last executing test programs: 4.61973384s ago: executing program 1 (id=2): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.310268324s ago: executing program 0 (id=1): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x3200054, &(0x7f0000000140)={[{@minixdf}, {@nodelalloc}]}, 0x1, 0x242, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJf+75BX3URBBVERAvldRNcXheFgpQiIqhQEXFRWqG2uLVOLg46q3RyKeJmdZQiFBdFcKraoS6CFocWBx0il2u11oh/UnPifT5wyV3yPM/vOS7fJ1mOBGity0muJukkmU7SS1KcbnB7vV0+PtyY2llIBoNHvi+G7erj2km/S0nWk9yXZLss8lw3Wd16Yv+H3YfuenWld+fbW49PTfQkjx3s7z189NbcK+/N3rv66effzhW5mv5vzuv8FSNe6xbJjf9Gsf+Iotv0DPgr5l9694sq9zcluWOY/17K1BfvteVrtnu5580/6vv6d5/dMsm5AudvMOhV34HrA6B1yiT9FOVMknq/LGdm6t/wX3Yuls8vLb84/ezSyuIzTa9UwHnpJ3sPfnDh/Utn8v9Np84/8P9V5f/R+c2vqv2jTtOzASapyv/0U2t3R/6hdeQf2kv+ob3kH9pL/qG95B/aS/6hveQf2kv+ob3+Tv4/mtCcgMk4nX8AoF0GF5q+AxloStPrDwAAAAAAAAAAAAAAAAAA8HsbUzsLJ9ukan78RnLwQJLuqPqd4f8RJ9cOHy8eFlWzXxR1t7E8eduYA/xq8fAfdHqn4buvr/u62fqf3Nps/bXFZP3lJFe63bOfv8H1449/w5+833t6/BrjuP+xZuv/tNls/dnd5MNq/bkyav0pc/PwefT606+u35j1X/hxzAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmJ8DAAD//7lGcFk=") r0 = open(&(0x7f0000000280)='./file1\x00', 0x4c37e, 0xb2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000001040)={0x0, 'team0\x00', {0x1}, 0x3}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r4, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe, 0x2}], 0x2}}], 0x48}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000380), 0xce4, r3}, 0x38) fallocate(r0, 0x0, 0x0, 0x9000f4) r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r8 = getpgrp(0x0) r9 = syz_pidfd_open(r8, 0x0) pidfd_getfd(r9, r9, 0x0) io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) 1.924797302s ago: executing program 0 (id=6): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x3200054, &(0x7f0000000140)={[{@minixdf}, {@nodelalloc}]}, 0x1, 0x242, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJf+75BX3URBBVERAvldRNcXheFgpQiIqhQEXFRWqG2uLVOLg46q3RyKeJmdZQiFBdFcKraoS6CFocWBx0il2u11oh/UnPifT5wyV3yPM/vOS7fJ1mOBGity0muJukkmU7SS1KcbnB7vV0+PtyY2llIBoNHvi+G7erj2km/S0nWk9yXZLss8lw3Wd16Yv+H3YfuenWld+fbW49PTfQkjx3s7z189NbcK+/N3rv66effzhW5mv5vzuv8FSNe6xbJjf9Gsf+Iotv0DPgr5l9694sq9zcluWOY/17K1BfvteVrtnu5580/6vv6d5/dMsm5AudvMOhV34HrA6B1yiT9FOVMknq/LGdm6t/wX3Yuls8vLb84/ezSyuIzTa9UwHnpJ3sPfnDh/Utn8v9Np84/8P9V5f/R+c2vqv2jTtOzASapyv/0U2t3R/6hdeQf2kv+ob3kH9pL/qG95B/aS/6hveQf2kv+ob3+Tv4/mtCcgMk4nX8AoF0GF5q+AxloStPrDwAAAAAAAAAAAAAAAAAA8HsbUzsLJ9ukan78RnLwQJLuqPqd4f8RJ9cOHy8eFlWzXxR1t7E8eduYA/xq8fAfdHqn4buvr/u62fqf3Nps/bXFZP3lJFe63bOfv8H1449/w5+833t6/BrjuP+xZuv/tNls/dnd5MNq/bkyav0pc/PwefT606+u35j1X/hxzAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmJ8DAAD//7lGcFk=") r0 = open(&(0x7f0000000280)='./file1\x00', 0x4c37e, 0xb2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000001040)={0x0, 'team0\x00', {0x1}, 0x3}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r4, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe, 0x2}], 0x2}}], 0x48}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380), 0xce4, r3}, 0x38) fallocate(r0, 0x0, 0x0, 0x9000f4) r5 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r8 = getpgrp(0x0) r9 = syz_pidfd_open(r8, 0x0) pidfd_getfd(r9, r9, 0x0) io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) 1.747969515s ago: executing program 2 (id=3): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet6(0xa, 0x80001, 0x0) getsockopt$inet_int(r0, 0x0, 0x32, 0x0, &(0x7f00000000c0)) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1223, 0x3f07, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0xc, 0x3}}}}}]}}]}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) bind$tipc(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x200}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioperm(0x6, 0x3, 0xb017) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r5, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r4}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r4}]}, 0x40}}, 0x0) 1.448464621s ago: executing program 4 (id=5): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="020c0009000000002abd7040fddbdf250800120002000200b06b6e008000000020002a00fd030000080000000000000000000000000000000000ffffac1e0101e000000100000000000000000000000022439e257218ff373b498d9ef9399d7a843f1dbf7fc81cb913b4a675c19a4cd34fbaeb8ff1f7358aa1406a2b5db445ffea8bb26914075ae5ec7d2bfa7c0f5e90882cddc9fae46eadd69bfe736e6fbcdacf78288e88"], 0x50}}, 0x20000010) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x8000000002) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000280)='aufs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a00)={0x20, r6, 0xbc12ed7e38218f1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="020023022301020905"]) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0xc) read$FUSE(0xffffffffffffffff, &(0x7f0000006380)={0x2020}, 0x2020) 1.087303774s ago: executing program 1 (id=7): socket(0x10, 0x803, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) listen(r1, 0x3) accept(r1, &(0x7f0000000040)=@qipcrtr, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, &(0x7f0000000000)=0x64, 0x4) socket$inet6(0xa, 0x2, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) clock_gettime(0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100)) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) 0s ago: executing program 4 (id=8): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r1 = getpid() socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x567140) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.138' (ED25519) to