[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. 2020/08/07 15:03:17 fuzzer started 2020/08/07 15:03:18 dialing manager at 10.128.0.26:40025 2020/08/07 15:03:18 syscalls: 3303 2020/08/07 15:03:18 code coverage: enabled 2020/08/07 15:03:18 comparison tracing: enabled 2020/08/07 15:03:18 extra coverage: enabled 2020/08/07 15:03:18 setuid sandbox: enabled 2020/08/07 15:03:18 namespace sandbox: enabled 2020/08/07 15:03:18 Android sandbox: /sys/fs/selinux/policy does not exist 2020/08/07 15:03:18 fault injection: enabled 2020/08/07 15:03:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/07 15:03:18 net packet injection: enabled 2020/08/07 15:03:18 net device setup: enabled 2020/08/07 15:03:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/07 15:03:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/07 15:03:18 USB emulation: enabled 2020/08/07 15:03:18 hci packet injection: enabled 15:05:00 executing program 0: syzkaller login: [ 145.784130][ T6841] IPVS: ftp: loaded support on port[0] = 21 15:05:01 executing program 1: [ 145.923526][ T6841] chnl_net:caif_netlink_parms(): no params data found [ 146.030773][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.038485][ T6841] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.046618][ T6841] device bridge_slave_0 entered promiscuous mode [ 146.057695][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.064857][ T6841] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.074394][ T6841] device bridge_slave_1 entered promiscuous mode [ 146.114280][ T6841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.125969][ T6841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.159632][ T6841] team0: Port device team_slave_0 added [ 146.163806][ T6972] IPVS: ftp: loaded support on port[0] = 21 [ 146.167912][ T6841] team0: Port device team_slave_1 added [ 146.208260][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.215235][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.244707][ T6841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.261500][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.268784][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.297574][ T6841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 15:05:01 executing program 2: [ 146.385167][ T6841] device hsr_slave_0 entered promiscuous mode [ 146.408081][ T6841] device hsr_slave_1 entered promiscuous mode [ 146.609241][ T6972] chnl_net:caif_netlink_parms(): no params data found 15:05:01 executing program 3: [ 146.683472][ T7117] IPVS: ftp: loaded support on port[0] = 21 [ 146.819528][ T6972] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.827724][ T6972] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.835706][ T6972] device bridge_slave_0 entered promiscuous mode [ 146.866265][ T6972] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.875456][ T6972] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.885046][ T6972] device bridge_slave_1 entered promiscuous mode [ 146.949241][ T6841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.965593][ T6972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.993983][ T6841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 147.016130][ T6972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.038162][ T6841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 147.050804][ T6841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 147.131960][ T6972] team0: Port device team_slave_0 added [ 147.148287][ T6972] team0: Port device team_slave_1 added [ 147.190665][ T7213] IPVS: ftp: loaded support on port[0] = 21 [ 147.221923][ T7117] chnl_net:caif_netlink_parms(): no params data found 15:05:02 executing program 4: [ 147.258932][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.265910][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.341932][ T6972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.412472][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.420363][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.478702][ T6972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.564315][ T7334] IPVS: ftp: loaded support on port[0] = 21 [ 147.590193][ T6972] device hsr_slave_0 entered promiscuous mode [ 147.603523][ T6972] device hsr_slave_1 entered promiscuous mode 15:05:02 executing program 5: [ 147.611383][ T6972] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 147.622535][ T6972] Cannot create hsr debugfs directory [ 147.694822][ T7117] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.710966][ T7117] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.719578][ T7117] device bridge_slave_0 entered promiscuous mode [ 147.816147][ T7117] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.824787][ T7117] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.834636][ T7117] device bridge_slave_1 entered promiscuous mode [ 147.859978][ T7401] IPVS: ftp: loaded support on port[0] = 21 [ 147.896494][ T7213] chnl_net:caif_netlink_parms(): no params data found [ 147.955320][ T7117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.983568][ T7117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.022118][ T7117] team0: Port device team_slave_0 added [ 148.032357][ T6841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.063591][ T7117] team0: Port device team_slave_1 added [ 148.152852][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.160484][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.189576][ T7117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.203745][ T7117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.211473][ T7117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.238875][ T7117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.311189][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.323992][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.349517][ T6841] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.394651][ T7117] device hsr_slave_0 entered promiscuous mode [ 148.403571][ T7117] device hsr_slave_1 entered promiscuous mode [ 148.412150][ T7117] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.420355][ T7117] Cannot create hsr debugfs directory [ 148.429204][ T7334] chnl_net:caif_netlink_parms(): no params data found [ 148.451876][ T7213] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.459647][ T7213] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.468387][ T7213] device bridge_slave_0 entered promiscuous mode [ 148.476364][ T7213] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.484717][ T7213] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.493633][ T7213] device bridge_slave_1 entered promiscuous mode [ 148.533191][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.543812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.553449][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.560632][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.584821][ T7213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.618662][ T6972] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 148.630619][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 