Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts. 2024/04/14 05:51:29 fuzzer started [ 101.878901][ T44] cfg80211: failed to load regulatory.db 2024/04/14 05:51:29 dialing manager at 10.128.0.169:30002 [ 102.657589][ T5072] cgroup: Unknown subsys name 'net' [ 102.813717][ T5072] cgroup: Unknown subsys name 'rlimit' 2024/04/14 05:51:32 code coverage: enabled 2024/04/14 05:51:32 comparison tracing: enabled 2024/04/14 05:51:32 extra coverage: enabled 2024/04/14 05:51:32 delay kcov mmap: enabled 2024/04/14 05:51:32 setuid sandbox: enabled 2024/04/14 05:51:32 namespace sandbox: enabled 2024/04/14 05:51:32 Android sandbox: /sys/fs/selinux/policy does not exist 2024/04/14 05:51:32 fault injection: enabled 2024/04/14 05:51:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2024/04/14 05:51:32 net packet injection: enabled 2024/04/14 05:51:32 net device setup: enabled 2024/04/14 05:51:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/04/14 05:51:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/04/14 05:51:32 NIC VF setup: PCI device 0000:00:11.0 is not available 2024/04/14 05:51:32 USB emulation: enabled 2024/04/14 05:51:32 hci packet injection: enabled 2024/04/14 05:51:32 wifi device emulation: enabled 2024/04/14 05:51:32 802.15.4 emulation: enabled 2024/04/14 05:51:32 swap file: enabled [ 104.967843][ T5072] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/04/14 05:51:33 starting 6 executor processes [ 106.882967][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.888448][ T5092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.898951][ T5092] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.907519][ T5092] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.915022][ T5092] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.925255][ T5092] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.932793][ T5092] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.942810][ T5094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.953795][ T5094] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.961394][ T5094] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.973566][ T5098] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 106.981179][ T5094] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 106.992219][ T5094] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.999448][ T5098] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 107.006735][ T5098] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 107.007620][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 107.024387][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 107.030967][ T5094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 107.032365][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 107.039363][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 107.050361][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 107.054388][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 107.069590][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 107.100332][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 107.117360][ T5094] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 107.124744][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 107.126778][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 107.132448][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 107.140335][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 107.153493][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 107.159722][ T5092] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 107.169733][ T5092] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 107.177655][ T5092] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 107.186683][ T5092] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 107.194985][ T5092] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 107.202746][ T5092] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 108.409042][ T5087] chnl_net:caif_netlink_parms(): no params data found [ 108.640290][ T5093] chnl_net:caif_netlink_parms(): no params data found [ 108.691021][ T5096] chnl_net:caif_netlink_parms(): no params data found [ 108.823793][ T5088] chnl_net:caif_netlink_parms(): no params data found [ 109.058960][ T5086] chnl_net:caif_netlink_parms(): no params data found [ 109.148342][ T5098] Bluetooth: hci0: command tx timeout [ 109.148549][ T5092] Bluetooth: hci2: command tx timeout [ 109.154291][ T5098] Bluetooth: hci1: command tx timeout [ 109.227018][ T5098] Bluetooth: hci4: command tx timeout [ 109.232780][ T5098] Bluetooth: hci3: command tx timeout [ 109.242319][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.253165][ T5087] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.265196][ T5087] bridge_slave_0: entered allmulticast mode [ 109.274269][ T5087] bridge_slave_0: entered promiscuous mode [ 109.301766][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.309125][ T5098] Bluetooth: hci5: command tx timeout [ 109.309301][ T5087] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.322552][ T5087] bridge_slave_1: entered allmulticast mode [ 109.331509][ T5087] bridge_slave_1: entered promiscuous mode [ 109.665010][ T5101] chnl_net:caif_netlink_parms(): no params data found [ 109.680796][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.688286][ T5088] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.695501][ T5088] bridge_slave_0: entered allmulticast mode [ 109.703837][ T5088] bridge_slave_0: entered promiscuous mode [ 109.768956][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.776883][ T5093] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.784132][ T5093] bridge_slave_0: entered allmulticast mode [ 109.796926][ T5093] bridge_slave_0: entered promiscuous mode [ 109.821612][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.829156][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.836910][ T5088] bridge_slave_1: entered allmulticast mode [ 109.845054][ T5088] bridge_slave_1: entered promiscuous mode [ 109.853353][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.861056][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.869179][ T5096] bridge_slave_0: entered allmulticast mode [ 109.877794][ T5096] bridge_slave_0: entered promiscuous mode [ 109.893548][ T5087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.913779][ T5093] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.921396][ T5093] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.929483][ T5093] bridge_slave_1: entered allmulticast mode [ 109.938054][ T5093] bridge_slave_1: entered promiscuous mode [ 110.005653][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.013063][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.020440][ T5096] bridge_slave_1: entered allmulticast mode [ 110.029469][ T5096] bridge_slave_1: entered promiscuous mode [ 110.044973][ T5087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.262068][ T5093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.279212][ T5093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.324789][ T5088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.368330][ T5087] team0: Port device team_slave_0 added [ 110.374991][ T5086] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.384319][ T5086] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.391910][ T5086] bridge_slave_0: entered allmulticast mode [ 110.401134][ T5086] bridge_slave_0: entered promiscuous mode [ 110.413206][ T5086] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.421034][ T5086] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.428885][ T5086] bridge_slave_1: entered allmulticast mode [ 110.437826][ T5086] bridge_slave_1: entered promiscuous mode [ 110.502135][ T5088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.539177][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.551762][ T5087] team0: Port device team_slave_1 added [ 110.660117][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.668622][ T5101] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.675926][ T5101] bridge_slave_0: entered allmulticast mode [ 110.684059][ T5101] bridge_slave_0: entered promiscuous mode [ 110.721566][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.806863][ T5086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.825444][ T5093] team0: Port device team_slave_0 added [ 110.839117][ T5093] team0: Port device team_slave_1 added [ 110.845637][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.855092][ T5101] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.862570][ T5101] bridge_slave_1: entered allmulticast mode [ 110.870763][ T5101] bridge_slave_1: entered promiscuous mode [ 110.885530][ T5088] team0: Port device team_slave_0 added [ 110.898220][ T5088] team0: Port device team_slave_1 added [ 110.933758][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.941074][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.968108][ T5087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.984903][ T5086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.092636][ T5096] team0: Port device team_slave_0 added [ 111.105756][ T5096] team0: Port device team_slave_1 added [ 111.113252][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.120889][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.147658][ T5087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.226759][ T5098] Bluetooth: hci2: command tx timeout [ 111.226912][ T52] Bluetooth: hci1: command tx timeout [ 111.232204][ T5092] Bluetooth: hci0: command tx timeout [ 111.248101][ T5088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.255079][ T5088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.281103][ T5088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.297977][ T5088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.304943][ T5088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.310392][ T5092] Bluetooth: hci3: command tx timeout [ 111.331441][ T5098] Bluetooth: hci4: command tx timeout [ 111.337013][ T5088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.386339][ T5098] Bluetooth: hci5: command tx timeout [ 111.455511][ T5086] team0: Port device team_slave_0 added [ 111.477927][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.486105][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.514647][ T5093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.531643][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.538669][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.565093][ T5093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.584741][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.608877][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.677277][ T5086] team0: Port device team_slave_1 added [ 111.743317][ T5101] team0: Port device team_slave_0 added [ 111.751150][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.758290][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.785565][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.891339][ T5101] team0: Port device team_slave_1 added [ 111.924985][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.932078][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.958613][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.102148][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.109766][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.136159][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.160451][ T5087] hsr_slave_0: entered promiscuous mode [ 112.168280][ T5087] hsr_slave_1: entered promiscuous mode [ 112.202028][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.209878][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.235904][ T5086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.251405][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.258469][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.284922][ T5086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.308481][ T5088] hsr_slave_0: entered promiscuous mode [ 112.315575][ T5088] hsr_slave_1: entered promiscuous mode [ 112.323634][ T5088] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.331787][ T5088] Cannot create hsr debugfs directory [ 112.367741][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.374855][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.401495][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.435027][ T5093] hsr_slave_0: entered promiscuous mode [ 112.442257][ T5093] hsr_slave_1: entered promiscuous mode [ 112.451011][ T5093] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.459205][ T5093] Cannot create hsr debugfs directory [ 112.618983][ T5096] hsr_slave_0: entered promiscuous mode [ 112.626923][ T5096] hsr_slave_1: entered promiscuous mode [ 112.633990][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.641767][ T5096] Cannot create hsr debugfs directory [ 112.933530][ T5101] hsr_slave_0: entered promiscuous mode [ 112.943190][ T5101] hsr_slave_1: entered promiscuous mode [ 112.950847][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.958483][ T5101] Cannot create hsr debugfs directory [ 113.020588][ T5086] hsr_slave_0: entered promiscuous mode [ 113.028611][ T5086] hsr_slave_1: entered promiscuous mode [ 113.035312][ T5086] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.042952][ T5086] Cannot create hsr debugfs directory [ 113.306369][ T5098] Bluetooth: hci0: command tx timeout [ 113.316380][ T5098] Bluetooth: hci2: command tx timeout [ 113.316729][ T5092] Bluetooth: hci1: command tx timeout [ 113.386412][ T5092] Bluetooth: hci4: command tx timeout [ 113.396692][ T5092] Bluetooth: hci3: command tx timeout [ 113.466355][ T5092] Bluetooth: hci5: command tx timeout [ 113.993699][ T5088] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 114.047521][ T5088] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 114.095685][ T5088] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 114.134610][ T5088] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 114.213032][ T5087] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 114.229100][ T5087] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 114.244898][ T5087] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 114.259980][ T5087] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 114.441109][ T5096] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 114.486610][ T5096] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 114.511004][ T5096] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 114.528412][ T5096] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 114.751534][ T5093] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.774458][ T5088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.794665][ T5093] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 114.851065][ T5093] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 114.906542][ T5093] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.980896][ T5088] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.074307][ T5086] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 115.133418][ T5086] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 