last executing test programs: 6.146312499s ago: executing program 3 (id=3432): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000014c0)={0x18, 0x52, 0x1, 0x0, 0x0, {0x2}, [@generic="bacd48"]}, 0x18}}, 0x0) 6.098985389s ago: executing program 0 (id=3434): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x9d741df904aad753, 0x0, 0x0, {{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0xa, 0x2}}, 0x126}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000383a00fe880000000000000000000000000001ff0200000000000000008be60000000102009078000000006098a35000000000fe800000000000000000000000000002fc010000000000"], 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 6.06237674s ago: executing program 3 (id=3436): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000100)="2a5ada7db05b5aaaafea46e8389b6e7a69abf3233e6f4e42f0e65a1cbf3b2875a8938b89840411b9171dadfb238fce4216dcab16c689b6b1397d77f2f23f2802cea686bcadd01a2f0ad93e7658b866dfc661dcb73e312252da733d51505058e8d093c4a0da23387141a8c51131b14f8d23d96caa83dbabc7bc988a8ce7d5e67047d0264c54edd090eec82a1f0efc68a3c542a18c3d663c45730ed89c4716d9b76907ff7632174217db702b817f7fe24a7892688e5536e3", 0xb7}, {0x0}, {0x0}], 0x3) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000500)='nv\x00', 0x3) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x700) 5.563281852s ago: executing program 2 (id=3437): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000180)="cd78e889a5f7a21394dbbf5e", 0xc}], 0x2}}, {{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000000840)="f9", 0x1}], 0x1}}], 0x2, 0x4) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 5.246225753s ago: executing program 0 (id=3439): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2265d77eca70ffeb", "2a7490afedc2507756cce4cf72480364", "27c800", "00000000000085bc"}, 0x28) sendto$inet6(r0, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="0c45755bd552e0c2f424bb3a4fdf8808ee", 0x11, 0x8000, 0x0, 0x0) 5.186966534s ago: executing program 3 (id=3440): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x7000000) 5.026738505s ago: executing program 2 (id=3441): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r1, 0x111, 0x11, 0x20000000, 0x4) 4.951165665s ago: executing program 2 (id=3442): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f00000001c0)={0x1f, 0x2}, 0x80) write$bt_hci(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="01eafc"], 0x7) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0x4) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x30, 0x1410, 0x1, 0x70bd2c, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4011}, 0x0) socket$kcm(0x10, 0x2, 0x0) socket(0x2a, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x5c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x1000}, 0x24}}, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x3, 0xfffefffffffffffe}, &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_KEY(r0, 0x0, 0x44000) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2}], 0x10, 0x0, @void, @value}, 0x90) sendmsg$inet(r6, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x0) sendmsg$inet(r6, &(0x7f00000014c0)={&(0x7f0000001040)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10, &(0x7f0000000500)=[{&(0x7f0000001400)="b7", 0x1}], 0x1}, 0x24000004) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r8) recvmsg$unix(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r6, 0x84, 0x7b, &(0x7f0000000000)=r9, 0x8) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 4.264080288s ago: executing program 0 (id=3443): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000005cc0)={0x40c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {0xb4c}, @device_a, @device_b, @random="5253f024da72"}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @val={0x25, 0x3, {0x0, 0x3d}}, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_PROBE_RESP={0x328, 0x91, "2890a2676825d2909b993d321aead762e217fff10ff1e923afc9c77e66cad4746e0527d08a05c393601339566d9ec341bee98c2a3d4e5acd93857df06e98344518d3fd7af39516e90ae68bd237a34db031541b7f46522d4afb75df332de24b49a236dce70b9b6c2674a9d8b7e70ed57f0b349c130e4b4fd6e2aa5ce07d473a013c8bdc71226150d012326d2b258a09cf4a4d1d1ef835be0d6f3f117b613f9c7c82bfcf5aadfa55cb454a125daf4271a0997861be240d9b71e087509f087f73b6fad57128ef69ef68ab1266bb5f1a5c2f6866efbef47f8c2b27b3879b927b91f01a5b87c7d4ba9b2f95cb96c8ca7de88d84c60284abf460936cecabd0bd1f23d47aeb80496a98f0796563b59b58215fb273c57723608dadf6a8381522bf6eb26dcac19c6f06507e7d4cffce4d892af8ab96310b29c57403457fe2e3ee70ae8c9503d6c2bf439d784f0e62777e7e8f558ff5a43a4f48ab8c80e068e414d004b22af151374589b9ec0d8b1242874046dd72588aa08ce263fac766149cb5d815718ac410a54ccf5823e75f0bfa35d2ede8362e1505684ecd7f2040df4e5b349837dc7960f9a9aa30eb625dfdae09f653ba6c68ae79edfdba4b9e8a323b7100dba2f2f5ce67652a814ed80fdef8634fd64157e9362da77e2c566f292486e8f0d1dbce52235e3fa95ec19884e44ad61628ca70f1efe4b02409aa8c9291466bd970569af8e2a273b269ffeb7da0df68be17df027be36f2b141433c51fc325f418ce90bea816e825f1305b4dd836dba9858cfb1e6443a07a6175840b149115a49e97566f7b58ff787a50039db17a55a36fba737e4fd6b215a63c16cce56a9f4fc603137e20980ba2741a3b28191d9bfeffa7679442f042463772dd9bd75290a85114ba4c787f5b2b92a5f65bdaa06b0a549b572f74513be39b2925b66ddcfc69ce0632000a2b8ff8fe64b68906ccb186fe8149683195e03ffbd87be6d83d31dbec429d5ca34595858969e1bf4763ea2380d55aad2791e276b17a5830836cbf76ab89d77ee2c6a84f08cefc69a19650ac73f9a1251b70425775686b31d8955fab16b3a54c30c14a92aa7ad4f0d7a4eff6ae4b10f0125aa1c7804ddadf73ce3fe7e832ced9d7ed0c5e"}, @NL80211_ATTR_IE_PROBE_RESP={0x14, 0x7f, [@ssid={0x0, 0x6, @default_ap_ssid}, @gcr_ga={0xbd, 0x6, @broadcast}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x53, 0x80, [@gcr_ga={0xbd, 0x6, @broadcast}, @ht={0x2d, 0x1a, {0x8000, 0x1, 0x4, 0x0, {0x5, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x800, 0x3511, 0x2}}, @preq={0x82, 0x20, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0x1, 0xd, 0x9, @broadcast, 0x8, @value, 0x1, 0x4e}}, @chsw_timing={0x68, 0x4, {0x7477, 0xffff}}, @dsss={0x3, 0x1, 0x8c}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]]}, 0x40c}, 0x1, 0x0, 0x0, 0x90}, 0x0) 3.235451413s ago: executing program 4 (id=3446): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) socket$xdp(0x2c, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6be01d09a95b66d3d", @ANYRES8], 0x398}}, 0x0) 3.171830804s ago: executing program 2 (id=3447): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="019800000000000020001280080001"], 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000000)='1', 0x1, 0x0, &(0x7f0000000200)={0x11, 0x3, r3, 0x1, 0x0, 0x6, @local}, 0x14) 3.170819184s ago: executing program 1 (id=3448): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='R', 0x1, 0xfffffffffffffffd) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r6 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)='e', 0x1, 0xfffffffffffffffe) r7 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="60cd153f5954e3b7cefddfbed84b91d3d9a9fd43dd92f43358ada528c9975f6a54460d82bfed69629ca866d8c96bcfa57faa0d6331c47570853a59d9c3a0115e550c32a738277dac34c4f099d5baf5375003b36317e98386e681a1aa460047b346ce5323723800283a5bbb1414629063c33634e02855543b4c7c8959c4bcba5fd364f3ef6f17ea7ff6abd4c5f19a620098fcac44ba30b9fa29c34e67aef6f4d42ed06c8f61c9e9094c5d46e8e24bce13d71a1f0c09dbc7b73a7ad36e7f288650", 0xc0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r6, r7}, &(0x7f0000000140)=""/245, 0xf5, &(0x7f0000000340)={&(0x7f0000000280)={'sm3\x00'}}) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002bbd7000fbdbdf25010000000c3e06000100000001000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) 3.127393385s ago: executing program 4 (id=3449): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x9d741df904aad753, 0x0, 0x0, {{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0xa, 0x2}}, 0x126}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000383a00fe880000000000000000000000000001ff0200000000000000008be60000000102009078000000006098a35000000000fe800000000000000000000000000002fc010000000000"], 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000100)={0x87}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.311335468s ago: executing program 2 (id=3450): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000100)="2a5ada7db05b5aaaafea46e8389b6e7a69abf3233e6f4e42f0e65a1cbf3b2875a8938b89840411b9171dadfb238fce4216dcab16c689b6b1397d77f2f23f2802cea686bcadd01a2f0ad93e7658b866dfc661dcb73e312252da733d51505058e8d093c4a0da23387141a8c51131b14f8d23d96caa83dbabc7bc988a8ce7d5e67047d0264c54edd090eec82a1f0efc68a3c542a18c3d663c45730ed89c4716d9b76907ff7632174217db702b817f7fe24a7892688e5536e3", 0xb7}, {0x0}, {0x0}], 0x3) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000500)='nv\x00', 0x3) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x700) 2.279163898s ago: executing program 1 (id=3451): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000500)=0x67dd, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x40002000, 0x0, 0x0) 2.240473538s ago: executing program 4 (id=3452): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000180)="cd78e889a5f7a21394dbbf5e", 0xc}], 0x2}}, {{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000000840)="f9", 0x1}], 0x1}}], 0x2, 0x4) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 2.205742539s ago: executing program 1 (id=3453): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="0c45755bd552e0c2f424bb3a4fdf8808ee", 0x11, 0x8000, 0x0, 0x0) 2.11973672s ago: executing program 4 (id=3454): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x4000000) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001140), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000b800000000000000080008000d000000", 0x24) socket(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$ETHTOOL_MSG_FEATURES_GET(r3, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f00000015c0)={0x2c, r4, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r9 = accept(r0, 0x0, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000001062106000000000000000000000006"], 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x1000) 1.886736001s ago: executing program 3 (id=3455): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r2) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0xf1d, 0x1, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 1.129839614s ago: executing program 0 (id=3456): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000005c0)='cgroup.freeze\x00', 0x275a, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4) syz_emit_ethernet(0x5e, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000702", 0x28, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast2, @remote}}}}}}, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x80200, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000100)=0x1) ioctl$PPPIOCCONNECT(r4, 0x4004743a, &(0x7f0000000280)) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 1.122754874s ago: executing program 2 (id=3457): syz_emit_ethernet(0x80, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "be2c00", 0x4a, 0x2f, 0x0, @empty, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558, 0x0, 0x0, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0xff95, 0x800]}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x72}}}}}}}}}, 0x0) 1.105528174s ago: executing program 1 (id=3458): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xbe, &(0x7f0000000740)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev, {[@cipso={0x86, 0x6e, 0x2, [{0x0, 0x2}, {0x0, 0x12, "fd74c40ab1416ceebaa2ee0000000000"}, {0x0, 0xd, "7434954373561de584b703"}, {0x1, 0x9, "e706d30bd224f8"}, {0x0, 0x6, "cfa11cab"}, {0x0, 0xf, "7c1d4c66fab6fca6f91154e7d3"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0xd, "c8f46976a95e000093f22c"}]}, @lsrr={0x83, 0xf, 0x2a, [@local, @local, @private=0xa010102]}]}}}}}}}, 0x0) 1.101481605s ago: executing program 4 (id=3459): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 979.243855ms ago: executing program 1 (id=3461): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='R', 0x1, 0xfffffffffffffffd) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x30}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r6 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)='e', 0x1, 0xfffffffffffffffe) r7 = add_key$user(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="60cd153f5954e3b7cefddfbed84b91d3d9a9fd43dd92f43358ada528c9975f6a54460d82bfed69629ca866d8c96bcfa57faa0d6331c47570853a59d9c3a0115e550c32a738277dac34c4f099d5baf5375003b36317e98386e681a1aa460047b346ce5323723800283a5bbb1414629063c33634e02855543b4c7c8959c4bcba5fd364f3ef6f17ea7ff6abd4c5f19a620098fcac44ba30b9fa29c34e67aef6f4d42ed06c8f61c9e9094c5d46e8e24bce13d71a1f0c09dbc7b73a7ad36e7f288650", 0xc0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r6, r7}, &(0x7f0000000140)=""/245, 0xf5, &(0x7f0000000340)={&(0x7f0000000280)={'sm3\x00'}}) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_WPAN_PHY(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01002bbd7000fbdbdf25010000000c3e06000100000001000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) 958.965175ms ago: executing program 3 (id=3462): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x9d741df904aad753, 0x0, 0x0, {{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0xa, 0x2}}, 0x126}}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000383a00fe880000000000000000000000000001ff0200000000000000008be60000000102009078000000006098a35000000000fe800000000000000000000000000002fc010000000000"], 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000100)={0x87}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 929.372035ms ago: executing program 0 (id=3463): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799ded6be01d09a95b66d3d", @ANYRES8], 0x398}}, 0x0) 111.481529ms ago: executing program 0 (id=3464): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)="74fc61371711", 0x6, 0x4005, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/114, 0x72, 0x0, 0x0}, &(0x7f0000000180)=0x40) 54.71843ms ago: executing program 1 (id=3465): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x7000000) 10.39557ms ago: executing program 3 (id=3466): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000005cc0)={0x40c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {0xb4c}, @device_a, @device_b, @random="5253f024da72"}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @val={0x25, 0x3, {0x0, 0x3d}}, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_PROBE_RESP={0x328, 0x91, "2890a2676825d2909b993d321aead762e217fff10ff1e923afc9c77e66cad4746e0527d08a05c393601339566d9ec341bee98c2a3d4e5acd93857df06e98344518d3fd7af39516e90ae68bd237a34db031541b7f46522d4afb75df332de24b49a236dce70b9b6c2674a9d8b7e70ed57f0b349c130e4b4fd6e2aa5ce07d473a013c8bdc71226150d012326d2b258a09cf4a4d1d1ef835be0d6f3f117b613f9c7c82bfcf5aadfa55cb454a125daf4271a0997861be240d9b71e087509f087f73b6fad57128ef69ef68ab1266bb5f1a5c2f6866efbef47f8c2b27b3879b927b91f01a5b87c7d4ba9b2f95cb96c8ca7de88d84c60284abf460936cecabd0bd1f23d47aeb80496a98f0796563b59b58215fb273c57723608dadf6a8381522bf6eb26dcac19c6f06507e7d4cffce4d892af8ab96310b29c57403457fe2e3ee70ae8c9503d6c2bf439d784f0e62777e7e8f558ff5a43a4f48ab8c80e068e414d004b22af151374589b9ec0d8b1242874046dd72588aa08ce263fac766149cb5d815718ac410a54ccf5823e75f0bfa35d2ede8362e1505684ecd7f2040df4e5b349837dc7960f9a9aa30eb625dfdae09f653ba6c68ae79edfdba4b9e8a323b7100dba2f2f5ce67652a814ed80fdef8634fd64157e9362da77e2c566f292486e8f0d1dbce52235e3fa95ec19884e44ad61628ca70f1efe4b02409aa8c9291466bd970569af8e2a273b269ffeb7da0df68be17df027be36f2b141433c51fc325f418ce90bea816e825f1305b4dd836dba9858cfb1e6443a07a6175840b149115a49e97566f7b58ff787a50039db17a55a36fba737e4fd6b215a63c16cce56a9f4fc603137e20980ba2741a3b28191d9bfeffa7679442f042463772dd9bd75290a85114ba4c787f5b2b92a5f65bdaa06b0a549b572f74513be39b2925b66ddcfc69ce0632000a2b8ff8fe64b68906ccb186fe8149683195e03ffbd87be6d83d31dbec429d5ca34595858969e1bf4763ea2380d55aad2791e276b17a5830836cbf76ab89d77ee2c6a84f08cefc69a19650ac73f9a1251b70425775686b31d8955fab16b3a54c30c14a92aa7ad4f0d7a4eff6ae4b10f0125aa1c7804ddadf73ce3fe7e832ced9d7ed0c5e"}, @NL80211_ATTR_IE_PROBE_RESP={0x14, 0x7f, [@ssid={0x0, 0x6, @default_ap_ssid}, @gcr_ga={0xbd, 0x6, @broadcast}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x53, 0x80, [@gcr_ga={0xbd, 0x6, @broadcast}, @ht={0x2d, 0x1a, {0x8000, 0x1, 0x4, 0x0, {0x5, 0x5, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x800, 0x3511, 0x2}}, @preq={0x82, 0x20, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0x1, 0xd, 0x9, @broadcast, 0x8, @value, 0x1, 