.855056][ T780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 15:38:40 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x144000, 0x7fe2, 0x1}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), 0x20000000}, 0x20) 15:38:40 executing program 3: r0 = memfd_create(&(0x7f0000000780)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o8T\xech\x18\xae\xd6;\x18\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)w\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb%u3\xec\xde%\x00]\xd8\xebD\x82S\x17?\xd6As\xc2\xb1\x9aF\xe2\xba[\xc7%\x88 \xeeQR\xb9\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11)W\x9c\x82\x91\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xea\x16\xc6\xce\x83\xab\x05\x19-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc9\x81\rLJ\xc6\xa3\xd1\x91\xf5\x879\t&\xbdq\x06`T\xc8\x92\xaf\x97\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94 2.{\xc1\xbe\x9bth\xac\x9a~\xcb\xb9E\x10W\xed\xed51[\xc5\xeb\xb1ux\x94\x86p\x98\x9d\x1a\x8b\x88\xff\x01\x86\x9d\xe5.\xfc\xa2v\xb1\xff\xc6\xbd\xfa\xa5\x96|\xcb\xa5[\xabZ\xbd\a\xa1\x8a\xd0\x8b\xebG\xde\x82\xdb\xe3\x9f\x11\xea\x0e}\xeb\x8cX\xeft$\aW\xe7\xe5cL\xf4\xbd9\xcd,\x0fd{\x19\x98\xaa\x12\xad\xce\r$3j/\xda\xc1-X\xf1\x82\fC\xe9\x187\xd3\x84[\x92\f#\x00\xba\xd4b\b\xafr\x84\x02i+)\xb7]\x98x\x13\xe3\xbc\x04\x1es\xa3\xd4\xdf\x0fZL\x94E\x81\xa1z\x88\x9a{\xbf\xe4\x1a\x81\x8a\xbf\x18/-M\x12\xe6\xdfvzJR\x83\xd5\x03\xf2\xc1\xce\xaf\xfa\xb8\xa7\v`1\xae\x00\x02\x98*\xd9U\xfe\x9aE\xe5\x14\x10\xd0\xc8M\xf4\x99\xeb\b\x89\xa5\xe5\xbd\xb7\x92[<\x89\x95Y\b[-P\xbc\x9c\x85E\xcf\xf7\xc3\x86\n\xe7\xa9\xf8L\x89\x86\xbbc\x98$/5\x82\x85\xdad\x8e]\xcc\xff\x855\x9f\xa3\xe6w\x17\\\x0f\xec\xef\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00T\x8e\xee\xaa\xcb\xc3|a\x8c\xdf7G\xa1\xf6\x84\xba}\x84\xa6\x99m\x06 \xd2\xc3\xed\xc7+o\x0f\xcaw\xcd\xf8\xbd1\xb9\x7f\x0f#,\xa8\xcf\xf4\xadF\xa3`\x10\x1b\xde\x89w\x98\xbcP\xb6\x93\xb6\xb0s\xdes\xed\xaf-\xf1\xb055*(\xc5\x00\x1e}\xd5pSE9O[\x019\x12\x80\xf9\xf6\xc7|n\x8d9\x01\xf2\x8e\x9a{\xd3\xba\x1d\xcf\xde\x04\x19\xb1\xe5>=\xaf\xa2l\xf6\xcd\xe1\x99\x91\xa20\\\xc3\x94\xfd55\xeb\xf1\xe5/2\x17\x14\xd7\xb3O\x85\x8d\xdc\xd0\x17\r\x89\x0f\xec\xb0\v\x84$', 0x0) fallocate(r0, 0x0, 0x0, 0x8000005) pwritev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="ab", 0x1}], 0x1, 0x0, 0x0) 15:38:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000007b00b67018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e40)={&(0x7f0000000600)='ext4_free_blocks\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='ext4_free_blocks\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0) write$cgroup_pid(r3, &(0x7f0000000040), 0x12) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x0, 0x2, 0xc2, 0x0, 0x87}}) [ 126.168126][ T963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.209027][ T963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 15:38:40 executing program 0: mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0x5450, 0x0) 15:38:40 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)={0x28, r1, 0x1, 0x0, 0x0, {{0x28}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}}, 0x0) 15:38:40 executing program 5: getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x6a, 0xf, 0x0, 0x20000000) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) 15:38:40 executing program 1: socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x0) 15:38:41 executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f0000000c0000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400002, 0x0, 0x12, r2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r3 = socket(0x11, 0x800000003, 0x0) r4 = getpgrp(0xffffffffffffffff) r5 = socket$packet(0x11, 0x2, 0x300) r6 = epoll_create(0x1) kcmp$KCMP_EPOLL_TFD(r4, r4, 