115.155659][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.163328][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.199013][ T5086] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 115.257949][ T5086] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 115.282002][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.289797][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.391567][ T5092] Bluetooth: hci2: command tx timeout [ 115.395091][ T5098] Bluetooth: hci0: command tx timeout [ 115.397672][ T52] Bluetooth: hci1: command tx timeout [ 115.405028][ T5087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.466858][ T5098] Bluetooth: hci3: command tx timeout [ 115.466888][ T5092] Bluetooth: hci4: command tx timeout [ 115.546701][ T5092] Bluetooth: hci5: command tx timeout [ 115.622161][ T5101] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 115.655567][ T5087] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.679991][ T5101] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 115.694456][ T5101] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 115.733278][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.740599][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.766074][ T5101] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 115.792730][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.800064][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.005128][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.151909][ T5093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.264455][ T5096] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.424877][ T5093] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.485420][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.493005][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.506857][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.514089][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.602960][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.610317][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.698271][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.705575][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.768270][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.797814][ T5088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.821042][ T5086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.055091][ T5093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.104302][ T5101] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.140547][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.202319][ T5086] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.222284][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.229615][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.256164][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.263427][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.349465][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.356784][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.468709][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.475996][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.552911][ T5087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.671257][ T5088] veth0_vlan: entered promiscuous mode [ 117.890849][ T5088] veth1_vlan: entered promiscuous mode [ 118.051607][ T5093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.243417][ T5088] veth0_macvtap: entered promiscuous mode [ 118.291833][ T5087] veth0_vlan: entered promiscuous mode [ 118.304047][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.332025][ T5088] veth1_macvtap: entered promiscuous mode [ 118.444237][ T5087] veth1_vlan: entered promiscuous mode [ 118.532289][ T5088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.734756][ T5088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.852616][ T5088] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.862321][ T5088] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.876595][ T5088] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.891651][ T5088] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.961116][ T5086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.991883][ T5087] veth0_macvtap: entered promiscuous mode [ 119.025991][ T5096] veth0_vlan: entered promiscuous mode [ 119.056814][ T5096] veth1_vlan: entered promiscuous mode [ 119.113382][ T5087] veth1_macvtap: entered promiscuous mode [ 119.273179][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.344045][ T5096] veth0_macvtap: entered promiscuous mode [ 119.442390][ T5096] veth1_macvtap: entered promiscuous mode [ 119.468117][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.480629][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.500594][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.560888][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.569405][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.593870][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.596283][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.617766][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.788048][ T5087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.799407][ T5087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.808838][ T5087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.818115][ T5087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.888714][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.902256][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.914699][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.925326][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.939134][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.041992][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.053356][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.063448][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.073944][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.087599][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.098268][ T5093] veth0_vlan: entered promiscuous mode [ 120.100221][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.104772][ T5086] veth0_vlan: entered promiscuous mode [ 120.115886][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.153850][ T5096] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.163697][ T5096] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.173197][ T5096] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.203946][ T5096] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.322045][ T5093] veth1_vlan: entered promiscuous mode [ 120.359481][ T5086] veth1_vlan: entered promiscuous mode 05:51:47 executing program 3: r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffff, 0xffffffffffffffff}) fallocate(r0, 0x0, 0x0, 0x7fffffff) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'macvlan0\x00', 0x1}) pread64(r4, 0x0, 0x0, 0x0) dup3(r3, r4, 0x0) rt_sigreturn() utimes(&(0x7f0000000140)='./bus\x00', 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) chmod(&(0x7f00000000c0)='./bus\x00', 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15}, &(0x7f0000000040)=0x0) timer_settime(r5, 0x0, &(0x7f00000010c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) [ 120.480816][ T926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.511930][ T926] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) [ 120.685122][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.716203][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.976145][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.016109][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:48 