0x4e}}, @chsw_timing={0x68, 0x4, {0x7477, 0xffff}}, @dsss={0x3, 0x1, 0x8c}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]]}, 0x40c}, 0x1, 0x0, 0x0, 0x90}, 0x0) 0s ago: executing program 4 (id=3467): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r0, 0x0, 0x0) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000100)="2a5ada7db05b5aaaafea46e8389b6e7a69abf3233e6f4e42f0e65a1cbf3b2875a8938b89840411b9171dadfb238fce4216dcab16c689b6b1397d77f2f23f2802cea686bcadd01a2f0ad93e7658b866dfc661dcb73e312252da733d51505058e8d093c4a0da23387141a8c51131b14f8d23d96caa83dbabc7bc988a8ce7d5e67047d0264c54edd090eec82a1f0efc68a3c542a18c3d663c45730ed89c4716d9b76907ff7632174217db702b817f7fe24a7892688e5536e3", 0xb7}, {0x0}, {0x0}], 0x3) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000500)='nv\x00', 0x3) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x700) kernel console output (not intermixed with test programs): z.0.676'. [ 193.971839][ T47] Bluetooth: hci3: command 0x041b tx timeout [ 194.491638][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.493289][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.589464][ T6528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.758434][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.760041][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.839918][ T6528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.478398][ T6605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.482458][ T6605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.916019][ T6528] device hsr_slave_0 entered promiscuous mode [ 195.934107][ T6528] device hsr_slave_1 entered promiscuous mode [ 195.963936][ T6528] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 195.967356][ T6528] Cannot create hsr debugfs directory [ 196.093736][ T4301] Bluetooth: hci3: command 0x040f tx timeout [ 196.590657][ T188] device hsr_slave_0 left promiscuous mode [ 196.613835][ T188] device hsr_slave_1 left promiscuous mode [ 196.744302][ T188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.749371][ T188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.758050][ T188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.761938][ T188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.770373][ T188] device bridge_slave_1 left promiscuous mode [ 196.777289][ T188] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.825041][ T188] device bridge_slave_0 left promiscuous mode [ 196.826642][ T188] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.605600][ T188] device veth1_macvtap left promiscuous mode [ 197.607395][ T188] device veth0_macvtap left promiscuous mode [ 197.609999][ T188] device veth1_vlan left promiscuous mode [ 197.611628][ T188] device veth0_vlan left promiscuous mode [ 198.199104][ T47] Bluetooth: hci3: command 0x0419 tx timeout [ 198.804473][ T6649] xt_connbytes: Forcing CT accounting to be enabled [ 198.881166][ T6649] Cannot find add_set index 0 as target [ 200.104505][ T6664] input: syz0 as /devices/virtual/input/input15 [ 200.636658][ T188] team0 (unregistering): Port device team_slave_1 removed [ 200.825679][ T188] team0 (unregistering): Port device team_slave_0 removed [ 201.041535][ T188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.237363][ T188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.286504][ T6681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.290201][ T6681] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.665527][ T188] bond0 (unregistering): Released all slaves [ 204.914532][ T6647] netlink: 168 bytes leftover after parsing attributes in process `syz.1.687'. [ 204.983744][ T6688] netlink: 68 bytes leftover after parsing attributes in process `syz.0.701'. [ 206.674559][ T6712] input: syz0 as /devices/virtual/input/input16 [ 206.791017][ T6528] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 206.875980][ T6528] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 206.929292][ T6528] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 206.960816][ T6528] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 208.720237][ T6528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.757604][ T6528] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.764662][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 208.766743][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.770723][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.773191][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.915864][ T4457] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.917419][ T4457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.937447][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.940439][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.951793][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.960870][ T4457] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.962744][ T4457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.709557][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.712028][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.717444][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.720827][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.728096][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.730601][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.732808][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.154158][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.272490][ T6749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.274499][ T6749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.517089][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.782015][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.793276][ T6528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.799913][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.878525][ T6757] netlink: 168 bytes leftover after parsing attributes in process `syz.4.713'. [ 211.016435][ T6764] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.342452][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.344562][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.365165][ T6528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.401859][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.404366][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.449226][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.451828][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.479527][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.482256][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.491024][ T6528] device veth0_vlan entered promiscuous mode [ 211.505338][ T6528] device veth1_vlan entered promiscuous mode [ 211.550569][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.552941][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 211.556458][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.559794][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.571400][ T6528] device veth0_macvtap entered promiscuous mode [ 211.577726][ T6528] device veth1_macvtap entered promiscuous mode [ 211.596454][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.599966][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.603337][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.607092][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.610369][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.614414][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.617808][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.621278][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.627076][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.629868][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.632618][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 211.634914][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 211.638509][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 211.644539][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.648008][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.651262][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.655913][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.659218][ T6528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.662773][ T6528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.678538][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.689266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 211.691697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 211.708407][ T6528] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.712069][ T6528] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.718729][ T6528] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.721027][ T6528] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.569117][ T4710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.571594][ T4710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.608531][ T4457] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 212.648368][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.650635][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.676483][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 213.901431][ T6828] netlink: 168 bytes leftover after parsing attributes in process `syz.0.727'. [ 214.082232][ T6827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.085870][ T6827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.866272][ T6861] input: syz0 as /devices/virtual/input/input17 [ 217.166123][ T6877] netlink: 168 bytes leftover after parsing attributes in process `syz.2.740'. [ 220.037416][ T6915] netlink: 32 bytes leftover after parsing attributes in process `syz.3.748'. [ 221.639637][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 221.901252][ T6945] netlink: 168 bytes leftover after parsing attributes in process `syz.4.753'. [ 221.953679][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 221.957756][ T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 221.959573][ T24] usb 1-1: config 0 has no interface number 0 [ 221.963117][ T24] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92 [ 221.971323][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.975298][ T24] usb 1-1: Product: syz [ 221.976205][ T24] usb 1-1: Manufacturer: syz [ 221.977640][ T24] usb 1-1: SerialNumber: syz [ 221.980570][ T24] usb 1-1: config 0 descriptor?? [ 221.990583][ T24] usb 1-1: selecting invalid altsetting 2 [ 221.992954][ T24] i2c-cp2615: probe of 1-1:0.1 failed with error -22 [ 222.061727][ T6956] input: syz0 as /devices/virtual/input/input18 [ 223.382234][ T7006] input: syz0 as /devices/virtual/input/input19 [ 223.806296][ T7009] netlink: 168 bytes leftover after parsing attributes in process `syz.3.768'. [ 223.807542][ T7] usb 1-1: USB disconnect, device number 7 [ 224.201762][ T7020] binder: 7019:7020 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 225.231903][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.3.778'. [ 226.404240][ T7047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.406180][ T7047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.093039][ T7057] input: syz0 as /devices/virtual/input/input20 [ 227.391324][ T7063] netlink: 168 bytes leftover after parsing attributes in process `syz.2.788'. [ 228.481595][ T7092] netlink: 168 bytes leftover after parsing attributes in process `syz.0.799'. [ 228.714953][ T7104] binder: tried to use weak ref as strong ref [ 228.716386][ T7104] binder: 7103:7104 Acquire 1 refcount change on invalid ref 0 ret -22 [ 228.723441][ T7104] binder: 7103:7104 got transaction to invalid handle, 1 [ 228.727428][ T7104] binder: 7104:7103 cannot find target node [ 228.728754][ T7104] binder: 7103:7104 transaction async to 0:0 failed 14/29201/-22, size 0-0 line 3054 [ 228.731260][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 229.520536][ T7122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.524177][ T7122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.993526][ T7123] input: syz0 as /devices/virtual/input/input21 [ 230.272188][ T7125] netlink: 168 bytes leftover after parsing attributes in process `syz.4.813'. [ 230.723045][ T7137] binder: tried to use weak ref as strong ref [ 230.730732][ T7137] binder: 7136:7137 Acquire 1 refcount change on invalid ref 0 ret -22 [ 230.735559][ T7137] binder: 7136:7137 got transaction to invalid handle, 1 [ 230.737165][ T7137] binder: 7137:7136 cannot find target node [ 230.738555][ T7137] binder: 7136:7137 transaction async to 0:0 failed 17/29201/-22, size 0-0 line 3054 [ 230.741310][ T4345] binder: undelivered TRANSACTION_ERROR: 29201 [ 231.130897][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.2.823'. [ 231.406182][ T7160] netlink: 168 bytes leftover after parsing attributes in process `syz.4.824'. [ 232.419208][ T7166] binder: tried to use weak ref as strong ref [ 232.420585][ T7166] binder: 7165:7166 Acquire 1 refcount change on invalid ref 0 ret -22 [ 232.430750][ T7166] binder: 7165:7166 got transaction to invalid handle, 1 [ 232.432343][ T7166] binder: 7166:7165 cannot find target node [ 232.463806][ T7166] binder: 7165:7166 transaction async to 0:0 failed 20/29201/-22, size 0-0 line 3054 [ 232.473715][ T4325] binder: undelivered TRANSACTION_ERROR: 29201 [ 234.315240][ T7194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.326881][ T7194] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.870100][ T7205] input: syz0 as /devices/virtual/input/input22 [ 236.554857][ T7222] binder: 7221:7222 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 236.611640][ T7225] binder: 7221:7225 got transaction to invalid handle, 1 [ 236.613165][ T7225] binder: 7225:7221 cannot find target node [ 236.627518][ T7225] binder: 7221:7225 transaction async to 0:0 failed 24/29201/-22, size 0-0 line 3054 [ 236.630593][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 237.087055][ T7248] input: syz0 as /devices/virtual/input/input23 [ 239.045412][ T7268] binder: 7267:7268 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 239.055195][ T7268] binder: 7267:7268 got transaction to invalid handle, 1 [ 239.056611][ T7268] binder: 7268:7267 cannot find target node [ 239.057833][ T7268] binder: 7267:7268 transaction async to 0:0 failed 28/29201/-22, size 0-0 line 3054 [ 239.082410][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 240.593757][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 240.803802][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 241.043960][ T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 241.045831][ T24] usb 1-1: config 0 has no interface number 0 [ 241.060082][ T24] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92 [ 241.062097][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.064564][ T24] usb 1-1: Product: syz [ 241.065573][ T24] usb 1-1: Manufacturer: syz [ 241.066499][ T24] usb 1-1: SerialNumber: syz [ 241.081119][ T24] usb 1-1: config 0 descriptor?? [ 241.090279][ T24] usb 1-1: selecting invalid altsetting 2 [ 241.093909][ T24] i2c-cp2615: probe of 1-1:0.1 failed with error -22 [ 241.680388][ T7305] input: syz0 as /devices/virtual/input/input24 [ 241.933789][ T47] Bluetooth: hci3: command 0x0407 tx timeout [ 244.285581][ T7315] binder: 7314:7315 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 244.288088][ T7315] binder: 7314:7315 got transaction to invalid handle, 1 [ 244.289548][ T7315] binder: 7315:7314 cannot find target node [ 244.290839][ T7315] binder: 7314:7315 transaction async to 0:0 failed 34/29201/-22, size 0-0 line 3054 [ 244.303377][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 245.527215][ T7335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'. [ 246.089611][ T4345] usb 1-1: USB disconnect, device number 8 [ 248.138398][ T7363] binder: 7362:7363 got transaction to invalid handle, 1 [ 248.140236][ T7363] binder: 7363:7362 cannot find target node [ 248.141448][ T7363] binder: 7362:7363 transaction async to 0:0 failed 40/29201/-22, size 0-0 line 3054 [ 248.154377][ T4343] binder: undelivered TRANSACTION_ERROR: 29201 [ 249.947592][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.949121][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 251.190791][ T7387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.895'. [ 252.833189][ T7414] binder: 7413:7414 got transaction to invalid handle, 1 [ 252.835223][ T7414] binder: 7414:7413 cannot find target node [ 252.839731][ T7414] binder: 7413:7414 transaction async to 0:0 failed 44/29201/-22, size 0-0 line 3054 [ 252.844721][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 253.031036][ T7419] netlink: 32 bytes leftover after parsing attributes