the list of known hosts. [ 94.011885][ T5818] cgroup: Unknown subsys name 'net' [ 94.140690][ T5818] cgroup: Unknown subsys name 'cpuset' [ 94.150922][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 95.998509][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.488908][ T8] cfg80211: failed to load regulatory.db [ 99.129180][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.160678][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.169186][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 99.177860][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 99.186185][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.194763][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 99.204108][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 99.212136][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 99.220173][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 99.227731][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.235703][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 99.247041][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 99.257033][ T5835] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 99.265473][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 99.273873][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.282413][ T5835] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 99.290659][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 99.298034][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 99.314897][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 99.327014][ T5835] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 99.337301][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 99.365246][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 99.374885][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 99.382469][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 99.389740][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 99.390456][ T5835] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 99.409788][ T5846] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 99.418360][ T5835] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 99.431750][ T5835] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 99.439453][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 100.118870][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 100.414472][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 100.434996][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 100.542970][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 100.573568][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.582340][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.590985][ T5830] bridge_slave_0: entered allmulticast mode [ 100.601827][ T5830] bridge_slave_0: entered promiscuous mode [ 100.660709][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.668415][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.675986][ T5830] bridge_slave_1: entered allmulticast mode [ 100.683354][ T5830] bridge_slave_1: entered promiscuous mode [ 100.821025][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 100.946409][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.953704][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.961765][ T5837] bridge_slave_0: entered allmulticast mode [ 100.970138][ T5837] bridge_slave_0: entered promiscuous mode [ 100.982309][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.042636][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.050187][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.057971][ T5837] bridge_slave_1: entered allmulticast mode [ 101.066260][ T5837] bridge_slave_1: entered promiscuous mode [ 101.076163][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.085946][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.093192][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.101144][ T5833] bridge_slave_0: entered allmulticast mode [ 101.109077][ T5833] bridge_slave_0: entered promiscuous mode [ 101.138020][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.145709][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.153013][ T5840] bridge_slave_0: entered allmulticast mode [ 101.160799][ T5840] bridge_slave_0: entered promiscuous mode [ 101.203958][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.211450][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.218926][ T5833] bridge_slave_1: entered allmulticast mode [ 101.226856][ T5833] bridge_slave_1: entered promiscuous mode [ 101.244161][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.252076][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.260734][ T5840] bridge_slave_1: entered allmulticast mode [ 101.268673][ T5840] bridge_slave_1: entered promiscuous mode [ 101.326181][ T5842] Bluetooth: hci1: command tx timeout [ 101.373049][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.390735][ T5830] team0: Port device team_slave_0 added [ 101.402383][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.423036][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.473479][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.484997][ T5842] Bluetooth: hci2: command tx timeout [ 101.485064][ T5835] Bluetooth: hci3: command tx timeout [ 101.490777][ T5842] Bluetooth: hci4: command tx timeout [ 101.496309][ T54] Bluetooth: hci0: command tx timeout [ 101.506507][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.538571][ T5830] team0: Port device team_slave_1 added [ 101.595702][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.664107][ T5833] team0: Port device team_slave_0 added [ 101.711018][ T5837] team0: Port device team_slave_0 added [ 101.738425][ T5833] team0: Port device team_slave_1 added [ 101.763481][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.771427][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.779201][ T5834] bridge_slave_0: entered allmulticast mode [ 101.786561][ T5834] bridge_slave_0: entered promiscuous mode [ 101.799921][ T5840] team0: Port device team_slave_0 added [ 101.808878][ T5837] team0: Port device team_slave_1 added [ 101.834418][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.841441][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.869198][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.899597][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.907212][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.914751][ T5834] bridge_slave_1: entered allmulticast mode [ 101.922095][ T5834] bridge_slave_1: entered promiscuous mode [ 101.932401][ T5840] team0: Port device team_slave_1 added [ 101.975744][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.982765][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.009597][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.023332][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.030408][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.056968][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.123302][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.130637][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.156728][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.171321][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.178790][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.206000][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.227146][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.234732][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.260981][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.276252][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.290339][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.300545][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.307630][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.334354][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.404646][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.411621][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.438304][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.491420][ T5834] team0: Port device team_slave_0 added [ 102.502448][ T5834] team0: Port device team_slave_1 added [ 102.641735][ T5830] hsr_slave_0: entered promiscuous mode [ 102.649595][ T5830] hsr_slave_1: entered promiscuous mode [ 102.690396][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.697876][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.724800][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.739651][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.746770][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.773483][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.811807][ T5837] hsr_slave_0: entered promiscuous mode [ 102.818598][ T5837] hsr_slave_1: entered promiscuous mode [ 102.825366][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.833246][ T5837] Cannot create hsr debugfs directory [ 102.864711][ T5833] hsr_slave_0: entered promiscuous mode [ 102.871346][ T5833] hsr_slave_1: entered promiscuous mode [ 102.878015][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.885662][ T5833] Cannot create hsr debugfs directory [ 102.900291][ T5840] hsr_slave_0: entered promiscuous mode [ 102.907142][ T5840] hsr_slave_1: entered promiscuous mode [ 102.913883][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.922338][ T5840] Cannot create hsr debugfs directory [ 103.168100][ T5834] hsr_slave_0: entered promiscuous mode [ 103.175125][ T5834] hsr_slave_1: entered promiscuous mode [ 103.182394][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.190808][ T5834] Cannot create hsr debugfs directory [ 103.406108][ T54] Bluetooth: hci1: command tx timeout [ 103.565115][ T54] Bluetooth: hci0: command tx timeout [ 103.575492][ T54] Bluetooth: hci3: command tx timeout [ 103.575517][ T5835] Bluetooth: hci4: command tx timeout [ 103.580937][ T54] Bluetooth: hci2: command tx timeout [ 103.798330][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 103.819798][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 103.831598][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 103.860811][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 103.949450][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.963699][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.980267][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.995148][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 104.138556][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.155317][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.173702][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.211142][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.383996][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 104.402841][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 104.428082][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 104.481850][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 