0x7, r5, &(0x7f0000000380)={r6}) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12}}, 0x24}}, 0x0) 15:38:41 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x101}, @enum]}}, 0x0, 0x32}, 0x20) [ 127.235477][ T5255] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.1'. [ 127.304914][ T5255] bridge_slave_1: left allmulticast mode [ 127.310637][ T5255] bridge_slave_1: left promiscuous mode [ 127.377357][ T5255] bridge0: port 2(bridge_slave_1) entered disabled state 15:38:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000005e40)='./file0\x00', 0x1110c0, 0x0) r2 = dup3(r0, r1, 0x0) write$FUSE_DIRENT(r2, 0x0, 0x0) [ 127.483256][ T5255] bridge_slave_0: left allmulticast mode [ 127.510075][ T5255] bridge_slave_0: left promiscuous mode [ 127.575628][ T5255] bridge0: port 1(bridge_slave_0) entered disabled state 15:38:42 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000f40), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000003b40)={{0x3, 0x0, 0x0, 0x0, 'syz1\x00'}}) 15:38:42 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x8e}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) 15:38:42 executing program 4: mlockall(0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/arp\x00') mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 15:38:42 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mlockall(0x1) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f00000000c0)={'NETMAP\x00'}, &(0x7f0000000100)=0x1e) r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x7e001, 0x40) pipe2(0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8901, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$PIO_UNIMAP(r0, 0x4b67, 0x0) 15:38:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)={0x28, r1, 0x1, 0x0, 0x0, {{0x28}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}}, 0x0) 15:38:43 executing program 5: mlockall(0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$peeksig(0x4209, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) socket(0x1, 0x3, 0x0) 15:38:43 executing program 3: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, &(0x7f0000001000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 15:38:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 15:38:44 executing program 3: r0 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_devices(r0, &(0x7f0000000380)={'b', ' *:* ', 'w\x00'}, 0x8) 15:38:44 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) 15:38:44 executing program 3: socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x0) [ 130.746381][ T5285] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.3'. [ 130.780603][ T5285] bridge_slave_1: left allmulticast mode [ 130.803162][ T5285] bridge_slave_1: left promiscuous mode [ 130.840565][ T5285] bridge0: port 2(bridge_slave_1) entered disabled state 15:38:45 executing program 0: syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') syz_open_procfs(0x0, &(0x7f00000000c0)='sessionid\x00') mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_mr_cache\x00') syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') epoll_create1(0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) r0 = open$dir(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x1, 0x0) vmsplice(r1, &(0x7f0000000400)=[{&(0x7f0000000200)='R', 0x1}], 0x1, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r0, r2, 0x1, 0x0) 15:38:45 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)={0x28, r1, 0x1, 0x0, 0x0, {{0x28}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}}, 0x0) [ 130.954736][ T5285] bridge_slave_0: left allmulticast mode [ 130.991417][ T5285] bridge_slave_0: left promiscuous mode [ 131.026362][ T5285] bridge0: port 1(bridge_slave_0) entered disabled state 15:38:45 