in process `syz.0.904'. [ 253.404437][ T7416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.486500][ T7416] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.237597][ T7433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.909'. [ 256.425179][ T7454] binder: 7452:7454 got transaction to invalid handle, 1 [ 256.426946][ T7454] binder: 7454:7452 cannot find target node [ 256.428233][ T7454] binder: 7452:7454 transaction async to 0:0 failed 48/29201/-22, size 0-0 line 3054 [ 256.467618][ T4345] binder: undelivered TRANSACTION_ERROR: 29201 [ 256.478566][ T27] audit: type=1326 audit(256.450:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7453 comm="syz.0.916" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb274b328 code=0x0 [ 257.596216][ T7474] netlink: 32 bytes leftover after parsing attributes in process `syz.1.918'. [ 263.006616][ T7528] netlink: 32 bytes leftover after parsing attributes in process `syz.0.932'. [ 263.153328][ T7536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.171442][ T7536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.290255][ T7542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.937'. [ 265.348242][ T7567] netlink: 168 bytes leftover after parsing attributes in process `syz.4.944'. [ 265.970581][ T7573] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 266.747170][ T7585] netlink: 32 bytes leftover after parsing attributes in process `syz.4.949'. [ 268.440398][ T7608] Cannot find set identified by id 0 to match [ 268.738797][ T7608] netlink: 72 bytes leftover after parsing attributes in process `syz.1.956'. [ 268.759463][ T7621] netlink: 168 bytes leftover after parsing attributes in process `syz.0.959'. [ 268.802365][ T7624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.962'. [ 268.954413][ T7629] netlink: 32 bytes leftover after parsing attributes in process `syz.2.963'. [ 271.356616][ T7673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.358738][ T7673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.872914][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'. [ 272.006710][ T7683] binder: 7681:7683 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 272.745126][ T7692] netlink: 32 bytes leftover after parsing attributes in process `syz.0.977'. [ 274.561444][ T7709] syz.2.981 uses obsolete (PF_INET,SOCK_PACKET) [ 275.136206][ T7723] netlink: 168 bytes leftover after parsing attributes in process `syz.2.984'. [ 275.299519][ T7725] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 275.301401][ T7725] IPv6: NLM_F_CREATE should be set when creating new route [ 275.872275][ T7740] netlink: 32 bytes leftover after parsing attributes in process `syz.3.990'. [ 277.349493][ T7756] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 277.351212][ T7756] IPv6: NLM_F_CREATE should be set when creating new route [ 278.453215][ T7769] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1003'. [ 278.538803][ T7778] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1005'. [ 278.620508][ T7782] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 278.622151][ T7782] IPv6: NLM_F_CREATE should be set when creating new route [ 278.945837][ T7783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.947980][ T7783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.717008][ T7808] binder: BINDER_SET_CONTEXT_MGR already set [ 279.732931][ T7808] binder: 7807:7808 ioctl 4018620d 20000040 returned -16 [ 279.759451][ T7808] binder: 7807:7808 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 279.952164][ T7821] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 281.894922][ T7837] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1023'. [ 282.181813][ T7844] binder: BINDER_SET_CONTEXT_MGR already set [ 282.183243][ T7844] binder: 7843:7844 ioctl 4018620d 20000040 returned -16 [ 282.188525][ T7844] binder: 7843:7844 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 284.353694][ T7891] binder: 7888:7891 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 284.374407][ T7891] binder: 7888 invalid dec weak, ref 53 desc 0 s 1 w 0 [ 284.378290][ T7891] binder: 7888:7891 got transaction to invalid handle, 1 [ 284.379835][ T7891] binder: 7891:7888 cannot find target node [ 284.381078][ T7891] binder: 7888:7891 transaction async to 0:0 failed 54/29201/-22, size 0-0 line 3054 [ 284.390586][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 285.414373][ T7885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.424156][ T7885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.607399][ T7895] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1048'. [ 289.050161][ T7976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 289.053424][ T7976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 289.466281][ T7977] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1070'. [ 292.725071][ T8022] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1091'. [ 293.279699][ T8037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.283126][ T8037] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.269240][ T8085] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1112'. [ 298.035569][ T7] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 298.213704][ T7] usb 1-1: Using ep0 maxpacket: 8 [ 298.216759][ T7] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 298.218507][ T7] usb 1-1: config 0 has no interface number 0 [ 298.222129][ T7] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92 [ 298.256122][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.257970][ T7] usb 1-1: Product: syz [ 298.259150][ T7] usb 1-1: Manufacturer: syz [ 298.260261][ T7] usb 1-1: SerialNumber: syz [ 298.837116][ T7] usb 1-1: config 0 descriptor?? [ 298.840742][ T7] usb 1-1: selecting invalid altsetting 2 [ 298.842049][ T7] i2c-cp2615: probe of 1-1:0.1 failed with error -22 [ 299.125934][ T8117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1125'. [ 299.522593][ T8134] netlink: 'syz.2.1131': attribute type 10 has an invalid length. [ 299.554204][ T8134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.566046][ T8134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.591799][ T8134] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 299.675920][ C0] Illegal XDP return value 16128 on prog (id 12) dev batadv_slave_0, expect packet loss! [ 300.307215][ T7] usb 1-1: USB disconnect, device number 9 [ 301.787525][ T8151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1139'. [ 301.959673][ T8161] loop2: detected capacity change from 0 to 7 [ 301.967195][ T8161] Dev loop2: unable to read RDB block 7 [ 301.968460][ T8161] loop2: unable to read partition table [ 301.969780][ T8161] loop2: partition table beyond EOD, truncated [ 301.971100][ T8161] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 303.123040][ T8173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.133829][ T8173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.441166][ T8184] device geneve2 entered promiscuous mode [ 305.674112][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1155'. [ 307.210040][ T8237] device geneve2 entered promiscuous mode [ 307.405037][ T8250] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1168'. [ 309.094818][ T8278] input: syz0 as /devices/virtual/input/input25 [ 309.883627][ T4345] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 310.063780][ T4345] usb 1-1: Using ep0 maxpacket: 8 [ 310.067317][ T4345] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 310.069033][ T4345] usb 1-1: config 0 has no interface number 0 [ 310.072144][ T4345] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92 [ 310.074368][ T4345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.078126][ T4345] usb 1-1: Product: syz [ 310.079041][ T4345] usb 1-1: Manufacturer: syz [ 310.082142][ T4345] usb 1-1: SerialNumber: syz [ 310.093089][ T4345] usb 1-1: config 0 descriptor?? [ 310.096895][ T4345] usb 1-1: selecting invalid altsetting 2 [ 310.098183][ T4345] i2c-cp2615: probe of 1-1:0.1 failed with error -22 [ 310.122271][ T8285] device geneve2 entered promiscuous mode [ 310.255976][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.257320][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 310.455436][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1182'. [ 312.369951][ T8326] device geneve2 entered promiscuous mode [ 312.681888][ T8339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1195'. [ 312.769819][ T4345] usb 1-1: USB disconnect, device number 10 [ 314.408789][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1207'. [ 314.538852][ T8380] loop2: detected capacity change from 0 to 7 [ 314.545281][ T8380] Dev loop2: unable to read RDB block 7 [ 314.546570][ T8380] loop2: unable to read partition table [ 314.547822][ T8380] loop2: partition table beyond EOD, truncated [ 314.549123][ T8380] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 314.871070][ T8382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.884541][ T8382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 316.022914][ T8394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 316.043197][ T8394] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 317.398243][ T8415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1222'. [ 317.464059][ T4301] Bluetooth: hci4: command 0x0406 tx timeout [ 319.653052][ T8433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.666844][ T8433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.248846][ T8448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1233'. [ 321.386785][ T8454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.388908][ T8454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.193439][ T8483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 322.203111][ T8483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.885849][ T8504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1249'. [ 324.329127][ T8507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 324.331203][ T8507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 324.873793][ T8522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 324.875982][ T8522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.070879][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'. [ 326.979932][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 327.293618][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 327.296528][ T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 327.298230][ T24] usb 1-1: config 0 has no interface number 0 [ 327.301432][ T24] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92 [ 327.303430][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.007661][ T24] usb 1-1: Product: syz [ 328.008620][ T24] usb 1-1: Manufacturer: syz [ 328.009621][ T24] usb 1-1: SerialNumber: syz [ 328.013088][ T24] usb 1-1: config 0 descriptor?? [ 328.017162][ T24] usb 1-1: selecting invalid altsetting 2 [ 328.018580][ T24] i2c-cp2615: probe of 1-1:0.1 failed with error -22 [ 328.220874][ T7] usb 1-1: USB disconnect, device number 11 [ 328.273798][ T8592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1278'. [ 328.674163][ T8605] loop2: detected capacity change from 0 to 7 [ 328.676165][ T8605] Dev loop2: unable to read RDB block 7 [ 328.677536][ T8605] loop2: unable to read partition table [ 328.678989][ T8605] loop2: partition table beyond EOD, truncated [ 328.680504][ T8605] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 329.719159][ T8613] binder: 8612:8613 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 330.159958][ T8632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1298'. [ 330.754512][ T8641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.756492][ T8641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.548766][ T8655] binder: 8654:8655 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 332.764034][ T8674] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1309'. [ 333.372032][ T8685] binder: 8684:8685 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 335.575088][ T8717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.577125][ T8717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.791571][ T8727] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1327'. [ 335.859087][ T8731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1328'. [ 337.366751][ T8754] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1338'. [ 337.586036][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1340'. [ 339.044497][ T8781] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1342'. [ 339.169439][ T8794] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1350'. [ 339.975875][ T8804] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1351'. [ 340.640357][ T8815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.642447][ T8815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.925960][ T8839] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1363'. [ 343.665430][ T8855] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1366'. [ 345.000874][ T8878] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1375'. [ 345.422507][ T8881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.424662][ T8881] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.563148][ T8891] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1379'. [ 347.342749][ T8906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.345982][ T8906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.399492][ T8906] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1384'. [ 348.546411][ T8920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1390'. [ 349.513726][ T8932] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1393'. [ 350.695194][ T8945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.701840][ T8945] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.709174][ T8945] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1398'. [ 350.945170][ T8943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.947200][ T8943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.045048][ T8960] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1404'. [ 353.002313][ T8975] binder: 8970:8975 got transaction to invalid handle, 1 [ 353.011349][ T8975] binder: 8975:8970 cannot find target node [ 353.028996][ T8975] binder: 8970:8975 transaction async to 0:0 failed 63/29201/-22, size 0-0 line 3054 [ 353.036798][ T4396] binder: undelivered TRANSACTION_ERROR: 29201 [ 353.931509][ T8988] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1408'. [ 354.303684][ T4342] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 354.568952][ T4342] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 354.571043][ T4342] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.573348][ T4342] usb 1-1: Product: syz [ 354.576548][ T4342] usb 1-1: Manufacturer: syz [ 354.579764][ T4342] usb 1-1: SerialNumber: syz [ 354.600943][ T4342] usb 1-1: config 0 descriptor?? [ 354.845132][ T4342] usb-storage 1-1:0.0: USB Mass Storage device detected [ 355.027449][ T9004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1417'. [ 355.033386][ T4342] usb 1-1: USB disconnect, device number 12 [ 355.436240][ T9009] loop2: detected capacity change from 0 to 7 [ 355.445302][ T9009] Dev loop2: unable to read RDB block 7 [ 355.446778][ T9009] loop2: unable to read partition table [ 355.457241][ T9009] loop2: partition table beyond EOD, truncated [ 355.480816][ T9009] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 355.794926][ T9014] binder: 9013:9014 got transaction to invalid handle, 1 [ 355.807179][ T9014] binder: 9014:9013 cannot find target node [ 355.808773][ T9014] binder: 9013:9014 transaction async to 0:0 failed 67/29201/-22, size 0-0 line 3054 [ 355.820198][ T4396] binder: undelivered TRANSACTION_ERROR: 29201 [ 356.184409][ T9012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.186509][ T9012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.435132][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1429'. [ 357.444706][ T9034] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1426'. [ 358.419537][ T9045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.421632][ T9045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.619769][ T9049] binder: 9048:9049 got transaction to invalid handle, 1 [ 358.625273][ T9049] binder: 9049:9048 cannot find target node [ 358.626546][ T9049] binder: 9048:9049 transaction async to 0:0 failed 71/29201/-22, size 0-0 line 3054 [ 358.644574][ T4396] binder: undelivered TRANSACTION_ERROR: 29201 [ 359.677994][ T9064] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1440'. [ 