104.523339][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.620715][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 104.646093][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 104.660028][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 104.672078][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 104.723882][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.744139][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.830572][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.838503][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.871620][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.878875][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.891353][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.969704][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.976964][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.009980][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.055648][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.062831][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.192043][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.231912][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.273096][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.280363][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.300383][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.307702][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.431619][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.485169][ T54] Bluetooth: hci1: command tx timeout [ 105.551525][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.558917][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.582058][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.589463][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.645681][ T54] Bluetooth: hci2: command tx timeout [ 105.646370][ T5835] Bluetooth: hci0: command tx timeout [ 105.658197][ T54] Bluetooth: hci4: command tx timeout [ 105.659161][ T5838] Bluetooth: hci3: command tx timeout [ 105.706005][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.748874][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.770137][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.880608][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.979500][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.986836][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.032465][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.039867][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.074138][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.262610][ T5830] veth0_vlan: entered promiscuous mode [ 106.372416][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.446275][ T5830] veth1_vlan: entered promiscuous mode [ 106.692283][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.712344][ T5830] veth0_macvtap: entered promiscuous mode [ 106.762109][ T5840] veth0_vlan: entered promiscuous mode [ 106.792902][ T5830] veth1_macvtap: entered promiscuous mode [ 106.842497][ T5840] veth1_vlan: entered promiscuous mode [ 106.893956][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.959023][ T5833] veth0_vlan: entered promiscuous mode [ 106.972276][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.986247][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.996986][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.007780][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.018318][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.102725][ T5833] veth1_vlan: entered promiscuous mode [ 107.123541][ T5840] veth0_macvtap: entered promiscuous mode [ 107.143869][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.192692][ T5840] veth1_macvtap: entered promiscuous mode [ 107.220094][ T5837] veth0_vlan: entered promiscuous mode [ 107.308040][ T5837] veth1_vlan: entered promiscuous mode [ 107.314019][ T1335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.339641][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.350636][ T1335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.351255][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.371653][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.437533][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.448923][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.460878][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.510523][ T5833] veth0_macvtap: entered promiscuous mode [ 107.517819][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.524026][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.537887][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.547276][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.557227][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.566112][ T5835] Bluetooth: hci1: command tx timeout [ 107.572108][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.604079][ T5833] veth1_macvtap: entered promiscuous mode [ 107.706873][ T5837] veth0_macvtap: entered promiscuous mode [ 107.724973][ T5835] Bluetooth: hci4: command tx timeout [ 107.725395][ T5834] veth0_vlan: entered promiscuous mode [ 107.730448][ T5835] Bluetooth: hci2: command tx timeout [ 107.736617][ T5838] Bluetooth: hci0: command tx timeout [ 107.736667][ T5838] Bluetooth: hci3: command tx timeout [ 107.802914][ T5837] veth1_macvtap: entered promiscuous mode [ 107.810560][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 