last executing test programs: 2m22.842177794s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 1m58.128181174s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 1m56.795511457s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 1m55.240761722s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 1m32.307884554s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 1m28.197878769s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 1m24.612872263s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 1m13.904656206s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 1m11.017166462s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 1m6.184389449s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 50.352004537s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 49.695073772s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 48.561787442s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 27.417310282s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 24.831761941s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 24.060331977s ago: executing program 3 (id=3119): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc60b, 0x0, 0x0, 0xa, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 5.300718639s ago: executing program 1 (id=3472): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$video(&(0x7f0000000240), 0x3, 0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_open_dev$admmidi(&(0x7f0000000000), 0x20, 0x151601) syz_open_dev$admmidi(&(0x7f0000000080), 0x2, 0x1a9882) close(0x3) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000040)='./file1\x00', 0x65) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefd}) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x100010, r2, 0x8000000) syz_io_uring_setup(0x2e4d, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000400), &(0x7f0000000280)=0x0) syz_io_uring_setup(0x2fd7, &(0x7f0000000380), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_FSYNC={0x3, 0x40, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x1}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', &(0x7f00000006c0), 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) 5.17844338s ago: executing program 4 (id=3473): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000017c0)=ANY=[@ANYBLOB="8500000061000000350000000000002085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa3b4b87b3e0cc7444a2391511c97fabd5f9810e81ae0b737136ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226de7bad76402320e13822c45c0f8612c10b1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c5324812696aa89e393c941d9541c86238d0703394a90231ccca9c3499c9a4cd3cd8a4f8070000000b1b2d2747c45b0c52087b5efabf84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46daf2fcb5500f53e7309ec91d83cf4fbf975d9c07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106055e22f30a85f5681ca3000000002300000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c82c96f10dfa978bee51f581d124216e8bd9b1855f77138e438bdc037865f07f98c068be4c6155ec27365410866059475714844a3ea4cbe37e4000000000ef6dc4dd63bb928ff58b3bd2a600089d172a884dcdb8b9f9050297815a371deec596838e38068b5e438cbcd585a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7bbfca952475c7e6158bfbb32f187d18f977117101076bad4167d5559ac12ff1473fa0ac0c0e71925a25933bfe309a040034b0cc8f69074670efc8101b89477d23823605dfa8e5945c71a0225b50d18a010ecf3c349cbac4d5191c3d78726b9ab4bff5e05027ca5b338a62e955e514da8ca2846919b7b56c192bb43f7032e485cc664921b7f9133bdbc2ba3cd845997b0dd103c784a53ad0243624566e0dacfe4029ffbe59e7e7751b3a9e619107bde39bfa81791ff0e4577055528aef46891c3c49afda8137d03cf6893db7b0f1fe95f8a096159869db71853b6bb5c08ce5fc61353f1e659d7ac53f54a7e2c94cba21994930a423ac7f84ed873a76b0dda0a4b4c5f87eef3164a0c03bc2a7f08290ddf300b298de3fd9167fb8b9c2f26e27f97cf5e90586ea50b85eb5b420eebe171893782b8326148ef5f5174e7ea5dd7f1caa699e4a241291c2f43e9edbf44c0ffb8ee32a18b6e8f0b61836146e2eab9a767800c2c91190c96cf88466adf775b4cf517dc5e39be99c4ab471f381c3915203cd2f27466c8943a80ba03150699c787696de272affa4e4940e59d8b7c69f804d6d3fa7543176a4df033532e5053d72521d097dda0c7a70bd1278c61513c1b87b01d9a9ec4d5ef793096dab53d3224f245fd5d87984d58dc09d11ba0094ba8c39942be41f362e29bba1cdcf8068a4d8d67d2d6d79aa2d089bc4d475097d7523860ec41dab4fa4b0cfe674c163ad419753bd73882336d42036a179bb33162b31f2a58436ea88fba598fad987a60b1847cc63a77c2bb30477ecbeaaa590cde56be4102d0365987eed64bdf01bbd9aaeb77dde491845e612557f05474c0a8e0d4e662c6f2a8c06babc2aa7b28f96c2231cf93190b8a178a677fe4e63f526fc2b95fc6b770c8b812b9559de44184e6a4c3f7e78e6caf5577a21ac1ed3ec63a5568c087eb64aeea03419252f4522d3d840a040e29a5b31f7ba5b1a3c63ad76f517af4083b5198992e5b775295e3d870be7db928409fb476f66b703cd75f738fe7da9125b03d804bc78c681cf5bdaa4600442bf8e1127da6e06cf4ed9b7531b90a143d1ac4e325344bc88f232b1dabf95b7e732d870955333c299b903cc919ce7"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74) getpeername$ax25(r0, &(0x7f0000000300)={{0x3, @bcast}, [@rose, @netrom, @netrom, @rose, @null, @remote, @default]}, &(0x7f0000000280)=0x48) sendmmsg$unix(r6, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0) r7 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000440)=0x0) syz_io_uring_setup(0x131a, &(0x7f0000000200), &(0x7f0000000140)=0x0, &(0x7f00000002c0)) syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r7, 0xa39, 0xdd5a, 0x1e, 0x0, 0x50) shutdown(0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000100)={0x0, 0x7530}, 0x10) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="d52a99295b2f"}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xce0, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) 4.08217314s ago: executing program 4 (id=3474): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) iopl(0x3) msync(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) iopl(0x40) shmget(0xffffffffffffffff, 0x1000, 0x200, &(0x7f0000ffe000/0x1000)=nil) shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x6000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x7c}}, 0x20040000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) r4 = dup(r3) sendmsg$inet6(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="e5", 0x1}, {&(0x7f0000000200)='c', 0x1}], 0x2}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_BITWISE_OP={0x8}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_XOR={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) shmctl$IPC_RMID(0x0, 0x0) io_uring_setup(0x3305, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'team_slave_0\x00'}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000500000000000000000000008500000041000000850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) write$sndseq(r5, &(0x7f0000000340)=[{0x7, 0x4, 0x0, 0x1, @tick=0x2, {0x0, 0x34}, {0x7, 0x7}, @ext={0x0, &(0x7f0000000000)="d44aee5bb9bbd52f23703f5113ca8d1bd5549cfddcf02f9569b84afc783fb2557b932a72282540580e600051627b3da884d6dfc94bd27cfd5fde92"}}, {0x80, 0x9c, 0xc, 0x2, @tick=0x3fb5, {0xe3, 0x40}, {0x9, 0xfe}, @ext={0x0, &(0x7f0000000080)="9949934c4a336e5b6560aaae4712aeec80e44b8f7e1f453886258c2e7ac333e36b05b27d17d0ffbb78cccaa97bbdff14cb79e00cbfe1e63b1243efee6a6f7ca59ad86c7fd9e4ed2545a01224d6801c9719a14ba9999d84788bf848080007b0b7"}}, {0xf, 0x8, 0x7, 0x8, @time={0x401, 0x5}, {0xe7, 0x8}, {0x0, 0x1}, @connect={{0x3, 0x81}, {0x3, 0x33}}}, {0x6, 0xa, 0xfd, 0x4, @tick=0x10001, {0xaf}, {0x6, 0x7}, @connect={{0x6, 0x7}, {0x5, 0xd}}}], 0xfffffffffffffef4) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000280)={{0x9, 0x9}, 'port1\x00', 0x20, 0x808, 0x2, 0x9, 0x401, 0x148, 0x7, 0x0, 0x2, 0x2}) 3.834914561s ago: executing program 1 (id=3475): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7ffffffffffffffb, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff000060005400000000008000640"], 0x6c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$rxrpc(0x21, 0x2, 0xa) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc040564a, &(0x7f0000000000)={0x9d0000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 3.176516055s ago: executing program 4 (id=3476): socket$inet6_sctp(0xa, 0x801, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r4, r3, &(0x7f00000000c0)=0x58, 0x9) 2.874305834s ago: executing program 1 (id=3477): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) close(r0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fc00ffff00000000000000008500000041000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x0, 0x0, 0x4, 0xc}]}, 0x90) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac14140000000000ac1e000100000000830b0000000000e000000200000000001c00000000000000000000000800"/424, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000000000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="e00000017f000001000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000001c000900000000000000000007010000440c0001022101"], 0x230}, 0x0) (async) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6f94f90324fc600e0005000a000200053582c137153e3704000880fc0b09000300", 0x33fe0}], 0x1}, 0x0) 2.847522325s ago: executing program 0 (id=3101): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x7400, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x455, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000300)=""/104, 0x68) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010024bd7000fbdbdf2520fffffa08000300", @ANYBLOB="0c00060001", @ANYRES32, @ANYRESHEX=r10], 0x74}}, 0x0) 1.646791661s ago: executing program 1 (id=3478): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_script(r0, &(0x7f0000000400)={'#! ', '', [{0x20, '#! '}, {}]}, 0x9) close_range(r0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x4, 0x6}, 0x48) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f00000003c0), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100008006000000002000020d3"]) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, r4, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x4008550d) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000280), &(0x7f0000000a80)=@udp6=r2}, 0x20) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000803000000000000000200000008000100", @ANYRES32=r7, @ANYBLOB="002ca900", @ANYRES32=r7, @ANYBLOB], 0x24}}, 0x0) sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r9, 0x400, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x48000) r10 = socket$netlink(0x10, 0x3, 0xa) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000380)={'ip6gre0\x00', 0x0, 0x29, 0xe7, 0x0, 0x3, 0x24, @mcast1, @dev={0xfe, 0x80, '\x00', 0x23}, 0x8, 0x98a1e91b28e04546, 0x1}}) r11 = eventfd2(0x0, 0x0) writev(r11, &(0x7f00000010c0)=[{&(0x7f0000000000)="89", 0x1}], 0x1) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000640)={0x0, 0x8}) ioctl$BTRFS_IOC_RM_DEV_V2(r10, 0x5000943a, &(0x7f0000002840)={{r11}, r5, 0x0, @inherit={0x68, &(0x7f00000005c0)=ANY=[@ANYBLOB="010000000000000004000000000000000000000000000000010100000000000000000500000000000000a400000000000000ff7f0000000000000759ff4b000000001f0000000000000009000000000000000400"/98]}, @devid=r12}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000180)=r5) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="78bb007365722e232120"], &(0x7f0000000100)='\')(\x00', 0x4, 0x2) 1.638292667s ago: executing program 4 (id=3479): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x2}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000300)={{@host}, @host, 0x0, 0x0, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x400454ca, &(0x7f00000003c0)={{@host}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff8, 0x4}) 1.350462356s ago: executing program 4 (id=3480): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x1041}, 0x10) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={[{@size={'size', 0x3d, [0x6b]}}]}) r1 = socket$tipc(0x1e, 0x2, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) 1.326834335s ago: executing program 2 (id=3142): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x2100, 0x34, 0x34, 0x2, [@const, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x20) 262.840847ms ago: executing program 1 (id=3481): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x4000, &(0x7f0000000340)={&(0x7f00000000c0)={0x34, r2, 0x60b, 0x0, 0x0, {0x30, 0x0, 0x600}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5}]}, 0x34}}, 0x0) 262.026837ms ago: executing program 4 (id=3482): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@deltaction={0x120, 0x31, 0x0, 0x0, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}, @TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @TCA_ACT_TAB={0x4c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}]}, 0x120}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000cc9d8f404c052e000005000000010902120001000000010904"], 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) socket$can_bcm(0x1d, 0x2, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) r3 = syz_io_uring_setup(0x46bb, &(0x7f0000000200)={0x0, 0x0, 0x10100, 0x0, 0x3c9}, &(0x7f0000000040), &(0x7f0000000140)=0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_io_uring_setup(0x4eb9, &(0x7f0000000480)={0x0, 0xfccd, 0x800, 0x1, 0x25c, 0x0, r3}, &(0x7f0000000280)=0x0, &(0x7f0000000580)) syz_io_uring_submit(r6, r4, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x16, 0x0, r5, 0x0, &(0x7f0000000680)={&(0x7f0000000500)=@sco={0x1f, @none}, 0x80, 0x0}, 0x0, 0x4000, 0x1}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r7}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x4, r7}, 0x38) io_uring_enter(r3, 0x291c, 0x0, 0x0, 0x0, 0x0) write$cgroup_pid(r2, &(0x7f00000000c0), 0x12) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x6, 0x8, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r8, 0x0) r9 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r9) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r9) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r9) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xfffe, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(r8, 0x84, 0x7c, &(0x7f0000000040)={r10}, &(0x7f0000000080)=0x10) 0s ago: executing program 1 (id=3483): socket(0x848000000015, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0xa, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080), 0x7) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f0000000880)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000020400003d0301000000000095001600000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000001d670000000000006507000006000000270700004c0001000f75000000000000bf54000000000000070400000400f9ff2d4401000000000095000000000000000500000000000000950007000000000001722fabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6155cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe6fd599543ac604d8f1e5fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f712e522aad0f13b0e5b43d837d040f813d011538deb0c084bb2ae8a8f3efcb2d57491a67932bba3b7a58758224bd4cc11ad3171626ec812f8c2f80a75d11fcc21f3b156e30140e942a1c7dd13343d71c740d2a73eba3d6e8d7798659676997c3da5f6470174d7d658aa64b0d92f49f9d819652cc326cdd69cd910c8d96dbbc4a1561c97ce310305812e4c74db6b617020670a3ab2264e0ac5e66963871423887c46621240827a6e8dad409c32091e9905ef1fb3b98fe3a3b1c1f90b49cb2af0235bcc0"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv4_newrule={0x40, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e20}}, @FRA_TUN_ID={0xc}, @FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e21, 0x4e22}}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x40}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x2, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="1100010000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) kernel console output (not intermixed with test programs): (slave team0): Enslaving as an active interface with an up link [ 1085.158252][T17511] bond0: (slave netdevsim0): Releasing backup interface [ 1085.188951][T17511] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.336679][T17533] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.361323][T17533] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.377136][T17533] bridge_slave_0: entered allmulticast mode [ 1085.408846][T17533] bridge_slave_0: entered promiscuous mode [ 1085.450096][T14661] Bluetooth: hci4: command tx timeout [ 1085.493723][T15913] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.541148][T17533] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.548325][T17533] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.573387][T17533] bridge_slave_1: entered allmulticast mode [ 1085.585760][T17533] bridge_slave_1: entered promiscuous mode [ 1085.596802][T17552] chnl_net:caif_netlink_parms(): no params data found [ 1085.743370][T15913] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.835993][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1085.849152][T17533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1085.859050][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1085.912408][T15913] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.949120][T17533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1086.147772][T17552] bridge0: port 1(bridge_slave_0) entered blocking state [ 1086.177171][T17552] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.184913][T17552] bridge_slave_0: entered allmulticast mode [ 1086.201293][T17552] bridge_slave_0: entered promiscuous mode [ 1086.273163][T15913] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.294171][T17552] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.301917][T17552] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.309298][T17552] bridge_slave_1: entered allmulticast mode [ 1086.317196][T17552] bridge_slave_1: entered promiscuous mode [ 1086.329296][T17533] team0: Port device team_slave_0 added [ 1086.346648][T17533] team0: Port device team_slave_1 added [ 1086.371910][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1086.377197][T17511] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1086.379885][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1086.473035][T17511] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1086.530470][T17533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1086.549870][T17533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1086.580220][T17533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1086.623862][T17533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1086.630986][T17533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1086.658046][T17533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1086.690445][T17511] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1086.713371][T17511] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1086.729968][T14661] Bluetooth: hci1: command tx timeout [ 1086.745503][T17552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1086.752787][T17587] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3347'. [ 1086.769476][T17552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1086.811199][T14661] Bluetooth: hci0: command tx timeout [ 1086.889021][T17552] team0: Port device team_slave_0 added [ 1086.918432][T17552] team0: Port device team_slave_1 added [ 1086.942692][T17589] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3348'. [ 1087.046445][T17552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1087.058318][T17552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1087.088196][T17552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1087.114235][T17552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1087.130035][T17552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1087.170609][T17552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1087.212660][T17533] hsr_slave_0: entered promiscuous mode [ 1087.231643][T17533] hsr_slave_1: entered promiscuous mode [ 1087.237795][T17533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1087.246202][T17533] Cannot create hsr debugfs directory [ 1087.362986][T15913] bridge_slave_1: left allmulticast mode [ 1087.368670][T15913] bridge_slave_1: left promiscuous mode [ 1087.383976][T15913] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.393936][T15913] bridge_slave_0: left allmulticast mode [ 1087.400400][T15913] bridge_slave_0: left promiscuous mode [ 1087.406072][T15913] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.530066][T14661] Bluetooth: hci4: command tx timeout [ 1087.813740][T15913] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1087.826860][T15913] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1087.839166][T15913] bond0 (unregistering): Released all slaves [ 1088.006111][T17592] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3349'. [ 1088.032994][T17552] hsr_slave_0: entered promiscuous mode [ 1088.059176][T17552] hsr_slave_1: entered promiscuous mode [ 1088.066045][T17552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1088.079664][T17552] Cannot create hsr debugfs directory [ 1088.191308][ T5087] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1088.211773][ T5087] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1088.225265][ T5087] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1088.242057][ T5087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1088.255403][ T5087] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1088.264738][ T5087] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1088.504192][T15913] hsr_slave_0: left promiscuous mode [ 1088.514996][T15913] hsr_slave_1: left promiscuous mode [ 1088.522998][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1088.531056][T15913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1088.538876][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1088.547416][T15913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1088.578738][T15913] veth1_macvtap: left promiscuous mode [ 1088.584516][T15913] veth0_macvtap: left promiscuous mode [ 1088.590413][T15913] veth1_vlan: left promiscuous mode [ 1088.595705][T15913] veth0_vlan: left promiscuous mode [ 1088.890115][T14661] Bluetooth: hci0: command tx timeout [ 1089.258105][T15913] team0 (unregistering): Port device team_slave_1 removed [ 1089.267646][T17602] input: syz1 as /devices/virtual/input/input160 [ 1089.325239][T17601] xt_TCPMSS: Only works on TCP SYN packets [ 1089.357419][T15913] team0 (unregistering): Port device team_slave_0 removed [ 1089.609939][T14661] Bluetooth: hci4: command tx timeout [ 1090.329795][T14661] Bluetooth: hci2: command tx timeout [ 1090.397939][T17511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.589303][T17511] 8021q: adding VLAN 0 to HW filter on device team0 [ 1090.673063][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.680195][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1090.752266][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1090.759432][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.794612][T17595] chnl_net:caif_netlink_parms(): no params data found [ 1090.927487][T17511] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1090.938104][T17511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1091.153773][T15913] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.352080][T15913] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.376995][T17595] bridge0: port 1(bridge_slave_0) entered blocking state [ 1091.390306][T17595] bridge0: port 1(bridge_slave_0) entered disabled state [ 1091.397561][T17595] bridge_slave_0: entered allmulticast mode [ 1091.415974][T17595] bridge_slave_0: entered promiscuous mode [ 1091.478025][T17595] bridge0: port 2(bridge_slave_1) entered blocking state [ 1091.486747][T17595] bridge0: port 2(bridge_slave_1) entered disabled state [ 1091.497902][T17595] bridge_slave_1: entered allmulticast mode [ 1091.508514][T17595] bridge_slave_1: entered promiscuous mode [ 1091.563056][T15913] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.582900][T17533] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1091.601226][T17533] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1091.673301][T17595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1091.685258][T17627] 9pnet_fd: Insufficient options for proto=fd [ 1091.692150][T14661] Bluetooth: hci4: command tx timeout [ 1091.705808][T17533] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1091.742586][T15913] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.775621][T17595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1091.805713][T17533] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1091.877265][T17511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1091.913270][T17595] team0: Port device team_slave_0 added [ 1091.955570][T17595] team0: Port device team_slave_1 added [ 1092.029433][T17595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1092.036822][T17595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.084395][T17595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1092.098675][T17595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1092.106325][T17595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1092.138733][T17595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1092.294050][T17595] hsr_slave_0: entered promiscuous mode [ 1092.306539][T17595] hsr_slave_1: entered promiscuous mode [ 1092.337276][T17595] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1092.346520][T17595] Cannot create hsr debugfs directory [ 1092.409859][T14661] Bluetooth: hci2: command tx timeout [ 1092.427319][T15913] bridge_slave_1: left allmulticast mode [ 1092.434458][T15913] bridge_slave_1: left promiscuous mode [ 1092.448415][T15913] bridge0: port 2(bridge_slave_1) entered disabled state [ 1092.458894][T15913] bridge_slave_0: left allmulticast mode [ 1092.464883][T15913] bridge_slave_0: left promiscuous mode [ 1092.473997][T15913] bridge0: port 1(bridge_slave_0) entered disabled state [ 1093.217147][T15913] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1093.229224][T15913] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1093.240098][T15913] bond0 (unregistering): Released all slaves [ 1093.387999][T15913] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1093.399323][T15913] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1093.412992][T15913] bond0 (unregistering): (slave macvlan4): Releasing backup interface [ 1093.428223][T15913] batadv0: left promiscuous mode [ 1093.438177][T15913] bond0 (unregistering): (slave team0): Releasing backup interface [ 1093.447637][T15913] bond0 (unregistering): Released all slaves [ 1093.463547][T15913] bond1 (unregistering): Released all slaves [ 1093.477516][T15913] bond2 (unregistering): Released all slaves [ 1093.527478][T17630] FAULT_INJECTION: forcing a failure. [ 1093.527478][T17630] name failslab, interval 1, probability 0, space 0, times 0 [ 1093.543815][T17630] CPU: 0 PID: 17630 Comm: syz.4.3357 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1093.553992][T17630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1093.564039][T17630] Call Trace: [ 1093.567321][T17630] [ 1093.570258][T17630] dump_stack_lvl+0x241/0x360 [ 1093.574963][T17630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1093.580158][T17630] ? __pfx__printk+0x10/0x10 [ 1093.584740][T17630] ? __pfx___might_resched+0x10/0x10 [ 1093.590028][T17630] ? flow_indr_dev_setup_offload+0x48/0x660 [ 1093.595909][T17630] should_fail_ex+0x3b0/0x4e0 [ 1093.600580][T17630] ? flow_indr_dev_setup_offload+0x24f/0x660 [ 1093.606544][T17630] should_failslab+0x9/0x20 [ 1093.611032][T17630] kmalloc_trace_noprof+0x6c/0x2c0 [ 1093.616161][T17630] flow_indr_dev_setup_offload+0x24f/0x660 [ 1093.621960][T17630] ? __pfx_tc_block_indr_cleanup+0x10/0x10 [ 1093.627750][T17630] tcf_block_offload_cmd+0x31f/0x470 [ 1093.633025][T17630] ? __pfx_tcf_block_offload_cmd+0x10/0x10 [ 1093.638814][T17630] ? __pfx___down_write_common+0x10/0x10 [ 1093.644435][T17630] ? tcf_block_get_ext+0x86a/0x1650 [ 1093.649625][T17630] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 1093.655000][T17630] tcf_block_get_ext+0xe94/0x1650 [ 1093.660039][T17630] ? netlink_rcv_skb+0x1e3/0x430 [ 1093.664973][T17630] tcf_block_get+0xf8/0x150 [ 1093.669471][T17630] ? __pfx_tcf_block_get+0x10/0x10 [ 1093.674573][T17630] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 1093.680807][T17630] prio_init+0x36/0x80 [ 1093.684862][T17630] ? __pfx_prio_init+0x10/0x10 [ 1093.689616][T17630] qdisc_create+0x9d4/0x11a0 [ 1093.694221][T17630] ? __pfx_qdisc_create+0x10/0x10 [ 1093.699252][T17630] tc_modify_qdisc+0xa26/0x1e40 [ 1093.704147][T17630] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 1093.709439][T17630] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 1093.714716][T17630] rtnetlink_rcv_msg+0x89b/0x1180 [ 1093.719740][T17630] ? rtnetlink_rcv_msg+0x208/0x1180 [ 1093.724946][T17630] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1093.730430][T17630] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1093.736477][T17630] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1093.742819][T17630] ? __local_bh_enable_ip+0x168/0x200 [ 1093.748191][T17630] ? lockdep_hardirqs_on+0x99/0x150 [ 1093.753386][T17630] ? __local_bh_enable_ip+0x168/0x200 [ 1093.758744][T17630] ? dev_hard_start_xmit+0x773/0x7e0 [ 1093.764039][T17630] ? __dev_queue_xmit+0x2d2/0x3d30 [ 1093.769160][T17630] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1093.774880][T17630] ? __dev_queue_xmit+0x2d2/0x3d30 [ 1093.779985][T17630] ? __dev_queue_xmit+0x16c9/0x3d30 [ 1093.785182][T17630] ? __dev_queue_xmit+0x2d2/0x3d30 [ 1093.790306][T17630] ? ref_tracker_free+0x643/0x7e0 [ 1093.795346][T17630] netlink_rcv_skb+0x1e3/0x430 [ 1093.800104][T17630] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1093.805575][T17630] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1093.810879][T17630] ? netlink_deliver_tap+0x2e/0x1b0 [ 1093.816073][T17630] netlink_unicast+0x7ea/0x980 [ 1093.820832][T17630] ? __pfx_netlink_unicast+0x10/0x10 [ 1093.826103][T17630] ? __virt_addr_valid+0x183/0x520 [ 1093.831201][T17630] ? __check_object_size+0x49c/0x900 [ 1093.836469][T17630] ? bpf_lsm_netlink_send+0x9/0x10 [ 1093.841579][T17630] netlink_sendmsg+0x8db/0xcb0 [ 1093.846345][T17630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1093.851619][T17630] ? __import_iovec+0x536/0x820 [ 1093.856980][T17630] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1093.862252][T17630] ? security_socket_sendmsg+0x87/0xb0 [ 1093.867708][T17630] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1093.873010][T17630] __sock_sendmsg+0x221/0x270 [ 1093.877682][T17630] ____sys_sendmsg+0x525/0x7d0 [ 1093.882451][T17630] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1093.887761][T17630] __sys_sendmsg+0x2b0/0x3a0 [ 1093.892356][T17630] ? __pfx___sys_sendmsg+0x10/0x10 [ 1093.897480][T17630] ? vfs_write+0x7c4/0xc90 [ 1093.901930][T17630] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1093.908246][T17630] ? do_syscall_64+0x100/0x230 [ 1093.913003][T17630] ? do_syscall_64+0xb6/0x230 [ 1093.917668][T17630] do_syscall_64+0xf3/0x230 [ 1093.922171][T17630] ? clear_bhb_loop+0x35/0x90 [ 1093.926835][T17630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.932717][T17630] RIP: 0033:0x7f23d6975bd9 [ 1093.937123][T17630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.956717][T17630] RSP: 002b:00007f23d7700048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1093.965117][T17630] RAX: ffffffffffffffda RBX: 00007f23d6b04038 RCX: 00007f23d6975bd9 [ 1093.973092][T17630] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1093.981067][T17630] RBP: 00007f23d77000a0 R08: 0000000000000000 R09: 0000000000000000 [ 1093.989019][T17630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1093.996990][T17630] R13: 000000000000006e R14: 00007f23d6b04038 R15: 00007ffc58e79fe8 [ 1094.004961][T17630] [ 1094.147486][T15913] Êü: left promiscuous mode [ 1094.198870][T17552] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1094.217755][T17552] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1094.301006][T17511] veth0_vlan: entered promiscuous mode [ 1094.320665][T17552] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1094.342344][T17552] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1094.395882][T17511] veth1_vlan: entered promiscuous mode [ 1094.407200][T17637] FAULT_INJECTION: forcing a failure. [ 1094.407200][T17637] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.423830][T17637] CPU: 0 PID: 17637 Comm: syz.4.3360 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1094.434020][T17637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1094.444099][T17637] Call Trace: [ 1094.447380][T17637] [ 1094.450308][T17637] dump_stack_lvl+0x241/0x360 [ 1094.455009][T17637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1094.460231][T17637] ? __pfx__printk+0x10/0x10 [ 