360.834318][ T9079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 360.836424][ T9079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 360.919271][ T27] audit: type=1326 audit(360.890:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9081 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb274b328 code=0x7ffc0000 [ 360.926420][ T27] audit: type=1326 audit(360.900:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9081 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=140 compat=0 ip=0xffffb274b328 code=0x7ffc0000 [ 360.943208][ T27] audit: type=1326 audit(360.910:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9081 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb274b328 code=0x7ffc0000 [ 360.973353][ T27] audit: type=1326 audit(360.910:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9081 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb274b328 code=0x7ffc0000 [ 362.333707][ T9091] binder: tried to use weak ref as strong ref [ 362.335095][ T9091] binder: 9088:9091 Acquire 1 refcount change on invalid ref 0 ret -22 [ 362.337422][ T9091] binder: 9088:9091 got transaction to invalid handle, 1 [ 362.338841][ T9091] binder: 9091:9088 cannot find target node [ 362.340126][ T9091] binder: 9088:9091 transaction async to 0:0 failed 74/29201/-22, size 0-0 line 3054 [ 362.366753][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 362.451891][ T9098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.457682][ T9098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.639153][ T9100] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1445'. [ 364.489577][ T9142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 364.493406][ T9142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.596138][ T9165] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1469'. [ 366.822179][ T9173] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1477'. [ 367.557031][ T9183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.559051][ T9183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.748904][ T9221] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1491'. [ 369.831422][ T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 370.495270][ T24] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 370.497165][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.498825][ T24] usb 1-1: Product: syz [ 370.499703][ T24] usb 1-1: Manufacturer: syz [ 370.500672][ T24] usb 1-1: SerialNumber: syz [ 370.514878][ T24] usb 1-1: config 0 descriptor?? [ 370.825578][ T24] usb-storage 1-1:0.0: USB Mass Storage device detected [ 371.548118][ T24] usb 1-1: USB disconnect, device number 13 [ 371.705054][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.706679][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 373.233310][ T9273] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1512'. [ 373.304700][ T9276] lo speed is unknown, defaulting to 1000 [ 378.648738][ T9321] device netdevsim1 entered promiscuous mode [ 378.650075][ T9321] device macsec1 entered promiscuous mode [ 380.674372][ T9322] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1530'. [ 384.495668][ T9404] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1556'. [ 386.814533][ T9441] binder: 9427:9441 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 386.817370][ T9441] binder: 9441 RLIMIT_NICE not set [ 386.879782][ T27] audit: type=1326 audit(386.850:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9436 comm="syz.4.1569" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbbb4b328 code=0x0 [ 389.997838][ T9471] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1573'. [ 390.166107][ T9480] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 390.438516][ T9488] binder: 9481:9488 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 390.441415][ T9488] binder: 9488 RLIMIT_NICE not set [ 393.776442][ T9532] binder: 9523:9532 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 393.779294][ T9532] binder: 9532 RLIMIT_NICE not set [ 394.584921][ T9538] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1603'. [ 394.586811][ T9538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'. [ 394.588717][ T9538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'. [ 394.590576][ T9538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'. [ 394.849125][ T9542] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1595'. [ 395.265104][ T9552] cgroup: Need name or subsystem set [ 396.032361][ T9556] loop2: detected capacity change from 0 to 7 [ 396.045642][ T9556] Dev loop2: unable to read RDB block 7 [ 396.046966][ T9556] loop2: unable to read partition table [ 396.048139][ T9556] loop2: partition table beyond EOD, truncated [ 396.049459][ T9556] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 397.108091][ T9566] lo speed is unknown, defaulting to 1000 [ 397.204271][ T9576] binder: 9564:9576 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 397.207225][ T9576] binder: 9576 RLIMIT_NICE not set [ 399.565498][ T9616] binder: 9609:9616 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 399.568265][ T9616] binder: 9616 RLIMIT_NICE not set [ 399.843931][ T9605] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1618'. [ 400.145638][ T9626] lo speed is unknown, defaulting to 1000 [ 401.133683][ T9660] binder: 9652:9660 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 401.136800][ T9660] binder: 9660 RLIMIT_NICE not set [ 401.848233][ T9673] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1652'. [ 402.033288][ T9683] lo speed is unknown, defaulting to 1000 [ 402.972528][ T9701] loop2: detected capacity change from 0 to 7 [ 403.072280][ T9701] Dev loop2: unable to read RDB block 7 [ 403.077296][ T9701] loop2: AHDI p2 [ 403.079656][ T9701] loop2: partition table partially beyond EOD, truncated [ 403.128312][ T9692] binder: 9691:9692 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 403.131059][ T9692] binder: 9692 RLIMIT_NICE not set [ 403.502774][ T9715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.518741][ T9715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.268983][ T9715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.271053][ T9715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.976372][ T9722] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1670'. [ 406.617368][ T9747] lo speed is unknown, defaulting to 1000 [ 406.634469][ T9750] loop2: detected capacity change from 0 to 7 [ 406.640157][ T9750] Dev loop2: unable to read RDB block 7 [ 406.641477][ T9750] loop2: AHDI p2 [ 406.642319][ T9750] loop2: partition table partially beyond EOD, truncated [ 407.066780][ T9759] binder: 9752:9759 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 407.069867][ T9759] binder: 9759 RLIMIT_NICE not set [ 408.038671][ T9776] Process accounting resumed [ 408.084985][ T9777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1682'. [ 408.116190][ T9768] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1684'. [ 408.252204][ T9786] loop2: detected capacity change from 0 to 7 [ 408.257900][ T9786] Dev loop2: unable to read RDB block 7 [ 408.262527][ T9786] loop2: AHDI p2 [ 408.264896][ T9786] loop2: partition table partially beyond EOD, truncated [ 408.619052][ T9797] binder: 9792:9797 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 408.621764][ T9797] binder: 9797 RLIMIT_NICE not set [ 409.362666][ T9800] lo speed is unknown, defaulting to 1000 [ 410.871595][ T9794] x_tables: ip_tables: osf match: only valid for protocol 6 [ 411.285120][ T9829] tipc: Started in network mode [ 411.286762][ T9829] tipc: Node identity 7f000001, cluster identity 4711 [ 411.288987][ T9829] tipc: Enabling of bearer rejected, failed to enable media [ 412.591227][ T9841] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1703'. [ 412.599773][ T9842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1704'. [ 412.869910][ T9844] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.871613][ T9844] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.505024][ T4350] bond0: (slave bond_slave_0): interface is now down [ 415.506834][ T4350] bond0: (slave bond_slave_1): interface is now down [ 415.508279][ T4350] bond0: (slave batadv_slave_0): interface is now down [ 415.535005][ T9] bond0: (slave bond_slave_0): interface is now down [ 415.536453][ T9] bond0: (slave bond_slave_1): interface is now down [ 415.537801][ T9] bond0: (slave batadv_slave_0): interface is now down [ 415.553585][ T9] bond0: (slave bond_slave_0): interface is now down [ 415.555016][ T9] bond0: (slave bond_slave_1): interface is now down [ 415.556419][ T9] bond0: (slave batadv_slave_0): interface is now down [ 415.576205][ T9] bond0: now running without any active interface! [ 415.810782][ T9888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1718'. [ 416.228210][ T9898] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1721'. [ 418.692775][ T9935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1732'. [ 419.745225][ T9946] lo speed is unknown, defaulting to 1000 [ 422.282918][ T9973] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input26 [ 422.296228][ T9978] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1742'. [ 422.650825][ T9997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1749'. [ 425.150696][T10036] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1761'. [ 425.236903][T10043] loop2: detected capacity change from 0 to 7 [ 425.238829][T10043] Dev loop2: unable to read RDB block 7 [ 425.250007][T10043] loop2: AHDI p2 [ 425.253901][T10043] loop2: partition table partially beyond EOD, truncated [ 427.185645][T10077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.187719][T10077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.409352][T10100] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1782'. [ 429.513597][T10124] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 429.515357][T10124] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 429.528682][T10124] vhci_hcd vhci_hcd.0: Device attached [ 429.541875][T10124] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 429.585552][T10129] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 429.594277][T10124] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 429.597173][T10124] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 429.613426][T10124] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 429.715999][T10124] vhci_hcd vhci_hcd.0: pdev(3) rhport(6) sockfd(16) [ 429.717365][T10124] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 429.723997][ T4396] vhci_hcd: vhci_device speed not set [ 429.739531][T10124] vhci_hcd vhci_hcd.0: Device attached [ 429.749068][T10133] vhci_hcd: connection closed [ 429.751809][T10126] vhci_hcd: connection closed [ 429.753903][ T4350] vhci_hcd: stop threads [ 429.756522][ T4350] vhci_hcd: release socket [ 429.758614][ T4350] vhci_hcd: disconnect device [ 429.762988][ T4350] vhci_hcd: stop threads [ 429.775317][ T4350] vhci_hcd: release socket [ 429.793729][ T4396] usb 8-1: new full-speed USB device number 2 using vhci_hcd [ 429.795856][ T4350] vhci_hcd: disconnect device [ 431.765725][T10165] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1808'. [ 433.192122][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.194753][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 433.508318][T10214] mmap: syz.1.1823 (10214) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 433.787100][T10222] x_tables: ip_tables: osf match: only valid for protocol 6 [ 435.305295][ T4396] vhci_hcd: vhci_device speed not set [ 435.695114][T10228] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1828'. [ 438.779699][T10284] tipc: Started in network mode [ 438.780881][T10284] tipc: Node identity 7a184b013221, cluster identity 4711 [ 438.782540][T10284] tipc: Enabled bearer , priority 0 [ 438.798990][T10284] tipc: Resetting bearer [ 438.852495][T10279] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1844'. [ 438.947193][T10283] tipc: Resetting bearer [ 439.959535][T10305] x_tables: ip_tables: osf match: only valid for protocol 6 [ 439.973760][ T4342] tipc: Node number set to 1211714305 [ 452.580796][T10283] tipc: Disabling bearer [ 453.152780][T10346] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1864'. [ 455.410469][T10373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 455.418071][T10373] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.228276][T10444] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1895'. [ 466.566245][T10508] tipc: Started in network mode [ 466.567483][T10508] tipc: Node identity 96949065d83b, cluster identity 4711 [ 466.569052][T10508] tipc: Enabled bearer , priority 0 [ 466.582109][T10507] tipc: Disabling bearer [ 468.999718][T10541] device sit1 entered promiscuous mode [ 471.166930][T10566] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1936'. [ 473.266855][T10608] binder: 10592:10608 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 473.300753][T10608] binder: 10608 RLIMIT_NICE not set [ 480.998358][T10708] binder: 10680:10708 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 481.001210][T10708] binder: 10708 RLIMIT_NICE not set [ 482.759963][T10724] device syzkaller1 entered promiscuous mode [ 483.139578][T10739] netlink: 'syz.4.1996': attribute type 2 has an invalid length. [ 486.001721][T10777] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 486.007480][T10777] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 487.398709][T10797] binder: 10782:10797 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 487.401733][T10797] binder: 10797 RLIMIT_NICE not set [ 489.276552][T10821] x_tables: ip_tables: osf match: only valid for protocol 6 [ 493.129670][T10843] vivid-000: kernel_thread() failed [ 494.886178][T10870] x_tables: ip_tables: osf match: only valid for protocol 6 [ 495.230646][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 495.237284][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 497.468972][T10901] netlink: 'syz.4.2052': attribute type 2 has an invalid length. [ 499.579913][T10924] lo speed is unknown, defaulting to 1000 [ 499.763193][T10929] binder: 10914:10929 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 499.766211][T10929] binder: 10929 RLIMIT_NICE not set [ 502.262472][T10952] x_tables: ip_tables: osf match: only valid for protocol 6 [ 505.982217][T10989] dns_resolver: Unsupported server list version (0) [ 507.134306][T11004] binder: 10972:11004 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 507.137270][T11004] binder: 11004 RLIMIT_NICE not set [ 512.254043][T11044] netlink: 'syz.3.2096': attribute type 2 has an invalid length. [ 512.442261][T11053] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2099'. [ 512.811993][T11067] binder: 11052:11067 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 512.815158][T11067] binder: 11067 RLIMIT_NICE not set [ 512.852947][T11062] nvme_fabrics: missing parameter 'transport=%s' [ 512.854981][T11062] nvme_fabrics: missing parameter 'nqn=%s' [ 514.815508][T11081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.840198][T11081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 515.729974][T11088] netlink: 'syz.1.2110': attribute type 2 has an invalid length. [ 518.502377][T11126] netlink: 'syz.0.2122': attribute type 2 has an invalid length. [ 518.798224][T11138] binder: 11125:11138 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 518.801115][T11138] binder: 11138 RLIMIT_NICE not set [ 520.956890][T11160] x_tables: ip_tables: osf match: only valid for protocol 6 [ 521.117540][T11170] x_tables: ip_tables: osf match: only valid for protocol 6 [ 524.377396][T11205] x_tables: ip_tables: osf match: only valid for protocol 6 [ 526.985220][ T27] audit: type=1326 audit(526.960:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11215 comm="syz.0.2154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb274b328 code=0x7fc00000 [ 527.056064][T11232] binder: 11218:11232 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 527.058895][T11232] binder: 11232 RLIMIT_NICE not set [ 530.246474][T11281] x_tables: ip_tables: osf match: only valid for protocol 6 [ 532.404731][T11328] x_tables: ip_tables: osf match: only valid for protocol 6 [ 536.620251][T11371] x_tables: ip_tables: osf match: only valid for protocol 6 [ 540.025000][T11431] x_tables: ip_tables: osf match: only valid for protocol 6 [ 545.034879][T11477] x_tables: ip_tables: osf match: only valid for protocol 6 [ 546.690252][T11495] device syzkaller1 entered promiscuous mode [ 548.950194][T11525] x_tables: ip_tables: osf match: only valid for protocol 6 [ 550.674360][T11537] lo speed is unknown, defaulting to 1000 [ 550.754800][T11545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2256'. [ 552.238989][T11569] device syzkaller1 entered promiscuous mode [ 552.706173][T11578] x_tables: ip_tables: osf match: only valid for protocol 6 [ 554.913963][T11598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2270'. [ 554.991368][T11595] lo speed is unknown, defaulting to 1000 [ 555.176915][T11608] bridge0: port 3(syz_tun) entered blocking state [ 555.179127][T11608] bridge0: port 3(syz_tun) entered disabled state [ 555.182252][T11608] device syz_tun entered promiscuous mode [ 556.057772][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 556.059265][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 557.300476][T11642] x_tables: ip_tables: osf match: only valid for protocol 6 [ 558.226751][T11655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2287'. [ 558.250269][T11650] lo speed is unknown, defaulting to 1000 [ 558.520745][T11662] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2290'. [ 558.529767][T11662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2290'. [ 558.531720][T11662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2290'. [ 558.561394][T11662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2290'. [ 559.959323][T11695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2299'. [ 560.026638][T11697] x_tables: ip_tables: osf match: only valid for protocol 6 [ 560.905453][T11707] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2303'. [ 560.907538][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 560.909295][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 560.911103][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 563.058091][T11743] x_tables: ip_tables: osf match: only valid for protocol 6 [ 563.888773][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2315'. [ 563.900117][T11755] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2316'. [ 563.902112][T11755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2316'. [ 563.911637][T11755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2316'. [ 563.914915][T11755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2316'. [ 564.568026][T11774] x_tables: ip_tables: osf match: only valid for protocol 6 [ 566.027617][T11791] x_tables: ip_tables: osf match: only valid for protocol 6 [ 566.916914][T11796] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2330'. [ 566.926844][T11796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2330'. [ 566.928825][T11796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2330'. [ 566.937051][T11796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2330'. [ 567.060616][T11806] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2331'. [ 569.723747][T11847] x_tables: ip_tables: osf match: only valid for protocol 6 [ 570.505770][T11852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2346'. [ 570.922827][T11873] netlink: 'syz.3.2353': attribute type 4 has an invalid length. [ 572.233236][T11898] x_tables: ip_tables: osf match: only valid for protocol 6 [ 572.864377][T11899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2361'. [ 574.283986][T11940] x_tables: ip_tables: osf match: only valid for protocol 6 [ 576.085529][T11971] capability: warning: `syz.2.2387' uses 32-bit capabilities (legacy support in use) [ 577.161274][T11991] x_tables: ip_tables: osf match: only valid for protocol 6 [ 580.780234][T12044] x_tables: ip_tables: osf match: only valid for protocol 6 [ 584.012811][T12091] x_tables: ip_tables: osf match: only valid for protocol 6 [ 587.828263][T12151] x_tables: ip_tables: osf match: only valid for protocol 6 [ 591.748943][T12191] lo speed is unknown, defaulting to 1000 [ 594.956265][T12208] x_tables: ip_tables: osf match: only valid for protocol 6 [ 595.703737][T12226] netlink: 574 bytes leftover after parsing attributes in process `syz.0.2472'. [ 599.816497][T12277] x_tables: ip_tables: osf match: only valid for protocol 6 [ 605.455975][T12337] x_tables: ip_tables: osf match: only valid for protocol 6 [ 607.484304][T12356] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2515'. [ 607.486092][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2515'. [ 607.488305][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2515'. [ 607.490100][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2515'. [ 608.504858][T12376] x_tables: ip_tables: osf match: only valid for protocol 6 [ 609.410702][T12391] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2527'. [ 609.412820][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2527'. [ 609.415488][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2527'. [ 609.417482][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2527'. [ 611.074871][T12417] x_tables: ip_tables: osf match: only valid for protocol 6 [ 612.237988][T12439] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2542'. [ 612.246514][T12439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2542'. [ 615.354010][T12485] __nla_validate_parse: 3 callbacks suppressed [ 615.354025][T12485] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2554'. [ 617.504621][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 617.506286][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 620.595300][T12605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2595'. [ 622.005844][T12651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2611'. [ 623.043785][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 623.267779][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 623.271768][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.418268][ T24] usb 1-1: config 0 descriptor?? [ 624.051193][T12670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 624.056292][T12670] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 624.077093][ T24] ath6kl: Failed to read usb control message: -71 [ 624.078611][ T24] ath6kl: Unable to read the bmi data from the device: -71 [ 624.080309][ T24] ath6kl: Unable to recv target info: -71 [ 624.083168][ T24] ath6kl: Failed to init ath6kl core: -71 [ 624.281986][ T24] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 624.338670][ T24] usb 1-1: USB disconnect, device number 14 [ 624.852882][T12710] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2631'. [ 624.862701][T12710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2631'. [ 624.913889][T12710] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.915564][T12710] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.713760][ T4396] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 626.945561][ T4396] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 626.947776][ T4396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.951168][ T4396] usb 1-1: config 0 descriptor?? [ 628.226552][T12762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.228555][T12762] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.378634][ T4396] ath6kl: Failed to read usb control message: -71 [ 628.380504][ T4396] ath6kl: Unable to read the bmi data from the device: -71 [ 628.381996][ T4396] ath6kl: Unable to recv target info: -71 [ 628.388542][ T4396] ath6kl: Failed to init ath6kl core: -71 [ 628.436225][ T4396] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 628.448774][ T4396] usb 1-1: USB disconnect, device number 15 [ 629.942714][T12797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2656'. [ 631.391680][T12835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.395453][T12835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 631.410205][T12835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.414302][T12835] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 635.214111][ T4396] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 635.601373][ T4396] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 635.609393][ T4396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.064714][ T4396] usb 1-1: config 0 descriptor?? [ 637.923737][ T4396] ath6kl: Failed to read usb control message: -71 [ 637.925105][ T4396] ath6kl: Unable to read the bmi data from the device: -71 [ 637.926565][ T4396] ath6kl: Unable to recv target info: -71 [ 639.129960][ T4396] ath6kl: Failed to init ath6kl core: -71 [ 639.674289][ T4396] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 639.686274][ T4396] usb 1-1: USB disconnect, device number 16 [ 640.256850][T12952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 640.260450][T12952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 640.269842][T12952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 640.273742][T12952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 644.449114][T13011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2715'. [ 644.910046][T13022] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2720'. [ 644.921064][T13022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2720'. [ 646.887748][T13067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.898329][T13067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.923782][T13067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.932705][T13067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 651.493306][T13187] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2754'. [ 651.496665][T13187] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2754'. [ 651.633869][T13199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2753'. [ 651.661361][T13197] device syzkaller1 entered promiscuous mode [ 654.194170][T13253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 654.196376][T13253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 654.202383][T13253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 654.205010][T13253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 657.400324][T13314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2792'. [ 659.278054][T13364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.285055][T13364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.298959][T13364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.305039][T13364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 660.721432][T13399] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2820'. [ 661.825945][T13429] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2832'. [ 663.090541][T13467] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2848'. [ 663.513117][T13492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 663.517491][T13492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 663.536370][T13492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 663.539641][T13492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 663.710386][T13499] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2861'. [ 663.712265][T13499] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2861'. [ 665.646290][T13538] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2874'. [ 665.648516][T13538] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2874'. [ 666.257823][T13564] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2886'. [ 667.426669][T13580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2887'. [ 667.486407][T13579] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2889'. [ 667.488446][T13579] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2889'. [ 669.047330][T13612] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2901'. [ 669.049154][T13612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2901'. [ 669.071683][T13612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2901'. [ 669.081662][T13612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2901'. [ 669.170811][T13623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2903'. [ 669.497395][T13639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2909'. [ 669.499493][T13639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2909'. [ 669.661055][T13650] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2914'. [ 669.663110][T13650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2914'. [ 669.671647][T13650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2914'. [ 669.746871][T13653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 669.754651][T13653] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 669.787736][T13653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 669.798539][T13653] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.184952][T13683] x_tables: ip_tables: osf match: only valid for protocol 6 [ 673.127139][T13725] x_tables: ip_tables: osf match: only valid for protocol 6 [ 674.519727][T13746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 674.521754][T13746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 674.542298][T13746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 674.545318][T13746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 674.709096][T13753] device syz_tun left promiscuous mode [ 674.710731][T13753] bridge0: port 3(syz_tun) entered disabled state [ 674.807795][T13759] __nla_validate_parse: 6 callbacks suppressed [ 674.807811][T13759] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2953'. [ 675.224243][T13771] x_tables: ip_tables: osf match: only valid for protocol 6 [ 676.235174][T13777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 676.534709][T13790] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 676.538597][T13790] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 676.543190][T13790] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 676.550447][T13790] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 676.552730][T13790] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 676.554836][ T4301] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 676.580989][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2964'. [ 676.592148][T13789] lo speed is unknown, defaulting to 1000 [ 677.038842][T13799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2966'. [ 677.041009][T13799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2966'. [ 677.059496][T13801] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.061188][T13801] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.147428][T13789] chnl_net:caif_netlink_parms(): no params data found [ 677.348116][T11698] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.443194][T13810] x_tables: ip_tables: osf match: only valid for protocol 6 [ 677.607648][T11698] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.620114][T13808] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2968'. [ 677.622317][T13808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2968'. [ 677.624992][T13808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2968'. [ 677.634201][T13808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2968'. [ 677.651416][T13789] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.662694][T13789] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.678332][T13789] device bridge_slave_0 entered promiscuous mode [ 677.810505][T11698] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.821816][T13814] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2970'. [ 677.830064][T13789] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.831940][T13789] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.837400][T13789] device bridge_slave_1 entered promiscuous mode [ 678.756267][T11698] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.759932][ T47] Bluetooth: hci5: command 0x0409 tx timeout [ 678.780090][T13789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.784044][T13789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.819235][T13789] team0: Port device team_slave_0 added [ 678.822913][T13789] team0: Port device team_slave_1 added [ 678.904962][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 678.906577][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 678.914496][T13789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.916362][T13789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.934167][T13789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.941459][T13829] device syzkaller1 entered promiscuous mode [ 678.955078][T13789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.956570][T13789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.962082][T13789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.125454][T13789] device hsr_slave_0 entered promiscuous mode [ 679.164909][T13789] device hsr_slave_1 entered promiscuous mode [ 679.283739][T13789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.285587][T13789] Cannot