107.881190][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.900146][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.912330][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.933252][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.967266][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.161537][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.182845][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.199032][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.212104][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.232645][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.249921][ T5834] veth1_vlan: entered promiscuous mode [ 108.285474][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.293370][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.321246][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.332654][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.342938][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.353983][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.370949][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.382092][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.398293][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.422341][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.432067][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.456119][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.465529][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.508657][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.538144][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.556645][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.615089][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.625600][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.636629][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.656502][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.701389][ T5837] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.710205][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.710233][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.777213][ T5837] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.860843][ T5837] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.879001][ T5837] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.050591][ T5834] veth0_macvtap: entered promiscuous mode [ 109.098934][ T5834] veth1_macvtap: entered promiscuous mode [ 109.296244][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.309251][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.322859][ T5922] loop0: detected capacity change from 0 to 128 [ 109.331775][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.345910][ T5922] ======================================================= [ 109.345910][ T5922] WARNING: The mand mount option has been deprecated and [ 109.345910][ T5922] and is ignored by this kernel. Remove the mand [ 109.345910][ T5922] option from the mount to silence this warning. [ 109.345910][ T5922] ======================================================= [ 109.382317][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.409796][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.421970][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.433765][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.447066][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.464069][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.487884][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.508185][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.519712][ T5922] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.574178][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.590302][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.602498][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.613525][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.614673][ T5922] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 109.623935][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.644839][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.655383][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.666461][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.679263][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.736175][ T29] audit: type=1800 audit(1739136500.659:2): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="file1" dev="loop0" ino=12 res=0 errno=0 [ 109.800358][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.921466][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.928948][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.977950][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.998811][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.034618][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.081578][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.196675][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.497270][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.523831][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.657755][ T5840] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.908280][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.952229][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.988830][ T5931] loop0: detected capacity change from 0 to 128 [ 111.079395][ T5931] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.140581][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.163303][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.164496][ T5931] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 111.266876][ T5920] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 111.279883][ T29] audit: type=1800 audit(1739136502.209:3): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6" name="file1" dev="loop0" ino=12 res=0 errno=0 [ 111.509462][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.332095][ T5920] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 112.345780][ T5920] usb 3-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 112.354959][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.371003][ T5920] usb 3-1: config 0 descriptor?? [ 112.695491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 112.917817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 112.974033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 113.046660][ T5835] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 113.058184][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: kworker/u9:3 Not tainted 6.14.0-rc1-next-20250207-syzkaller #0 [ 113.058213][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 113.058233][ T5835] Workqueue: hci0 hci_rx_work [ 113.058269][ T5835] Call Trace: [ 113.058280][ T5835] [ 113.058290][ T5835] dump_stack_lvl+0x241/0x360 [ 113.058323][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.058357][ T5835] ? __wake_up_klogd+0xcc/0x110 [ 113.058390][ T5835] sysfs_create_dir_ns+0x2ce/0x3a0 [ 113.058411][ T5835] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 113.058454][ T5835] kobject_add_internal+0x435/0x8d0 [ 113.058503][ T5835] kobject_add+0x152/0x220 [ 113.058537][ T5835] ? preempt_schedule_thunk+0x1a/0x30 [ 113.058568][ T5835] ? device_add+0x3e7/0xbf0 [ 113.058606][ T5835] ? __pfx_kobject_add+0x10/0x10 [ 113.058640][ T5835] ? _raw_spin_unlock+0x3e/0x50 [ 113.058672][ T5835] ? get_device_parent+0x165/0x410 [ 113.058712][ T5835] device_add+0x4e5/0xbf0 [ 113.058759][ T5835] hci_conn_add_sysfs+0xe8/0x200 [ 113.058797][ T5835] le_conn_complete_evt+0xc9f/0x12e0 [ 113.058840][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 113.058857][ T5835] ? __mutex_unlock_slowpath+0x227/0x800 [ 113.058901][ T5835] ? skb_pull_data+0x112/0x230 [ 113.058946][ T5835] hci_le_conn_complete_evt+0x18c/0x420 [ 113.058985][ T5835] hci_event_packet+0xa55/0x1540 [ 113.059007][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 113.059036][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 113.059080][ T5835] ? mark_lock+0x9a/0x360 [ 113.059116][ T5835] ? hci_send_to_monitor+0xd8/0x7f0 [ 113.059144][ T5835] ? kcov_remote_start+0x97/0x7d0 [ 113.059169][ T5835] hci_rx_work+0x3f3/0xdb0 [ 113.059204][ T5835] ? process_scheduled_works+0x976/0x1840 [ 113.059235][ T5835] process_scheduled_works+0xa66/0x1840 [ 113.059305][ T5835] ? __pfx_process_scheduled_works+0x10/0x10 [ 113.059335][ T5835] ? assign_work+0x364/0x3d0 [ 113.059373][ T5835] worker_thread+0x870/0xd30 [ 113.059427][ T5835] ? __kthread_parkme+0x169/0x1d0 [ 113.059460][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 113.059481][ T5835] kthread+0x7a9/0x920 [ 113.059502][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059541][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 113.059568][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059594][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059628][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059657][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.059681][ T5835] ? lockdep_hardirqs_on+0x99/0x150 [ 113.059707][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059741][ T5835] ret_from_fork+0x4b/0x80 [ 113.059769][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.059799][ T5835] ret_from_fork_asm+0x1a/0x30 [ 113.059858][ T5835] [ 113.075944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 113.082249][ T5835] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 113.174615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 113.358551][ T5835] Bluetooth: hci0: failed to register connection device [ 113.395676][ T5835] ================================================================== [ 113.403799][ T5835] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 113.412773][ T5835] Read of size 8 at addr ffff8880582e4580 by task kworker/u9:3/5835 [ 113.420863][ T5835] [ 113.423204][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: kworker/u9:3 Not tainted 6.14.0-rc1-next-20250207-syzkaller #0 [ 113.423226][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 113.423240][ T5835] Workqueue: hci0 hci_rx_work [ 113.423263][ T5835] Call Trace: [ 113.423272][ T5835] [ 113.423279][ T5835] dump_stack_lvl+0x241/0x360 [ 113.423301][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.423319][ T5835] ? __pfx__printk+0x10/0x10 [ 113.423348][ T5835] ? _printk+0xd5/0x120 [ 113.423374][ T5835] ? __virt_addr_valid+0x183/0x530 [ 113.423401][ T5835] ? __virt_addr_valid+0x183/0x530 [ 113.423427][ T5835] print_report+0x169/0x550 [ 113.423445][ T5835] ? __virt_addr_valid+0x183/0x530 [ 113.423469][ T5835] ? __virt_addr_valid+0x183/0x530 [ 113.423493][ T5835] ? __virt_addr_valid+0x45f/0x530 [ 113.423517][ T5835] ? __phys_addr+0xba/0x170 [ 113.423542][ T5835] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 113.423567][ T5835] kasan_report+0x143/0x180 [ 113.423585][ T5835] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 113.423631][ T5835] l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 113.423657][ T5835] l2cap_connect_cfm+0x336/0x1090 [ 