last executing test programs: 44.075616ms ago: executing program 0 (id=1): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x7f, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6}, 0x1c) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000004c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffffffffffff9}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x7fffffffffffffff) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x1, 0x4e9, &(0x7f00000000c0)="$eJzs3d9rW9cdAPDvla3MTpzZ2faQBZaYsZGELZIdL4nZQ5LB2J4C27J3z7NlYyxbxpKT2IThsOcxGGMb28v61JdC/4BCyZ9QCoH2PZTSEtokfehDWxVJV4nrSnZCJCuxPx84vuf+0P1+j4SOdO691g3gwBqNiKsR0RcRZyNiOF2eSUtsNkptu0cPb8/UShLV6vVPkkjSZc19Jen0SPqwgYj4w28j/pwkjQVblNc3FqeLxcJqOp+vLK3ky+sb5xaWpucL84XliYnxi5OXJi9MjnWsrZd//eG//v76by6//fOb96c+PvOXWr5D6bqt7eikxnOSrT8XTf0RsdqNYD3Ql7Yn+ywbJ93PBwCAndW+438vIn4cEY//2+tsAAAAgG6oXhmKL5KIKgAAALBvZerXwCaZXHotwFBkMrlc4xreH8SVKJbKlZ/NldaWZxvXyo5ENjO3UCyMpdcKj0Q2qc2P1+tP589vm5+IiGMR8c/hwfp8bqZUnO31wQ8AAAA4IGrj/KFMo16bfDbcGP8DAAAA+8xIrxMAAAAAus74HwAAAPa/b4//RxuTpH/vkwEAAAA67XfXrtVKtXn/69kb62uLpRvnZgvlxdzS2kxuprS6kpsvlebrv9m3tNv+iqXSyi9iee1WvlIoV/Ll9Y2ppdLacmWqfl/vqcIz3ScaAAAA6Khjp+6+n0TE5i8H66XmULrOWB32t8zzbZ50Kw9g7/X1OgGgZ1zgCweXMT6w28B+YI/yAAAAuuf0D5+c/x+MLef/j953bAD2u+c8/w/sI87/w8G17fz//3uVB7D3jPGB3Y4DtD3//07ncwEAALpjqF6STC4dAwxFJpPLRRyt3xYgm8wtFAtjEfHdiHhvOPud2vx4r5MGAAAAAAAAAAAAAAAAAAAAAAAAgFdMtZpEFQAAANjXIjIfJRGRxEDE8E+Gth8fOJR8PlyfRsTN/13/963pSmV1vLb80yfLK/9Jl5/vxREMAAAAYLvmOL05jgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATnr08PZMs+xl3Ae/ioiRVvH7Y6A+HYhsRBx+nET/lsclEdHXgfibdyLieKv4SS2tGEmz2B4/ExGDPY5/pAPx4SC7W+t/rrZ6/2VitD5t/f7rT8uLejDarv/LPOn/+tr0f0d32fehdHri3pv5tvHvRJzob93/NOMnL9j//umPGxvt1lVfizjd8vMn+UasfGVpJV9e3zi3sDQ9X5gvLE9MjF+cvDR5YXIsP7dQLKR/W8b4x4/e+mqn9h9uE3+kXfuTRk7Vaut9nto2/+W9Ww+/32rDJOLB39J6i9f/eLv46XP/0/RzoLb+dLO+2ahvdfKNd0/u1P7ZNu3f7fU/026n25z9/V8/aNSyz/gIAKCbyusbi9PFYmH1Va/UGvMSpNHByujLkYbKwaz0umcCAAA67emX/l5nAgAAAAAAAAAAAAAAAAAAAAdX8///m7/l3I2fE9sab6BZSZI9bysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE6+DgAA///TSdFe") r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x12, 0x2, 0x4, 0x302, 0x28800, 0xffffffffffffffff, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @value=r0, @void, @void, @value}, 0x50) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040efc07140c"], 0xff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb0000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x1, 0x4, 0x6, 0x115, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) socket$inet6(0xa, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xfc) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0xff1f, 0x600}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10) r8 = fcntl$dupfd(r6, 0x0, r7) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newchain={0x24}, 0x24}}, 0x0) 0s ago: executing program 1 (id=2): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x216, &(0x7f0000001900)="$eJzsmb9rFEEUx78zu7d7BhEttLA5i4ARzN7unkoawdiKICSilodZQ3STlbstcgHBYGPjH+A/opDKws5GLKwsVBAsTGmj4Mj82OzEza3eHYdF3qeY+87bN2/fvN17A3cgCOLQ8vnT94/Pri4snwdwFLPwjf2rU/pwy//Dc6dh5OuNY492/ozHAAhRzt2/3N8D8GrRAR7rsEL8EPb1WRNzGVxpyU1wnDP6FhiCIlch0TIBwx1jvm/p7IgRacLuZunKvbU0CeUQySGWQwcQ+/Lf3WZYAdA0t2BWfv3B1oNuCvS0SJNCNERxn8qlUUVd/VR+ixyXrRLI53X76ZNtOQ+MPbTqF4EjMroDhiWjF+AjCIKWmSaRtf/Tbhnf0Y/N2v+/7qQ5WSFGFSfma32KTUw7jV9iKpG9sR7BdITMY/RVvFVd5dXEyQ4owhg5s/4Ax3XttEV+ofd8Tu3uvKmu+vJfyzuZUI0LQOXSu5k0vW5b3l4z4uS+OGfs+liieAOHvhK6fzAXOGtcGYRwrVOhna8/bPcHW/Nr693VZDXZiOPOpfBCGF6M26o367Gm/zVVf5qx+l9DHxkVPOZhs5vnvWgTyHvR3jzWo9Vxl15k39Qarvofx9xPIYrjRW3bPzgfdf75eh1TszlnaPIEQRAEQRAEQRAEQRAEQRA1tN7rzyulBS9hfqtkxX9iVdz4hvL+HQAA///evl4Q") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r4, 0x0, 0x50, 0x0, &(0x7f0000000000)=0xff5f) listen(r0, 0x3) accept(r0, &(0x7f0000000040)=@qipcrtr, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts. [ 47.448697][ T6408] cgroup: Unknown subsys name 'net' [ 47.691454][ T6408] cgroup: Unknown subsys name 'cpuset' [ 47.695247][ T6408] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 47.959740][ T6408] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 50.279911][ T6421] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 50.296555][ T6427] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 50.298718][ T6427] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.306992][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 50.312075][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 50.320009][ T6433] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.321679][ T6433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 50.323420][ T6433] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 50.324953][ T6433] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 50.326517][ T6433] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 