create hsr debugfs directory [ 679.649386][T13847] netlink: 'syz.2.2979': attribute type 10 has an invalid length. [ 679.651232][T13847] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2979'. [ 679.764475][T13853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.770370][T13853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 679.835400][T13853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.837901][T13853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 680.268862][T13864] lo speed is unknown, defaulting to 1000 [ 680.728891][T13789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 680.775697][T13789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 680.825718][ T47] Bluetooth: hci5: command 0x041b tx timeout [ 681.081306][T11698] bond0: (slave wlan1): Releasing backup interface [ 681.230079][T13789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 681.428622][T13789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 682.001906][T11698] device hsr_slave_0 left promiscuous mode [ 682.045286][T11698] device hsr_slave_1 left promiscuous mode [ 682.134173][T11698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 682.136348][T11698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.142195][T11698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.145524][T11698] device bridge_slave_1 left promiscuous mode [ 682.150823][T11698] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.195282][T11698] device bridge_slave_0 left promiscuous mode [ 682.196896][T11698] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.334169][T11698] device veth1_macvtap left promiscuous mode [ 682.338573][T11698] device veth0_macvtap left promiscuous mode [ 682.341995][T11698] device veth1_vlan left promiscuous mode [ 682.352921][T11698] device veth0_vlan left promiscuous mode [ 682.893695][ T4301] Bluetooth: hci5: command 0x040f tx timeout [ 684.667931][T11698] team0 (unregistering): Port device team_slave_1 removed [ 684.874972][T11698] team0 (unregistering): Port device team_slave_0 removed [ 684.973740][ T47] Bluetooth: hci5: command 0x0419 tx timeout [ 685.074553][T11698] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 685.278245][T11698] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.637374][T11698] bond0 (unregistering): Released all slaves [ 687.944761][T13895] device syzkaller1 entered promiscuous mode [ 687.948653][T13906] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2989'. [ 687.950539][T13906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2989'. [ 687.957939][T13907] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.959600][T13907] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.220243][T13789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 688.227969][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 688.230216][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 688.242313][T13789] 8021q: adding VLAN 0 to HW filter on device team0 [ 688.251378][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 688.259390][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 688.268375][ T4350] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.269979][ T4350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 688.286662][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 688.289051][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 688.300306][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 688.307617][ T4350] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.309158][ T4350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.351262][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 688.355721][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 688.520082][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 688.781292][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 689.047196][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 689.109828][T13789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 689.112250][T13789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 689.201307][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 689.204301][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 689.206673][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 689.208708][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 689.231038][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 689.241354][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 689.252312][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 689.441316][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 689.443222][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 689.453123][T13789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 689.485694][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 689.488057][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 689.560733][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 689.563158][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 689.566145][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 689.572877][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 689.582598][T13789] device veth0_vlan entered promiscuous mode [ 689.596268][T13789] device veth1_vlan entered promiscuous mode [ 689.627761][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 689.630095][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 689.634612][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 689.639998][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 689.659892][T13789] device veth0_macvtap entered promiscuous mode [ 689.673732][T13789] device veth1_macvtap entered promiscuous mode [ 689.679896][T13956] device syzkaller1 entered promiscuous mode [ 689.744649][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 689.746802][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.748903][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 689.761315][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.763313][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 689.765666][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.771608][T13789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 689.782807][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 689.785587][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 689.787784][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 689.790207][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 689.802256][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.812621][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.814943][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.817278][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.819201][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.821248][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.833653][T13789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.839022][T13789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.842138][T13789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 689.856359][T13789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.858243][T13789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.860039][T13789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.861848][T13789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.869450][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 689.871768][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 689.982479][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 689.984356][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 689.988955][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 690.080666][ T4350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 690.082465][ T4350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 690.088261][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 691.379459][T13987] device syzkaller1 entered promiscuous mode [ 691.505993][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 691.510275][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 691.512673][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 691.523903][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 691.531267][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 691.534234][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 692.732253][T13991] lo speed is unknown, defaulting to 1000 [ 693.644744][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 694.272732][T14027] device syzkaller1 entered promiscuous mode [ 694.472398][T11698] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.487087][T13991] chnl_net:caif_netlink_parms(): no params data found [ 695.647241][T11698] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.686419][T13991] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.694355][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 695.700786][T13991] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.703088][T13991] device bridge_slave_0 entered promiscuous mode [ 695.715840][T13991] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.717479][T13991] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.719499][T13991] device bridge_slave_1 entered promiscuous mode [ 695.775412][T11698] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.825812][T13991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.840188][T13991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.907889][T11698] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.932164][T13991] team0: Port device team_slave_0 added [ 695.944076][T13991] team0: Port device team_slave_1 added [ 695.984545][T13991] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 695.986303][T13991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.006786][T13991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 696.032750][T13991] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 696.035111][T13991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.051563][T13991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 696.215411][T13991] device hsr_slave_0 entered promiscuous mode [ 696.273958][T13991] device hsr_slave_1 entered promiscuous mode [ 696.304315][T13991] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 696.305919][T13991] Cannot create hsr debugfs directory [ 697.773949][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 699.313023][T14142] device syzkaller1 entered promiscuous mode [ 699.704099][T13991] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 699.853716][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 700.011702][T11698] bond0: (slave wlan1): Releasing backup interface [ 700.038417][T13991] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 700.316313][T13991] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 700.356226][T13991] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 700.492174][T14178] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 700.570413][T11698] device hsr_slave_0 left promiscuous mode [ 700.594506][T11698] device hsr_slave_1 left promiscuous mode [ 700.789694][T11698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 700.791198][T11698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 700.794261][T11698] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 700.796074][T11698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 700.798511][T11698] device bridge_slave_1 left promiscuous mode [ 700.800179][T11698] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.951086][T11698] device bridge_slave_0 left promiscuous mode [ 701.016904][T11698] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.630777][T11698] device veth1_macvtap left promiscuous mode [ 701.632298][T11698] device veth0_macvtap left promiscuous mode [ 701.634521][T11698] device veth1_vlan left promiscuous mode [ 701.636080][T11698] device veth0_vlan left promiscuous mode [ 701.795602][T11698] bond1 (unregistering): Released all slaves [ 703.718921][T11698] team0 (unregistering): Port device team_slave_1 removed [ 703.906779][T11698] team0 (unregistering): Port device team_slave_0 removed [ 704.075120][T11698] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 704.285100][T11698] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 706.636727][T11698] bond0 (unregistering): Released all slaves [ 706.942536][T14189] device syzkaller1 entered promiscuous mode [ 707.186381][T13991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 707.222196][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 707.230550][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 707.234910][T13991] 8021q: adding VLAN 0 to HW filter on device team0 [ 707.250117][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 707.260688][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 707.301903][ T4380] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.303604][ T4380] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.477989][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 707.651300][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 707.901343][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 708.003744][ T4380] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.005320][ T4380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 708.007165][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 708.021502][T13991] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 708.065744][T13991] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 708.069964][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 708.072381][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 708.089359][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 708.091749][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 708.103153][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 708.108776][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 708.111109][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 708.113413][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 708.121031][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 708.125984][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 708.128925][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 708.157290][T14225] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.158940][T14225] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.392205][T13991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 708.401297][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 708.403255][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 708.455758][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 708.457968][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 708.512231][T13991] device veth0_vlan entered promiscuous mode [ 708.528710][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 708.531454][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 708.535148][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 708.538016][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 708.555694][T13991] device veth1_vlan entered promiscuous mode [ 708.613201][T13991] device veth0_macvtap entered promiscuous mode [ 708.621294][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 708.623465][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 708.626211][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 708.640556][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 708.661058][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 708.665961][T13991] device veth1_macvtap entered promiscuous mode [ 708.717161][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.720023][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.738764][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.740875][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.742843][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.751499][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.755122][T13991] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 708.760042][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 708.762462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 708.769315][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 708.780066][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.782257][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.785395][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.787532][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.789447][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.791657][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.803027][T13991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.807861][T13991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.816159][T13991] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.819803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 