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair(0x28, 0x802, 0x0, &(0x7f0000000040)) 15:38:45 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x45) 15:38:45 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x4004662b, 0x20001412) 15:38:45 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc040563e, &(0x7f0000000000)={0x2, 0x0, @value}) 15:38:46 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGPHYS(r0, 0x80404502, 0x0) 15:38:46 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000f40), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000003b40)={{0x3, 0x0, 0x0, 0x0, 'syz1\x00'}}) 15:38:46 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='f\x00\x00', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000,\x00'/34, @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=none') 15:38:46 executing program 0: r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x0, 0x9, 0x0, "53a44a07bfffffffd659b234790a91ca8a1cdd7ba9655eaceb6a844bf81f30ce"}) 15:38:46 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)={0x50, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e}]}, 0x50}}, 0x0) [ 132.635842][ T5306] bad cache= option: none0 [ 132.635842][ T5306] [ 132.668073][ T5306] CIFS: VFS: bad cache= option: none0 15:38:46 executing program 3: sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, &(0x7f0000001000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001040)={0x0}}, 0x0) 15:38:46 executing program 2: r0 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r0, 0x0) clock_gettime(0x0, &(0x7f0000000140)) [ 132.937127][ T5312] Zero length message leads to an empty skb 15:38:47 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)={0x4c, r2, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x30, 0x33, @action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_b, @from_mac=@broadcast, {}, @value}, @sp_mp_confirm={0xf, 0x2, {0x0, @random, {}, @val={0x72, 0x6}, @void}}}}]}, 0x4c}}, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) 15:38:47 executing program 0: syz_emit_ethernet(0x105, &(0x7f0000000000)={@broadcast, @empty, @val, {@ipv4}}, 0x0) 15:38:47 executing program 4: syz_emit_ethernet(0x24, &(0x7f0000001700)=ANY=[@ANYBLOB="ffffffffffff130000000000080045"], 0x0) 15:38:47 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r1}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 15:38:47 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) [ 133.424660][ C1] ------------[ cut here ]------------ [ 133.425030][ C0] [ 133.425040][ C0] ================================ [ 133.425050][ C0] WARNING: inconsistent lock state [ 133.425060][ C0] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 133.425081][ C0] -------------------------------- [ 133.425091][ C0] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [ 133.425109][ C0] syz-executor.3/5321 [HC0[0]:SC1[1]:HE0:SE0] takes: [ 133.425150][ C0] ffff888015098018 (&pool->lock){?.-.}-{2:2} [ 133.430650][ C1] WARNING: CPU: 1 PID: 5323 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 [ 133.432966][ C0] , at: __queue_work+0x39e/0x1170 [ 133.438054][ C1] Modules linked in: [ 133.443139][ C0] {IN-HARDIRQ-W} state was registered at: [ 133.449787][ C1] CPU: 1 PID: 5323 Comm: syz-executor.4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 133.454874][ C0] lock_acquire+0x1b1/0x540 [ 133.461695][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 133.468344][ C0] _raw_spin_lock+0x2e/0x40 [ 133.474297][ C1] RIP: 0010:__local_bh_enable_ip+0xc3/0x120 [ 133.483646][ C0] __queue_work+0x39e/0x1170 [ 133.488654][ C1] Code: 00 e8 b1 6c 0b 00 e8 cc 68 42 00 fb 65 8b 05 0c f1 b0 7e 85 c0 74 52 5b 5d e9 d9 44 84 09 65 8b 05 4e a5 af 7e 85 c0 75 9e 90 <0f> 0b 90 eb 98 e8 f3 66 42 00 eb 99 48 89 ef e8 29 e0 