148.640636][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.650158][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.659371][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.666401][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.677446][ T7213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.735661][ T6972] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 148.750980][ T6972] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 148.766006][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.821815][ T6972] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 148.851336][ T7401] chnl_net:caif_netlink_parms(): no params data found [ 148.872870][ T7334] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.882916][ T7334] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.891421][ T7334] device bridge_slave_0 entered promiscuous mode [ 148.904971][ T7213] team0: Port device team_slave_0 added [ 148.928141][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.938668][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.948023][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.956397][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 148.965924][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.974830][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 148.983262][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.995328][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.003512][ T7334] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.010848][ T7334] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.019295][ T7334] device bridge_slave_1 entered promiscuous mode [ 149.031014][ T7213] team0: Port device team_slave_1 added [ 149.090331][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.101915][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.132659][ T7334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.145148][ T7334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.172842][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.182413][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.209905][ T7213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.233255][ T6841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.260846][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.267888][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.294800][ T7213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.334041][ T7401] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.341417][ T7401] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.350653][ T7401] device bridge_slave_0 entered promiscuous mode [ 149.370275][ T7334] team0: Port device team_slave_0 added [ 149.391321][ T7334] team0: Port device team_slave_1 added [ 149.407347][ T7401] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.414406][ T7401] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.425802][ T7401] device bridge_slave_1 entered promiscuous mode [ 149.445095][ T7213] device hsr_slave_0 entered promiscuous mode [ 149.453901][ T7213] device hsr_slave_1 entered promiscuous mode [ 149.460708][ T7213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.468347][ T7213] Cannot create hsr debugfs directory [ 149.542850][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.551616][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.580166][ T7334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.594133][ T7401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.633385][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.641864][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.651909][ T6841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.660069][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.669121][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.695676][ T7334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.717710][ T7401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.784639][ T7334] device hsr_slave_0 entered promiscuous mode [ 149.791686][ T7334] device hsr_slave_1 entered promiscuous mode [ 149.799379][ T7334] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.807583][ T7334] Cannot create hsr debugfs directory [ 149.814777][ T7117] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 149.826150][ T7401] team0: Port device team_slave_0 added [ 149.846452][ T7117] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 149.863217][ T7401] team0: Port device team_slave_1 added [ 149.899383][ T6972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.909009][ T7117] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 149.926315][ T7117] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 149.970434][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 149.983364][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.997794][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 150.006252][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 150.024602][ T6972] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.035009][ T7401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.045130][ T7401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.075040][ T7401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.122409][ T7401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.132458][ T7401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.159108][ T7401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.173191][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 150.182399][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 150.190906][ T2818] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.198042][ T2818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.205606][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 150.214903][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 150.223545][ T2818] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.230670][ T2818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.271230][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.279513][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 150.315851][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 150.332785][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 150.341894][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 150.374029][ T7401] device hsr_slave_0 entered promiscuous mode [ 150.380946][ T7401] device hsr_slave_1 entered promiscuous mode [ 150.390748][ T7401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.398731][ T7401] Cannot create hsr debugfs directory [ 150.416484][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 150.426226][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 150.439823][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 150.470118][ T6841] device veth0_vlan entered promiscuous mode [ 150.487892][ T7213] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 150.499604][ T7213] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 150.512408][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 150.520690][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.531961][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 150.541012][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 150.584917][ T7213] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 150.615481][ T7213] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 