50.330208][ T6433] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.330518][ T6430] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 50.332011][ T6433] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.335538][ T6430] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 50.335581][ T6433] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.337533][ T6430] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 50.340227][ T6430] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 50.340715][ T6433] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.342072][ T6430] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.343863][ T6433] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.345919][ T6430] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 50.346157][ T6430] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 50.347642][ T6433] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 50.349096][ T6430] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 50.352427][ T6430] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.357057][ T6430] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 50.359001][ T6430] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.361845][ T6430] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 50.364009][ T6430] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 50.366158][ T6430] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 50.594951][ T6425] chnl_net:caif_netlink_parms(): no params data found [ 50.606346][ T6419] chnl_net:caif_netlink_parms(): no params data found [ 50.614601][ T6432] chnl_net:caif_netlink_parms(): no params data found [ 50.676543][ T6428] chnl_net:caif_netlink_parms(): no params data found [ 50.717855][ T6420] chnl_net:caif_netlink_parms(): no params data found [ 50.758128][ T6419] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.759873][ T6419] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.761420][ T6419] bridge_slave_0: entered allmulticast mode [ 50.763375][ T6419] bridge_slave_0: entered promiscuous mode [ 50.770556][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.772243][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.773941][ T6432] bridge_slave_0: entered allmulticast mode [ 50.775731][ T6432] bridge_slave_0: entered promiscuous mode [ 50.786620][ T6419] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.788160][ T6419] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.794095][ T6419] bridge_slave_1: entered allmulticast mode [ 50.795979][ T6419] bridge_slave_1: entered promiscuous mode [ 50.798486][ T6425] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.800416][ T6425] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.802075][ T6425] bridge_slave_0: entered allmulticast mode [ 50.803865][ T6425] bridge_slave_0: entered promiscuous mode [ 50.805949][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.807512][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.809061][ T6432] bridge_slave_1: entered allmulticast mode [ 50.811476][ T6432] bridge_slave_1: entered promiscuous mode [ 50.827425][ T6428] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.828946][ T6428] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.830659][ T6428] bridge_slave_0: entered allmulticast mode [ 50.832518][ T6428] bridge_slave_0: entered promiscuous mode [ 50.840877][ T6425] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.842473][ T6425] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.844126][ T6425] bridge_slave_1: entered allmulticast mode [ 50.846083][ T6425] bridge_slave_1: entered promiscuous mode [ 50.855216][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.861681][ T6428] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.863359][ T6428] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.864984][ T6428] bridge_slave_1: entered allmulticast mode [ 50.866961][ T6428] bridge_slave_1: entered promiscuous mode [ 50.890483][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.894321][ T6425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.897987][ T6425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.911940][ T6428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.914985][ T6419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.925396][ T6420] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.926892][ T6420] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.928560][ T6420] bridge_slave_0: entered allmulticast mode [ 50.934623][ T6420] bridge_slave_0: entered promiscuous mode [ 50.938088][ T6419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.941656][ T6428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.957859][ T6420] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.959500][ T6420] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.960984][ T6420] bridge_slave_1: entered allmulticast mode [ 50.962690][ T6420] bridge_slave_1: entered promiscuous mode [ 50.977976][ T6432] team0: Port device team_slave_0 added [ 50.981622][ T6432] team0: Port device team_slave_1 added [ 50.984457][ T6425] team0: Port device team_slave_0 added [ 50.995815][ T6419] team0: Port device team_slave_0 added [ 51.015407][ T6425] team0: Port device team_slave_1 added [ 51.017324][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.018792][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.024599][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.028908][ T6419] team0: Port device team_slave_1 added [ 51.036229][ T6420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.045001][ T6428] team0: Port device team_slave_0 added [ 51.055837][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.057239][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.062962][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.066970][ T6420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.074617][ T6419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.076133][ T6419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.081890][ T6419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.085654][ T6428] team0: Port device team_slave_1 added [ 51.087490][ T6425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.088939][ T6425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.094844][ T6425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.113967][ T6419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.115420][ T6419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.121058][ T6419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.128413][ T6425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.130077][ T6425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.135344][ T6425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.154076][ T6420] team0: Port device team_slave_0 added [ 51.160315][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.161783][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.167047][ T6428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.201812][ T6432] hsr_slave_0: entered promiscuous mode [ 51.239817][ T6432] hsr_slave_1: entered promiscuous mode [ 51.291221][ T6420] team0: Port device team_slave_1 added [ 51.293660][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.295108][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.300613][ T6428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.371079][ T6419] hsr_slave_0: entered promiscuous mode [ 51.409894][ T6419] hsr_slave_1: entered promiscuous mode [ 51.449448][ T6419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 51.451459][ T6419] Cannot create hsr debugfs directory [ 51.458259][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.460010][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.465159][ T6420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.531168][ T6425] hsr_slave_0: entered promiscuous mode [ 51.569810][ T6425] hsr_slave_1: entered promiscuous mode [ 51.639530][ T6425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 51.641206][ T6425] Cannot create hsr debugfs directory [ 51.643820][ T6420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.645380][ T6420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.651338][ T6420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.751140][ T6428] hsr_slave_0: entered promiscuous mode [ 51.789811][ T6428] hsr_slave_1: entered promiscuous mode [ 51.829528][ T6428] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 51.831095][ T6428] Cannot create hsr debugfs directory [ 51.891092][ T6420] hsr_slave_0: entered promiscuous mode [ 51.930432][ T6420] hsr_slave_1: entered promiscuous mode [ 51.969474][ T6420] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 51.971074][ T6420] Cannot create hsr debugfs directory [ 52.090042][ T6432] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 52.093574][ T6432] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 52.105144][ T6432] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 52.108330][ T6432] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 52.144790][ T6419] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 52.154190][ T6419] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 52.158207][ T6419] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 52.161740][ T6419] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 52.211113][ T6428] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 52.214059][ T6428] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 52.217855][ T6428] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 52.223761][ T6428] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 