113.423682][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 113.423705][ T5835] ? __rcu_read_unlock+0xa1/0x110 [ 113.423733][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 113.423755][ T5835] hci_connect_cfm+0x162/0x240 [ 113.423776][ T5835] ? __pfx_hci_connect_cfm+0x10/0x10 [ 113.423798][ T5835] ? hci_conn_add_sysfs+0x122/0x200 [ 113.423824][ T5835] le_conn_complete_evt+0xd3e/0x12e0 [ 113.423851][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 113.423872][ T5835] ? __mutex_unlock_slowpath+0x227/0x800 [ 113.423900][ T5835] ? skb_pull_data+0x112/0x230 [ 113.423933][ T5835] hci_le_conn_complete_evt+0x18c/0x420 [ 113.423958][ T5835] hci_event_packet+0xa55/0x1540 [ 113.423977][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 113.423999][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 113.424028][ T5835] ? mark_lock+0x9a/0x360 [ 113.424055][ T5835] ? hci_send_to_monitor+0xd8/0x7f0 [ 113.424076][ T5835] ? kcov_remote_start+0x97/0x7d0 [ 113.424099][ T5835] hci_rx_work+0x3f3/0xdb0 [ 113.424119][ T5835] ? process_scheduled_works+0x976/0x1840 [ 113.424140][ T5835] process_scheduled_works+0xa66/0x1840 [ 113.424174][ T5835] ? __pfx_process_scheduled_works+0x10/0x10 [ 113.424200][ T5835] ? assign_work+0x364/0x3d0 [ 113.424225][ T5835] worker_thread+0x870/0xd30 [ 113.424257][ T5835] ? __kthread_parkme+0x169/0x1d0 [ 113.424285][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 113.424306][ T5835] kthread+0x7a9/0x920 [ 113.424329][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424353][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 113.424374][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424397][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424422][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424444][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.424462][ T5835] ? lockdep_hardirqs_on+0x99/0x150 [ 113.424482][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424506][ T5835] ret_from_fork+0x4b/0x80 [ 113.424528][ T5835] ? __pfx_kthread+0x10/0x10 [ 113.424551][ T5835] ret_from_fork_asm+0x1a/0x30 [ 113.424579][ T5835] [ 113.424585][ T5835] [ 113.727950][ T5835] Allocated by task 5835: [ 113.732285][ T5835] kasan_save_track+0x3f/0x80 [ 113.737005][ T5835] __kasan_kmalloc+0x98/0xb0 [ 113.741740][ T5835] __kmalloc_noprof+0x285/0x4c0 [ 113.746655][ T5835] sk_prot_alloc+0xe0/0x210 [ 113.751203][ T5835] sk_alloc+0x38/0x370 [ 113.755305][ T5835] bt_sock_alloc+0x3c/0x340 [ 113.759930][ T5835] l2cap_sock_new_connection_cb+0xe1/0x2b0 [ 113.765769][ T5835] l2cap_connect_cfm+0x336/0x1090 [ 113.770825][ T5835] hci_connect_cfm+0x162/0x240 [ 113.775604][ T5835] le_conn_complete_evt+0xd3e/0x12e0 [ 113.780921][ T5835] hci_le_conn_complete_evt+0x18c/0x420 [ 113.786486][ T5835] hci_event_packet+0xa55/0x1540 [ 113.791526][ T5835] hci_rx_work+0x3f3/0xdb0 [ 113.796115][ T5835] process_scheduled_works+0xa66/0x1840 [ 113.801773][ T5835] worker_thread+0x870/0xd30 [ 113.806381][ T5835] kthread+0x7a9/0x920 [ 113.810475][ T5835] ret_from_fork+0x4b/0x80 [ 113.814907][ T5835] ret_from_fork_asm+0x1a/0x30 [ 113.819726][ T5835] [ 113.822054][ T5835] Freed by task 5956: [ 113.826041][ T5835] kasan_save_track+0x3f/0x80 [ 113.830740][ T5835] kasan_save_free_info+0x40/0x50 [ 113.835778][ T5835] __kasan_slab_free+0x59/0x70 [ 113.840550][ T5835] kfree+0x196/0x430 [ 113.844457][ T5835] __sk_destruct+0x479/0x5f0 [ 113.849066][ T5835] l2cap_sock_cleanup_listen+0xdd/0x3c0 [ 113.854635][ T5835] l2cap_sock_release+0x5d/0x1d0 [ 113.859595][ T5835] sock_close+0xbc/0x240 [ 113.863856][ T5835] __fput+0x3e9/0x9f0 [ 113.867858][ T5835] task_work_run+0x24f/0x310 [ 113.872460][ T5835] get_signal+0x15f7/0x1750 [ 113.876976][ T5835] arch_do_signal_or_restart+0x96/0x860 [ 113.882543][ T5835] syscall_exit_to_user_mode+0xce/0x340 [ 113.888110][ T5835] do_syscall_64+0x100/0x230 [ 113.892717][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.898633][ T5835] [ 113.900963][ T5835] The buggy address belongs to the object at ffff8880582e4000 [ 113.900963][ T5835] which belongs to the cache kmalloc-2k of size 2048 [ 113.915032][ T5835] The buggy address is located 1408 bytes inside of [ 113.915032][ T5835] freed 2048-byte region [ffff8880582e4000, ffff8880582e4800) [ 113.929019][ T5835] [ 113.931351][ T5835] The buggy address belongs to the physical page: [ 113.937852][ T5835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x582e0 [ 113.946640][ T5835] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 113.955159][ T5835] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 113.962898][ T5835] page_type: f5(slab) [ 113.966919][ T5835] raw: 00fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000 [ 113.975524][ T5835] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 113.984224][ T5835] head: 00fff00000000040 ffff88801ac42000 dead000000000122 0000000000000000 [ 113.992912][ T5835] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 114.001602][ T5835] head: 00fff00000000003 ffffea000160b801 ffffffffffffffff 0000000000000000 [ 114.010382][ T5835] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 114.019059][ T5835] page dumped because: kasan: bad access detected [ 114.025487][ T5835] page_owner tracks the page as allocated [ 114.031203][ T5835] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5932, tgid 5928 (syz.2.3), ts 113015806583, free_ts 31931192616 [ 114.052232][ T5835] post_alloc_hook+0x1f4/0x240 [ 114.057037][ T5835] get_page_from_freelist+0x365c/0x37a0 [ 114.062725][ T5835] __alloc_frozen_pages_noprof+0x292/0x710 [ 114.068559][ T5835] alloc_pages_mpol+0x311/0x660 [ 114.073518][ T5835] allocate_slab+0x8f/0x3a0 [ 114.078042][ T5835] ___slab_alloc+0xc27/0x14a0 [ 114.082732][ T5835] __slab_alloc+0x58/0xa0 [ 114.087077][ T5835] __kmalloc_noprof+0x2e6/0x4c0 [ 114.091945][ T5835] sk_prot_alloc+0xe0/0x210 [ 114.096472][ T5835] sk_alloc+0x38/0x370 [ 114.100566][ T5835] __netlink_create+0x65/0x260 [ 114.105386][ T5835] netlink_create+0x3ab/0x560 [ 114.110107][ T5835] __sock_create+0x4c0/0xa30 [ 114.114719][ T5835] __sys_socket+0x150/0x3c0 [ 114.119274][ T5835] __x64_sys_socket+0x7a/0x90 [ 114.123965][ T5835] do_syscall_64+0xf3/0x230 [ 114.128486][ T5835] page last free pid 1 tgid 1 stack trace: [ 114.134298][ T5835] free_frozen_pages+0xe0d/0x10e0 [ 114.139362][ T5835] free_contig_range+0x14c/0x430 [ 114.144320][ T5835] destroy_args+0x94/0x4b0 [ 114.148748][ T5835] debug_vm_pgtable+0x4be/0x550 [ 114.153614][ T5835] do_one_initcall+0x248/0x870 [ 114.158390][ T5835] do_initcall_level+0x157/0x210 [ 114.163334][ T5835] do_initcalls+0x3f/0x80 [ 114.167668][ T5835] kernel_init_freeable+0x435/0x5d0 [ 114.172917][ T5835] kernel_init+0x1d/0x2b0 [ 114.177382][ T5835] ret_from_fork+0x4b/0x80 [ 114.181830][ T5835] ret_from_fork_asm+0x1a/0x30 [ 114.186617][ T5835] [ 114.188961][ T5835] Memory state around the buggy address: [ 114.194593][ T5835] ffff8880582e4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.202663][ T5835] ffff8880582e4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.210741][ T5835] >ffff8880582e4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.218808][ T5835] ^ [ 114.222885][ T5835] ffff8880582e4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.230948][ T5835] ffff8880582e4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.239014][ T5835] ================================================================== [ 114.284298][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 114.291559][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: kworker/u9:3 Not tainted 6.14.0-rc1-next-20250207-syzkaller #0 [ 114.301931][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 114.312020][ T5835] Workqueue: hci0 hci_rx_work [ 114.316736][ T5835] Call Trace: [ 114.320456][ T5835] [ 114.323389][ T5835] dump_stack_lvl+0x241/0x360 [ 114.328086][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.333299][ T5835] ? __pfx__printk+0x10/0x10 [ 114.337910][ T5835] ? preempt_schedule+0xe1/0xf0 [ 114.342864][ T5835] ? vscnprintf+0x5d/0x90 [ 114.347224][ T5835] panic+0x349/0x880 [ 114.351141][ T5835] ? check_panic_on_warn+0x21/0xb0 [ 114.356314][ T5835] ? __pfx_panic+0x10/0x10 [ 114.360755][ T5835] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 114.366751][ T5835] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 114.373093][ T5835] ? print_report+0x502/0x550 [ 114.377784][ T5835] check_panic_on_warn+0x86/0xb0 [ 114.382747][ T5835] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 114.388842][ T5835] end_report+0x77/0x160 [ 114.393100][ T5835] kasan_report+0x154/0x180 [ 114.397702][ T5835] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 114.403792][ T5835] l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 114.409718][ T5835] l2cap_connect_cfm+0x336/0x1090 [ 114.414775][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 114.420268][ T5835] ? __rcu_read_unlock+0xa1/0x110 [ 114.425314][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 114.430793][ T5835] hci_connect_cfm+0x162/0x240 [ 114.435575][ T5835] ? __pfx_hci_connect_cfm+0x10/0x10 [ 114.440877][ T5835] ? hci_conn_add_sysfs+0x122/0x200 [ 114.446107][ T5835] le_conn_complete_evt+0xd3e/0x12e0 [ 114.451505][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 114.457266][ T5835] ? __mutex_unlock_slowpath+0x227/0x800 [ 114.462924][ T5835] ? skb_pull_data+0x112/0x230 [ 114.467808][ T5835] hci_le_conn_complete_evt+0x18c/0x420 [ 114.473405][ T5835] hci_event_packet+0xa55/0x1540 [ 114.478362][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 114.483754][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 114.489152][ T5835] ? mark_lock+0x9a/0x360 [ 114.493502][ T5835] ? hci_send_to_monitor+0xd8/0x7f0 [ 114.498713][ T5835] ? kcov_remote_start+0x97/0x7d0 [ 114.503761][ T5835] hci_rx_work+0x3f3/0xdb0 [ 114.508203][ T5835] ? process_scheduled_works+0x976/0x1840 [ 114.513949][ T5835] process_scheduled_works+0xa66/0x1840 [ 114.519530][ T5835] ? __pfx_process_scheduled_works+0x10/0x10 [ 114.525542][ T5835] ? assign_work+0x364/0x3d0 [ 114.530165][ T5835] worker_thread+0x870/0xd30 [ 114.534788][ T5835] ? __kthread_parkme+0x169/0x1d0 [ 114.539831][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 114.544960][ T5835] kthread+0x7a9/0x920 [ 114.549052][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.553690][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 114.558853][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.563464][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.568113][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.572719][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 114.577935][ T5835] ? lockdep_hardirqs_on+0x99/0x150 [ 114.583146][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.587751][ T5835] ret_from_fork+0x4b/0x80 [ 114.592185][ T5835] ? __pfx_kthread+0x10/0x10 [ 114.596804][ T5835] ret_from_fork_asm+0x1a/0x30 [ 114.601593][ T5835] [ 114.605854][ T5835] Kernel Offset: disabled [ 114.610186][ T5835] Rebooting in 86400 seconds..