150.630652][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 150.639989][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 150.651271][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 150.660143][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 150.670844][ T6841] device veth1_vlan entered promiscuous mode [ 150.684357][ T6972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 150.785144][ T7117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.803872][ T7334] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 150.823250][ T7334] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 150.846171][ T7334] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 150.856449][ T7334] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 150.885413][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 150.894936][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 150.904996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 150.914364][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 150.933142][ T6841] device veth0_macvtap entered promiscuous mode [ 150.951110][ T6972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.963886][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 150.973452][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 150.993571][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 151.010815][ T7117] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.018465][ T6841] device veth1_macvtap entered promiscuous mode [ 151.042951][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 151.051709][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.061790][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.110643][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.119925][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.130530][ T2818] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.137662][ T2818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.145354][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.154123][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.162639][ T2818] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.169788][ T2818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.177580][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.193089][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.201521][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 151.211518][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 151.245483][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.263515][ T7401] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 151.273548][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.288704][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.301246][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 151.310151][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 151.322558][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 151.331941][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 151.343814][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 151.354455][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 151.373735][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.386735][ T6841] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.399125][ T6841] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.408259][ T6841] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.417502][ T6841] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.428782][ T7401] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 151.445572][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 151.458249][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 151.466479][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 151.478911][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 151.505748][ T7213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.523701][ T7117] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 151.536255][ T7117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 151.548894][ T7401] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 151.563225][ T6972] device veth0_vlan entered promiscuous mode [ 151.571765][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 151.582846][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 151.592433][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 151.601578][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 151.610479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 151.618873][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 151.639270][ T7401] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 151.710111][ T7213] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.718443][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.729399][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.741596][ T6972] device veth1_vlan entered promiscuous mode [ 151.764001][ T7117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.786016][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 151.794151][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 151.802501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 151.821181][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.830372][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.842480][ T2458] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.849671][ T2458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.857993][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.866645][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.875315][ T2458] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.882474][ T2458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.912407][ T7334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.919699][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 151.929200][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.937269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.946045][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.983739][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 151.993146][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 152.002192][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.011548][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.024577][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.060261][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.069719][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.078397][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.088283][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.096552][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 152.105544][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.114183][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.122378][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.137530][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 152.145850][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 152.159438][ T7117] device veth0_vlan entered promiscuous mode [ 152.179220][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 152.188682][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 152.196658][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.205679][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.215208][ T6972] device veth0_macvtap entered promiscuous mode [ 152.225627][ T7117] device veth1_vlan entered promiscuous mode [ 152.242236][ T7213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 152.252303][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 152.265358][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 152.279616][ T6972] device veth1_macvtap entered promiscuous mode [ 152.291385][ T7334] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.352830][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 152.361319][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 152.369312][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.379435][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.388228][ T2458] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.395273][ T2458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.413730][ T7117] device veth0_macvtap entered promiscuous mode [ 152.431667][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 152.442443][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.454328][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.463462][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.472717][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 152.481553][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.490286][ T8097] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.497403][ T8097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.505400][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 152.515391][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.524014][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 152.532820][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 152.541580][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 152.551058][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 152.566578][ T7401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.580946][ T7213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.590815][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 152.602532][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.613613][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.626114][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 152.635610][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 152.644979][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 152.669256][ T7334] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.681593][ T7334] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.695017][ T7117] device veth1_macvtap entered promiscuous mode [ 152.714326][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 152.723274][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.732872][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.742944][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.752427][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.761422][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.770477][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.779538][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.788860][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.802121][ T6972] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.826942][ T6972] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.840363][ T6972] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.916891][ T6972] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 15:05:08 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x1, &(0x7f0000000280)={0x0, 0x400, 0x0, 0x800}, 0x10) 15:05:08 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a3daf2f73451c0e17a606fe530cb7d7f933eda023ee7cf43548ee858e07dfbdfd43307c529a4ce6be614c2c794f72ebf5fe3178966170201000000000000008258f8dbe82e16cf8db95f5b068a9e0000000000000000000000000000c97822a4986765f09a920000000000000000c9a08be60000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70db04da006a3d6eef8fb7fcdd82eb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607235f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a0000000000000000000000000000000000000000cdc4450a11fdcbddcdf8853154ee2bcafbea3973bf0ab8d7d161b27c0ae496f410938e8201dfb9250fe64ac5f2f09a92cedc5e44c9a8c440f7ab3fd537af95742b37132e5adc8ac8ddb6aa8e18b1c37ea61a4c2b863e4ee473448a2cc0233560a11b1a7de7637f9d94ec7c6ff8b723e32ee4358683e9ed3be8399d045dc4e0d49bb6453374a705529ffa95b8fa67643123802fe7523a089520ed533fb035808319350a68ce6c06ada74f74f2f39fa952fb8d5f09a0865bd16caf203fe8b14ad029f2cc027d711ecc8b364d834912e04aebcbd4d185509c4409afadab456a32e146c62486244c2fbe431c4e37d64f1d7f675992ad556706d40da2e9f2f9c6ef3a4e9a856cac23bd95c600569c7ebd481de8a63e3f7e4186c0bb88e704958cc3b9a68450f3da7f9a83000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x403, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874508000000fffe00000000122e25d386dd", 0x0, 0x403, 0xe00, 0x22d}, 0x28) [ 153.016311][ T7401] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.048187][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.056123][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.093828][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 153.116315][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 153.125381][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.135149][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.150698][ T7117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 153.166647][ T7117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.177938][ T7117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 153.189058][ T7117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.203856][ T7117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.221021][ T7334] 8021q: adding VLAN 0 to HW filter on device batadv0 15:05:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) [ 153.250497][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 153.259685][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.285822][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 15:05:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) [ 153.308010][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.316449][ T8097] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.323591][ T8097] bridge0: port 1(bridge_slave_0) entered forwarding state 15:05:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) [ 153.363273][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.397613][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.406037][ T8097] bridge0: port 2(bridge_slave_1) entered blocking state 15:05:08 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) [ 153.413179][ T8097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.457247][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.470525][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 15:05:08 executing program 0: mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) [ 153.499673][ T7117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 153.536950][ T7117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.556868][ T7117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 153.576854][ T7117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.603757][ T7117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.639006][ T7117] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.653392][ T7117] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.666161][ T7117] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.677648][ T7117] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.694535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.703350][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 153.717815][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 153.747267][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.758236][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.766759][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.776137][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.785350][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.794212][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.802884][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.811396][ T8132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.827470][ T2458] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.870941][ T7213] device veth0_vlan entered promiscuous mode [ 153.889568][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.898179][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.906382][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.915393][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.925253][ T7401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.951600][ T7213] device veth1_vlan entered promiscuous mode [ 153.963328][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.976957][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.984456][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 154.030441][ T7401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.047829][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 154.056009][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.071348][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.080948][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 154.090232][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 154.124451][ T7334] device veth0_vlan entered promiscuous mode [ 154.141498][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 154.151792][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.160916][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 154.170406][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.181496][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 154.190047][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.202201][ T7213] device veth0_macvtap entered promiscuous mode [ 154.219923][ T7334] device veth1_vlan entered promiscuous mode [ 154.240773][ T7213] device veth1_macvtap entered promiscuous mode [ 154.271365][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 154.281094][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 154.292312][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 154.302483][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 154.317310][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.325919][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.343107][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.361836][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.372023][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.382896][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.393826][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.404734][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.415877][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.428916][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.440474][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.451134][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.463534][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.473465][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.484626][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.497961][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.506504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 154.516562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.526051][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.535790][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.545259][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 154.554299][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.573878][ T7213] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.591782][ T7213] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.604734][ T7213] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.616514][ T7213] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.630274][ T7334] device veth0_macvtap entered promiscuous mode [ 154.652180][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 154.661315][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 154.671714][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.682983][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 154.692081][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.702078][ T7334] device veth1_macvtap entered promiscuous mode [ 154.722780][ T7401] device veth0_vlan entered promiscuous mode [ 154.759721][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.770577][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.781520][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.793898][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.804380][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.815536][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.825596][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.836093][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.848284][ T7334] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.857703][ T7401] device veth1_vlan entered promiscuous mode [ 154.869724][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 154.878304][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 154.886360][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.896106][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.898991][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 154.906598][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.925464][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.969331][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.982570][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.992745][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.003531][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 15:05:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 155.014173][ T7334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.025724][ T7334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.040583][ T7334] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.138504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 155.146808][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.189224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.223124][ T7334] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 15:05:10 executing program 2: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff], 0x1}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) [ 155.256270][ T7334] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.268844][ T7334] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.299409][ T7334] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.392100][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 155.407864][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 155.449765][ T7401] device veth0_macvtap entered promiscuous mode [ 155.464703][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 155.482879][ T7401] device veth1_macvtap entered promiscuous mode [ 155.518328][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.530642][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.541584][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.554698][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.565557][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.576567][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.587877][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.599578][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.610303][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.621399][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.633076][ T7401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.647275][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 155.655804][ T8097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 155.668535][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.681044][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.693619][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.704785][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.715127][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.725734][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.735663][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.746303][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.756470][ T7401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 155.777527][ T7401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.792632][ T7401] batman_adv: batadv0: Interface activated: batadv_slave_1 15:05:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='dctcp\x00', 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) [ 155.857623][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.866405][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.905326][ T7401] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.921664][ T7401] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.933367][ T7401] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.948237][ T7401] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.174941][ T0] NOHZ: local_softirq_pending 08 15:05:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 156.808536][ T0] NOHZ: local_softirq_pending 08 [ 156.978066][ T23] Bluetooth: hci1: command 0x0409 tx timeout [ 156.984139][ T23] Bluetooth: hci0: command 0x041b tx timeout [ 157.128569][ T7212] Bluetooth: hci2: command 0x0409 tx timeout 15:05:12 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='highspeed\x00', 0xa) 15:05:12 executing program 0: mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) 15:05:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) 15:05:12 executing program 3: r0 = open(&(0x7f0000000100)='./bus\x00', 0x66842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x80000}], 0x1, 0x0, 0x0, 0x12) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 157.303204][ T29] audit: type=1800 audit(1596812712.342:2): pid=8230 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15772 res=0 errno=0 15:05:12 executing program 0: mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) 15:05:12 executing program 2: clock_gettime(0x4, 0x0) 15:05:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x40000004, 0x0, 0x0, [0x280000]}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f0000000000)={'veth0_vlan\x00'}) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/48, 0x30}], 0x1, 0xfffffffd, 0xebf5, 0x0) [ 157.409457][ T29] audit: type=1800 audit(1596812712.402:3): pid=8230 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15772 res=0 errno=0 15:05:12 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000040)=0xf49a, 0x4) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) 15:05:12 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_inq_rsp_tx_power}}, 0x8) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:12 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:12 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1800000035000100000000000000000002"], 0x18}], 0x1}, 0x0) 15:05:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:12 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:12 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, r0, 0x0) 15:05:12 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, &(0x7f0000000040), &(0x7f00000000c0)=0x14) [ 157.848109][ T23] Bluetooth: hci3: command 0x0409 tx timeout 15:05:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001480)=ANY=[@ANYBLOB="201100002e001fff"], 0x1120}], 0x1}, 0x0) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x56}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x4008011, r0, 0x0) [ 158.038235][ T8300] netlink: 4348 bytes leftover after parsing attributes in process `syz-executor.5'. 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5b}, @hci_rp_le_read_local_features={{}, {0x0, "4c7bbbe1e0204f87"}}}}, 0xf) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x4008011, r0, 0x0) 15:05:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4}, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x4008011, r0, 0x0) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) munmap(&(0x7f0000008000/0x1000)=nil, 0x1000) syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180), 0x0) mremap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f000000e000/0x2000)=nil) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x10, r0, 0x0) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 5: socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000300)={&(0x7f0000000040), 0xc, &(0x7f00000002c0)={0x0}}, 0x0) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x10, r0, 0x0) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x304}, "04060579d1cb1d07", "8eeef903e0d215a44c754dbf88cd2668388df837b875f0ff70184985ea8b5c78", "4572b42b", "0af90673fd9e5c98"}, 0x38) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x10, r0, 0x0) 15:05:13 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) [ 158.647743][ T12] Bluetooth: hci4: command 0x0409 tx timeout 15:05:13 executing program 0: socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 158.828631][ T29] audit: type=1800 audit(1596812713.872:4): pid=8386 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15758 res=0 errno=0 15:05:13 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 158.882094][ T29] audit: type=1800 audit(1596812713.912:5): pid=8386 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15758 res=0 errno=0 15:05:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 0: socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) [ 159.047648][ T8132] Bluetooth: hci0: command 0x040f tx timeout [ 159.068335][ T29] audit: type=1800 audit(1596812714.112:6): pid=8412 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15786 