19 00 eb a2 [ 133.492532][ C0] queue_work_on+0xf4/0x120 [ 133.498231][ C1] RSP: 0018:ffffc90000a089f8 EFLAGS: 00010046 [ 133.508183][ C0] tick_setup_sched_timer+0x47c/0x790 [ 133.512756][ C1] [ 133.512765][ C1] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1f3eed7 [ 133.522791][ C0] hrtimer_run_queues+0x33c/0x450 [ 133.527379][ C1] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff88cc0674 [ 133.533255][ C0] update_process_times+0xcf/0x220 [ 133.537930][ C1] RBP: ffffffff88cc0674 R08: 0000000000000000 R09: ffffed100bbd2101 [ 133.557635][ C0] tick_periodic+0x7e/0x230 [ 133.562233][ C1] R10: ffff88805de9080b R11: ffffffff9348ec90 R12: fffffffffffffffe [ 133.568303][ C0] tick_handle_periodic+0x45/0x120 [ 133.573737][ C1] R13: ffff88805de90808 R14: ffff88805de90800 R15: 00000000049396b8 [ 133.576065][ C0] __sysvec_apic_timer_interrupt+0x112/0x410 [ 133.584020][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 133.589196][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 133.597154][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.602326][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 133.610284][ C1] CR2: 0000001b31623000 CR3: 000000002d820000 CR4: 0000000000350ef0 [ 133.614856][ C0] console_flush_all+0xa19/0xd70 [ 133.622810][ C1] Call Trace: [ 133.622828][ C1] [ 133.627987][ C0] console_unlock+0xae/0x290 [ 133.635949][ C1] ? show_regs+0x8c/0xa0 [ 133.641987][ C0] vprintk_emit+0x11a/0x5a0 [ 133.650898][ C1] ? __warn+0xe5/0x390 [ 133.656592][ C0] vprintk+0x7f/0xa0 [ 133.663243][ C1] ? __local_bh_enable_ip+0xc3/0x120 [ 133.669288][ C0] _printk+0xc8/0x100 [ 133.677246][ C1] ? report_bug+0x3c0/0x580 [ 133.682245][ C0] __clocksource_select+0x33f/0x400 [ 133.685518][ C1] ? handle_bug+0x3d/0x70 [ 133.688342][ C0] clocksource_done_booting+0x39/0x50 [ 133.692996][ C1] ? exc_invalid_op+0x17/0x50 [ 133.697218][ C0] do_one_initcall+0x12b/0x690 [ 133.701789][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 133.705832][ C0] kernel_init_freeable+0x69d/0xc40 [ 133.709794][ C1] ? sock_hash_delete_elem+0x1f4/0x260 [ 133.715057][ C0] kernel_init+0x1c/0x2a0 [ 133.719112][ C1] ? sock_hash_delete_elem+0x1f4/0x260 [ 133.723587][ C0] ret_from_fork+0x48/0x80 [ 133.728848][ C1] ? __local_bh_enable_ip+0xc3/0x120 [ 133.733156][ C0] ret_from_fork_asm+0x1a/0x30 [ 133.738596][ C1] ? srso_return_thunk+0x5/0x5f [ 133.743251][ C0] irq event stamp: 2199 [ 133.748077][ C1] sock_hash_delete_elem+0x1f4/0x260 [ 133.753082][ C0] hardirqs last enabled at (2198): [] __do_softirq+0x1d6/0x8de [ 133.758356][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 133.763781][ C0] hardirqs last disabled at (2199): [] _raw_spin_lock_irq+0x45/0x50 [ 133.768188][ C1] bpf_trace_run3+0x16a/0x440 [ 133.773705][ C0] softirqs last enabled at (2102): [] __do_softirq+0x596/0x8de [ 133.778191][ C1] ? __pfx_bpf_trace_run3+0x10/0x10 [ 133.783451][ C0] softirqs last disabled at (2197): [] irq_exit_rcu+0xb9/0x120 [ 133.788284][ C1] ? srso_return_thunk+0x5/0x5f [ 133.793109][ C0] [ 133.793109][ C0] other info that might help us debug this: [ 133.793124][ C0] Possible unsafe locking scenario: [ 133.793124][ C0] [ 133.797417][ C1] ? lock_acquire+0x1b1/0x540 [ 133.802681][ C0] CPU0 [ 133.802691][ C0] ---- [ 133.811859][ C1] __bpf_trace_workqueue_queue_work+0x101/0x140 [ 133.817292][ C0] lock(&pool->lock [ 133.826816][ C1] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 133.831464][ C0] ); [ 133.831474][ C0] [ 133.840631][ C1] ? srso_return_thunk+0x5/0x5f [ 133.845806][ C0] lock(&pool->lock [ 133.854902][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 133.859742][ C0] ); [ 133.859753][ C0] [ 133.859753][ C0] *** DEADLOCK *** [ 133.859753][ C0] [ 133.867795][ C1] __queue_work+0x627/0x1170 [ 133.875307][ C0] 6 locks held by syz-executor.3/5321: [ 133.879983][ C1] call_timer_fn+0x1a3/0x5b0 [ 133.883231][ C0] #0: ffff88807ec84da0 [ 133.886524][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 133.892736][ C0] (&mm->mmap_lock [ 133.896614][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 133.903349][ C0] ){++++}-{3:3} [ 133.905835][ C1] ? __pfx_lock_release+0x10/0x10 [ 133.909272][ C0] , at: do_mprotect_pkey+0x23f/0xd70 [ 133.914109][ C1] ? srso_return_thunk+0x5/0x5f [ 133.918148][ C0] #1: ffffffff8d7b49e0 [ 133.923497][ C1] ? next_expiry_recalc+0x259/0x2e0 [ 133.925980][ C0] (rcu_read_lock [ 133.934111][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 133.938673][ C0] ){....}-{1:2} [ 133.944199][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 133.948939][ C0] , at: mt_validate+0xd5/0x4390 [ 133.953100][ C1] __run_timers+0x567/0xab0 [ 133.958882][ C0] #2: ffffc90000007cb0 [ 133.962594][ C1] ? __pfx___run_timers+0x10/0x10 [ 133.967772][ C0] (&(&bat_priv->nc.work)->timer [ 133.971218][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 133.976220][ C0] ){+.-.}-{0:0} [ 133.981510][ C1] run_timer_base+0x111/0x190 [ 133.986332][ C0] , at: call_timer_fn+0x11a/0x5b0 [ 133.990469][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 133.995639][ C0] #3: ffffffff8d7b49e0 [ 133.999260][ C1] run_timer_softirq+0x1a/0x40 [ 134.005039][ C0] (rcu_read_lock [ 134.008480][ C1] __do_softirq+0x21b/0x8de [ 134.014260][ C0] ){....}-{1:2} [ 134.019098][ C1] ? __pfx___do_softirq+0x10/0x10 [ 134.023566][ C0] , at: __queue_work+0xf2/0x1170 [ 134.027698][ C1] ? srso_return_thunk+0x5/0x5f [ 134.032699][ C0] #4: ffff888015098018 [ 134.037622][ C1] irq_exit_rcu+0xb9/0x120 [ 134.042636][ C0] (&pool->lock [ 134.046078][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 134.050729][ C0] ){?.-.}-{2:2} [ 134.055737][ C1] [ 134.060907][ C0] , at: __queue_work+0x39e/0x1170 [ 134.065038][ C1] [ 134.069776][ C0] #5: ffffffff8d7b49e0 [ 134.073429][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 134.077904][ C0] (rcu_read_lock [ 134.081343][ C1] RIP: 0010:unmap_page_range+0xffc/0x2af0 [ 134.086362][ C0] ){....}-{1:2} [ 134.091277][ C1] Code: 74 08 3c 01 0f 8e 32 16 00 00 48 8b 44 24 18 31 ff 0f b6 40 20 89 c3 88 84 24 80 00 00 00 83 e3 01 89 de e8 26 75 bb ff 84 db <0f> 84 74 04 00 00 e8 99 7a bb ff 48 8b 04 24 48 c1 e8 03 42 80 3c [ 134.096125][ C0] , at: bpf_trace_run3+0xf8/0x440 [ 134.100257][ C1] RSP: 0018:ffffc900090c76d0 EFLAGS: 00000202 [ 134.104677][ C0] [ 134.104677][ C0] stack backtrace: [ 134.104690][ C0] CPU: 0 PID: 5321 Comm: syz-executor.3 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 134.108138][ C1] [ 134.108146][ C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81d2c18a [ 134.113744][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 134.117180][ C1] RDX: ffff8880282ebc00 RSI: 0000000000000000 RDI: 0000000000000001 [ 134.120102][ C0] Call Trace: [ 134.120120][ C0] [ 134.125122][ C1] RBP: 8000000000000007 R08: 0000000000000001 R09: 0000000000000000 [ 134.128061][ C0] dump_stack_lvl+0x116/0x1f0 [ 134.132191][ C1] R10: 0000000000000001 R11: 0000000000000003 R12: 0000000000000001 [ 134.138152][ C0] mark_lock+0x923/0xc60 [ 134.141886][ C1] R13: ffffea0001abdd80 R14: dffffc0000000000 R15: 0000000000000007 [ 134.147685][ C0] ? __pfx_mark_lock+0x10/0x10 [ 134.151122][ C1] ? unmap_page_range+0xffa/0x2af0 [ 134.170701][ C0] ? __local_bh_enable_ip+0xc3/0x120 [ 134.175737][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 134.181749][ C0] ? srso_return_thunk+0x5/0x5f [ 134.187613][ C1] ? srso_return_thunk+0x5/0x5f [ 134.197600][ C0] ? disable_trace_on_warning+0x19/0x70 [ 134.199930][ C1] ? srso_return_thunk+0x5/0x5f [ 134.207873][ C0] ? srso_return_thunk+0x5/0x5f [ 134.217993][ C1] ? uprobe_munmap+0x20/0x570 [ 134.225950][ C0] ? handle_bug+0x3d/0x70 [ 134.229210][ C1] unmap_single_vma+0x194/0x2b0 [ 134.232031][ C0] ? srso_return_thunk+0x5/0x5f [ 134.239988][ C1] unmap_vmas+0x22f/0x490 [ 134.244627][ C0] ? exc_invalid_op+0x17/0x50 [ 134.252587][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 134.256802][ C0] mark_held_locks+0x9f/0xe0 [ 134.264747][ C1] ? srso_return_thunk+0x5/0x5f [ 134.269488][ C0] ? sock_hash_delete_elem+0x1f4/0x260 [ 134.274573][ C1] ? __pfx_lock_release+0x10/0x10 [ 134.279833][ C0] lockdep_hardirqs_on_prepare+0x137/0x420 [ 134.285180][ C1] ? lru_add_drain_cpu+0x454/0x860 [ 134.289998][ C0] ? sock_hash_delete_elem+0x1f4/0x260 [ 134.294828][ C1] exit_mmap+0x1c1/0xb60 [ 134.300337][ C0] trace_hardirqs_on+0x36/0x40 [ 134.305171][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 134.309992][ C0] __local_bh_enable_ip+0xa4/0x120 [ 134.314675][ C1] __mmput+0x12a/0x4d0 [ 134.318984][ C0] sock_hash_delete_elem+0x1f4/0x260 [ 134.323813][ C1] mmput+0x62/0x70 [ 134.328728][ C0] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 134.333033][ C1] do_exit+0x999/0x2be0 [ 134.337687][ C0] bpf_trace_run3+0x16a/0x440 [ 134.342511][ C1] ? srso_return_thunk+0x5/0x5f [ 134.347082][ C0] ? __pfx_bpf_trace_run3+0x10/0x10 [ 134.351929][ C1] ? get_signal+0x92d/0x2760 [ 134.357367][ C0] ? srso_return_thunk+0x5/0x5f [ 134.362365][ C1] ? __pfx_do_exit+0x10/0x10 [ 134.368146][ C0] ? lock_acquire+0x1b1/0x540 [ 134.373238][ C1] ? srso_return_thunk+0x5/0x5f [ 134.378853][ C0] __bpf_trace_workqueue_queue_work+0x101/0x140 [ 134.383087][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 134.387831][ C0] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 134.392741][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.397823][ C0] ? srso_return_thunk+0x5/0x5f [ 134.401872][ C1] do_group_exit+0xd3/0x2a0 [ 134.407131][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.410831][ C1] get_signal+0x2390/0x2760 [ 134.416266][ C0] __queue_work+0x627/0x1170 [ 134.420385][ C1] ? vfs_write+0x14d/0x1100 [ 134.425048][ C0] call_timer_fn+0x1a3/0x5b0 [ 134.429873][ C1] ? __pfx_get_signal+0x10/0x10 [ 134.435042][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.439625][ C1] ? srso_return_thunk+0x5/0x5f [ 134.444451][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 134.449020][ C1] ? __pfx_do_futex+0x10/0x10 [ 134.453670][ C0] ? __pfx_lock_release+0x10/0x10 [ 134.458501][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 134.464717][ C0] ? srso_return_thunk+0x5/0x5f [ 134.469716][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 134.476463][ C0] ? next_expiry_recalc+0x259/0x2e0 [ 134.481841][ C1] ? ksys_write+0x1ab/0x260 [ 134.486667][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.491147][ C1] ? __pfx_ksys_write+0x10/0x10 [ 134.496495][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.500982][ C1] syscall_exit_to_user_mode+0x14a/0x2a0 [ 134.505543][ C0] __run_timers+0x567/0xab0 [ 134.510025][ C1] do_syscall_64+0xe2/0x260 [ 134.514600][ C0] ? __pfx___run_timers+0x10/0x10 [ 134.519422][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 134.525201][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 134.530025][ C1] RIP: 0033:0x7f297927de69 [ 134.535129][ C0] run_timer_base+0x111/0x190 [ 134.539762][ C1] Code: Unable to access opcode bytes at 0x7f297927de3f. [ 134.544766][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 134.550300][ C1] RSP: 002b:00007f2979fa5178 EFLAGS: 00000246 [ 134.555131][ C0] run_timer_softirq+0x1a/0x40 [ 134.561256][ C1] ORIG_RAX: 00000000000000ca [ 134.566427][ C0] __do_softirq+0x21b/0x8de [ 134.570903][ C1] RAX: fffffffffffffe00 RBX: 00007f29793abf88 RCX: 00007f297927de69 [ 134.576698][ C0] ? __pfx___do_softirq+0x10/0x10 [ 134.581512][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f29793abf88 [ 134.587329][ C0] ? srso_return_thunk+0x5/0x5f [ 134.592933][ C1] RBP: 00007f29793abf80 R08: 00007f2979fa56c0 R09: 00007f2979fa56c0 [ 134.597423][ C0] irq_exit_rcu+0xb9/0x120 [ 134.601901][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29793abf8c [ 134.606903][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 134.612781][ C1] R13: 000000000000000b R14: 00007ffccea50b20 R15: 00007ffccea50c08 [ 134.617786][ C0] [ 134.622189][ C1] [ 134.626826][ C0] [ 134.626843][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 134.633843][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 134.633864][ C1] CPU: 1 PID: 5323 Comm: syz-executor.4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 134.633907][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 134.633930][ C1] Call Trace: [ 134.633946][ C1] [ 134.633959][ C1] dump_stack_lvl+0x3d/0x1f0 [ 134.634010][ C1] panic+0x6f5/0x7a0 [ 134.634055][ C1] ? __pfx_panic+0x10/0x10 [ 134.634096][ C1] ? srso_return_thunk+0x5/0x5f [ 134.634154][ C1] ? show_trace_log_lvl+0x363/0x500 [ 134.634230][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 134.634278][ C1] ? __local_bh_enable_ip+0xc3/0x120 [ 134.634338][ C1] check_panic_on_warn+0xab/0xb0 [ 134.634386][ C1] __warn+0xf1/0x390 [ 134.634431][ C1] ? __local_bh_enable_ip+0xc3/0x120 [ 134.634496][ C1] report_bug+0x3c0/0x580 [ 134.634543][ C1] handle_bug+0x3d/0x70 [ 134.634579][ C1] exc_invalid_op+0x17/0x50 [ 134.634618][ C1] asm_exc_invalid_op+0x1a/0x20 [ 134.634677][ C1] RIP: 0010:__local_bh_enable_ip+0xc3/0x120 [ 134.634739][ C1] Code: 00 e8 b1 6c 0b 00 e8 cc 68 42 00 fb 65 8b 05 0c f1 b0 7e 85 c0 74 52 5b 5d e9 d9 44 84 09 65 8b 05 4e a5 af 7e 85 c0 75 9e 90 <0f> 0b 90 eb 98 e8 f3 66 42 00 eb 99 48 89 ef e8 29 e0 19 00 eb a2 [ 134.634777][ C1] RSP: 0018:ffffc90000a089f8 EFLAGS: 00010046 [ 134.634809][ C1] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1f3eed7 [ 134.634835][ C1] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff88cc0674 [ 134.634861][ C1] RBP: ffffffff88cc0674 R08: 0000000000000000 R09: ffffed100bbd2101 [ 134.634888][ C1] R10: ffff88805de9080b R11: ffffffff9348ec90 R12: fffffffffffffffe [ 134.634915][ C1] R13: ffff88805de90808 R14: ffff88805de90800 R15: 00000000049396b8 [ 134.634946][ C1] ? sock_hash_delete_elem+0x1f4/0x260 [ 134.634995][ C1] ? sock_hash_delete_elem+0x1f4/0x260 [ 134.635042][ C1] ? srso_return_thunk+0x5/0x5f [ 134.635100][ C1] sock_hash_delete_elem+0x1f4/0x260 [ 134.635148][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x4a [ 134.635183][ C1] bpf_trace_run3+0x16a/0x440 [ 134.635235][ C1] ? __pfx_bpf_trace_run3+0x10/0x10 [ 134.635288][ C1] ? srso_return_thunk+0x5/0x5f [ 134.635342][ C1] ? lock_acquire+0x1b1/0x540 [ 134.635388][ C1] __bpf_trace_workqueue_queue_work+0x101/0x140 [ 134.635429][ C1] ? __pfx___bpf_trace_workqueue_queue_work+0x10/0x10 [ 134.635501][ C1] ? srso_return_thunk+0x5/0x5f [ 134.635557][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.635614][ C1] __queue_work+0x627/0x1170 [ 134.635672][ C1] call_timer_fn+0x1a3/0x5b0 [ 134.635710][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.635763][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 134.635801][ C1] ? __pfx_lock_release+0x10/0x10 [ 134.635845][ C1] ? srso_return_thunk+0x5/0x5f [ 134.635899][ C1] ? next_expiry_recalc+0x259/0x2e0 [ 134.635960][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.636012][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 134.636066][ C1] __run_timers+0x567/0xab0 [ 134.636111][ C1] ? __pfx___run_timers+0x10/0x10 [ 134.636151][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 134.636207][ C1] run_timer_base+0x111/0x190 [ 134.636246][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 134.636289][ C1] run_timer_softirq+0x1a/0x40 [ 134.636327][ C1] __do_softirq+0x21b/0x8de [ 134.636381][ C1] ? __pfx___do_softirq+0x10/0x10 [ 134.636431][ C1] ? srso_return_thunk+0x5/0x5f [ 134.636493][ C1] irq_exit_rcu+0xb9/0x120 [ 134.636547][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 134.636599][ C1] [ 134.636611][ C1] [ 134.636624][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 134.636684][ C1] RIP: 0010:unmap_page_range+0xffc/0x2af0 [ 134.636740][ C1] Code: 74 08 3c 01 0f 8e 32 16 00 00 48 8b 44 24 18 31 ff 0f b6 40 20 89 c3 88 84 24 80 00 00 00 83 e3 01 89 de e8 26 75 bb ff 84 db <0f> 84 74 04 00 00 e8 99 7a bb ff 48 8b 04 24 48 c1 e8 03 42 80 3c [ 134.636774][ C1] RSP: 0018:ffffc900090c76d0 EFLAGS: 00000202 [ 134.636802][ C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81d2c18a [ 134.636827][ C1] RDX: ffff8880282ebc00 RSI: 0000000000000000 RDI: 0000000000000001 [ 134.636851][ C1] RBP: 8000000000000007 R08: 0000000000000001 R09: 0000000000000000 [ 134.636875][ C1] R10: 0000000000000001 R11: 0000000000000003 R12: 0000000000000001 [ 134.636898][ C1] R13: ffffea0001abdd80 R14: dffffc0000000000 R15: 0000000000000007 [ 134.636931][ C1] ? unmap_page_range+0xffa/0x2af0 [ 134.637005][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 134.637056][ C1] ? srso_return_thunk+0x5/0x5f [ 134.637115][ C1] ? srso_return_thunk+0x5/0x5f [ 134.637167][ C1] ? uprobe_munmap+0x20/0x570 [ 134.637223][ C1] unmap_single_vma+0x194/0x2b0 [ 134.637280][ C1] unmap_vmas+0x22f/0x490 [ 134.637337][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 134.637390][ C1] ? srso_return_thunk+0x5/0x5f [ 134.637446][ C1] ? __pfx_lock_release+0x10/0x10 [ 134.637495][ C1] ? lru_add_drain_cpu+0x454/0x860 [ 134.637547][ C1] exit_mmap+0x1c1/0xb60 [ 134.637609][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 134.637692][ C1] __mmput+0x12a/0x4d0 [ 134.637747][ C1] mmput+0x62/0x70 [ 134.637799][ C1] do_exit+0x999/0x2be0 [ 134.637840][ C1] ? srso_return_thunk+0x5/0x5f [ 134.637894][ C1] ? get_signal+0x92d/0x2760 [ 134.637948][ C1] ? __pfx_do_exit+0x10/0x10 [ 134.637986][ C1] ? srso_return_thunk+0x5/0x5f [ 134.638038][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 134.638086][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.638139][ C1] do_group_exit+0xd3/0x2a0 [ 134.638182][ C1] get_signal+0x2390/0x2760 [ 134.638237][ C1] ? vfs_write+0x14d/0x1100 [ 134.638294][ C1] ? __pfx_get_signal+0x10/0x10 [ 134.638347][ C1] ? srso_return_thunk+0x5/0x5f [ 134.638403][ C1] ? __pfx_do_futex+0x10/0x10 [ 134.638462][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 134.638520][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 134.638578][ C1] ? ksys_write+0x1ab/0x260 [ 134.638628][ C1] ? __pfx_ksys_write+0x10/0x10 [ 134.638685][ C1] syscall_exit_to_user_mode+0x14a/0x2a0 [ 134.638742][ C1] do_syscall_64+0xe2/0x260 [ 134.638801][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 134.638857][ C1] RIP: 0033:0x7f297927de69 [ 134.638883][ C1] Code: Unable to access opcode bytes at 0x7f297927de3f. [ 134.638900][ C1] RSP: 002b:00007f2979fa5178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.638934][ C1] RAX: fffffffffffffe00 RBX: 00007f29793abf88 RCX: 00007f297927de69 [ 134.638959][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f29793abf88 [ 134.638984][ C1] RBP: 00007f29793abf80 R08: 00007f2979fa56c0 R09: 00007f2979fa56c0 [ 134.639009][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29793abf8c [ 135.380614][ C1] R13: 000000000000000b R14: 00007ffccea50b20 R15: 00007ffccea50c08 [ 135.388647][ C1] [ 135.391978][ C1] Kernel Offset: disabled [ 135.396309][ C1] Rebooting in 86400 seconds..