1094.464857][T17637] ? netlink_insert+0x10b7/0x14b0 [ 1094.469915][T17637] should_fail_ex+0x3b0/0x4e0 [ 1094.474627][T17637] ? __alloc_skb+0x1c3/0x440 [ 1094.479219][T17637] should_failslab+0x9/0x20 [ 1094.483731][T17637] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1094.489555][T17637] __alloc_skb+0x1c3/0x440 [ 1094.493985][T17637] ? __pfx___alloc_skb+0x10/0x10 [ 1094.498919][T17637] ? netlink_autobind+0xd6/0x2f0 [ 1094.503859][T17637] ? netlink_autobind+0x2b0/0x2f0 [ 1094.508880][T17637] netlink_sendmsg+0x631/0xcb0 [ 1094.513647][T17637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1094.518928][T17637] ? __import_iovec+0x536/0x820 [ 1094.523772][T17637] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1094.529094][T17637] ? security_socket_sendmsg+0x87/0xb0 [ 1094.534565][T17637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1094.539854][T17637] __sock_sendmsg+0x221/0x270 [ 1094.544633][T17637] ____sys_sendmsg+0x525/0x7d0 [ 1094.549412][T17637] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1094.554707][T17637] __sys_sendmsg+0x2b0/0x3a0 [ 1094.559294][T17637] ? __pfx___sys_sendmsg+0x10/0x10 [ 1094.564401][T17637] ? vfs_write+0x7c4/0xc90 [ 1094.568844][T17637] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1094.575162][T17637] ? do_syscall_64+0x100/0x230 [ 1094.579924][T17637] ? do_syscall_64+0xb6/0x230 [ 1094.584597][T17637] do_syscall_64+0xf3/0x230 [ 1094.589101][T17637] ? clear_bhb_loop+0x35/0x90 [ 1094.593779][T17637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.599668][T17637] RIP: 0033:0x7f23d6975bd9 [ 1094.604102][T17637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1094.623700][T17637] RSP: 002b:00007f23d7721048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1094.632107][T17637] RAX: ffffffffffffffda RBX: 00007f23d6b03f60 RCX: 00007f23d6975bd9 [ 1094.640069][T17637] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 1094.648029][T17637] RBP: 00007f23d77210a0 R08: 0000000000000000 R09: 0000000000000000 [ 1094.655998][T17637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1094.663958][T17637] R13: 000000000000000b R14: 00007f23d6b03f60 R15: 00007ffc58e79fe8 [ 1094.671935][T17637] [ 1094.680823][T14661] Bluetooth: hci2: command tx timeout [ 1095.058316][T17533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.103943][T17511] veth0_macvtap: entered promiscuous mode [ 1095.204154][T17552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.345019][T17511] veth1_macvtap: entered promiscuous mode [ 1095.372761][T17533] 8021q: adding VLAN 0 to HW filter on device team0 [ 1095.448088][T15913] hsr_slave_0: left promiscuous mode [ 1095.460011][T15913] hsr_slave_1: left promiscuous mode [ 1095.466648][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1095.478102][T15913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1095.490744][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1095.498501][T15913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1095.525275][T15913] hsr_slave_0: left promiscuous mode [ 1095.551440][T15913] hsr_slave_1: left promiscuous mode [ 1095.560799][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1095.568262][T15913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1095.591133][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1095.598578][T15913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1095.673817][T15913] veth1_macvtap: left promiscuous mode [ 1095.679399][T15913] veth0_macvtap: left promiscuous mode [ 1095.685844][T15913] veth1_vlan: left promiscuous mode [ 1095.699935][T15913] veth0_vlan: left promiscuous mode [ 1095.706950][T15913] veth1_macvtap: left promiscuous mode [ 1095.719825][T15913] veth0_macvtap: left promiscuous mode [ 1095.729916][T15913] veth1_vlan: left promiscuous mode [ 1095.735278][T15913] veth0_vlan: left promiscuous mode [ 1096.351673][T15913] team0 (unregistering): Port device team_slave_1 removed [ 1096.397051][T15913] team0 (unregistering): Port device team_slave_0 removed [ 1096.740857][T14661] Bluetooth: hci2: command tx timeout [ 1097.348163][T15913] team0 (unregistering): Port device team_slave_1 removed [ 1097.399708][T15913] team0 (unregistering): Port device team_slave_0 removed [ 1097.867127][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 1097.874327][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1097.893707][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 1097.900887][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1097.925862][T17552] 8021q: adding VLAN 0 to HW filter on device team0 [ 1097.947443][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.962207][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.973066][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1097.983645][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1097.993903][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1098.004773][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.015159][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1098.025882][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.045653][T17511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1098.062617][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1098.085792][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.107893][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1098.121180][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.131138][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1098.141710][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.151560][T17511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1098.162129][T17511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1098.175370][T14661] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1098.175452][T14661] Bluetooth: hci3: Injecting HCI hardware error event [ 1098.178051][T14661] Bluetooth: hci3: hardware error 0x00 [ 1098.192870][T17511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1098.223614][T17511] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.232731][T17511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.241590][T17511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.251945][T17511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.302682][ T29] audit: type=1326 audit(1720147761.585:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.342568][T17655] Process accounting resumed [ 1098.356132][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1098.363406][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1098.371230][ T29] audit: type=1326 audit(1720147761.585:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.398821][ T29] audit: type=1326 audit(1720147761.605:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.436286][ T29] audit: type=1326 audit(1720147761.605:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.486816][ T29] audit: type=1326 audit(1720147761.605:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.502705][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1098.515575][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1098.519641][ T29] audit: type=1326 audit(1720147761.605:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.559401][ T29] audit: type=1326 audit(1720147761.605:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.583174][ T29] audit: type=1326 audit(1720147761.615:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.630952][T17659] can: request_module (can-proto-0) failed. [ 1098.637032][ T29] audit: type=1326 audit(1720147761.615:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.721020][T17595] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1098.728236][ T29] audit: type=1326 audit(1720147761.615:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17654 comm="syz.4.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1098.747645][T17595] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1098.864543][T17552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1098.886056][T17552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1098.917645][T17595] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1098.928114][T17595] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1099.116705][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1099.125929][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1099.247278][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1099.278050][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1099.333747][T17595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1099.510737][T17595] 8021q: adding VLAN 0 to HW filter on device team0 [ 1099.582123][T15470] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.589242][T15470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1099.617994][T15470] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.625130][T15470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1099.736506][T17552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.822299][T17533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.979362][T17552] veth0_vlan: entered promiscuous mode [ 1099.996655][T17533] veth0_vlan: entered promiscuous mode [ 1100.055986][T17533] veth1_vlan: entered promiscuous mode [ 1100.076528][T17552] veth1_vlan: entered promiscuous mode [ 1100.139905][T11575] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1100.158179][T17533] veth0_macvtap: entered promiscuous mode [ 1100.182013][T17552] veth0_macvtap: entered promiscuous mode [ 1100.217844][T17533] veth1_macvtap: entered promiscuous mode [ 1100.233643][T17552] veth1_macvtap: entered promiscuous mode [ 1100.278204][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.289396][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.300280][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.311500][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.329744][T11575] usb 5-1: Using ep0 maxpacket: 8 [ 1100.334993][T14661] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1100.343591][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.359827][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.370620][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.382369][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.392410][T11575] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1100.410951][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.432655][T11575] usb 5-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 1100.449594][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.459801][T11575] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.467811][T11575] usb 5-1: Product: syz [ 1100.485316][T17552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1100.514924][T11575] usb 5-1: Manufacturer: syz [ 1100.515631][T17595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1100.519741][T11575] usb 5-1: SerialNumber: syz [ 1100.529166][T11575] usb 5-1: config 0 descriptor?? [ 1100.539084][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.719278][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.786357][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.845292][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.896705][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1100.943862][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.999177][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1101.053259][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.219663][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1101.240862][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.261226][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1101.279710][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.314223][T17533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1101.327142][T11575] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 1101.340261][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.351404][T11575] imon 5-1:0.0: unable to initialize intf0, err -19 [ 1101.358034][T11575] imon:imon_probe: failed to initialize context! [ 1101.366640][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.376711][T11575] imon 5-1:0.0: unable to register, err -19 [ 1101.382866][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.403784][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.413979][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.431080][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.441463][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.452969][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.462846][T17533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.473536][T17533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.484575][T17533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1101.500113][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.510943][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.521798][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.526036][T17676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1101.534276][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.553375][T17676] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1101.567207][T11575] usb 5-1: USB disconnect, device number 75 [ 1101.568682][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.584404][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.594310][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.604838][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.615117][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.626221][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.636408][T17552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1101.646988][T17552] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1101.658602][T17552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1101.679838][ T5085] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1101.685279][T17533] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.697199][T17533] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.709088][T17533] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.718392][T17533] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.739900][T17552] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.748636][T17552] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.757859][T17552] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.767483][T17552] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1101.900514][ T5085] usb 2-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=f3.0f [ 1101.919543][ T5085] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.927664][ T5085] usb 2-1: Product: syz [ 1101.941364][ T5085] usb 2-1: Manufacturer: syz [ 1101.951473][ T5085] usb 2-1: SerialNumber: syz [ 1101.952347][T17595] veth0_vlan: entered promiscuous mode [ 1101.963702][ T5085] usb 2-1: config 0 descriptor?? [ 1101.968921][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1101.981025][T17595] veth1_vlan: entered promiscuous mode [ 1101.992464][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1101.994096][ T5085] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 1102.041110][ T9453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1102.060492][ T9453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1102.079429][T17595] veth0_macvtap: entered promiscuous mode [ 1102.112823][T17595] veth1_macvtap: entered promiscuous mode [ 1102.159383][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1102.172972][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1102.245614][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.259144][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.274852][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.286358][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.296297][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.306798][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.316667][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.327268][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.350899][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.361571][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.373349][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.383930][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.397902][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1102.417125][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.435121][T17595] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1102.467326][T17692] macsec1: entered promiscuous mode [ 1102.488274][T17692] macvlan0: entered promiscuous mode [ 1102.533970][T17692] macvlan0: left promiscuous mode [ 1102.576032][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1102.594214][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1102.651771][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.697939][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.719615][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.738674][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.750571][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.761538][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.771494][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.784766][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.794735][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.805220][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.818970][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.829525][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.839332][T17595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1102.849873][T17595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1102.867388][T17595] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1102.925990][T17595] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.950336][T17595] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.959070][T17595] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1102.974861][T17595] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1103.014858][ T784] usb 2-1: USB disconnect, device number 85 [ 1103.036890][T17704] Process accounting resumed [ 1103.134922][ T1058] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.278563][ T1058] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.315781][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1103.327088][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1103.358115][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1103.367335][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1103.717182][ T1058] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.799337][ T5087] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1103.811534][ T5087] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1103.820745][ T5087] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1103.828716][ T5087] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1103.837244][ T5087] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1103.846502][ T5087] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1103.896277][ T1058] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1104.068600][T17708] chnl_net:caif_netlink_parms(): no params data found [ 1104.142759][ T1058] bridge_slave_1: left allmulticast mode [ 1104.148413][ T1058] bridge_slave_1: left promiscuous mode [ 1104.154808][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.163611][ T1058] bridge_slave_0: left allmulticast mode [ 1104.169249][ T1058] bridge_slave_0: left promiscuous mode [ 1104.176794][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.364214][T17717] fuse: Unknown parameter 'group_id00000000000000000000' [ 1104.801584][T14661] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1104.813277][T14661] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1104.821450][T14661] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1104.850171][T14661] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1104.861356][T14661] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1104.869821][T14661] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1105.315713][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1105.359876][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1105.371802][ T1058] bond0 (unregistering): Released all slaves [ 1105.514840][T17708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1105.522575][T17708] bridge0: port 1(bridge_slave_0) entered disabled state [ 1105.536812][T17708] bridge_slave_0: entered allmulticast mode [ 1105.546431][T17708] bridge_slave_0: entered promiscuous mode [ 1105.621405][T17708] bridge0: port 2(bridge_slave_1) entered blocking state [ 1105.629290][T17708] bridge0: port 2(bridge_slave_1) entered disabled state [ 1105.637215][T17708] bridge_slave_1: entered allmulticast mode [ 1105.650941][T17708] bridge_slave_1: entered promiscuous mode [ 1105.806052][T17708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1105.862863][T17708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1105.930326][ T5087] Bluetooth: hci0: command tx timeout [ 1105.980563][T17708] team0: Port device team_slave_0 added [ 1106.162971][T17708] team0: Port device team_slave_1 added [ 1106.305295][ T1058] hsr_slave_0: left promiscuous mode [ 1106.350308][ T1058] hsr_slave_1: left promiscuous mode [ 1106.369667][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1106.377215][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1106.394231][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1106.422151][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1106.436207][T14661] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1106.453855][T14661] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1106.467842][T14661] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1106.478693][T14661] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1106.488835][T14661] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1106.497322][T14661] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1106.545331][ T1058] veth1_macvtap: left promiscuous mode [ 1106.561763][ T1058] veth0_macvtap: left promiscuous mode [ 1106.569899][ T1058] veth1_vlan: left promiscuous mode [ 1106.577137][ T1058] veth0_vlan: left promiscuous mode [ 1106.978534][ T5087] Bluetooth: hci2: command tx timeout [ 1107.502943][ T1058] team0 (unregistering): Port device team_slave_1 removed [ 1107.577199][ T1058] team0 (unregistering): Port device team_slave_0 removed [ 1108.017022][ T5087] Bluetooth: hci0: command tx timeout [ 1108.209301][T17742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3384'. [ 1108.219799][T17742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3384'. [ 1108.292282][T17708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1108.321377][T17708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1108.369479][T17708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1108.376471][T17748] usb usb8: usbfs: process 17748 (syz.1.3386) did not claim interface 0 before use [ 1108.429432][T17708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1108.436606][T17708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1108.538803][T17708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1108.577982][ T5087] Bluetooth: hci4: command tx timeout [ 1108.654450][T17754] macsec1: entered promiscuous mode [ 1108.667619][T17754] macvlan0: entered promiscuous mode [ 1108.685831][T17754] macvlan0: left promiscuous mode [ 1108.951474][T17760] 9pnet_fd: Insufficient options for proto=fd [ 1108.986416][T17708] hsr_slave_0: entered promiscuous mode [ 1109.020911][T17708] hsr_slave_1: entered promiscuous mode [ 1109.036088][T17708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1109.053812][T17708] Cannot create hsr debugfs directory [ 1109.053860][ T5087] Bluetooth: hci2: command tx timeout [ 1109.084849][T17721] chnl_net:caif_netlink_parms(): no params data found [ 1109.347873][T17732] chnl_net:caif_netlink_parms(): no params data found [ 1109.566903][T17772] syzkaller1: entered promiscuous mode [ 1109.572775][T17772] syzkaller1: entered allmulticast mode [ 1109.649751][T17732] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.656916][T17732] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.669863][T17732] bridge_slave_0: entered allmulticast mode [ 1109.676856][T17732] bridge_slave_0: entered promiscuous mode [ 1109.697465][T17721] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.704773][T17721] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.712812][T17721] bridge_slave_0: entered allmulticast mode [ 1109.720237][T17721] bridge_slave_0: entered promiscuous mode [ 1109.736870][T17732] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.745512][T17732] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.753163][T17732] bridge_slave_1: entered allmulticast mode [ 1109.761393][T17732] bridge_slave_1: entered promiscuous mode [ 1109.813113][ T1058] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.834633][T17721] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.845861][T17721] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.855393][T17721] bridge_slave_1: entered allmulticast mode [ 1109.863012][T17721] bridge_slave_1: entered promiscuous mode [ 1109.938740][ T1058] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.001007][T17721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1110.014619][T17721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1110.028537][T17732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1110.075450][ T1058] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1110.090196][ T5087] Bluetooth: hci0: command tx timeout [ 1110.121160][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 1110.121179][ T29] audit: type=1326 audit(1720147773.405:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.127295][T17732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1110.188286][ T29] audit: type=1326 audit(1720147773.405:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.190050][T17782] Process accounting resumed [ 1110.210161][ T29] audit: type=1326 audit(1720147773.405:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.261809][ T29] audit: type=1326 audit(1720147773.405:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.291126][ T29] audit: type=1326 audit(1720147773.405:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.313718][ T29] audit: type=1326 audit(1720147773.405:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.372292][T17784] FAULT_INJECTION: forcing a failure. [ 1110.372292][T17784] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1110.375547][T17721] team0: Port device team_slave_0 added [ 1110.385693][ T29] audit: type=1326 audit(1720147773.405:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.385742][ T29] audit: type=1326 audit(1720147773.445:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.385781][ T29] audit: type=1326 audit(1720147773.445:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.385816][ T29] audit: type=1326 audit(1720147773.465:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17781 comm="syz.4.3391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f23d6975bd9 code=0x7ffc0000 [ 1110.478800][T17784] CPU: 1 PID: 17784 Comm: syz.4.3392 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1110.490116][T17784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1110.493641][T17786] FAULT_INJECTION: forcing a failure. [ 1110.493641][T17786] name failslab, interval 1, probability 0, space 0, times 0 [ 1110.500175][T17784] Call Trace: [ 1110.500191][T17784] [ 1110.500200][T17784] dump_stack_lvl+0x241/0x360 [ 1110.500239][T17784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1110.500265][T17784] ? __pfx__printk+0x10/0x10 [ 1110.500294][T17784] ? snprintf+0xda/0x120 [ 1110.538053][T17784] should_fail_ex+0x3b0/0x4e0 [ 1110.542744][T17784] _copy_to_user+0x2f/0xb0 [ 1110.547161][T17784] simple_read_from_buffer+0xca/0x150 [ 1110.552532][T17784] proc_fail_nth_read+0x1e9/0x250 [ 1110.557553][T17784] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1110.563101][T17784] ? rw_verify_area+0x520/0x6b0 [ 1110.567949][T17784] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1110.573491][T17784] vfs_read+0x204/0xbc0 [ 1110.577642][T17784] ? __pfx_lock_release+0x10/0x10 [ 1110.582671][T17784] ? __pfx_vfs_read+0x10/0x10 [ 1110.587370][T17784] ? __fget_files+0x29/0x470 [ 1110.591955][T17784] ? __fget_files+0x3f6/0x470 [ 1110.596630][T17784] ksys_read+0x1a0/0x2c0 [ 1110.600873][T17784] ? __pfx_ksys_read+0x10/0x10 [ 1110.605632][T17784] ? do_syscall_64+0x100/0x230 [ 1110.610394][T17784] ? do_syscall_64+0xb6/0x230 [ 1110.615068][T17784] do_syscall_64+0xf3/0x230 [ 1110.619566][T17784] ? clear_bhb_loop+0x35/0x90 [ 1110.624240][T17784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.630129][T17784] RIP: 0033:0x7f23d69746bc [ 1110.634534][T17784] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1110.654129][T17784] RSP: 002b:00007f23d7721040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1110.662548][T17784] RAX: ffffffffffffffda RBX: 00007f23d6b03f60 RCX: 00007f23d69746bc [ 1110.670516][T17784] RDX: 000000000000000f RSI: 00007f23d77210b0 RDI: 0000000000000005 [ 1110.678493][T17784] RBP: 00007f23d77210a0 R08: 0000000000000000 R09: 0000000000000000 [ 1110.686507][T17784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1110.694650][T17784] R13: 000000000000000b R14: 00007f23d6b03f60 R15: 00007ffc58e79fe8 [ 1110.702630][T17784] [ 1110.711886][T17786] CPU: 1 PID: 17786 Comm: syz.1.3393 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1110.722087][T17786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1110.729684][ T5087] Bluetooth: hci4: command tx timeout [ 1110.732142][T17786] Call Trace: [ 1110.732156][T17786] [ 1110.732166][T17786] dump_stack_lvl+0x241/0x360 [ 1110.748432][T17786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1110.753663][T17786] ? __pfx__printk+0x10/0x10 [ 1110.758296][T17786] ? __pfx___might_resched+0x10/0x10 [ 1110.763613][T17786] should_fail_ex+0x3b0/0x4e0 [ 1110.768322][T17786] ? alloc_empty_file+0x9e/0x1d0 [ 1110.773282][T17786] should_failslab+0x9/0x20 [ 1110.777800][T17786] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1110.783183][T17786] ? make_vfsuid+0x46/0x90 [ 1110.787626][T17786] alloc_empty_file+0x9e/0x1d0 [ 1110.792414][T17786] dentry_open+0x44/0xa0 [ 1110.796676][T17786] ovl_dir_read+0x26/0x570 [ 1110.801108][T17786] ? ovl_path_next+0x23b/0x470 [ 1110.805862][T17786] ovl_dir_read_merged+0x313/0x5e0 [ 1110.810970][T17786] ? __pfx_ovl_dir_read_merged+0x10/0x10 [ 1110.816592][T17786] ? __pfx_ovl_fill_merge+0x10/0x10 [ 1110.821801][T17786] ? ovl_iterate+0x10eb/0x21e0 [ 1110.826576][T17786] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 1110.831947][T17786] ovl_iterate+0x11ab/0x21e0 [ 1110.836543][T17786] ? mark_lock+0x9a/0x350 [ 1110.840868][T17786] ? __pfx_ovl_iterate+0x10/0x10 [ 1110.845817][T17786] ? __lock_acquire+0x1346/0x1fd0 [ 1110.850868][T17786] ? __pfx_lock_acquire+0x10/0x10 [ 1110.855902][T17786] ? __down_write_common+0x162/0x200 [ 1110.861201][T17786] ? __pfx___down_write_common+0x10/0x10 [ 1110.866836][T17786] ? __pfx___mutex_lock+0x10/0x10 [ 1110.871868][T17786] ? __pfx_ovl_iterate+0x10/0x10 [ 1110.876801][T17786] wrap_directory_iterator+0x94/0xe0 [ 1110.882086][T17786] iterate_dir+0x57a/0x810 [ 1110.886501][T17786] __se_sys_getdents+0x1ef/0x4d0 [ 1110.891443][T17786] ? __pfx___se_sys_getdents+0x10/0x10 [ 1110.896895][T17786] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1110.902862][T17786] ? __pfx_filldir+0x10/0x10 [ 1110.907441][T17786] ? 0xffffffff81000000 [ 1110.911592][T17786] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1110.917909][T17786] ? do_syscall_64+0x100/0x230 [ 1110.922673][T17786] ? do_syscall_64+0xb6/0x230 [ 1110.927350][T17786] do_syscall_64+0xf3/0x230 [ 1110.931848][T17786] ? clear_bhb_loop+0x35/0x90 [ 1110.936520][T17786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.942409][T17786] RIP: 0033:0x7f4171d75bd9 [ 1110.946824][T17786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1110.966440][T17786] RSP: 002b:00007f4172bf6048 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 1110.974894][T17786] RAX: ffffffffffffffda RBX: 00007f4171f03f60 RCX: 00007f4171d75bd9 [ 1110.982947][T17786] RDX: 00000000000000bb RSI: ffffffff81000000 RDI: 0000000000000003 [ 1110.990913][T17786] RBP: 00007f4172bf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 1110.998876][T17786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1111.006837][T17786] R13: 000000000000000b R14: 00007f4171f03f60 R15: 00007ffca1136fc8 [ 1111.014811][T17786] ? 