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x0) read$char_usb(r0, 0x0, 0x0) 05:51:48 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa0340, 0x0) ioctl$KDSKBMODE(r0, 0x5451, 0x0) 05:51:48 executing program 3: mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x842, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 121.310658][ T5086] veth0_macvtap: entered promiscuous mode [ 121.349985][ T5101] veth0_vlan: entered promiscuous mode [ 121.404067][ T2450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.432379][ T2450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.460111][ T5086] veth1_macvtap: entered promiscuous mode 05:51:48 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000480), 0x4) [ 121.546713][ T5101] veth1_vlan: entered promiscuous mode 05:51:48 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x89) lseek(r0, 0x0, 0x4) 05:51:49 executing program 2: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00", r3}) [ 121.720080][ T5093] veth0_macvtap: entered promiscuous mode 05:51:49 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001480)={&(0x7f0000000040)='ext4_da_release_space\x00', r2}, 0x10) write$cgroup_int(r0, &(0x7f0000000240), 0x12) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001480)={&(0x7f0000000040)='ext4_da_release_space\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) [ 121.857995][ T5093] veth1_macvtap: entered promiscuous mode [ 121.884237][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 05:51:49 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x76, 0x101a01) io_setup(0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000600)=ANY=[]) [ 121.949166][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 05:51:49 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) [ 121.993427][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.025174][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.038579][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.050376][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.063447][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.081208][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.136706][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.170237][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.192297][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.218900][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 05:51:49 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private2, 0x7}, 0x1c) [ 122.246113][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.280837][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_1 05:51:49 executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10) openat(r0, &(0x7f0000000280)='.\x00', 0x0, 0x0) [ 122.417607][ T5086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.457643][ T5086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 05:51:49 executing program 2: unshare(0x400) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000000)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x2, @default}, 0x1c) [ 122.473967][ T5086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.485128][ T5086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 05:51:50 executing program 0: set_mempolicy(0x2, &(0x7f0000000040)=0x3, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc1, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000100)={0x20}, 0x20) 05:51:50 executing program 3: unshare(0x8040480) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, &(0x7f00000003c0)={0x0, 0x3938700}, 0x0, 0x0) 05:51:50 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) [ 122.768248][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.806271][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.832582][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.870762][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 05:51:50 executing program 0: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00", r3}) [ 122.916653][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.956339][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.966199][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.021123][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.064644][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.083229][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.093825][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.109309][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.123488][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.138806][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.153069][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 05:51:50 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) r2 = syz_clone(0x0, 0x0, 0x32, 0x0, 0x0, 0x0) fcntl$setown(r1, 0x8, r2) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000040)='syscall\x00') r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) pread64(r4, &(0x7f0000000340)=""/254, 0xfe, 0x0) 05:51:50 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x9e966e64318092aa, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000800)=0x8000000) [ 123.165591][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.180433][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.194320][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.301637][ T5101] veth0_macvtap: entered promiscuous mode 05:51:50 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) [ 123.389768][ T5101] veth1_macvtap: entered promiscuous mode [ 123.412903][ T5093] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 05:51:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) [ 123.465078][ T5093] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.502830][ T5093] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.528841][ T5093] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.633746][ T5241] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 05:51:51 executing program 0: bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10) openat(r0, &(0x7f0000000280)='.\x00', 0x0, 0x0) 05:51:51 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x20000000, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 123.910897][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.929985][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.968055][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.986392][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.012791][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.058453][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.085433][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.096960][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.108316][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.128550][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.144407][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 05:51:51 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) faccessat(r1, &(0x7f0000000000)='./file0\x00', 0x0) [ 124.159958][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.194303][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0 05:51:51 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300001f7c962d850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60"], 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[], 0x240) [ 124.243684][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.281504][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.318098][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.341965][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 