52.237972][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.257093][ T6432] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.276652][ T6419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.284815][ T6425] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 52.288097][ T6425] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 52.293335][ T280] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.294855][ T280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.303993][ T6419] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.311175][ T6425] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 52.327886][ T6425] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 52.333718][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.335320][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.340454][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.341935][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.349622][ T6420] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 52.353921][ T6420] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 52.359138][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.360731][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.369544][ T6420] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 52.373236][ T6420] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 52.422556][ T5988] Bluetooth: hci2: command tx timeout [ 52.423923][ T5988] Bluetooth: hci0: command tx timeout [ 52.425153][ T5988] Bluetooth: hci1: command tx timeout [ 52.426377][ T5988] Bluetooth: hci3: command tx timeout [ 52.427577][ T5988] Bluetooth: hci4: command tx timeout [ 52.476233][ T6428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.525437][ T6425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.537335][ T6428] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.544165][ T6420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.558921][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.560433][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.566175][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.567730][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.573713][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.585144][ T6420] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.597552][ T6425] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.606390][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.608053][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.611301][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.612824][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.626047][ T6428] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.628196][ T6428] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.640934][ T6419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.647880][ T6432] veth0_vlan: entered promiscuous mode [ 52.654907][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.656679][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.676967][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.678438][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.696933][ T6420] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.700336][ T6420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.717262][ T6432] veth1_vlan: entered promiscuous mode [ 52.736182][ T6419] veth0_vlan: entered promiscuous mode [ 52.766836][ T6425] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.768896][ T6425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.800079][ T6432] veth0_macvtap: entered promiscuous mode [ 52.804863][ T6419] veth1_vlan: entered promiscuous mode [ 52.831820][ T6432] veth1_macvtap: entered promiscuous mode [ 52.844403][ T6419] veth0_macvtap: entered promiscuous mode [ 52.856127][ T6419] veth1_macvtap: entered promiscuous mode [ 52.871771][ T6428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.875642][ T6420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.885493][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.903323][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.906424][ T6432] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.908356][ T6432] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.911463][ T6432] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.913323][ T6432] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.921738][ T6425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.924247][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 52.927453][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.931040][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.950338][ T6419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 52.952502][ T6419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 52.955115][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.962379][ T6419] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.964190][ T6419] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.965990][ T6419] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.967662][ T6419] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.984707][ T6428] veth0_vlan: entered promiscuous mode [ 52.988784][ T6428] veth1_vlan: entered promiscuous mode [ 53.053326][ T6425] veth0_vlan: entered promiscuous mode [ 53.083142][ T6425] veth1_vlan: entered promiscuous mode [ 53.087769][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.090049][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.104867][ T6428] veth0_macvtap: entered promiscuous mode [ 53.108174][ T6428] veth1_macvtap: entered promiscuous mode [ 53.118554][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.124233][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.148965][ T6425] veth0_macvtap: entered promiscuous mode [ 53.164986][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.166810][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.172368][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.174391][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.175949][ T6420] veth0_vlan: entered promiscuous mode [ 53.178834][ T6425] veth1_macvtap: entered promiscuous mode [ 53.187339][ T6428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.191973][ T6428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.194004][ T6428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.195982][ T6428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.198702][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.208721][ T6420] veth1_vlan: entered promiscuous mode [ 53.214103][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.216252][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.218221][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.221019][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.223019][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 53.225201][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.228153][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.236903][ T6419] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 53.238575][ T6428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.245283][ T6428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.247325][ T6428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.250846][ T6428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.253778][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.260268][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.262466][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.264365][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.266438][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.269083][ T6425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 53.273474][ T6425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 53.282991][ T6425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.291537][ T6428] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.293536][ T6428] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.295376][ T6428] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.297115][ T6428] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.315876][ T6505] loop0: detected capacity change from 0 to 512 [ 53.331342][ T6505] EXT4-fs (loop0): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 53.341333][ T6425] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.343202][ T6425] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.354918][ T6425] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.361661][ T6425] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.381639][ T6509] loop1: detected capacity change from 0 to 16 [ 53.383394][ T6509] erofs: Unknown parameter '' [ 53.572057][ T6420] veth0_macvtap: entered promiscuous mode [ 53.575302][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.576957][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.146268][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 54.160198][ T6421] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 54.162594][ T6421] CPU: 0 UID: 0 PID: 6421 Comm: kworker/u9:2 Not tainted 6.12.0-rc7-syzkaller-g887407160d72 #0 [ 54.164681][ T6421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 54.166701][ T6421] Workqueue: hci4 hci_rx_work [ 54.167717][ T6421] Call trace: [ 54.168386][ T6421] show_stack+0x2c/0x3c (C) [ 54.169412][ T6421] dump_stack_lvl+0xe4/0x150 [ 54.170355][ T6421] dump_stack+0x1c/0x28 [ 54.171393][ T6421] sysfs_create_dir_ns+0x278/0x318 [ 54.172459][ T6421] kobject_add_internal+0x598/0xb04 [ 54.173564][ T6421] kobject_add+0x14c/0x224 [ 54.174522][ T6421] device_add+0x3a0/0xa6c [ 54.175423][ T6421] hci_conn_add_sysfs+0xc4/0x1cc [ 54.176463][ T6421] le_conn_complete_evt+0x9a8/0xf0c [ 54.177719][ T6421] hci_le_conn_complete_evt+0x114/0x404 [ 54.178863][ T6421] hci_le_meta_evt+0x2a4/0x478 [ 54.179882][ T6421] hci_event_packet+0x890/0x106c [ 54.180861][ T6421] hci_rx_work+0x324/0xaf0 [ 54.181728][ T6421] process_one_work+0x7bc/0x1600 [ 54.182781][ T6421] worker_thread+0x97c/0xeec [ 54.183772][ T6421] kthread+0x288/0x310 [ 54.184631][ T6421] ret_from_fork+0x10/0x20 [ 54.188108][ T6421] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 54.191970][ T6421] Bluetooth: hci4: failed to register connection device [ 54.200231][ T6420] veth1_macvtap: entered promiscuous mode [ 54.204684][ T6421] ================================================================== [ 54.206357][ T6421] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1d4/0x284 [ 54.208151][ T6421] Read of size 8 at addr ffff0000cffe4580 by task kworker/u9:2/6421 [ 54.209733][ T6421] [ 54.210193][ T6421] CPU: 1 UID: 0 PID: 6421 Comm: kworker/u9:2 Not tainted 6.12.0-rc7-syzkaller-g887407160d72 #0 [ 54.212236][ T6421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 54.214223][ T6421] Workqueue: hci4 hci_rx_work [ 54.215212][ T6421] Call trace: [ 54.215932][ T6421] show_stack+0x2c/0x3c (C) [ 54.216869][ T6421] dump_stack_lvl+0xe4/0x150 [ 54.217835][ T6421] print_report+0x198/0x538 [ 54.218792][ T6421] kasan_report+0xd8/0x138 [ 54.219779][ T6421] __asan_report_load8_noabort+0x20/0x2c [ 54.220980][ T6421] l2cap_sock_new_connection_cb+0x1d4/0x284 [ 54.222189][ T6421] l2cap_connect_cfm+0x2fc/0xe24 [ 54.223284][ T6421] hci_connect_cfm+0xa0/0x13c [ 54.224373][ T6421] le_conn_complete_evt+0xa1c/0xf0c [ 54.225452][ T6421] hci_le_conn_complete_evt+0x114/0x404 [ 54.226609][ T6421] hci_le_meta_evt+0x2a4/0x478 [ 54.227661][ T6421] hci_event_packet+0x890/0x106c [ 54.228737][ T6421] hci_rx_work+0x324/0xaf0 [ 54.229744][ T6421] process_one_work+0x7bc/0x1600 [ 54.230816][ T6421] worker_thread+0x97c/0xeec [ 54.231783][ T6421] kthread+0x288/0x310 [ 54.232755][ T6421] ret_from_fork+0x10/0x20 [ 54.233708][ T6421] [ 54.234245][ T6421] Allocated by task 6421: [ 54.235140][ T6421] kasan_save_track+0x40/0x78 [ 54.236173][ T6421] kasan_save_alloc_info+0x40/0x50 [ 54.237267][ T6421] __kasan_kmalloc+0xac/0xc4 [ 54.238289][ T6421] __kmalloc_noprof+0x2a4/0x49c [ 54.239340][ T6421] sk_prot_alloc+0xc4/0x1f0 [ 54.240394][ T6421] sk_alloc+0x44/0x3f0 [ 54.241311][ T6421] bt_sock_alloc+0x4c/0x304 [ 54.242226][ T6421] l2cap_sock_new_connection_cb+0xe4/0x284 [ 54.243454][ T6421] l2cap_connect_cfm+0x2fc/0xe24 [ 54.244524][ T6421] hci_connect_cfm+0xa0/0x13c [ 54.245509][ T6421] le_conn_complete_evt+0xa1c/0xf0c [ 54.246519][ T6421] hci_le_conn_complete_evt+0x114/0x404 [ 54.247662][ T6421] hci_le_meta_evt+0x2a4/0x478 [ 54.248632][ T6421] hci_event_packet+0x890/0x106c [ 54.249686][ T6421] hci_rx_work+0x324/0xaf0 [ 54.250625][ T6421] process_one_work+0x7bc/0x1600 [ 54.251601][ T6421] worker_thread+0x97c/0xeec [ 54.252563][ T6421] kthread+0x288/0x310 [ 54.253396][ T6421] ret_from_fork+0x10/0x20 [ 54.254272][ T6421] [ 54.254724][ T6421] Freed by task 6512: [ 54.255517][ T6421] kasan_save_track+0x40/0x78 [ 54.256540][ T6421] kasan_save_free_info+0x54/0x6c [ 54.257544][ T6421] __kasan_slab_free+0x64/0x8c [ 54.258641][ T6421] kfree+0x184/0x47c [ 54.259494][ T6421] __sk_destruct+0x4b8/0x74c [ 54.260383][ T6421] __sk_free+0x388/0x4f4 [ 54.261418][ T6421] sk_free+0x60/0xc8 [ 54.262260][ T6421] l2cap_sock_kill+0x12c/0x234 [ 54.263268][ T6421] l2cap_sock_cleanup_listen+0xf8/0x290 [ 54.264307][ T6421] l2cap_sock_release+0x5c/0x1b4 [ 54.265374][ T6421] sock_close+0xa4/0x1e8 [ 54.266312][ T6421] __fput+0x1bc/0x75c [ 54.267122][ T6421] ____fput+0x20/0x30 [ 54.267922][ T6421] task_work_run+0x230/0x2e0 [ 54.268842][ T6421] get_signal+0x1350/0x152c [ 54.269742][ T6421] do_signal+0x23c/0x391c [ 54.270659][ T6421] do_notify_resume+0x74/0x1f4 [ 54.271730][ T6421] el0_svc+0xac/0x168 [ 54.272597][ T6421] el0t_64_sync_handler+0x84/0x108 [ 54.273615][ T6421] el0t_64_sync+0x198/0x19c [ 54.274634][ T6421] [ 54.275171][ T6421] The buggy address belongs to the object at ffff0000cffe4000 [ 54.275171][ T6421] which belongs to the cache kmalloc-2k of size 2048 [ 54.278116][ T6421] The buggy address is located 1408 bytes inside of [ 54.278116][ T6421] freed 2048-byte region [ffff0000cffe4000, ffff0000cffe4800) [ 54.281012][ T6421] [ 54.281602][ T6421] The buggy address belongs to the physical page: [ 54.282813][ T6421] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ffe0 [ 54.284773][ T6421] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 54.286506][ T6421] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 54.288180][ T6421] page_type: f5(slab) [ 54.289051][ T6421] raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 54.290981][ T6421] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 54.292765][ T6421] head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 54.294596][ T6421] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 54.296405][ T6421] head: 05ffc00000000003 fffffdffc33ff801 ffffffffffffffff 0000000000000000 [ 54.298381][ T6421] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 54.300419][ T6421] page dumped because: kasan: bad access detected [ 54.301931][ T6421] [ 54.302436][ T6421] Memory state around the buggy address: [ 54.303713][ T6421] ffff0000cffe4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.305455][ T6421] ffff0000cffe4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.307160][ T6421] >ffff0000cffe4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.308875][ T6421] ^ [ 54.309852][ T6421] ffff0000cffe4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.311684][ T6421] ffff0000cffe4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.313295][ T6421] ================================================================== [ 54.315386][ T6421] Disabling lock debugging due to kernel taint [ 54.321121][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.323356][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.325406][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.330338][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 54.334268][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.336597][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.339042][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.340917][ T6421] ------------[ cut here ]------------ [ 54.342199][ T6421] ODEBUG: assert_init not available (active state 0) object: 00000000a46ddaa1 object type: timer_list hint: l2cap_chan_timeout+0x0/0x288 [ 54.342790][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.345350][ T6421] WARNING: CPU: 1 PID: 6421 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 54.347814][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.349523][ T6421] Modules linked in: [ 54.349540][ T6421] CPU: 1 UID: 0 PID: 6421 Comm: kworker/u9:2 Tainted: G B 6.12.0-rc7-syzkaller-g887407160d72 #0 [ 54.349559][ T6421] Tainted: [B]=BAD_PAGE [ 54.349563][ T6421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 54.349572][ T6421] Workqueue: hci4 hci_rx_work [ 54.349596][ T6421] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.349610][ T6421] pc : debug_print_object+0x168/0x1e0 [ 54.351682][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 173, changing to 11 [ 54.352457][ T6421] lr : debug_print_object+0x168/0x1e0 [ 54.354811][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33395, setting to 1024 [ 54.355608][ T6421] sp : ffff8000a35e7010 [ 54.357672][ T10] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 54.358644][ T6421] x29: ffff8000a35e7010 [ 54.362755][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.363945][ T6421] x28: dfff800000000000 [ 54.366608][ T6420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.367649][ T6421] x27: ffff7000146bce10 [ 54.367666][ T6421] x26: dfff800000000000 x25: dfff800000000000 [ 54.373343][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.373848][ T6421] x24: ffff0000cffe5150 [ 54.375380][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.376234][ T6421] [ 54.376240][ T6421] x23: ffff80008bb77ca0 [ 54.378300][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.379123][ T6421] x22: ffff80008a660d70 x21: ffff80008b646000 [ 54.385850][ T6421] x20: 0000000000000000 x19: ffff80008bb77760 x18: ffff8000a35e6838 [ 54.387533][ T6421] x17: 0000000000000000 x16: ffff8000830ce3b0 x15: 0000000000000001 [ 54.389429][ T6421] x14: 1ffff00011f19954 x13: 0000000000000000 x12: 0000000000000000 [ 54.391217][ T6421] x11: 0000000000100000 x10: 0000000000043edb x9 : 6db8aafb18378b00 [ 54.393014][ T6421] x8 : 6db8aafb18378b00 x7 : 205b5d3939313234 x6 : ffff800080395384 [ 54.394761][ T6421] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000002 [ 54.396458][ T6421] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 [ 54.398226][ T6421] Call trace: [ 54.398878][ T6421] debug_print_object+0x168/0x1e0 (P) [ 54.400071][ T6421] debug_print_object+0x168/0x1e0 (L) [ 54.400155][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.401303][ T6421] debug_object_assert_init+0x318/0x3c8 [ 54.401323][ T6421] __timer_delete+0xac/0x2f8 [ 54.405024][ T6421] timer_delete+0x24/0x34 [ 54.406020][ T6421] work_grab_pending+0xb4/0x834 [ 54.407100][ T6421] __cancel_work+0xac/0x29c [ 54.408114][ T6421] cancel_delayed_work+0x24/0x38 [ 54.409218][ T6421] l2cap_le_start+0x8d4/0x1384 [ 54.410269][ T6421] l2cap_connect_cfm+0x57c/0xe24 [ 54.411423][ T6421] hci_connect_cfm+0xa0/0x13c [ 54.412451][ T6421] le_conn_complete_evt+0xa1c/0xf0c [ 54.412548][ T10] usb 1-1: config 0 descriptor?? [ 54.413598][ T6421] hci_le_conn_complete_evt+0x114/0x404 [ 54.413619][ T6421] hci_le_meta_evt+0x2a4/0x478 [ 54.415813][ T6421] hci_event_packet+0x890/0x106c [ 54.418020][ T6421] hci_rx_work+0x324/0xaf0 [ 54.418966][ T6421] process_one_work+0x7bc/0x1600 [ 54.420052][ T6421] worker_thread+0x97c/0xeec [ 54.421024][ T6421] kthread+0x288/0x310 [ 54.421959][ T6421] ret_from_fork+0x10/0x20 [ 54.422898][ T6421] irq event stamp: 2779 [ 54.423747][ T6421] hardirqs last enabled at (2779): [] raw_spin_rq_unlock_irq+0x14/0x24 [ 54.425871][ T6421] hardirqs last disabled at (2778): [] __schedule+0x2bc/0x27d0 [ 54.428143][ T6421] softirqs last enabled at (2674): [] release_sock+0x154/0x1b8 [ 54.430153][ T6421] softirqs last disabled at (2670): [] release_sock+0x3c/0x1b8 [ 54.432068][ T6421] ---[ end trace 0000000000000000 ]--- [ 54.433716][ T6421] Unable to handle kernel paging request at virtual address dfff800000000038 [ 54.435541][ T6421] KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] [ 54.437518][ T6421] Mem abort info: [ 54.438104][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.438271][ T6421] ESR = 0x0000000096000005 [ 54.438281][ T6421] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.438290][ T6421] SET = 0, FnV = 0 [ 54.443680][ T6421] EA = 0, S1PTW = 0 [ 54.444491][ T6421] FSC = 0x05: level 1 translation fault [ 54.444607][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.445692][ T6421] Data abort info: [ 54.445702][ T6421] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 54.445713][ T6421] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.447882][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.448570][ T6421] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.448591][ T6421] [dfff800000000038] address between user and kernel address ranges [ 54.450972][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.451365][ T6421] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 54.453583][ T6420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.454720][ T6421] Modules linked in: [ 54.454738][ T6421] CPU: 1 UID: 0 PID: 6421 Comm: kworker/u9:2 Tainted: G B W 6.12.0-rc7-syzkaller-g887407160d72 #0 [ 54.454757][ T6421] Tainted: [B]=BAD_PAGE, [W]=WARN [ 54.456542][ T6420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.458594][ T6421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 54.458609][ T6421] Workqueue: hci4 hci_rx_work [ 54.471961][ T6421] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.473698][ T6421] pc : do_raw_spin_lock+0x80/0x334 [ 54.474761][ T6421] lr : _raw_spin_lock_bh+0x50/0x60 [ 54.475727][ T6421] sp : ffff8000a35e7260 [ 54.476600][ T6421] x29: ffff8000a35e72f0 x28: ffff8000a35e7440 x27: 1fffe00019ffca04 [ 54.478359][ T6421] x26: 1fffe00019ffca00 x25: ffff7000146bce88 x24: dfff800000000000 [ 54.480279][ T6421] x23: ffff8000a35e7280 x22: dfff800000000000 x21: 0000000000000000 [ 54.482162][ T6421] x20: 00000000000001c0 x19: 00000000000001c4 x18: ffff8000a35e6838 [ 54.484011][ T6421] x17: 0000000000000000 x16: ffff80008036ec34 x15: ffff600019ffca21 [ 54.485852][ T6421] x14: 1fffe00019ffca21 x13: ffff8000a35e8000 x12: ffff8000a35e7240 [ 54.487442][ T6421] x11: ffff80008036ec34 x10: 1ffff000146bce50 x9 : 0000000000000038 [ 54.489183][ T6421] x8 : f3f3f304f1f1f1f1 x7 : 0000000000000000 x6 : ffff8000895ab2a8 [ 54.490779][ T6421] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 54.492527][ T6421] x2 : 0000000000000000 x1 : ffff80008bb77140 x0 : 00000000000001c0 [ 54.494168][ T6421] Call trace: [ 54.494879][ T6421] do_raw_spin_lock+0x80/0x334 (P) [ 54.496013][ T6421] _raw_spin_lock_bh+0x50/0x60 (L) [ 54.497178][ T6421] _raw_spin_lock_bh+0x50/0x60 [ 54.498310][ T6421] lock_sock_nested+0x74/0x11c [ 54.499305][ T6421] l2cap_sock_ready_cb+0x4c/0x130 [ 54.500301][ T6421] l2cap_le_start+0xa6c/0x1384 [ 54.501320][ T6421] l2cap_connect_cfm+0x57c/0xe24 [ 54.502496][ T6421] hci_connect_cfm+0xa0/0x13c [ 54.503514][ T6421] le_conn_complete_evt+0xa1c/0xf0c [ 54.504549][ T6421] hci_le_conn_complete_evt+0x114/0x404 [ 54.505726][ T6421] hci_le_meta_evt+0x2a4/0x478 [ 54.506753][ T6421] hci_event_packet+0x890/0x106c [ 54.507784][ T6421] hci_rx_work+0x324/0xaf0 [ 54.508826][ T6421] process_one_work+0x7bc/0x1600 [ 54.509882][ T6421] worker_thread+0x97c/0xeec [ 54.510797][ T6421] kthread+0x288/0x310 [ 54.511688][ T6421] ret_from_fork+0x10/0x20 [ 54.512676][ T6421] Code: d343fe69 f9001beb f8386948 aa0003f4 (38f86928) [ 54.514139][ T6421] ---[ end trace 0000000000000000 ]--- [ 54.949144][ T6421] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 54.950863][ T6421] SMP: stopping secondary CPUs [ 54.951832][ T6421] Kernel Offset: disabled [ 54.952717][ T6421] CPU features: 0x40,0000081c,00800250,82017203 [ 54.953958][ T6421] Memory Limit: none [ 55.340574][ T6421] Rebooting in 86400 seconds..