0xffffffff81000000 [ 1111.018961][T17786] [ 1111.066389][ T1058] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.111414][T17721] team0: Port device team_slave_1 added [ 1111.117735][T17789] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1111.138328][ T5087] Bluetooth: hci2: command tx timeout [ 1111.163016][T17732] team0: Port device team_slave_0 added [ 1111.200530][T17732] team0: Port device team_slave_1 added [ 1111.204236][T17791] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3395'. [ 1111.420605][T17721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1111.450173][T17721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.489725][T17721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1111.510300][T17732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1111.517421][T17732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.548017][T17732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1111.562612][T17721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1111.573123][T17721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.650150][T17721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1111.715561][T17732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1111.731929][T17806] hfs: can't find a HFS filesystem on dev nullb0 [ 1111.749667][T17732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.818979][T17732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1111.878464][T17804] macsec1: entered promiscuous mode [ 1111.886528][T17804] macvlan0: entered promiscuous mode [ 1111.916158][T17804] macvlan0: left promiscuous mode [ 1112.083203][T17808] FAULT_INJECTION: forcing a failure. [ 1112.083203][T17808] name failslab, interval 1, probability 0, space 0, times 0 [ 1112.084438][T17721] hsr_slave_0: entered promiscuous mode [ 1112.095914][T17808] CPU: 1 PID: 17808 Comm: syz.1.3399 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1112.095944][T17808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1112.095957][T17808] Call Trace: [ 1112.095966][T17808] [ 1112.095976][T17808] dump_stack_lvl+0x241/0x360 [ 1112.096009][T17808] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1112.096035][T17808] ? __pfx__printk+0x10/0x10 [ 1112.096065][T17808] ? __asan_memset+0x23/0x50 [ 1112.096091][T17808] should_fail_ex+0x3b0/0x4e0 [ 1112.096124][T17808] should_failslab+0x9/0x20 [ 1112.096144][T17808] kmalloc_node_track_caller_noprof+0xda/0x440 [ 1112.096167][T17808] ? nf_ct_ext_add+0x1a2/0x3e0 [ 1112.096197][T17808] krealloc_noprof+0x7d/0x120 [ 1112.096226][T17808] nf_ct_ext_add+0x1a2/0x3e0 [ 1112.096257][T17808] init_conntrack+0x8bf/0x1310 [ 1112.096286][T17808] ? __pfx_init_conntrack+0x10/0x10 [ 1112.096309][T17808] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 1112.096329][T17808] ? __local_bh_enable_ip+0x168/0x200 [ 1112.096355][T17808] nf_conntrack_in+0xd59/0x1880 [ 1112.096405][T17808] ? __pfx_nf_conntrack_in+0x10/0x10 [ 1112.096437][T17808] ? ipt_do_table+0x312/0x1860 [ 1112.096460][T17808] ? __pfx_ipt_do_table+0x10/0x10 [ 1112.096487][T17808] ? ipv4_conntrack_defrag+0x2a2/0x5a0 [ 1112.096520][T17808] ? ip_sabotage_in+0x55/0x290 [ 1112.096550][T17808] ? __pfx_ipv4_conntrack_in+0x10/0x10 [ 1112.096569][T17808] nf_hook_slow+0xc3/0x220 [ 1112.096592][T17808] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1112.096616][T17808] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1112.096640][T17808] NF_HOOK+0x29e/0x450 [ 1112.096669][T17808] ? NF_HOOK+0x9a/0x450 [ 1112.096690][T17808] ? __pfx_NF_HOOK+0x10/0x10 [ 1112.096711][T17808] ? ip_rcv_core+0x7ff/0xd10 [ 1112.096737][T17808] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1112.096767][T17808] ? __pfx_ip_rcv+0x10/0x10 [ 1112.096792][T17808] __netif_receive_skb+0x2bf/0x650 [ 1112.096823][T17808] ? __pfx_lock_acquire+0x10/0x10 [ 1112.096841][T17808] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 1112.096869][T17808] ? __pfx___netif_receive_skb+0x10/0x10 [ 1112.096892][T17808] ? __kasan_slab_alloc+0x66/0x80 [ 1112.096922][T17808] ? read_tsc+0x9/0x20 [ 1112.096942][T17808] ? timekeeping_get_ns+0x2c0/0x420 [ 1112.096979][T17808] ? netif_receive_skb+0x131/0x890 [ 1112.097002][T17808] ? netif_receive_skb+0x131/0x890 [ 1112.097028][T17808] netif_receive_skb+0x1e8/0x890 [ 1112.097054][T17808] ? tun_rx_batched+0x160/0x8f0 [ 1112.097079][T17808] ? __pfx_netif_receive_skb+0x10/0x10 [ 1112.097116][T17808] ? tun_rx_batched+0x160/0x8f0 [ 1112.097139][T17808] tun_rx_batched+0x1b7/0x8f0 [ 1112.347302][T17808] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1112.353645][T17808] ? __pfx_lock_acquire+0x10/0x10 [ 1112.358661][T17808] ? __pfx_tun_rx_batched+0x10/0x10 [ 1112.363878][T17808] tun_get_user+0x2f35/0x4560 [ 1112.368552][T17808] ? tun_get_user+0x2a2f/0x4560 [ 1112.373428][T17808] ? __pfx_tun_get_user+0x10/0x10 [ 1112.378455][T17808] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1112.383911][T17808] ? tun_get+0x1e/0x2f0 [ 1112.388074][T17808] ? tun_get+0x1e/0x2f0 [ 1112.392220][T17808] ? tun_get+0x27d/0x2f0 [ 1112.396457][T17808] tun_chr_write_iter+0x113/0x1f0 [ 1112.401489][T17808] vfs_write+0xa72/0xc90 [ 1112.405737][T17808] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1112.411283][T17808] ? __pfx_vfs_write+0x10/0x10 [ 1112.416063][T17808] ksys_write+0x1a0/0x2c0 [ 1112.420393][T17808] ? __pfx_ksys_write+0x10/0x10 [ 1112.425241][T17808] ? do_syscall_64+0x100/0x230 [ 1112.430010][T17808] ? do_syscall_64+0xb6/0x230 [ 1112.434686][T17808] do_syscall_64+0xf3/0x230 [ 1112.439184][T17808] ? clear_bhb_loop+0x35/0x90 [ 1112.443857][T17808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1112.449745][T17808] RIP: 0033:0x7f4171d7475f [ 1112.454150][T17808] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 1112.473747][T17808] RSP: 002b:00007f4172bf6010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1112.482153][T17808] RAX: ffffffffffffffda RBX: 00007f4171f03f60 RCX: 00007f4171d7475f [ 1112.490123][T17808] RDX: 0000000000000036 RSI: 00000000200000c0 RDI: 00000000000000c8 [ 1112.498090][T17808] RBP: 00007f4172bf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 1112.506052][T17808] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 1112.514032][T17808] R13: 000000000000000b R14: 00007f4171f03f60 R15: 00007ffca1136fc8 [ 1112.522031][T17808] [ 1112.550575][T17721] hsr_slave_1: entered promiscuous mode [ 1112.557003][T17721] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1112.564289][ T5087] Bluetooth: hci0: command tx timeout [ 1112.579624][T17721] Cannot create hsr debugfs directory [ 1112.639336][T17732] hsr_slave_0: entered promiscuous mode [ 1112.650993][ T5087] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1112.661268][ T5087] Bluetooth: hci1: Injecting HCI hardware error event [ 1112.670277][T17732] hsr_slave_1: entered promiscuous mode [ 1112.671499][T14661] Bluetooth: hci1: hardware error 0x00 [ 1112.683902][T17732] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1112.693698][T17732] Cannot create hsr debugfs directory [ 1112.732696][ T5087] Bluetooth: hci4: command tx timeout [ 1113.282067][ T5087] Bluetooth: hci2: command tx timeout [ 1113.729998][ T1058] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.844420][T17708] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1114.698388][ T1058] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.739923][T14661] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1114.809655][T14661] Bluetooth: hci4: command tx timeout [ 1114.838651][T17708] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1114.846313][T17835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3405'. [ 1114.868939][ T5130] kernel write not supported for file /dsp (pid: 5130 comm: kworker/1:3) [ 1114.875913][T17708] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1114.976888][ T1058] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.991941][T17708] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1115.070281][ T1058] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1115.277811][ T1058] bridge_slave_1: left allmulticast mode [ 1115.285727][ T1058] bridge_slave_1: left promiscuous mode [ 1115.292144][ T5130] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1115.300464][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1115.312876][ T1058] bridge_slave_0: left allmulticast mode [ 1115.318550][ T1058] bridge_slave_0: left promiscuous mode [ 1115.324890][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1115.346925][ T1058] bridge_slave_1: left allmulticast mode [ 1115.352995][ T1058] bridge_slave_1: left promiscuous mode [ 1115.358729][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1115.370538][ T1058] bridge_slave_0: left allmulticast mode [ 1115.377615][ T1058] bridge_slave_0: left promiscuous mode [ 1115.383445][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1115.489916][ T5130] usb 2-1: Using ep0 maxpacket: 16 [ 1115.512618][ T5130] usb 2-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 1115.539731][ T5130] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1115.547761][ T5130] usb 2-1: Product: syz [ 1115.564866][ T5130] usb 2-1: Manufacturer: syz [ 1115.569595][ T5130] usb 2-1: SerialNumber: syz [ 1115.589196][ T5130] usb 2-1: config 0 descriptor?? [ 1115.606856][ T5130] usb 2-1: Found UVC 0.00 device syz (046d:0721) [ 1115.616297][ T5130] usb 2-1: No valid video chain found. [ 1116.154879][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1116.170328][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1116.185538][ T1058] bond0 (unregistering): Released all slaves [ 1116.324716][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1116.337035][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1116.353726][ T1058] bond0 (unregistering): Released all slaves [ 1116.390621][T17844] netlink: 'syz.1.3408': attribute type 10 has an invalid length. [ 1116.414152][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.449286][T17844] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1116.484965][ T784] usb 2-1: USB disconnect, device number 86 [ 1116.612424][T17854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3411'. [ 1116.636503][T17854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3411'. [ 1116.657413][T17708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1116.776306][T17708] 8021q: adding VLAN 0 to HW filter on device team0 [ 1116.829428][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state [ 1116.836659][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1116.848000][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state [ 1116.855225][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1117.070382][ T5130] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1117.101796][T17721] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1117.217038][T17721] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1117.301198][ T5130] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1117.314131][T17721] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1117.322655][ T5130] usb 5-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice= 0.00 [ 1117.322688][ T5130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.341139][ T5130] usb 5-1: config 0 descriptor?? [ 1117.359305][ T5130] gspca_main: spca500-2.14.0 probing 046d:0900 [ 1117.361950][T17721] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1117.503581][ T1058] hsr_slave_0: left promiscuous mode [ 1117.521667][ T1058] hsr_slave_1: left promiscuous mode [ 1117.536303][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1117.562000][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1117.613273][T17859] openvswitch: netlink: Message has 4 unknown bytes. [ 1117.670184][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1118.400083][ T5130] gspca_spca500: reg write: error -71 [ 1118.400494][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1118.420085][ T5130] gspca_spca500: reg write: error -71 [ 1118.430524][ T5130] gspca_spca500: reg write: error -71 [ 1118.446823][ T5130] gspca_spca500: reg write: error -71 [ 1118.467804][ T1058] hsr_slave_0: left promiscuous mode [ 1118.473299][ T5130] gspca_spca500: reg write: error -71 [ 1118.484143][ T5130] gspca_spca500: reg write: error -71 [ 1118.490834][ T1058] hsr_slave_1: left promiscuous mode [ 1118.496597][ T5130] gspca_spca500: reg write: error -71 [ 1118.503311][ T5130] gspca_spca500: reg write: error -71 [ 1118.509975][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1118.517540][ T5130] gspca_spca500: reg write: error -71 [ 1118.525612][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1118.528864][ T5130] gspca_spca500: reg write: error -71 [ 1118.542041][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1118.549952][ T5130] gspca_spca500: reg write: error -71 [ 1118.550283][ T5130] gspca_spca500: reg write: error -71 [ 1118.550607][ T5130] gspca_spca500: reg write: error -71 [ 1118.550915][ T5130] gspca_spca500: reg write: error -71 [ 1118.566021][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1118.578836][ T5130] usb 5-1: USB disconnect, device number 76 [ 1118.656525][ T1058] veth1_macvtap: left promiscuous mode [ 1118.665579][ T1058] veth0_macvtap: left promiscuous mode [ 1118.673536][ T1058] veth1_vlan: left promiscuous mode [ 1118.678900][ T1058] veth0_vlan: left promiscuous mode [ 1118.692418][ T1058] veth1_macvtap: left promiscuous mode [ 1118.698007][ T1058] veth0_macvtap: left promiscuous mode [ 1118.709427][ T1058] veth1_vlan: left promiscuous mode [ 1118.720618][ T1058] veth0_vlan: left promiscuous mode [ 1118.763499][T16294] kernel write not supported for file bpf-prog (pid: 16294 comm: kworker/1:4) [ 1118.939976][ T9679] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1119.175975][ T9679] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1119.217621][ T9679] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1119.248746][ T9679] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1119.301462][ T9679] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1119.314737][ T9679] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1119.347948][ T9679] usb 2-1: config 0 descriptor?? [ 1120.077436][T17876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1120.100870][T17876] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1120.276081][ T1058] team0 (unregistering): Port device team_slave_1 removed [ 1120.347880][ T1058] team0 (unregistering): Port device team_slave_0 removed [ 1121.583376][ T9679] usbhid 2-1:0.0: can't add hid device: -71 [ 1121.591148][ T9679] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1121.612749][ T9679] usb 2-1: USB disconnect, device number 87 [ 1121.856847][ T1058] team0 (unregistering): Port device team_slave_1 removed [ 1121.937984][ T1058] team0 (unregistering): Port device team_slave_0 removed [ 1122.456421][T17708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1122.778294][T17708] veth0_vlan: entered promiscuous mode [ 1122.958000][T17721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1122.985575][T17708] veth1_vlan: entered promiscuous mode [ 1123.054248][T17732] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1123.104955][T17732] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1123.186000][T17732] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1123.198302][T17732] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1123.469395][T17708] veth0_macvtap: entered promiscuous mode [ 1123.760702][T17721] 8021q: adding VLAN 0 to HW filter on device team0 [ 1123.861581][T17708] veth1_macvtap: entered promiscuous mode [ 1123.890126][T16294] bridge0: port 1(bridge_slave_0) entered blocking state [ 1123.897377][T16294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1123.969253][T16294] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.976458][T16294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1123.988720][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 1123.988739][ T29] audit: type=1326 audit(1720147787.265:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17910 comm="syz.4.3426" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f23d6975bd9 code=0x0 [ 1124.057157][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.068144][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.080369][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.091601][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.101508][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.112188][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.122082][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.132691][ T50] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1124.141137][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.153325][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.164556][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.176248][T17708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1124.189453][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.206693][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.216777][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.228657][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.238682][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.250476][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.261834][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.272304][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.283644][T17708] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1124.294665][T17708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.314216][T17708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1124.350380][ T50] usb 2-1: Using ep0 maxpacket: 8 [ 1124.376884][T17708] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.378832][ T50] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1124.387749][T17708] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.403317][T17708] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.404436][ T50] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1124.413036][T17708] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.431970][ T50] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1124.442279][ T50] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1124.448445][T17721] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1124.463691][ T50] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1124.477042][ T50] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1124.487515][ T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1124.571910][T17732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1124.651780][T17732] 8021q: adding VLAN 0 to HW filter on device team0 [ 1124.675135][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state [ 1124.682403][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1124.712305][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state [ 1124.719472][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1124.734033][ T50] usb 2-1: GET_CAPABILITIES returned 0 [ 1124.737360][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1124.747515][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1124.755897][ T50] usbtmc 2-1:16.0: can't read capabilities [ 1124.845994][T15899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1124.856924][T15899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1124.874085][T17732] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1124.940030][T17721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1125.074386][ T25] usb 2-1: USB disconnect, device number 88 [ 1125.197759][T17721] veth0_vlan: entered promiscuous mode [ 1125.216450][T17721] veth1_vlan: entered promiscuous mode [ 1125.286923][T17721] veth0_macvtap: entered promiscuous mode [ 1125.322606][T17721] veth1_macvtap: entered promiscuous mode [ 1125.353983][T17732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1125.407035][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.418364][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.428676][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.439733][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.450158][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.461369][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.471604][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.485441][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.499714][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.512883][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.525657][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.537442][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.558245][T17721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1125.592996][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.605502][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.619694][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.631981][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.642032][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.652782][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.669719][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.688807][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.709076][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.722216][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.732500][T17721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.748351][T17721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.775589][T17721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1125.804265][T17732] veth0_vlan: entered promiscuous mode [ 1125.819006][T17732] veth1_vlan: entered promiscuous mode [ 1125.831743][T17721] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.847580][T17721] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.862912][T17721] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.873036][T17721] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1126.117674][ T9453] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1126.171600][T17732] veth0_macvtap: entered promiscuous mode [ 1126.203205][T17732] veth1_macvtap: entered promiscuous mode [ 1126.280048][ T9453] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1126.318238][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1126.328841][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1126.356812][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.372129][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.386365][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.397577][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.411950][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.427547][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.439160][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.450959][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.462028][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.473759][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.487145][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.504962][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.518619][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1126.530883][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.547517][T17732] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1126.604703][ T9453] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1126.622682][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.641221][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.667398][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.698566][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.720249][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.748409][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.770416][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.815201][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.855980][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.866925][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.908504][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.935761][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1126.954351][T17732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1126.965779][T17732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.003396][T17732] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1127.175537][ T9453] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1127.239856][T17732] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1127.276152][T17732] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1127.316229][T17732] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1127.361166][T17732] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1127.380446][ T50] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1127.409749][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1127.456887][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1127.583687][ T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1127.609527][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1127.622739][ T50] usb 5-1: New USB device found, idVendor=0586, idProduct=330b, bcdDevice=d9.9c [ 1127.643842][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1127.673015][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.722554][ T50] usb 5-1: config 0 descriptor?? [ 1127.745956][ T5087] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1127.756465][ T5087] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1127.766591][ T5087] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1127.778100][ T5087] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1127.789430][ T5087] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1127.799034][ T50] cxacru 5-1:0.0: cxacru_bind: interface has incorrect endpoints [ 1127.807702][ T50] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1127.819752][ T5087] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1127.897788][T15899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1127.922663][T15899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1128.780325][ T9453] bridge_slave_1: left allmulticast mode [ 1128.791659][ T9453] bridge_slave_1: left promiscuous mode [ 1128.797437][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1128.810755][T17933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1128.819210][T17933] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1128.837683][T15470] usb 5-1: USB disconnect, device number 77 [ 1128.853338][ T9453] bridge_slave_0: left allmulticast mode [ 1128.869263][ T9453] bridge_slave_0: left promiscuous mode [ 1128.875151][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 1129.536371][ T9453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1129.568501][ T9453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1129.585147][ T9453] bond0 (unregistering): Released all slaves [ 1129.655361][ T5087] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1129.673597][ T5087] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1129.682455][ T5087] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1129.692943][ T5087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1129.706623][ T5087] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1129.717933][ T5087] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1129.850232][ T5087] Bluetooth: hci0: command tx timeout [ 1130.064883][ T9453] hsr_slave_0: left promiscuous mode [ 1130.079624][ T9453] hsr_slave_1: left promiscuous mode [ 1130.093117][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1130.105516][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1130.126727][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1130.144516][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1130.254893][ T9453] veth1_macvtap: left promiscuous mode [ 1130.273738][ T9453] veth0_macvtap: left promiscuous mode [ 1130.280320][ T9453] veth1_vlan: left promiscuous mode [ 1130.291217][ T9453] veth0_vlan: left promiscuous mode [ 1130.454525][T14661] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1130.464935][T14661] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1130.475718][T14661] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1130.492818][T14661] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1130.500857][T14661] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1130.508419][T14661] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1130.965537][ T9453] team0 (unregistering): Port device team_slave_1 removed [ 1131.019364][ T9453] team0 (unregistering): Port device team_slave_0 removed [ 1131.533923][T17934] chnl_net:caif_netlink_parms(): no params data found [ 1131.564703][T17952] macsec1: entered promiscuous mode [ 1131.570054][T17952] macvlan0: entered promiscuous mode [ 1131.577420][T17952] macvlan0: left promiscuous mode [ 1131.772364][ T5087] Bluetooth: hci2: command tx timeout [ 1131.847556][T17964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3434'. [ 1131.877947][T17934] bridge0: port 1(bridge_slave_0) entered blocking state [ 1131.886211][T17934] bridge0: port 1(bridge_slave_0) entered disabled state [ 1131.893500][T17934] bridge_slave_0: entered allmulticast mode [ 1131.901819][T17934] bridge_slave_0: entered promiscuous mode [ 1131.929612][ T5087] Bluetooth: hci0: command tx timeout [ 1131.981642][T17934] bridge0: port 2(bridge_slave_1) entered blocking state [ 1131.989419][T17934] bridge0: port 2(bridge_slave_1) entered disabled state [ 1131.998008][T17934] bridge_slave_1: entered allmulticast mode [ 1132.005574][T17934] bridge_slave_1: entered promiscuous mode [ 1132.087028][T17934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1132.146607][T17934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1132.202036][T17934] team0: Port device team_slave_0 added [ 1132.228897][T17941] chnl_net:caif_netlink_parms(): no params data found [ 1132.249913][T17934] team0: Port device team_slave_1 added [ 1132.375465][T17934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1132.388459][T17934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1132.419094][T17934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1132.487515][T17934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1132.496482][T17934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1132.523810][T17934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1132.558800][T17941] bridge0: port 1(bridge_slave_0) entered blocking state [ 1132.569989][ T5087] Bluetooth: hci4: command tx timeout [ 1132.600294][T17941] bridge0: port 1(bridge_slave_0) entered disabled state [ 1132.607616][T17941] bridge_slave_0: entered allmulticast mode [ 1132.616055][T17941] bridge_slave_0: entered promiscuous mode [ 1132.662284][T17941] bridge0: port 2(bridge_slave_1) entered blocking state [ 1132.670351][T17941] bridge0: port 2(bridge_slave_1) entered disabled state [ 1132.678135][T17941] bridge_slave_1: entered allmulticast mode [ 1132.687444][T17941] bridge_slave_1: entered promiscuous mode [ 1132.773971][ T9453] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1132.870163][ T5258] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1132.952273][T17941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1132.998161][ T9453] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1133.037003][T17934] hsr_slave_0: entered promiscuous mode [ 1133.052839][T17934] hsr_slave_1: entered promiscuous mode [ 1133.059591][ T5258] usb 5-1: Using ep0 maxpacket: 8 [ 1133.076186][T17934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1133.078128][ T5258] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1133.094382][T17934] Cannot create hsr debugfs directory [ 1133.095597][ T5258] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1133.111413][ T5258] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1133.121966][ T5258] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1133.133677][ T5258] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1133.147622][ T5258] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1133.158572][ T5258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.210990][T17941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1133.257778][ T9453] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1133.369403][ T9453] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1133.407868][ T5258] usb 5-1: GET_CAPABILITIES returned 0 [ 1133.423458][ T5258] usbtmc 5-1:16.0: can't read capabilities [ 1133.456523][T17941] team0: Port device team_slave_0 added [ 1133.507083][T17941] team0: Port device team_slave_1 added [ 1133.522010][T17958] chnl_net:caif_netlink_parms(): no params data found [ 1133.628959][T17941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1133.642636][T17941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1133.681931][ T5258] usb 5-1: USB disconnect, device number 78 [ 1133.689639][T17941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1133.767674][T17941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1133.785620][T17941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1133.813501][T17941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1133.849860][ T5087] Bluetooth: hci2: command tx timeout [ 1133.997857][ T9453] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1134.009730][ T5087] Bluetooth: hci0: command tx timeout [ 1134.053179][T17941] hsr_slave_0: entered promiscuous mode [ 1134.063819][ T5085] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1134.071998][T17941] hsr_slave_1: entered promiscuous mode [ 1134.078231][T17941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1134.087582][T17941] Cannot create hsr debugfs directory [ 1134.114682][T17958] bridge0: port 1(bridge_slave_0) entered blocking state [ 1134.123864][T17958] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.131418][T17958] bridge_slave_0: entered allmulticast mode [ 1134.138265][T17958] bridge_slave_0: entered promiscuous mode [ 1134.146074][T17958] bridge0: port 2(bridge_slave_1) entered blocking state [ 1134.160366][T17958] bridge0: port 2(bridge_slave_1) entered disabled state [ 1134.167690][T17958] bridge_slave_1: entered allmulticast mode [ 1134.176616][T17958] bridge_slave_1: entered promiscuous mode [ 1134.207560][ T9453] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1134.260848][ T5085] usb 2-1: Using ep0 maxpacket: 8 [ 1134.269272][ T5085] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1134.286665][ T5085] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1134.296899][ T5085] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1134.308495][ T5085] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1134.320124][ T5085] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1134.333776][ T5085] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1134.343914][ T5085] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.426077][ T9453] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1134.481827][T17958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.499308][T17958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1134.588089][ T9453] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1134.669121][ T5087] Bluetooth: hci4: command tx timeout [ 1134.997176][T17958] team0: Port device team_slave_0 added [ 1135.222959][ T5085] usb 2-1: usb_control_msg returned -32 [ 1135.228587][ T5085] usbtmc 2-1:16.0: can't read capabilities [ 1135.352206][T17958] team0: Port device team_slave_1 added [ 1135.455433][T17958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1135.483081][T17958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.510170][T17958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1135.586320][T17958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1135.602381][T17958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.632884][T17958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1135.801125][ T9453] bridge_slave_1: left allmulticast mode [ 1135.809807][ T9453] bridge_slave_1: left promiscuous mode [ 1135.815588][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1135.833155][ T9453] bridge_slave_0: left allmulticast mode [ 1135.838858][ T9453] bridge_slave_0: left promiscuous mode [ 1135.844930][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 1135.862044][ T9453] bridge_slave_1: left allmulticast mode [ 1135.867788][ T9453] bridge_slave_1: left promiscuous mode [ 1135.874786][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1135.885459][ T9453] bridge_slave_0: left allmulticast mode [ 1135.892841][ T9453] bridge_slave_0: left promiscuous mode [ 1135.898588][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 1135.909914][ T9453] bridge_slave_1: left allmulticast mode [ 1135.915592][ T9453] bridge_slave_1: left promiscuous mode [ 1135.922201][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1135.929653][ T5087] Bluetooth: hci2: command tx timeout [ 1135.941761][ T9453] bridge_slave_0: left allmulticast mode [ 1135.949697][ T9453] bridge_slave_0: left promiscuous mode [ 1135.957998][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 1136.091206][ T5087] Bluetooth: hci0: command tx timeout [ 1136.729741][ T5087] Bluetooth: hci4: command tx timeout [ 1136.786960][ T5134] usb 2-1: USB disconnect, device number 89 [ 1137.880153][ T9453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1137.913577][ T9453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1137.944105][ T9453] bond0 (unregistering): Released all slaves [ 1138.079684][ T5087] Bluetooth: hci2: command tx timeout [ 1138.946610][ T5087] Bluetooth: hci4: command tx timeout [ 1139.114184][ T9453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1139.126964][ T9453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1139.139862][ T9453] bond0 (unregistering): Released all slaves [ 1139.343944][ T9453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1139.358911][ T9453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1139.383866][ T9453] bond0 (unregistering): (slave team0): Releasing backup interface [ 1139.412792][ T9453] bond0 (unregistering): Released all slaves [ 1139.465926][ T9453] bond1 (unregistering): Released all slaves [ 1139.515882][ T9453] bond2 (unregistering): Released all slaves [ 1139.551303][ T9453] bond3 (unregistering): Released all slaves [ 1139.574553][T17958] hsr_slave_0: entered promiscuous mode [ 1139.582657][T17958] hsr_slave_1: entered promiscuous mode [ 1139.595428][T17958] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1139.618216][T17958] Cannot create hsr debugfs directory [ 1139.631372][T17934] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1139.665443][T17934] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1139.893392][ T9453] IPVS: stopping backup sync thread 10253 ... [ 1139.908642][T17934] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1139.920501][T17934] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1140.265731][T18053] netlink: 'syz.4.3456': attribute type 10 has an invalid length. [ 1140.293151][T18053] team0: Port device netdevsim0 added [ 1140.350777][T18054] netlink: 'syz.4.3456': attribute type 10 has an invalid length. [ 1140.856328][T17941] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1140.948661][T17941] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1140.968592][T17941] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1141.015571][T17934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1141.039138][T17941] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1141.067510][ T9453] hsr_slave_0: left promiscuous mode [ 1141.077018][ T9453] hsr_slave_1: left promiscuous mode [ 1141.087705][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1141.097521][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1141.117391][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1141.125448][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1141.162111][ T9453] hsr_slave_0: left promiscuous mode [ 1141.168292][ T9453] hsr_slave_1: left promiscuous mode [ 1141.179642][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1141.187089][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1141.195542][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1141.204224][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1141.242119][ T9453] hsr_slave_0: left promiscuous mode [ 1141.248193][ T9453] hsr_slave_1: left promiscuous mode [ 1141.254931][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1141.264801][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1141.293573][ T9453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1141.309558][ T9453] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1141.408242][ T9453] veth1_macvtap: left promiscuous mode [ 1141.422348][ T9453] veth0_macvtap: left promiscuous mode [ 1141.428034][ T9453] veth1_vlan: left promiscuous mode [ 1141.436853][ T9453] veth0_vlan: left promiscuous mode [ 1141.453157][ T9453] veth1_macvtap: left promiscuous mode [ 1141.458796][ T9453] veth0_macvtap: left promiscuous mode [ 1141.466018][ T9453] veth1_vlan: left promiscuous mode [ 1141.471748][ T9453] veth0_vlan: left promiscuous mode [ 1141.494230][ T9453] veth1_macvtap: left promiscuous mode [ 1141.505557][ T9453] veth0_macvtap: left allmulticast mode [ 1141.516370][ T9453] veth0_macvtap: left promiscuous mode [ 1141.527607][ T9453] veth1_vlan: left promiscuous mode [ 1141.534241][ T9453] veth0_vlan: left promiscuous mode [ 1142.437088][T18071] usb usb8: usbfs: process 18071 (syz.4.3463) did not claim interface 0 before use [ 1142.643473][ T9453] team0 (unregistering): Port device team_slave_1 removed [ 1142.708504][ T9453] team0 (unregistering): Port device team_slave_0 removed [ 1143.795248][ T9453] team0 (unregistering): Port device team_slave_1 removed [ 1143.845842][ T9453] team0 (unregistering): Port device team_slave_0 removed [ 1144.787190][ T9453] team0 (unregistering): Port device team_slave_1 removed [ 1144.838960][ T9453] team0 (unregistering): Port device team_slave_0 removed [ 1145.341702][T18077] netlink: 'syz.4.3465': attribute type 10 has an invalid length. [ 1145.358411][T18077] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3465'. [ 1145.367923][T18077] bridge0: entered promiscuous mode [ 1145.454391][T17934] 8021q: adding VLAN 0 to HW filter on device team0 [ 1145.520925][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 1145.528090][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1145.584477][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 1145.591788][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1146.282859][T17941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1146.725760][T17941] 8021q: adding VLAN 0 to HW filter on device team0 [ 1146.806967][T11575] bridge0: port 1(bridge_slave_0) entered blocking state [ 1146.814200][T11575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1146.842521][T17958] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1146.883238][T18098] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1088289304 (69650515456 ns) > initial count (43204253632 ns). Using initial count to start timer. [ 1146.883737][T17958] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1146.958064][T17958] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1146.969434][T17958] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1147.013057][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.020335][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1147.245904][T17934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1147.467064][T17934] veth0_vlan: entered promiscuous mode [ 1147.552649][T17934] veth1_vlan: entered promiscuous mode [ 1147.625561][T17958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1147.717685][T17934] veth0_macvtap: entered promiscuous mode [ 1147.753858][T17934] veth1_macvtap: entered promiscuous mode [ 1147.774328][T17958] 8021q: adding VLAN 0 to HW filter on device team0 [ 1147.818755][T17941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1147.845716][ T5258] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.852958][ T5258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1147.868516][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1147.881181][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1147.891417][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1147.903531][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1147.914222][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1147.936135][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1147.947293][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1147.964134][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1147.977543][T17934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1148.025683][ T5258] bridge0: port 2(bridge_slave_1) entered blocking state [ 1148.032932][ T5258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1148.083572][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1148.097954][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.115242][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1148.126836][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.137865][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1148.259321][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.288433][T17934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1148.299460][T17934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.313794][T17934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1148.752396][T17934] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.761759][T17934] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.770658][T17934] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.779691][T17934] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.835966][T17941] veth0_vlan: entered promiscuous mode [ 1148.972836][T18123] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 1149.276441][T17941] veth1_vlan: entered promiscuous mode [ 1149.482859][T15899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1149.519085][T15899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1149.622436][T17941] veth0_macvtap: entered promiscuous mode [ 1149.635332][T15913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1149.651405][T17941] veth1_macvtap: entered promiscuous mode [ 1149.657561][T15913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1149.720956][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.754712][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.769159][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.793308][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.807919][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.820150][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.837721][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.848579][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.859936][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.872990][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.893297][T17941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1149.933467][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.955256][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.967216][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.017206][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.047689][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.080893][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.112977][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.136276][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.148379][T17941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.159810][T17941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.172494][T17941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1150.226420][T17941] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.246621][T17941] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.257413][T17941] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.287853][T17941] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.417557][T17958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1150.471347][T18145] netlink: 201400 bytes leftover after parsing attributes in process `syz.1.3477'. [ 1150.645538][T15913] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.814118][T15913] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.832698][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1150.850473][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1150.923023][T15913] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.989936][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1150.997877][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1151.076968][T15913] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1151.161525][T17958] veth0_vlan: entered promiscuous mode [ 1151.205771][T17958] veth1_vlan: entered promiscuous mode [ 1151.356437][T17958] veth0_macvtap: entered promiscuous mode [ 1151.374673][T17958] veth1_macvtap: entered promiscuous mode [ 