05:51:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x6046, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) [ 124.367843][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.392527][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.410834][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.424446][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.444578][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 05:51:51 executing program 0: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00", r3}) [ 124.468866][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.504791][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.568405][ T5101] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.608167][ T5101] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.626286][ T5101] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.635052][ T5101] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 05:51:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) 05:51:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x80}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000440)='sched_kthread_work_queue_work\x00', r2}, 0x10) [ 124.860233][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.917994][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) 05:51:52 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) [ 125.198504][ T5263] syzkaller0: entered promiscuous mode [ 125.204134][ T5263] syzkaller0: entered allmulticast mode 05:51:52 executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10) openat(r0, &(0x7f0000000280)='.\x00', 0x0, 0x0) 05:51:52 executing program 0: r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000180)=@secondary) [ 125.677358][ T5150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.710979][ T5150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:53 executing program 2: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 05:51:53 executing program 0: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00", r3}) 05:51:53 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x1c, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e20, @local}}}, &(0x7f0000000180)=0x9c) 05:51:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) 05:51:53 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x80}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000440)='sched_kthread_work_queue_work\x00', r2}, 0x10) 05:51:53 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) [ 126.380413][ T2433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.412374][ T2433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.485099][ T2450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.532998][ T2450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:53 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) [ 126.802203][ T5180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 05:51:54 executing program 3: getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x24, &(0x7f0000000000), 0xfe6a) [ 126.842611][ T5180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 05:51:54 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[], 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet6_mreq(r2, 0x10d, 0xde, 0x0, &(0x7f0000000080)) 05:51:54 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x21b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "71c5577d"}]}}, 0x0}, 0x0) 05:51:54 executing program 1: r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffff}) fallocate(r0, 0x0, 0x0, 0x7fffffff) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'macvlan0\x00', 0x1}) pread64(r4, 0x0, 0x0, 0x0) dup3(r3, r4, 0x0) rt_sigreturn() utimes(&(0x7f0000000140)='./bus\x00', 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) chmod(&(0x7f00000000c0)='./bus\x00', 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15}, &(0x7f0000000040)=0x0) timer_settime(r5, 0x0, &(0x7f00000010c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) 05:51:54 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) 05:51:54 executing program 0: bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10) openat(r0, &(0x7f0000000280)='.\x00', 0x0, 0x0) 05:51:54 executing program 3: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240), 0x0) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00"}) [ 127.534045][ T28] audit: type=1800 audit(1713073914.832:2): pid=5316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1946 res=0 errno=0 05:51:54 executing program 5: bind(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1c, 0x10000001, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x1c, 0x1c, 0x1}, 0x1c) [ 127.637141][ T5180] usb 5-1: new high-speed USB device number 2 using dummy_hcd 05:51:55 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x80}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000440)='sched_kthread_work_queue_work\x00', r2}, 0x10) 05:51:55 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x2, @remote}, 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$sock_void(r2, 0x1, 0x0, 0x0, 0x0) [ 128.046977][ T5180] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 05:51:55 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) [ 128.124749][ T5180] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.203920][ T5180] usb 5-1: New USB device found, idVendor=05ac, idProduct=021b, bcdDevice= 0.00 05:51:55 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x1c, &(0x7f0000000200)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e20, @local}}}, &(0x7f0000000180)=0x9c) [ 128.263393][ T5180] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.332584][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 128.364083][ T5180] usb 5-1: config 0 descriptor?? 05:51:55 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = eventfd2(0x5, 0x0) r4 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r4, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000180)={0x0, r3}) 05:51:55 executing program 3: mkdir(&(0x7f0000000380)='./file0\x00', 0x0) chroot(&(0x7f00000008c0)='./file0\x00') r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) setrlimit(0x1, &(0x7f0000000440)={0xffffffff, 0xffffffffffffffff}) fallocate(r0, 0x0, 0x0, 0x7fffffff) utime(0x0, 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) write$P9_RLOPEN(r1, 0x0, 0x0) close(r1) rt_sigreturn() openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x1) syz_open_dev$ptys(0xc, 0x3, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mknodat$null(r0, &(0x7f0000000340)='./bus\x00', 0x800, 0x103) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 05:51:56 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448cb, &(0x7f00000003c0)) [ 128.977997][ T28] audit: type=1800 audit(1713073916.292:3): pid=5339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1970 res=0 errno=0 [ 129.129044][ T5180] apple 0003:05AC:021B.0001: hidraw0: USB HID v0.00 Device [HID 05ac:021b] on usb-dummy_hcd.4-1/input0 05:51:56 executing program 2: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "9ab810cf3d6b851f8de1d33fe14d06a3b005ca1531ff335b0d173fe5c4dede5d", 0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240), 0x0) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"2e50f7e3b6e0308669b7d35dbd118fd7f502a5e6826a00"}) [ 129.296131][ T5180] usb 5-1: USB disconnect, device number 2 05:51:56 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x50842, 0x0) pwrite64(r0, &(0x7f00000002c0)='=', 0x1, 