708.822293][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 708.843445][T13991] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.847059][T13991] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.848879][T13991] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.850700][T13991] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.002862][T11698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.005769][T11698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.010708][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 709.061631][ T4439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.064353][ T4439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.068678][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 709.444667][ T4345] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 709.630573][ T4345] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 709.632681][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.648763][ T4345] usb 1-1: config 0 descriptor?? [ 709.928248][T14257] device syzkaller1 entered promiscuous mode [ 710.035633][ T47] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 710.050300][ T47] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 710.052910][ T47] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 710.056130][ T47] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 710.058041][ T47] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 710.059714][ T47] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 710.070310][T14252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 710.072384][T14252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 710.199160][T14267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3090'. [ 710.394572][T14264] lo speed is unknown, defaulting to 1000 [ 710.857513][ T4380] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.871449][T14264] chnl_net:caif_netlink_parms(): no params data found [ 711.008969][ T4380] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.045915][T14294] tipc: Enabled bearer , priority 10 [ 711.215767][ T4380] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.565698][T14264] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.567249][T14264] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.569357][T14264] device bridge_slave_0 entered promiscuous mode [ 711.581744][T14264] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.583462][T14264] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.586145][T14264] device bridge_slave_1 entered promiscuous mode [ 711.609096][T14264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.616880][T14264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 711.619263][T14307] device syzkaller1 entered promiscuous mode [ 711.797496][ T4380] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.836079][T14264] team0: Port device team_slave_0 added [ 711.839022][T14264] team0: Port device team_slave_1 added [ 711.864812][T14264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 711.866488][T14264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.879090][T14264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 711.882839][T14264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 711.897277][T14264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.915281][T14264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 711.933974][ T4345] ath6kl: Failed to read usb control message: -110 [ 711.935395][ T4345] ath6kl: Unable to read the bmi data from the device: -110 [ 711.936916][ T4345] ath6kl: Unable to recv target info: -110 [ 711.938885][ T4345] ath6kl: Failed to init ath6kl core: -110 [ 712.015332][ T4345] ath6kl_usb: probe of 1-1:0.0 failed with error -110 [ 712.032841][T14264] device hsr_slave_0 entered promiscuous mode [ 712.083901][T14264] device hsr_slave_1 entered promiscuous mode [ 712.099912][ T47] Bluetooth: hci2: command 0x0409 tx timeout [ 712.123750][T14264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 712.125349][T14264] Cannot create hsr debugfs directory [ 712.317448][ T4380] tipc: Left network mode [ 713.059084][ T4342] usb 1-1: USB disconnect, device number 17 [ 713.221131][T14358] device syzkaller1 entered promiscuous mode [ 713.754038][T14366] netlink: 'syz.1.3113': attribute type 10 has an invalid length. [ 713.757999][T14366] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3113'. [ 714.009851][T14264] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 714.075965][T14264] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 714.174137][ T47] Bluetooth: hci2: command 0x041b tx timeout [ 714.198875][T14264] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 714.235573][T14264] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 714.257076][T14388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 714.269873][T14394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 714.491816][T14264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 714.512795][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 714.525111][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 714.593632][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 714.791384][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 714.793337][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.800912][ T24] usb 1-1: config 0 descriptor?? [ 714.810028][T14264] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.819352][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 714.821675][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 714.824409][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.825986][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.830116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 714.893616][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 714.895958][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 714.897932][ T4358] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.899345][ T4358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 714.912554][T11698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 714.916163][T11698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 714.921761][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 714.930491][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 715.013962][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 715.016636][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 715.020017][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 715.026870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 715.032642][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 715.037118][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 715.039474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 715.046206][ T4380] device hsr_slave_0 left promiscuous mode [ 715.093844][ T4380] device hsr_slave_1 left promiscuous mode [ 715.178236][ T4380] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 715.180038][ T4380] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 715.199627][ T4380] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 715.201176][ T4380] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.210365][ T4380] device bridge_slave_1 left promiscuous mode [ 715.211757][ T4380] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.225273][T14397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 715.227579][T14397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 715.245018][ T4380] device bridge_slave_0 left promiscuous mode [ 715.246764][ T4380] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.423728][ T4380] device veth1_macvtap left promiscuous mode [ 715.425282][ T4380] device veth0_macvtap left promiscuous mode [ 715.426652][ T4380] device veth1_vlan left promiscuous mode [ 715.427898][ T4380] device veth0_vlan left promiscuous mode [ 715.846832][ T4380] bond1 (unregistering): Released all slaves [ 716.253654][ T4301] Bluetooth: hci2: command 0x040f tx timeout [ 717.062495][ T24] ath6kl: Failed to read usb control message: -110 [ 717.064033][ T24] ath6kl: Unable to read the bmi data from the device: -110 [ 717.065527][ T24] ath6kl: Unable to recv target info: -110 [ 717.067312][ T24] ath6kl: Failed to init ath6kl core: -110 [ 717.123616][ T24] ath6kl_usb: probe of 1-1:0.0 failed with error -110 [ 718.007514][ T4380] team0 (unregistering): Port device team_slave_1 removed [ 718.197389][ T4380] team0 (unregistering): Port device team_slave_0 removed [ 718.334287][ T4301] Bluetooth: hci2: command 0x0419 tx timeout [ 718.384495][ T4380] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 718.604565][ T4380] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 721.023923][ T4380] bond0 (unregistering): Released all slaves [ 721.257803][T14264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 721.283915][ T4325] lo speed is unknown, defaulting to 1000 [ 721.361884][ T4346] usb 1-1: USB disconnect, device number 18 [ 721.584024][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 721.585763][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 721.621413][T14264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.655382][T14461] tipc: Started in network mode [ 721.656471][T14461] tipc: Node identity 3, cluster identity 4711 [ 721.657781][T14461] tipc: Node number set to 3 [ 722.216596][T14488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3148'. [ 722.371556][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 722.378008][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 723.195486][T14264] device veth0_vlan entered promiscuous mode [ 723.205302][T14498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3150'. [ 723.212626][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 723.215628][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 723.218869][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 723.220919][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 723.262288][T14264] device veth1_vlan entered promiscuous mode [ 723.324813][T11698] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 723.327411][T11698] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 723.355662][T14264] device veth0_macvtap entered promiscuous mode [ 723.374907][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 723.378467][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 723.387691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 723.395829][T14264] device veth1_macvtap entered promiscuous mode [ 723.423710][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.426286][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.434164][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.436620][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.449115][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.451360][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.471152][T14264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.491487][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 723.499563][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 723.501993][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 723.508682][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.510906][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.523383][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.526141][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.528284][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.530340][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.532464][T14264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.544212][T14264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.555433][T14264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 723.558062][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 723.560609][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 723.569800][T14264] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.571883][T14264] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.582292][T14264] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.589662][T14264] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.715001][ T4399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 723.716928][ T4399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.721334][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 723.782909][ T4399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 723.791555][ T4399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.796826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 723.911789][T14519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3159'. [ 726.027238][T14543] tipc: Started in network mode [ 726.028344][T14543] tipc: Node identity 3, cluster identity 4711 [ 726.029761][T14543] tipc: Node number set to 3 [ 726.121061][ T4301] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 726.125264][ T4301] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 726.128343][ T4301] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 726.131244][ T4301] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 726.146177][ T4301] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 726.148450][ T4301] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 726.208638][T14551] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3170'. [ 727.193305][ T4439] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.383831][ T4439] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.526336][ T4439] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.646926][ T4439] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.695719][T14547] chnl_net:caif_netlink_parms(): no params data found [ 727.873981][T14585] netlink: 'syz.1.3182': attribute type 10 has an invalid length. [ 727.970032][T14585] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 728.002954][T14547] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.006610][T14547] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.009482][T14547] device bridge_slave_0 entered promiscuous mode [ 728.080851][T14547] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.082442][T14547] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.092180][T14547] device bridge_slave_1 entered promiscuous mode [ 728.133205][T14592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3184'. [ 728.135532][T14592] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.172947][T14547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 728.175282][ T4301] Bluetooth: hci4: command 0x0409 tx timeout [ 728.230614][T14547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.836011][T14547] team0: Port device team_slave_0 added [ 728.985731][ T4439] tipc: Left network mode [ 729.015189][T14547] team0: Port device team_slave_1 added [ 729.191649][T14547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 729.193396][T14547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.203734][T14547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 729.347657][T14547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 729.349274][T14547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.368177][T14547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.545567][T14547] device hsr_slave_0 entered promiscuous mode [ 729.584505][T14547] device hsr_slave_1 entered promiscuous mode [ 729.624606][T14547] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 729.626433][T14547] Cannot create hsr debugfs directory [ 730.253792][ T47] Bluetooth: hci4: command 0x041b tx timeout [ 731.150829][ T4439] device hsr_slave_0 left promiscuous mode [ 731.190791][ T4439] device hsr_slave_1 left promiscuous mode [ 731.291536][ T4439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 731.294098][ T4439] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 731.296367][ T4439] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 731.297966][ T4439] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 731.315439][ T4439] device bridge_slave_1 left promiscuous mode [ 731.316930][ T4439] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.364801][ T4439] device bridge_slave_0 left promiscuous mode [ 731.366723][ T4439] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.504718][ T4439] device veth1_macvtap left promiscuous mode [ 731.506208][ T4439] device veth0_macvtap left promiscuous mode [ 731.507610][ T4439] device veth1_vlan left promiscuous mode [ 731.509232][ T4439] device veth0_vlan