1151.445222][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.457056][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.469363][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.480193][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.490311][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.500996][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.510983][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.522935][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.533987][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.544822][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.554984][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.565693][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.580920][T17958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1151.664745][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.703453][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.720733][T18149] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1151.731810][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.748304][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.758729][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.770366][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.780444][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.791340][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.803230][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.814151][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.824860][T17958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1151.837657][T17958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.858650][T17958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1151.884793][T17958] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1151.896067][T14661] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1151.902029][T17958] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1151.919723][T14661] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1151.921239][T17958] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1151.939305][T14661] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1151.947936][T17958] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1151.967776][T14661] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1151.971936][T15913] bridge_slave_1: left allmulticast mode [ 1151.989307][T14661] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1151.999018][T14661] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1152.009324][T15913] bridge_slave_1: left promiscuous mode [ 1152.059918][T15913] bridge0: port 2(bridge_slave_1) entered disabled state [ 1152.081368][T15913] bridge_slave_0: left allmulticast mode [ 1152.087069][T15913] bridge_slave_0: left promiscuous mode [ 1152.093342][T15913] bridge0: port 1(bridge_slave_0) entered disabled state [ 1152.474331][T15913] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1152.485814][T15913] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1152.497483][T15913] bond0 (unregistering): Released all slaves [ 1152.724980][T15899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1152.753240][T15899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1152.824564][T15899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1152.834051][T15899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1152.896384][T15913] hsr_slave_0: left promiscuous mode [ 1152.907409][T15913] hsr_slave_1: left promiscuous mode [ 1152.915483][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1152.923015][T15913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1152.933108][T15913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1152.940689][T15913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1152.987116][T15913] veth1_macvtap: left promiscuous mode [ 1152.992751][T15913] veth0_macvtap: left promiscuous mode [ 1152.998293][T15913] veth1_vlan: left promiscuous mode [ 1153.003675][T15913] veth0_vlan: left promiscuous mode [ 1153.361642][ T5130] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1153.403699][ T5087] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1153.427916][ T5087] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1153.437009][ T5087] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1153.452075][ T5087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1153.473633][ T5087] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1153.484650][ T5087] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1153.519115][T18170] ================================================================== [ 1153.527207][T18170] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0 [ 1153.534913][T18170] Read of size 4 at addr ffff888062f05ae4 by task syz-executor/18170 [ 1153.542955][T18170] [ 1153.545258][T18170] CPU: 0 PID: 18170 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1153.555577][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1153.565612][T18170] Call Trace: [ 1153.568878][T18170] [ 1153.571807][T18170] dump_stack_lvl+0x241/0x360 [ 1153.576503][T18170] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1153.581709][T18170] ? __pfx__printk+0x10/0x10 [ 1153.586282][T18170] ? _printk+0xd5/0x120 [ 1153.590420][T18170] ? __virt_addr_valid+0x183/0x520 [ 1153.595511][T18170] ? __virt_addr_valid+0x183/0x520 [ 1153.600611][T18170] print_report+0x169/0x550 [ 1153.605093][T18170] ? __virt_addr_valid+0x183/0x520 [ 1153.610186][T18170] ? __virt_addr_valid+0x183/0x520 [ 1153.615276][T18170] ? __virt_addr_valid+0x44e/0x520 [ 1153.620388][T18170] ? __phys_addr+0xba/0x170 [ 1153.624999][T18170] ? kfree_skb_reason+0x41/0x3b0 [ 1153.629953][T18170] kasan_report+0x143/0x180 [ 1153.630252][ T5130] usb 5-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1153.634461][T18170] ? kfree_skb_reason+0x41/0x3b0 [ 1153.644732][ T5130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1153.648381][T18170] kasan_check_range+0x282/0x290 [ 1153.659075][ T5130] usb 5-1: config 0 descriptor?? [ 1153.661278][T18170] kfree_skb_reason+0x41/0x3b0 [ 1153.661309][T18170] __hci_req_sync+0x62f/0x950 [ 1153.668209][ T5130] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1153.671065][T18170] ? __pfx___hci_req_sync+0x10/0x10 [ 1153.671100][T18170] ? __pfx___mutex_lock+0x10/0x10 [ 1153.671121][T18170] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1153.671142][T18170] ? __pfx_hci_scan_req+0x10/0x10 [ 1153.671160][T18170] hci_req_sync+0xa9/0xd0 [ 1153.671186][T18170] hci_dev_cmd+0x4c5/0xa50 [ 1153.671203][T18170] ? security_capable+0x90/0xb0 [ 1153.671226][T18170] ? __pfx_hci_dev_cmd+0x10/0x10 [ 1153.671245][T18170] ? hci_sock_ioctl+0x6c4/0xa40 [ 1153.671266][T18170] sock_do_ioctl+0x158/0x460 [ 1153.671292][T18170] ? __pfx_smack_log+0x10/0x10 [ 1153.671321][T18170] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1153.671348][T18170] ? smk_tskacc+0x300/0x370 [ 1153.671371][T18170] ? smack_file_ioctl+0x2a1/0x3a0 [ 1153.671397][T18170] sock_ioctl+0x629/0x8e0 [ 1153.671420][T18170] ? __pfx_sock_ioctl+0x10/0x10 [ 1153.671443][T18170] ? __fget_files+0x3f6/0x470 [ 1153.671459][T18170] ? __fget_files+0x29/0x470 [ 1153.671479][T18170] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1153.671497][T18170] ? security_file_ioctl+0x87/0xb0 [ 1153.671516][T18170] ? __pfx_sock_ioctl+0x10/0x10 [ 1153.671537][T18170] __se_sys_ioctl+0xfc/0x170 [ 1153.671563][T18170] do_syscall_64+0xf3/0x230 [ 1153.671588][T18170] ? clear_bhb_loop+0x35/0x90 [ 1153.671612][T18170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.671635][T18170] RIP: 0033:0x7fdfe59757db [ 1153.671652][T18170] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 1153.671669][T18170] RSP: 002b:00007ffc0cb5d580 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1153.671690][T18170] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfe59757db [ 1153.671704][T18170] RDX: 00007ffc0cb5d5f8 RSI: 00000000400448dd RDI: 0000000000000003 [ 1153.671716][T18170] RBP: 0000555575d424a8 R08: 0000000000000000 R09: 0000000000000000 [ 1153.698467][ T5130] usb-storage 5-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 1153.699493][T18170] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 [ 1153.699510][T18170] R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009 [ 1153.699532][T18170] [ 1153.887079][T18170] [ 1153.889390][T18170] Allocated by task 14661: [ 1153.893795][T18170] kasan_save_track+0x3f/0x80 [ 1153.898466][T18170] __kasan_slab_alloc+0x66/0x80 [ 1153.903316][T18170] kmem_cache_alloc_noprof+0x135/0x2a0 [ 1153.909196][T18170] skb_clone+0x20c/0x390 [ 1153.913428][T18170] hci_cmd_work+0x29e/0x670 [ 1153.917921][T18170] process_scheduled_works+0xa2c/0x1830 [ 1153.923450][T18170] worker_thread+0x86d/0xd50 [ 1153.928025][T18170] kthread+0x2f0/0x390 [ 1153.932082][T18170] ret_from_fork+0x4b/0x80 [ 1153.936485][T18170] ret_from_fork_asm+0x1a/0x30 [ 1153.941254][T18170] [ 1153.943572][T18170] Freed by task 14661: [ 1153.947634][T18170] kasan_save_track+0x3f/0x80 [ 1153.952317][T18170] kasan_save_free_info+0x40/0x50 [ 1153.957334][T18170] poison_slab_object+0xe0/0x150 [ 1153.962264][T18170] __kasan_slab_free+0x37/0x60 [ 1153.967015][T18170] kmem_cache_free+0x145/0x350 [ 1153.971855][T18170] hci_req_sync_complete+0xe7/0x290 [ 1153.977051][T18170] hci_event_packet+0xc71/0x1540 [ 1153.981987][T18170] hci_rx_work+0x3e8/0xca0 [ 1153.986395][T18170] process_scheduled_works+0xa2c/0x1830 [ 1153.991923][T18170] worker_thread+0x86d/0xd50 [ 1153.996504][T18170] kthread+0x2f0/0x390 [ 1154.000562][T18170] ret_from_fork+0x4b/0x80 [ 1154.004964][T18170] ret_from_fork_asm+0x1a/0x30 [ 1154.009723][T18170] [ 1154.012028][T18170] The buggy address belongs to the object at ffff888062f05a00 [ 1154.012028][T18170] which belongs to the cache skbuff_head_cache of size 240 [ 1154.026585][T18170] The buggy address is located 228 bytes inside of [ 1154.026585][T18170] freed 240-byte region [ffff888062f05a00, ffff888062f05af0) [ 1154.040457][T18170] [ 1154.042764][T18170] The buggy address belongs to the physical page: [ 1154.049162][T18170] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62f05 [ 1154.057903][T18170] memcg:ffff888077725601 [ 1154.062126][T18170] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1154.069219][T18170] page_type: 0xffffefff(slab) [ 1154.073891][T18170] raw: 00fff00000000000 ffff8880196a1780 ffffea0000a31a80 dead000000000002 [ 1154.082462][T18170] raw: 0000000000000000 00000000000c000c 00000001ffffefff ffff888077725601 [ 1154.091025][T18170] page dumped because: kasan: bad access detected [ 1154.097427][T18170] page_owner tracks the page as allocated [ 1154.103122][T18170] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 8, tgid 8 (kworker/0:0), ts 437900650871, free_ts 430325759866 [ 1154.123339][T18170] post_alloc_hook+0x1f3/0x230 [ 1154.128092][T18170] get_page_from_freelist+0x2e4c/0x2f10 [ 1154.133623][T18170] __alloc_pages_noprof+0x256/0x6c0 [ 1154.138806][T18170] alloc_slab_page+0x5f/0x120 [ 1154.143469][T18170] allocate_slab+0x5a/0x2f0 [ 1154.147961][T18170] ___slab_alloc+0xcd1/0x14b0 [ 1154.152623][T18170] __slab_alloc+0x58/0xa0 [ 1154.156937][T18170] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 1154.162384][T18170] skb_clone+0x20c/0x390 [ 1154.166626][T18170] br_flood+0x3dc/0x660 [ 1154.170774][T18170] br_handle_frame_finish+0x18b8/0x1fe0 [ 1154.176317][T18170] br_nf_hook_thresh+0x472/0x590 [ 1154.181239][T18170] br_nf_pre_routing_finish_ipv6+0xa9e/0xdd0 [ 1154.187208][T18170] br_nf_pre_routing_ipv6+0x370/0x760 [ 1154.192570][T18170] br_handle_frame+0x9f3/0x1520 [ 1154.197406][T18170] __netif_receive_skb_core+0x13d3/0x4420 [ 1154.203112][T18170] page last free pid 5365 tgid 5365 stack trace: [ 1154.209417][T18170] free_unref_page+0xd19/0xea0 [ 1154.214166][T18170] vfree+0x186/0x2e0 [ 1154.218044][T18170] kcov_close+0x2b/0x50 [ 1154.222185][T18170] __fput+0x24a/0x8a0 [ 1154.226153][T18170] task_work_run+0x24f/0x310 [ 1154.230729][T18170] do_exit+0xa27/0x27e0 [ 1154.234871][T18170] do_group_exit+0x207/0x2c0 [ 1154.239447][T18170] get_signal+0x16a1/0x1740 [ 1154.243945][T18170] arch_do_signal_or_restart+0x96/0x860 [ 1154.249479][T18170] syscall_exit_to_user_mode+0xc9/0x360 [ 1154.255014][T18170] do_syscall_64+0x100/0x230 [ 1154.259592][T18170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.265478][T18170] [ 1154.267784][T18170] Memory state around the buggy address: [ 1154.273395][T18170] ffff888062f05980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 1154.281439][T18170] ffff888062f05a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1154.289487][T18170] >ffff888062f05a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 1154.297534][T18170] ^ [ 1154.304707][T18170] ffff888062f05b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 1154.312751][T18170] ffff888062f05b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1154.320799][T18170] ================================================================== [ 1154.337527][T14661] Bluetooth: hci0: command tx timeout [ 1154.361569][T18170] Kernel panic - not syncing: KASAN: panic_on_warn set ... SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 1154.368798][T18170] CPU: 0 PID: 18170 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 1154.379127][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1154.389192][T18170] Call Trace: [ 1154.392495][T18170] [ 1154.395427][T18170] dump_stack_lvl+0x241/0x360 [ 1154.400122][T18170] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1154.405328][T18170] ? __pfx__printk+0x10/0x10 [ 1154.409925][T18170] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1154.415943][T18170] ? vscnprintf+0x5d/0x90 [ 1154.420292][T18170] panic+0x349/0x860 [ 1154.424201][T18170] ? check_panic_on_warn+0x21/0xb0 [ 1154.429323][T18170] ? __pfx_panic+0x10/0x10 [ 1154.433757][T18170] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1154.439753][T18170] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1154.446101][T18170] check_panic_on_warn+0x86/0xb0 [ 1154.451056][T18170] ? kfree_skb_reason+0x41/0x3b0 [ 1154.456001][T18170] end_report+0x77/0x160 [ 1154.460258][T18170] kasan_report+0x154/0x180 [ 1154.464770][T18170] ? kfree_skb_reason+0x41/0x3b0 [ 1154.469719][T18170] kasan_check_range+0x282/0x290 [ 1154.474669][T18170] kfree_skb_reason+0x41/0x3b0 [ 1154.479442][T18170] __hci_req_sync+0x62f/0x950 [ 1154.484211][T18170] ? __pfx___hci_req_sync+0x10/0x10 [ 1154.489439][T18170] ? __pfx___mutex_lock+0x10/0x10 [ 1154.494495][T18170] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1154.500583][T18170] ? __pfx_hci_scan_req+0x10/0x10 [ 1154.505617][T18170] hci_req_sync+0xa9/0xd0 [ 1154.509969][T18170] hci_dev_cmd+0x4c5/0xa50 [ 1154.514400][T18170] ? security_capable+0x90/0xb0 [ 1154.519262][T18170] ? __pfx_hci_dev_cmd+0x10/0x10 [ 1154.524208][T18170] ? hci_sock_ioctl+0x6c4/0xa40 [ 1154.529063][T18170] sock_do_ioctl+0x158/0x460 [ 1154.533668][T18170] ? __pfx_smack_log+0x10/0x10 [ 1154.538446][T18170] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1154.543574][T18170] ? smk_tskacc+0x300/0x370 [ 1154.548086][T18170] ? smack_file_ioctl+0x2a1/0x3a0 [ 1154.553131][T18170] sock_ioctl+0x629/0x8e0 [ 1154.557487][T18170] ? __pfx_sock_ioctl+0x10/0x10 [ 1154.562361][T18170] ? __fget_files+0x3f6/0x470 [ 1154.567044][T18170] ? __fget_files+0x29/0x470 [ 1154.571673][T18170] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1154.576616][T18170] ? security_file_ioctl+0x87/0xb0 [ 1154.581832][T18170] ? __pfx_sock_ioctl+0x10/0x10 [ 1154.586704][T18170] __se_sys_ioctl+0xfc/0x170 [ 1154.591316][T18170] do_syscall_64+0xf3/0x230 [ 1154.595838][T18170] ? clear_bhb_loop+0x35/0x90 [ 1154.600623][T18170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.606534][T18170] RIP: 0033:0x7fdfe59757db [ 1154.611058][T18170] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 1154.630670][T18170] RSP: 002b:00007ffc0cb5d580 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1154.639064][T18170] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfe59757db [ 1154.647028][T18170] RDX: 00007ffc0cb5d5f8 RSI: 00000000400448dd RDI: 0000000000000003 [ 1154.655066][T18170] RBP: 0000555575d424a8 R08: 0000000000000000 R09: 0000000000000000 [ 1154.663023][T18170] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 [ 1154.671048][T18170] R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009 [ 1154.679017][T18170] [ 1154.682279][T18170] Kernel Offset: disabled [ 1154.686592][T18170] Rebooting in 86400 seconds..