0x800b5eb) pselect6(0x40, &(0x7f0000000000)={0xa}, 0x0, 0x0, 0x0, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0) r2 = signalfd4(r1, &(0x7f0000000080), 0x8, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x1000000000006) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) 05:51:57 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x37, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) getdents(r0, &(0x7f0000000080)=""/199, 0xc7) getdents(r0, &(0x7f0000000240)=""/181, 0xb5) getdents64(r0, &(0x7f0000000340)=""/181, 0xb5) 05:51:57 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f0000000640)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0}, 0x20184) 05:51:57 executing program 1: r0 = socket$inet6(0x1c, 0x2, 0x0) setsockopt(r0, 0x29, 0x0, &(0x7f0000000000)="60c6eabb", 0x4) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect(r1, &(0x7f0000000040)=@in={0x10, 0x2}, 0x10) 05:51:57 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x80}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000440)='sched_kthread_work_queue_work\x00', r2}, 0x10) 05:51:57 executing program 5: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0) r1 = signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10042, 0x0) pwrite64(r2, &(0x7f0000000080)='=', 0x1, 0x800b5eb) sendfile(r1, r2, 0x0, 0x1000000000006) pselect6(0x40, &(0x7f0000000040)={0x9}, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000200)=ANY=[], 0xfffffcdd) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/snmp\x00') sendfile(r3, r4, 0x0, 0x37) [ 130.176261][ T3] [ 130.178664][ T3] ===================================================== [ 130.185609][ T3] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 130.193076][ T3] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 130.199758][ T3] ----------------------------------------------------- [ 130.206695][ T3] pool_workqueue_/3 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 130.214539][ T3] ffff88802c466200 (&stab->lock){+...}-{2:2}, at: sock_map_delete_elem+0xc8/0x150 [ 130.223865][ T3] [ 130.223865][ T3] and this task is already holding: [ 130.231261][ T3] ffff8880172e8120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x23/0x170 [ 130.240629][ T3] which would create a new lock dependency: [ 130.246548][ T3] ((worker)->lock){....}-{2:2} -> (&stab->lock){+...}-{2:2} [ 130.254035][ T3] [ 130.254035][ T3] but this new dependency connects a HARDIRQ-irq-safe lock: [ 130.263490][ T3] (&pool->lock){-.-.}-{2:2} [ 130.263534][ T3] [ 130.263534][ T3] ... which became HARDIRQ-irq-safe at: [ 130.275918][ T3] lock_acquire+0x1b1/0x540 [ 130.280645][ T3] _raw_spin_lock+0x2e/0x40 [ 130.285302][ T3] __queue_work+0x39e/0x1170 [ 130.290017][ T3] queue_work_on+0xf4/0x120 [ 130.294649][ T3] tick_setup_sched_timer+0x47c/0x790 [ 130.300241][ T3] hrtimer_run_queues+0x33c/0x450 [ 130.305397][ T3] update_process_times+0xcf/0x220 [ 130.310624][ T3] tick_periodic+0x7e/0x230 [ 130.315244][ T3] tick_handle_periodic+0x45/0x120 [ 130.320483][ T3] __sysvec_apic_timer_interrupt+0x112/0x410 [ 130.326585][ T3] sysvec_apic_timer_interrupt+0x90/0xb0 [ 130.332350][ T3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 130.338464][ T3] lock_acquire+0x1f2/0x540 [ 130.343077][ T3] _raw_spin_lock+0x2e/0x40 [ 130.347692][ T3] d_alloc+0x6a/0x1e0 [ 130.351775][ T3] d_alloc_parallel+0xe9/0x12b0 [ 130.356741][ T3] __lookup_slow+0x194/0x460 [ 130.361445][ T3] lookup_one_len+0x181/0x1b0 [ 130.366236][ T3] tracefs_start_creating+0x110/0x2a0 [ 130.371735][ T3] tracefs_create_file+0x9d/0x810 [ 130.376885][ T3] trace_create_file+0x33/0x70 [ 130.381778][ T3] event_trace_init+0xe5/0x1f0 [ 130.386653][ T3] tracer_init_tracefs_work_func+0x12/0x3c0 [ 130.392660][ T3] process_one_work+0x9ac/0x1a60 [ 130.397720][ T3] worker_thread+0x6c8/0xf70 [ 130.402456][ T3] kthread+0x2c4/0x3a0 [ 130.406636][ T3] ret_from_fork+0x48/0x80 [ 130.411220][ T3] ret_from_fork_asm+0x1a/0x30 [ 130.416117][ T3] [ 130.416117][ T3] to a HARDIRQ-irq-unsafe lock: [ 130.423262][ T3] (&stab->lock){+...}-{2:2} [ 130.423312][ T3] [ 130.423312][ T3] ... which became HARDIRQ-irq-unsafe at: [ 130.435809][ T3] ... [ 130.435820][ T3] lock_acquire+0x1b1/0x540 [ 130.443122][ T3] _raw_spin_lock_bh+0x33/0x40 [ 130.448002][ T3] sock_map_delete_elem+0xc8/0x150 [ 130.453233][ T3] 0xffffffffa00008f1 [ 130.457320][ T3] bpf_trace_run2+0x154/0x420 [ 130.462126][ T3] syscall_trace_enter+0x1c5/0x210 [ 130.467363][ T3] do_syscall_64+0x1f6/0x260 [ 130.472081][ T3] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 130.478104][ T3] [ 130.478104][ T3] other info that might help us debug this: [ 130.478104][ T3] [ 130.488337][ T3] Chain exists of: [ 130.488337][ T3] &pool->lock --> (worker)->lock --> &stab->lock [ 130.488337][ T3] [ 130.500634][ T3] Possible interrupt unsafe locking scenario: [ 130.500634][ T3] [ 130.509048][ T3] CPU0 CPU1 [ 130.514419][ T3] ---- ---- [ 130.519792][ T3] lock(&stab->lock); [ 130.523889][ T3] local_irq_disable(); [ 130.530654][ T3] lock(&pool->lock); [ 130.537291][ T3] lock((worker)->lock); [ 130.544182][ T3] [ 130.547644][ T3] lock(&pool->lock); [ 130.551927][ T3] [ 130.551927][ T3] *** DEADLOCK *** [ 130.551927][ T3] [ 130.560095][ T3] 3 locks held by pool_workqueue_/3: [ 130.565393][ T3] #0: ffffffff8d7c05b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x403/0x7a0 [ 130.576357][ T3] #1: ffff8880172e8120 ((worker)->lock){....}-{2:2}, at: kthread_queue_work+0x23/0x170 [ 130.586163][ T3] #2: ffffffff8d7b49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xe4/0x420 [ 130.595648][ T3] [ 130.595648][ T3] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 130.606155][ T3] -> (&pool->lock){-.-.}-{2:2} { [ 130.611265][ T3] IN-HARDIRQ-W at: [ 130.615353][ T3] lock_acquire+0x1b1/0x540 [ 130.621711][ T3] _raw_spin_lock+0x2e/0x40 [ 130.628079][ T3] __queue_work+0x39e/0x1170 [ 130.634532][ T3] queue_work_on+0xf4/0x120 [ 130.640892][ T3] tick_setup_sched_timer+0x47c/0x790 [ 130.648133][ T3] hrtimer_run_queues+0x33c/0x450 [ 130.655019][ T3] update_process_times+0xcf/0x220 [ 130.661986][ T3] tick_periodic+0x7e/0x230 [ 130.668337][ T3] tick_handle_periodic+0x45/0x120 [ 130.675307][ T3] __sysvec_apic_timer_interrupt+0x112/0x410 [ 130.683138][ T3] sysvec_apic_timer_interrupt+0x90/0xb0 [ 130.690641][ T3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 130.698493][ T3] lock_acquire+0x1f2/0x540 [ 130.704845][ T3] _raw_spin_lock+0x2e/0x40 [ 130.711202][ T3] d_alloc+0x6a/0x1e0 [ 130.717026][ T3] d_alloc_parallel+0xe9/0x12b0 [ 130.723765][ T3] __lookup_slow+0x194/0x460 [ 130.730240][ T3] lookup_one_len+0x181/0x1b0 [ 130.736779][ T3] tracefs_start_creating+0x110/0x2a0 [ 130.744015][ T3] tracefs_create_file+0x9d/0x810 [ 130.750901][ T3] trace_create_file+0x33/0x70 [ 130.757533][ T3] event_trace_init+0xe5/0x1f0 [ 130.764172][ T3] tracer_init_tracefs_work_func+0x12/0x3c0 [ 130.772006][ T3] process_one_work+0x9ac/0x1a60 [ 130.778809][ T3] worker_thread+0x6c8/0xf70 [ 130.785346][ T3] kthread+0x2c4/0x3a0 [ 130.791283][ T3] ret_from_fork+0x48/0x80 [ 130.797572][ T3] ret_from_fork_asm+0x1a/0x30 [ 130.804301][ T3] IN-SOFTIRQ-W at: [ 130.808384][ T3] lock_acquire+0x1b1/0x540 [ 130.814738][ T3] _raw_spin_lock+0x2e/0x40 [ 130.821096][ T3] __queue_work+0x39e/0x1170 [ 130.827573][ T3] call_timer_fn+0x1a3/0x5b0 [ 130.834018][ T3] __run_timers+0x567/0xab0 [ 130.840374][ T3] run_timer_base+0x111/0x190 [ 130.846923][ T3] run_timer_softirq+0x1a/0x40 [ 130.853534][ T3] __do_softirq+0x21b/0x8de [ 130.860079][ T3] irq_exit_rcu+0xb9/0x120 [ 130.866363][ T3] sysvec_apic_timer_interrupt+0x95/0xb0 [ 130.873859][ T3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 130.881715][ T3] default_idle+0xf/0x20 [ 130.887802][ T3] default_idle_call+0x6d/0xb0 [ 130.894499][ T3] do_idle+0x32c/0x3f0 [ 130.900424][ T3] cpu_startup_entry+0x4f/0x60 [ 130.907046][ T3] rest_init+0x16f/0x2b0 [ 130.913133][ T3] arch_call_rest_init+0x13/0x40 [ 130.919935][ T3] start_kernel+0x3a3/0x490 [ 130.926307][ T3] x86_64_start_reservations+0x18/0x30 [ 130.933638][ T3] x86_64_start_kernel+0xb2/0xc0 [ 130.940446][ T3] common_startup_64+0x13e/0x148 [ 130.947237][ T3] INITIAL USE at: [ 130.951233][ T3] lock_acquire+0x1b1/0x540 [ 130.957503][ T3] _raw_spin_lock+0x2e/0x40 [ 130.963772][ T3] __queue_work+0x39e/0x1170 [ 130.970131][ T3] queue_work_on+0xf4/0x120 [ 130.976404][ T3] start_poll_synchronize_rcu_expedited+0x147/0x180 [ 130.984765][ T3] rcu_init+0x1625/0x20c0 [ 130.990851][ T3] start_kernel+0x19e/0x490 [ 130.997133][ T3] x86_64_start_reservations+0x18/0x30 [ 131.004381][ T3] x86_64_start_kernel+0xb2/0xc0 [ 131.011100][ T3] common_startup_64+0x13e/0x148 [ 131.017812][ T3] } [ 131.020413][ T3] ... key at: [] __key.17+0x0/0x40 [ 131.027738][ T3] -> ((worker)->lock){....}-{2:2} { [ 131.032992][ T3] INITIAL USE at: [ 131.036926][ T3] lock_acquire+0x1b1/0x540 [ 131.043109][ T3] _raw_spin_lock_irq+0x36/0x50 [ 131.049549][ T3] kthread_worker_fn+0x49d/0xab0 [ 131.056092][ T3] kthread+0x2c4/0x3a0 [ 131.062009][ T3] ret_from_fork+0x48/0x80 [ 131.068075][ T3] ret_from_fork_asm+0x1a/0x30 [ 131.074531][ T3] } [ 131.077036][ T3] ... key at: [] __key.0+0x0/0x40 [ 131.084214][ T3] ... acquired at: [ 131.088021][ T3] _raw_spin_lock_irqsave+0x3a/0x60 [ 131.093421][ T3] kthread_queue_work+0x23/0x170 [ 131.098549][ T3] put_pwq+0xf8/0x130 [ 131.102744][ T3] apply_wqattrs_cleanup.part.0+0xd7/0x2b0 [ 131.108759][ T3] apply_workqueue_attrs_locked+0x9e/0xe0 [ 131.114696][ T3] apply_workqueue_attrs+0x2f/0x50 [ 131.120024][ T3] padata_alloc+0x225/0x410 [ 131.124744][ T3] pcrypt_init_padata+0x19/0x120 [ 131.129917][ T3] pcrypt_init+0x66/0x110 [ 131.134471][ T3] do_one_initcall+0x12b/0x690 [ 131.139457][ T3] kernel_init_freeable+0x69d/0xc40 [ 131.144871][ T3] kernel_init+0x1c/0x2a0 [ 131.149420][ T3] ret_from_fork+0x48/0x80 [ 131.154053][ T3] ret_from_fork_asm+0x1a/0x30 [ 131.159042][ T3] [ 131.161370][ T3] [ 131.161370][ T3] the dependencies between the lock to be acquired [ 131.161384][ T3] and HARDIRQ-irq-unsafe lock: [ 131.174940][ T3] -> (&stab->lock){+...}-{2:2} { [ 131.179933][ T3] HARDIRQ-ON-W at: [ 131.183925][ T3] lock_acquire+0x1b1/0x540 [ 131.190111][ T3] _raw_spin_lock_bh+0x33/0x40 [ 131.196559][ T3] sock_map_delete_elem+0xc8/0x150 [ 131.203349][ T3] 0xffffffffa00008f1 [ 131.208994][ T3] bpf_trace_run2+0x154/0x420 [ 131.215353][ T3] syscall_trace_enter+0x1c5/0x210 [ 131.222148][ T3] do_syscall_64+0x1f6/0x260 [ 131.228431][ T3] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 131.236029][ T3] INITIAL USE at: [ 131.239940][ T3] lock_acquire+0x1b1/0x540 [ 131.246032][ T3] _raw_spin_lock_bh+0x33/0x40 [ 131.252394][ T3] sock_map_delete_elem+0xc8/0x150 [ 131.259101][ T3] 0xffffffffa00008f1 [ 131.264659][ T3] bpf_trace_run2+0x154/0x420 [ 131.270938][ T3] syscall_trace_enter+0x1c5/0x210 [ 131.277651][ T3] do_syscall_64+0x1f6/0x260 [ 131.283848][ T3] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 131.291436][ T3] } [ 131.293937][ T3] ... key at: [] __key.1+0x0/0x40 [ 131.301079][ T3] ... acquired at: [ 131.304886][ T3] lock_acquire+0x1b1/0x540 [ 131.309626][ T3] _raw_spin_lock_bh+0x33/0x40 [ 131.314589][ T3] sock_map_delete_elem+0xc8/0x150 [ 131.319900][ T3] bpf_prog_d247abf228e51871+0x69/0x71 [ 131.325545][ T3] bpf_trace_run2+0x154/0x420 [ 131.330433][ T3] __bpf_trace_sched_kthread_work_queue_work+0xbf/0x100 [ 131.337582][ T3] kthread_insert_work+0x29b/0x3e0 [ 131.342922][ T3] kthread_queue_work+0x104/0x170 [ 131.348163][ T3] synchronize_rcu_expedited+0x578/0x7a0 [ 131.354013][ T3] synchronize_rcu+0x2f9/0x3b0 [ 131.359000][ T3] pwq_release_workfn+0x539/0x9d0 [ 131.364240][ T3] kthread_worker_fn+0x308/0xab0 [ 131.369403][ T3] kthread+0x2c4/0x3a0 [ 131.373667][ T3] ret_from_fork+0x48/0x80 [ 131.378323][ T3] ret_from_fork_asm+0x1a/0x30 [ 131.383311][ T3] [ 131.385644][ T3] [ 131.385644][ T3] stack backtrace: [ 131.391534][ T3] CPU: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 131.401361][ T3] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 131.411431][ T3] Call Trace: [ 131.414721][ T3] [ 131.417667][ T3] dump_stack_lvl+0x116/0x1f0 [ 131.422380][ T3] check_irq_usage+0xe3c/0x1490 [ 131.427272][ T3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 131.433496][ T3] ? __pfx_check_irq_usage+0x10/0x10 [ 131.438899][ T3] ? hlock_conflict+0x58/0x200 [ 131.443713][ T3] ? __bfs+0x2fd/0x670 [ 131.447839][ T3] ? __pfx_hlock_conflict+0x10/0x10 [ 131.453089][ T3] ? srso_return_thunk+0x5/0x5f [ 131.458003][ T3] ? srso_return_thunk+0x5/0x5f [ 131.462895][ T3] ? lockdep_lock+0xc6/0x200 [ 131.467526][ T3] ? __pfx_lockdep_lock+0x10/0x10 [ 131.472597][ T3] ? __lock_acquire+0x248e/0x3b30 [ 131.477654][ T3] ? srso_return_thunk+0x5/0x5f [ 131.482556][ T3] __lock_acquire+0x248e/0x3b30 [ 131.487448][ T3] ? __pfx___lock_acquire+0x10/0x10 [ 131.492676][ T3] ? srso_return_thunk+0x5/0x5f [ 131.497567][ T3] ? lock_acquire+0x1b1/0x540 [ 131.502271][ T3] ? srso_return_thunk+0x5/0x5f [ 131.507171][ T3] ? find_held_lock+0x2d/0x110 [ 131.511980][ T3] lock_acquire+0x1b1/0x540 [ 131.516516][ T3] ? sock_map_delete_elem+0xc8/0x150 [ 131.521835][ T3] ? __pfx_lock_acquire+0x10/0x10 [ 131.526888][ T3] ? srso_return_thunk+0x5/0x5f [ 131.531781][ T3] ? arch_irq_work_raise+0x4f/0x70 [ 131.536963][ T3] ? srso_return_thunk+0x5/0x5f [ 131.541854][ T3] ? __irq_work_queue_local+0x14c/0x410 [ 131.547448][ T3] ? srso_return_thunk+0x5/0x5f [ 131.552341][ T3] ? irq_work_queue+0x2a/0x80 [ 131.557064][ T3] _raw_spin_lock_bh+0x33/0x40 [ 131.561860][ T3] ? sock_map_delete_elem+0xc8/0x150 [ 131.567172][ T3] sock_map_delete_elem+0xc8/0x150 [ 131.572321][ T3] bpf_prog_d247abf228e51871+0x69/0x71 [ 131.577826][ T3] bpf_trace_run2+0x154/0x420 [ 131.582545][ T3] ? __pfx_bpf_trace_run2+0x10/0x10 [ 131.587779][ T3] ? srso_return_thunk+0x5/0x5f [ 131.592673][ T3] ? lock_acquire+0x1b1/0x540 [ 131.597383][ T3] __bpf_trace_sched_kthread_work_queue_work+0xbf/0x100 [ 131.604547][ T3] ? __pfx___bpf_trace_sched_kthread_work_queue_work+0x10/0x10 [ 131.612151][ T3] ? srso_return_thunk+0x5/0x5f [ 131.617091][ T3] ? srso_return_thunk+0x5/0x5f [ 131.621994][ T3] kthread_insert_work+0x29b/0x3e0 [ 131.627164][ T3] kthread_queue_work+0x104/0x170 [ 131.632231][ T3] synchronize_rcu_expedited+0x578/0x7a0 [ 131.637916][ T3] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 131.644118][ T3] ? srso_return_thunk+0x5/0x5f [ 131.649032][ T3] ? __schedule+0xf1d/0x5c70 [ 131.653654][ T3] ? rcu_is_watching+0x12/0xc0 [ 131.658448][ T3] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 131.663789][ T3] ? srso_return_thunk+0x5/0x5f [ 131.668689][ T3] ? srso_return_thunk+0x5/0x5f [ 131.673583][ T3] ? __pfx___might_resched+0x10/0x10 [ 131.678909][ T3] ? srso_return_thunk+0x5/0x5f [ 131.683810][ T3] synchronize_rcu+0x2f9/0x3b0 [ 131.688621][ T3] ? __pfx_synchronize_rcu+0x10/0x10 [ 131.693949][ T3] ? irqentry_exit+0x3b/0x90 [ 131.698599][ T3] ? srso_return_thunk+0x5/0x5f [ 131.703491][ T3] ? lockdep_hardirqs_on+0x7c/0x110 [ 131.708729][ T3] ? srso_return_thunk+0x5/0x5f [ 131.713631][ T3] ? lockdep_unregister_key+0x1ab/0x280 [ 131.719235][ T3] pwq_release_workfn+0x539/0x9d0 [ 