left promiscuous mode [ 732.333727][ T47] Bluetooth: hci4: command 0x040f tx timeout [ 733.627139][ T4439] team0 (unregistering): Port device team_slave_1 removed [ 733.847128][ T4439] team0 (unregistering): Port device team_slave_0 removed [ 734.035392][ T4439] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 734.235271][ T4439] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 734.413657][ T47] Bluetooth: hci4: command 0x0419 tx timeout [ 736.599321][ T4439] bond0 (unregistering): Released all slaves [ 736.961666][T14547] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 736.986016][T14547] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 737.040508][T14547] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 737.060994][T14736] rdma_op 00000000dbe7e088 conn xmit_rdma 0000000000000000 [ 737.061162][T14547] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 737.382976][T14547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.393204][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 737.395727][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 737.408778][T14547] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.422624][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 737.431845][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 737.438050][T12921] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.439771][T12921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.453384][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 737.459905][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 737.463041][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 737.466223][T12921] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.467847][T12921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.469846][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 737.472979][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 737.479364][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 737.498508][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 737.514951][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 737.518577][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 737.524741][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 737.529329][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 737.532850][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 737.551542][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 737.556292][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 737.562612][T14547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 737.841401][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 737.845013][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 737.884393][T14547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 737.992616][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 737.995126][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 738.005112][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 738.009739][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 738.018753][T14547] device veth0_vlan entered promiscuous mode [ 738.044742][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 738.055633][ T188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 738.059328][T14547] device veth1_vlan entered promiscuous mode [ 738.108471][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 738.110597][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 738.112936][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 738.124802][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 738.140404][T14547] device veth0_macvtap entered promiscuous mode [ 738.146070][T14547] device veth1_macvtap entered promiscuous mode [ 738.204486][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 738.206694][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.208697][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 738.240326][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.242817][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 738.259811][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.263339][T14547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 738.272053][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 738.279467][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 738.285689][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 738.288589][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 738.307106][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 738.309682][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.311891][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 738.323656][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.325922][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 738.328769][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.331058][T14547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 738.333242][T14547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.344840][T14547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 738.351650][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 738.354574][T12921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 738.371162][T14547] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.373207][T14547] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.388605][T14547] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.390592][T14547] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 738.549420][T12921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 738.551253][T12921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 738.561548][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 738.618482][ T4439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 738.632915][ T4439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 738.652594][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 739.229815][T14836] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.232606][T14836] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.336222][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 740.338060][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 741.170855][T14904] device syzkaller1 entered promiscuous mode [ 744.347605][T14984] device syzkaller1 entered promiscuous mode [ 745.256666][T15009] device ip6gretap0 entered promiscuous mode [ 745.294521][T15009] device batadv_slave_0 entered promiscuous mode [ 745.351653][T15012] device syzkaller1 entered promiscuous mode [ 746.761490][T15037] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3327'. [ 747.221336][T15050] device syzkaller1 entered promiscuous mode [ 748.856841][T15071] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3339'. [ 749.041257][T15079] device syzkaller1 entered promiscuous mode [ 749.284768][T15086] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3347'. [ 750.253005][T15105] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3353'. [ 750.510944][T15117] device syzkaller1 entered promiscuous mode [ 750.707943][T15134] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3368'. [ 750.877857][T15141] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3370'. [ 751.685072][T15154] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3371'. [ 752.149142][T15173] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3382'. [ 752.151317][T15173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 752.329531][T15182] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3386'. [ 754.205540][T15207] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3395'. [ 754.386304][T15218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3400'. [ 757.129195][T15258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3412'. [ 757.280521][T15270] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 759.409290][T15301] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3427'. [ 759.546443][T15310] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3431'. [ 759.563096][T15315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3432'. [ 761.538722][T15353] netlink: 'syz.2.3442': attribute type 10 has an invalid length. [ 761.630859][T15353] team0: Port device netdevsim0 added [ 762.462645][T15357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3446'. [ 762.509716][T15359] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3447'. [ 764.412976][T15382] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3455'. [ 764.789904][T15399] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3463'. [ 765.367931][ T47] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 765.392705][ T47] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 765.497307][ T47] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 765.501878][ T47] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 765.508422][ T47] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 765.512801][ T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 765.683667][ T9977] ================================================================== [ 765.685502][ T9977] BUG: KASAN: use-after-free in __mutex_lock_common+0xbec/0x21a0 [ 765.687164][ T9977] Read of size 8 at addr ffff0000f0e4c060 by task khidpd_20000008/9977 [ 765.688924][ T9977] [ 765.689456][ T9977] CPU: 1 PID: 9977 Comm: khidpd_20000008 Not tainted 6.1.118-syzkaller #0 [ 765.691127][ T9977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 765.693157][ T9977] Call trace: [ 765.693819][ T9977] dump_backtrace+0x1c8/0x1f4 [ 765.694857][ T9977] show_stack+0x2c/0x3c [ 765.695788][ T9977] dump_stack_lvl+0x108/0x170 [ 765.696746][ T9977] print_report+0x174/0x4c0 [ 765.697872][ T9977] kasan_report+0xd4/0x130 [ 765.698785][ T9977] __asan_report_load8_noabort+0x2c/0x38 [ 765.700036][ T9977] __mutex_lock_common+0xbec/0x21a0 [ 765.701259][ T9977] mutex_lock_nested+0x38/0x44 [ 765.702392][ T9977] l2cap_unregister_user+0x74/0x190 [ 765.703586][ T9977] hidp_session_thread+0x46c/0x508 [ 765.704822][ T9977] kthread+0x250/0x2d8 [ 765.705736][ T9977] ret_from_fork+0x10/0x20 [ 765.706689][ T9977] [ 765.707153][ T9977] Allocated by task 6528: [ 765.708144][ T9977] kasan_set_track+0x4c/0x80 [ 765.709110][ T9977] kasan_save_alloc_info+0x24/0x30 [ 765.710275][ T9977] __kasan_kmalloc+0xac/0xc4 [ 765.711371][ T9977] __kmalloc+0xd8/0x1c4 [ 765.712259][ T9977] hci_alloc_dev_priv+0x30/0x18a8 [ 765.713310][ T9977] vhci_create_device+0xf8/0x6d0 [ 765.714519][ T9977] vhci_write+0x318/0x3b8 [ 765.715442][ T9977] vfs_write+0x610/0x91c [ 765.716396][ T9977] ksys_write+0x15c/0x26c [ 765.717359][ T9977] __arm64_sys_write+0x7c/0x90 [ 765.718369][ T9977] invoke_syscall+0x98/0x2bc [ 765.719450][ T9977] el0_svc_common+0x138/0x258 [ 765.720490][ T9977] do_el0_svc+0x58/0x13c [ 765.721490][ T9977] el0_svc+0x58/0x168 [ 765.722396][ T9977] el0t_64_sync_handler+0x84/0xf0 [ 765.723466][ T9977] el0t_64_sync+0x18c/0x190 [ 765.724507][ T9977] [ 765.724973][ T9977] Freed by task 6528: [ 765.725978][ T9977] kasan_set_track+0x4c/0x80 [ 765.726973][ T9977] kasan_save_free_info+0x38/0x5c [ 765.727997][ T9977] ____kasan_slab_free+0x144/0x1c0 [ 765.729053][ T9977] __kasan_slab_free+0x18/0x28 [ 765.730108][ T9977] __kmem_cache_free+0x2c0/0x4b4 [ 765.731191][ T9977] kfree+0xcc/0x1b8 [ 765.732037][ T9977] hci_release_dev+0x1040/0x11a8 [ 765.733178][ T9977] bt_host_release+0x70/0x88 [ 765.734148][ T9977] device_release+0x8c/0x1ac [ 765.735253][ T9977] kobject_put+0x2a8/0x41c [ 765.736126][ T9977] put_device+0x28/0x40 [ 765.737043][ T9977] hci_free_dev+0x24/0x34 [ 765.737923][ T9977] vhci_release+0x84/0xcc [ 765.738827][ T9977] __fput+0x1c8/0x7c8 [ 765.739725][ T9977] ____fput+0x20/0x30 [ 765.740518][ T9977] task_work_run+0x240/0x2f0 [ 765.741621][ T9977] do_exit+0x554/0x1a88 [ 765.742524][ T9977] do_group_exit+0x194/0x22c [ 765.743517][ T9977] get_signal+0x14a0/0x158c [ 765.744545][ T9977] do_notify_resume+0x388/0x2cb8 [ 765.745653][ T9977] el0_svc+0x9c/0x168 [ 765.746454][ T9977] el0t_64_sync_handler+0x84/0xf0 [ 765.747535][ T9977] el0t_64_sync+0x18c/0x190 [ 765.748587][ T9977] [ 765.749088][ T9977] Last potentially related work creation: [ 765.750226][ T9977] kasan_save_stack+0x40/0x70 [ 765.751225][ T9977] __kasan_record_aux_stack+0xcc/0xe8 [ 765.752357][ T9977] kasan_record_aux_stack_noalloc+0x14/0x20 [ 765.753551][ T9977] insert_work+0x64/0x384 [ 765.754439][ T9977] __queue_work+0xd48/0x136c [ 765.755403][ T9977] queue_work_on+0xc0/0x16c [ 765.756288][ T9977] hci_cmd_timeout+0x198/0x1cc [ 765.757319][ T9977] process_one_work+0x7ac/0x1404 [ 765.758480][ T9977] worker_thread+0x8e4/0xfec [ 765.759397][ T9977] kthread+0x250/0x2d8 [ 765.760541][ T9977] ret_from_fork+0x10/0x20 [ 765.761398][ T9977] [ 765.761924][ T9977] Second to last potentially related work creation: [ 765.763205][ T9977] kasan_save_stack+0x40/0x70 [ 765.764207][ T9977] __kasan_record_aux_stack+0xcc/0xe8 [ 765.765331][ T9977] kasan_record_aux_stack_noalloc+0x14/0x20 [ 765.766621][ T9977] insert_work+0x64/0x384 [ 765.767495][ T9977] __queue_work+0xd48/0x136c [ 765.768463][ T9977] delayed_work_timer_fn+0x74/0x90 [ 765.769544][ T9977] call_timer_fn+0x1c0/0xa1c [ 765.770455][ T9977] __run_timers+0x584/0x718 [ 765.771516][ T9977] run_timer_softirq+0x7c/0x114 [ 765.772579][ T9977] handle_softirqs+0x318/0xd58 [ 765.773546][ T9977] __do_softirq+0x14/0x20 [ 765.774442][ T9977] [ 765.775006][ T9977] The buggy address belongs to the object at ffff0000f0e4c000 [ 765.775006][ T9977] which belongs to the cache kmalloc-8k of size 8192 [ 765.778073][ T9977] The buggy address is located 96 bytes inside of [ 765.778073][ T9977] 8192-byte region [ffff0000f0e4c000, ffff0000f0e4e000) [ 765.781012][ T9977] [ 765.781530][ T9977] The buggy address belongs to the physical page: [ 765.783038][ T9977] page:00000000aeaaa3f6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x130e48 [ 765.785333][ T9977] head:00000000aeaaa3f6 order:3 compound_mapcount:0 compound_pincount:0 [ 765.787064][ T9977] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 765.788904][ T9977] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002c00 [ 765.790773][ T9977] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 765.792696][ T9977] page dumped because: kasan: bad access detected [ 765.794087][ T9977] [ 765.794590][ T9977] Memory state around the buggy address: [ 765.795784][ T9977] ffff0000f0e4bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 765.797474][ T9977] ffff0000f0e4bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 765.799198][ T9977] >ffff0000f0e4c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 765.800977][ T9977] ^ [ 765.802631][ T9977] ffff0000f0e4c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 765.804425][ T9977] ffff0000f0e4c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 765.806392][ T9977] ================================================================== [ 765.808724][ T9977] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 766.415466][ T39] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.659544][ T39] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.827004][ T39] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.915525][ T39] team0: Port device netdevsim0 removed [ 766.918105][ T39] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.144364][ T39] tipc: Disabling bearer [ 767.145598][ T39] tipc: Left network mode [ 769.077041][ T39] device hsr_slave_0 left promiscuous mode [ 769.124315][ T39] device hsr_slave_1 left promiscuous mode [ 769.203682][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 769.205522][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 769.207539][ T39] device bridge_slave_1 left promiscuous mode [ 769.209045][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 769.244881][ T39] device bridge_slave_0 left promiscuous mode [ 769.246193][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 769.373726][ T39] device veth1_macvtap left promiscuous mode [ 769.375154][ T39] device veth0_macvtap left promiscuous mode [ 769.376578][ T39] device veth1_vlan left promiscuous mode [ 769.377785][ T39] device veth0_vlan left promiscuous mode [ 769.440141][ T39] bond2 (unregistering): Released all slaves [ 769.447725][ T39] bond1 (unregistering): Released all slaves [ 771.004912][ T39] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 771.235030][ T39] team0 (unregistering): Port device team_slave_1 removed [ 771.444902][ T39] team0 (unregistering): Port device team_slave_0 removed [ 771.615089][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 771.874574][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 774.305686][ T39] bond0 (unregistering): Released all slaves