res=0 errno=0 [ 159.078233][ T8132] Bluetooth: hci1: command 0x041b tx timeout 15:05:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 5: r0 = socket$inet6(0xa, 0x801, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000003000000000000000000000000000000000000012535380192dae3411c9a19e55cb568c5e22786b6a46c8fa5bc6d798b9c80b497bbc189429881614039292048de24fc7fc06d0ba7e86bd2412386767ad5a6f7d51ab749e12e83e0d8341c8633b558435a4f45eb7cb2f15022ef340840d4ca22f23a4ad0796e2159f2994ae9f2698dd57c8cb5b5ac9487f7f06f487b7b70b0774954cdb88462f9fa7fd0e5a4"]}) 15:05:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 0: socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000009, 0x4008011, 0xffffffffffffffff, 0x0) 15:05:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x5}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 0: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$snapshot(r1, &(0x7f0000000100)="a5bcc3beeeb7fc1531ee5409bcd8ab9d4bbd4c0183ff7d69708782d2813f6508b28504ae1e70f784514a42971898b196e5cfc49f30c4c006e0879c4cc36e653c140a5203000000000000009f9f9ee651fe806cff4e1c0b6a01a22cf34c68b6c3220761", 0xfffffed2) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) read$snapshot(r0, &(0x7f0000000300)=""/176, 0xb0) 15:05:14 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x63, 0x11, 0x3fe}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit={0x95, 0x0, 0x4c}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [0x0, 0x0, 0xff], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, 0x0, 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, 0x0, 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:14 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:14 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 159.927182][ T8132] Bluetooth: hci3: command 0x041b tx timeout 15:05:15 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:15 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, 0x0, 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:15 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 160.335923][ T29] audit: type=1800 audit(1596812715.372:7): pid=8507 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15790 res=0 errno=0 15:05:15 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 160.414648][ T29] audit: type=1800 audit(1596812715.452:8): pid=8523 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15790 res=0 errno=0 15:05:15 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 160.604627][ T29] audit: type=1800 audit(1596812715.642:9): pid=8547 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15802 res=0 errno=0 15:05:15 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x0, 0x0, 0xb}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000040)) socket$inet6_mptcp(0xa, 0x1, 0x106) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 160.727179][ T12] Bluetooth: hci4: command 0x041b tx timeout 15:05:15 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) [ 160.763651][ T29] audit: type=1800 audit(1596812715.802:10): pid=8562 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15785 res=0 errno=0 15:05:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:15 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:15 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:15 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000040)) socket$inet6_mptcp(0xa, 0x1, 0x106) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) [ 160.918479][ T29] audit: type=1800 audit(1596812715.962:11): pid=8578 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15799 res=0 errno=0 15:05:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000000040)) socket$inet6_mptcp(0xa, 0x1, 0x106) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 161.127065][ T12] Bluetooth: hci0: command 0x0419 tx timeout 15:05:16 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:16 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x4e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 161.207301][ T12] Bluetooth: hci1: command 0x040f tx timeout 15:05:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1800000023000100000000000000000001"], 0x18}], 0x1, 0x0, 0x4}, 0x0) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x85ffffff}, [@alu={0x6, 0x0, 0xb}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 5: r0 = syz_io_uring_setup(0x6ad4, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000240), &(0x7f00000001c0)=0x68) 15:05:16 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x6, 0x0, 0x4}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="3000000018000104c0000000000000000a00008088000002"], 0x30}], 0x1}, 0x0) 15:05:16 executing program 5: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r0, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:16 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:16 executing program 1: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_VOICE_SETTING={{}, 0x7}}}, 0x7) 15:05:16 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, 0x0, 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:16 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_delete_stored_link_key={{}, {0x0, 0x1}}}}, 0x8) [ 161.885089][ T8689] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 15:05:17 executing program 5: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r0, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:17 executing program 4: r0 = socket$inet(0x2, 0x80001, 0x0) r1 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4, @local}, 0x10) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4, @local={0xac, 0x14, 0x14, 0x63}}, 0x10) r2 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4, @local}, 0x10) [ 161.952587][ T1538] Bluetooth: hci1: unexpected event for opcode 0x0c26 [ 161.960067][ T1538] Bluetooth: hci1: unexpected event for opcode 0x0c26 15:05:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="180000002b000100000000000000000001"], 0x18}], 0x1}, 0x0) 15:05:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, 0x0, 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x3d}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 15:05:17 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0}, 0x6) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:17 executing program 5: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r0, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 162.093621][ T8713] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 15:05:17 executing program 4: r0 = socket$inet(0x2, 0x80001, 0x0) r1 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4, @local}, 0x10) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4, @local={0xac, 0x14, 0x14, 0x63}}, 0x10) 15:05:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, 0x0, 0x5, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 15:05:17 executing program 1: syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_SCAN_ENABLE}}, 0x7) 15:05:17 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e02027dd96a739af5034fb041"], 0x4d) 15:05:17 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:17 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 15:05:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 162.320705][ T1538] Bluetooth: hci1: unexpected event for opcode 0x200c [ 162.332511][ T1538] Bluetooth: hci1: unexpected event for opcode 0x200c 15:05:17 executing program 1: socket$inet6(0xa, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x4c, r1, 0xd21, 0x0, 0x0, {0x25}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd, 0x87, 'l2_drops\x00'}, {0x5}}]}, 0x4c}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 15:05:17 executing program 4: syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e22010914"], 0x25) [ 162.365590][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 162.365599][ T29] audit: type=1800 audit(1596812717.402:15): pid=8735 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15800 res=0 errno=0 [ 162.425346][ T1538] Bluetooth: hci3: Dropping invalid advertising data [ 162.432832][ T1538] ================================================================== [ 162.441021][ T1538] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x72b5/0x17e10 [ 162.449999][ T1538] Read of size 1 at addr ffff88809e99ba04 by task kworker/u5:0/1538 [ 162.460762][ T1538] [ 162.463129][ T1538] CPU: 1 PID: 1538 Comm: kworker/u5:0 Not tainted 5.8.0-syzkaller #0 15:05:17 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:17 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 162.471203][ T1538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.481302][ T1538] Workqueue: hci3 hci_rx_work [ 162.486000][ T1538] Call Trace: [ 162.489290][ T1538] dump_stack+0x1f0/0x31e [ 162.493624][ T1538] print_address_description+0x66/0x5a0 [ 162.499177][ T1538] ? vprintk_emit+0x342/0x3c0 [ 162.503858][ T1538] ? printk+0x62/0x83 [ 162.507844][ T1538] ? vprintk_emit+0x339/0x3c0 [ 162.512525][ T1538] kasan_report+0x132/0x1d0 [ 162.517034][ T1538] ? hci_event_packet+0x72b5/0x17e10 15:05:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 162.522334][ T1538] hci_event_packet+0x72b5/0x17e10 [ 162.527456][ T1538] ? trace_lock_release+0x137/0x1a0 [ 162.532665][ T1538] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 162.538473][ T1538] ? lockdep_hardirqs_on+0x49/0xf0 [ 162.543589][ T1538] hci_rx_work+0x246/0xa20 [ 162.548199][ T1538] process_one_work+0x789/0xfc0 [ 162.553086][ T1538] worker_thread+0xaa4/0x1460 [ 162.557794][ T1538] kthread+0x37e/0x3a0 [ 162.561890][ T1538] ? rcu_lock_release+0x20/0x20 [ 162.566955][ T1538] ? kthread_blkcg+0xd0/0xd0 [ 162.571550][ T1538] ret_from_fork+0x1f/0x30 [ 162.575972][ T1538] [ 162.578297][ T1538] Allocated by task 8742: [ 162.582653][ T1538] __kasan_kmalloc+0x103/0x140 [ 162.587423][ T1538] __alloc_skb+0xde/0x4f0 [ 162.594958][ T29] audit: type=1800 audit(1596812717.632:16): pid=8755 uid=0 auid=0 ses=4 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15791 res=0 errno=0 [ 162.600007][ T1538] vhci_write+0xb7/0x400 [ 162.600032][ T1538] vfs_write+0xa09/0xc50 [ 162.600047][ T1538] ksys_write+0x11b/0x220 [ 162.600058][ T1538] do_syscall_64+0x31/0x70 [ 162.600069][ T1538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 162.600072][ T1538] [ 162.600079][ T1538] Freed by task 8258: [ 162.600088][ T1538] __kasan_slab_free+0x114/0x170 [ 162.600097][ T1538] kfree+0x10a/0x220 [ 162.600108][ T1538] tomoyo_supervisor+0x1080/0x1320 [ 162.600117][ T1538] tomoyo_path_perm+0x4e3/0x740 [ 162.600125][ T1538] tomoyo_path_symlink+0x91/0xc0 15:05:17 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000004000)={0x0, 0x10, &(0x7f0000003fc0)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000004040)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x11, &(0x7f0000000340)={r1}, 0x8) [ 162.600134][ T1538] security_path_symlink+0xd6/0x160 [ 162.600143][ T1538] do_symlinkat+0xeb/0x420 [ 162.600152][ T1538] do_syscall_64+0x31/0x70 [ 162.600161][ T1538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 162.600164][ T1538] [ 162.600172][ T1538] The buggy address belongs to the object at ffff88809e99b800 [ 162.600172][ T1538] which belongs to the cache kmalloc-512 of size 512 [ 162.600182][ T1538] The buggy address is located 4 bytes to the right of [ 162.600182][ T1538] 512-byte region [ffff88809e99b800, ffff88809e99ba00) [ 162.600186][ T1538] The buggy address belongs to the page: [ 162.600198][ T1538] page:ffffea00027a66c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 162.600212][ T1538] flags: 0xfffe0000000200(slab) [ 162.742455][ T1538] raw: 00fffe0000000200 ffffea0002820f48 ffffea00025d7748 ffff8880aa400a80 [ 162.751055][ T1538] raw: 0000000000000000 ffff88809e99b000 0000000100000004 0000000000000000 [ 162.759647][ T1538] page dumped because: kasan: bad access detected [ 162.766066][ T1538] [ 162.768397][ T1538] Memory state around the buggy address: [ 162.774055][ T1538] ffff88809e99b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.782387][ T1538] ffff88809e99b980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.790459][ T1538] >ffff88809e99ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.798523][ T1538] ^ [ 162.802601][ T1538] ffff88809e99ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.811301][ T1538] ffff88809e99bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 15:05:17 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x35}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="0bfe78d3d4c6150f396da3314eb5", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 15:05:17 executing program 0: r0 = syz_io_uring_setup(0x2db5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d1000/0xb000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = open(&(0x7f0000000280)='./bus\x00', 0x127842, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x34) 15:05:17 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r3, 0xfffffffffffeffff, 0x0}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) [ 162.820241][ T1538] ================================================================== [ 162.828573][ T1538] Disabling lock debugging due to kernel taint [ 162.844724][ T1538] Kernel panic - not syncing: panic_on_warn set ... [ 162.851337][ T1538] CPU: 1 PID: 1538 Comm: kworker/u5:0 Tainted: G B 5.8.0-syzkaller #0 [ 162.860783][ T1538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.870849][ T1538] Workqueue: hci3 hci_rx_work [ 162.876133][ T1538] Call Trace: [ 162.879421][ T1538] dump_stack+0x1f0/0x31e [ 162.883755][ T1538] panic+0x264/0x7a0 [ 162.887674][ T1538] ? trace_hardirqs_on+0x30/0x80 [ 162.892708][ T1538] kasan_report+0x1c9/0x1d0 [ 162.897212][ T1538] ? hci_event_packet+0x72b5/0x17e10 [ 162.902507][ T1538] hci_event_packet+0x72b5/0x17e10 [ 162.907632][ T1538] ? trace_lock_release+0x137/0x1a0 [ 162.912845][ T1538] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 162.918687][ T1538] ? lockdep_hardirqs_on+0x49/0xf0 15:05:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x16}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 162.923815][ T1538] hci_rx_work+0x246/0xa20 [ 162.928243][ T1538] process_one_work+0x789/0xfc0 [ 162.933106][ T1538] worker_thread+0xaa4/0x1460 [ 162.938051][ T1538] kthread+0x37e/0x3a0 [ 162.942120][ T1538] ? rcu_lock_release+0x20/0x20 [ 162.946969][ T1538] ? kthread_blkcg+0xd0/0xd0 [ 162.951644][ T1538] ret_from_fork+0x1f/0x30 [ 162.958595][ T1538] Kernel Offset: disabled [ 162.968002][ T1538] Rebooting in 86400 seconds..