131.724311][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.729545][ T3] kthread_worker_fn+0x308/0xab0 [ 131.734531][ T3] ? __pfx_pwq_release_workfn+0x10/0x10 [ 131.740123][ T3] ? __pfx_kthread_worker_fn+0x10/0x10 [ 131.745631][ T3] kthread+0x2c4/0x3a0 [ 131.749735][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.754977][ T3] ? __pfx_kthread+0x10/0x10 [ 131.759597][ T3] ret_from_fork+0x48/0x80 [ 131.764066][ T3] ? __pfx_kthread+0x10/0x10 [ 131.768682][ T3] ret_from_fork_asm+0x1a/0x30 [ 131.773524][ T3] [ 131.797067][ T3] ------------[ cut here ]------------ [ 131.802568][ T3] raw_local_irq_restore() called with IRQs enabled [ 131.817094][ T3] WARNING: CPU: 0 PID: 3 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x30 [ 131.827540][ T3] Modules linked in: [ 131.831547][ T3] CPU: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 131.841415][ T3] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 131.852966][ T3] RIP: 0010:warn_bogus_irq_restore+0x29/0x30 [ 131.860196][ T3] Code: 90 f3 0f 1e fa 90 80 3d be b2 b5 04 00 74 06 90 e9 3c f8 03 00 c6 05 af b2 b5 04 01 90 48 c7 c7 00 c3 0c 8b e8 98 c2 7d f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 131.881781][ T3] RSP: 0018:ffffc90000087ad8 EFLAGS: 00010286 [ 131.889220][ T3] RAX: 0000000000000000 RBX: ffff8880172e8108 RCX: ffffffff8150f3e9 [ 131.897316][ T3] RDX: ffff8880166cbc00 RSI: ffffffff8150f3f6 RDI: 0000000000000001 [ 131.905324][ T3] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000000 [ 131.913452][ T3] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000293 [ 131.921482][ T3] R13: ffff8880172e8108 R14: 0000000000000000 R15: ffff88802ddc2c78 [ 131.929514][ T3] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 131.938512][ T3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.945127][ T3] CR2: 00007f53a8344108 CR3: 000000005f4b2000 CR4: 0000000000350ef0 [ 131.958518][ T3] Call Trace: [ 131.961820][ T3] [ 131.964771][ T3] ? show_regs+0x8c/0xa0 [ 131.970394][ T3] ? __warn+0xe5/0x390 [ 131.974502][ T3] ? srso_return_thunk+0x5/0x5f [ 131.979436][ T3] ? warn_bogus_irq_restore+0x29/0x30 [ 131.984865][ T3] ? report_bug+0x3c0/0x580 [ 131.989439][ T3] ? handle_bug+0x3d/0x70 [ 131.993804][ T3] ? exc_invalid_op+0x17/0x50 [ 131.998557][ T3] ? asm_exc_invalid_op+0x1a/0x20 [ 132.003648][ T3] ? __warn_printk+0x199/0x350 [ 132.008481][ T3] ? __warn_printk+0x1a6/0x350 [ 132.013292][ T3] ? warn_bogus_irq_restore+0x29/0x30 [ 132.018755][ T3] ? warn_bogus_irq_restore+0x28/0x30 [ 132.024209][ T3] _raw_spin_unlock_irqrestore+0x74/0x80 [ 132.031104][ T3] kthread_queue_work+0xa8/0x170 [ 132.036091][ T3] synchronize_rcu_expedited+0x578/0x7a0 [ 132.042349][ T3] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 132.048626][ T3] ? srso_return_thunk+0x5/0x5f [ 132.053538][ T3] ? __schedule+0xf1d/0x5c70 [ 132.059639][ T3] ? rcu_is_watching+0x12/0xc0 [ 132.064454][ T3] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 132.070907][ T3] ? srso_return_thunk+0x5/0x5f [ 132.075911][ T3] ? srso_return_thunk+0x5/0x5f [ 132.080864][ T3] ? __pfx___might_resched+0x10/0x10 [ 132.086301][ T3] ? srso_return_thunk+0x5/0x5f [ 132.091249][ T3] synchronize_rcu+0x2f9/0x3b0 [ 132.096077][ T3] ? __pfx_synchronize_rcu+0x10/0x10 [ 132.101454][ T3] ? irqentry_exit+0x3b/0x90 [ 132.106111][ T3] ? srso_return_thunk+0x5/0x5f [ 132.111636][ T3] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.116919][ T3] ? srso_return_thunk+0x5/0x5f [ 132.121841][ T3] ? lockdep_unregister_key+0x1ab/0x280 [ 132.127488][ T3] pwq_release_workfn+0x539/0x9d0 [ 132.132580][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.137906][ T3] kthread_worker_fn+0x308/0xab0 [ 132.142928][ T3] ? __pfx_pwq_release_workfn+0x10/0x10 [ 132.148581][ T3] ? __pfx_kthread_worker_fn+0x10/0x10 [ 132.154106][ T3] kthread+0x2c4/0x3a0 [ 132.159746][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.164993][ T3] ? __pfx_kthread+0x10/0x10 [ 132.170712][ T3] ret_from_fork+0x48/0x80 [ 132.175200][ T3] ? __pfx_kthread+0x10/0x10 [ 132.179869][ T3] ret_from_fork_asm+0x1a/0x30 [ 132.184703][ T3] [ 132.187790][ T3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 132.195092][ T3] CPU: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 132.204933][ T3] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 132.215012][ T3] Call Trace: [ 132.218314][ T3] [ 132.221266][ T3] dump_stack_lvl+0x3d/0x1f0 [ 132.225915][ T3] panic+0x6f5/0x7a0 [ 132.229857][ T3] ? __pfx_panic+0x10/0x10 [ 132.234322][ T3] ? srso_return_thunk+0x5/0x5f [ 132.239229][ T3] ? show_trace_log_lvl+0x363/0x500 [ 132.244603][ T3] ? check_panic_on_warn+0x1f/0xb0 [ 132.249761][ T3] ? warn_bogus_irq_restore+0x29/0x30 [ 132.255195][ T3] check_panic_on_warn+0xab/0xb0 [ 132.260185][ T3] __warn+0xf1/0x390 [ 132.264124][ T3] ? srso_return_thunk+0x5/0x5f [ 132.269062][ T3] ? warn_bogus_irq_restore+0x29/0x30 [ 132.274492][ T3] report_bug+0x3c0/0x580 [ 132.279227][ T3] handle_bug+0x3d/0x70 [ 132.283430][ T3] exc_invalid_op+0x17/0x50 [ 132.287974][ T3] asm_exc_invalid_op+0x1a/0x20 [ 132.292887][ T3] RIP: 0010:warn_bogus_irq_restore+0x29/0x30 [ 132.298929][ T3] Code: 90 f3 0f 1e fa 90 80 3d be b2 b5 04 00 74 06 90 e9 3c f8 03 00 c6 05 af b2 b5 04 01 90 48 c7 c7 00 c3 0c 8b e8 98 c2 7d f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 132.318568][ T3] RSP: 0018:ffffc90000087ad8 EFLAGS: 00010286 [ 132.324656][ T3] RAX: 0000000000000000 RBX: ffff8880172e8108 RCX: ffffffff8150f3e9 [ 132.332646][ T3] RDX: ffff8880166cbc00 RSI: ffffffff8150f3f6 RDI: 0000000000000001 [ 132.340632][ T3] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000000 [ 132.348796][ T3] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000293 [ 132.356785][ T3] R13: ffff8880172e8108 R14: 0000000000000000 R15: ffff88802ddc2c78 [ 132.364785][ T3] ? __warn_printk+0x199/0x350 [ 132.369612][ T3] ? __warn_printk+0x1a6/0x350 [ 132.374409][ T3] ? warn_bogus_irq_restore+0x28/0x30 [ 132.379829][ T3] _raw_spin_unlock_irqrestore+0x74/0x80 [ 132.385498][ T3] kthread_queue_work+0xa8/0x170 [ 132.390466][ T3] synchronize_rcu_expedited+0x578/0x7a0 [ 132.396149][ T3] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 132.402354][ T3] ? srso_return_thunk+0x5/0x5f [ 132.407246][ T3] ? __schedule+0xf1d/0x5c70 [ 132.411872][ T3] ? rcu_is_watching+0x12/0xc0 [ 132.416669][ T3] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 132.422003][ T3] ? srso_return_thunk+0x5/0x5f [ 132.426898][ T3] ? srso_return_thunk+0x5/0x5f [ 132.431790][ T3] ? __pfx___might_resched+0x10/0x10 [ 132.437112][ T3] ? srso_return_thunk+0x5/0x5f [ 132.442006][ T3] synchronize_rcu+0x2f9/0x3b0 [ 132.446830][ T3] ? __pfx_synchronize_rcu+0x10/0x10 [ 132.452157][ T3] ? irqentry_exit+0x3b/0x90 [ 132.456786][ T3] ? srso_return_thunk+0x5/0x5f [ 132.461677][ T3] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.466919][ T3] ? srso_return_thunk+0x5/0x5f [ 132.471833][ T3] ? lockdep_unregister_key+0x1ab/0x280 [ 132.477437][ T3] pwq_release_workfn+0x539/0x9d0 [ 132.482507][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.487759][ T3] kthread_worker_fn+0x308/0xab0 [ 132.492746][ T3] ? __pfx_pwq_release_workfn+0x10/0x10 [ 132.498339][ T3] ? __pfx_kthread_worker_fn+0x10/0x10 [ 132.503847][ T3] kthread+0x2c4/0x3a0 [ 132.507942][ T3] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.513173][ T3] ? __pfx_kthread+0x10/0x10 [ 132.517789][ T3] ret_from_fork+0x48/0x80 [ 132.522251][ T3] ? __pfx_kthread+0x10/0x10 [ 132.526873][ T3] ret_from_fork_asm+0x1a/0x30 [ 132.531694][ T3] [ 132.534935][ T3] Kernel Offset: disabled [ 132.539259][ T3] Rebooting in 86400 seconds..