last executing test programs: 89.735576ms ago: executing program 2: ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0x40085618, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1019, 0x28, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) 0s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b2a, &(0x7f0000000040)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.226' (ED25519) to the list of known hosts. 2024/06/12 00:14:26 fuzzer started 2024/06/12 00:14:27 dialing manager at 10.128.0.169:30026 [ 163.588230][ T5039] cgroup: Unknown subsys name 'net' [ 163.848811][ T5039] cgroup: Unknown subsys name 'rlimit' 2024/06/12 00:15:15 starting 5 executor processes [ 210.156247][ T5043] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 212.523243][ T5066] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 212.537118][ T5066] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 212.549643][ T5066] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 212.572816][ T5066] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 212.584636][ T5066] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 212.594288][ T5066] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 212.637128][ T5066] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.647603][ T5066] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.659848][ T5066] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.712522][ T5072] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.724109][ T5072] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 212.735733][ T5072] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 212.780298][ T4425] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 212.789668][ T4425] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 212.799227][ T4425] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 212.812678][ T4425] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 212.830042][ T4425] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 212.839399][ T4425] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 212.910740][ T5066] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 212.979594][ T5066] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 212.997342][ T5066] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 213.011161][ T5066] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 213.022509][ T5066] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 213.101218][ T5066] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 213.238242][ T5066] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 213.266802][ T5066] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 213.287137][ T5066] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 213.327991][ T5066] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 213.340176][ T5066] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 213.349578][ T5066] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 213.855578][ T5065] chnl_net:caif_netlink_parms(): no params data found [ 214.653380][ T5071] chnl_net:caif_netlink_parms(): no params data found [ 214.676142][ T4425] Bluetooth: hci0: command tx timeout [ 214.836935][ T4425] Bluetooth: hci1: command tx timeout [ 214.897385][ T5069] chnl_net:caif_netlink_parms(): no params data found [ 214.915991][ T4425] Bluetooth: hci2: command tx timeout [ 214.970708][ T5065] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.978718][ T5065] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.986600][ T5065] bridge_slave_0: entered allmulticast mode [ 214.995808][ T5065] bridge_slave_0: entered promiscuous mode [ 215.010067][ T5075] chnl_net:caif_netlink_parms(): no params data found [ 215.029133][ T5065] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.036994][ T5065] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.044728][ T5065] bridge_slave_1: entered allmulticast mode [ 215.060071][ T5065] bridge_slave_1: entered promiscuous mode [ 215.244972][ T5065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.245499][ T4425] Bluetooth: hci3: command tx timeout [ 215.300693][ T5080] chnl_net:caif_netlink_parms(): no params data found [ 215.371052][ T5065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.475677][ T4425] Bluetooth: hci4: command tx timeout [ 215.590207][ T5065] team0: Port device team_slave_0 added [ 215.650824][ T5065] team0: Port device team_slave_1 added [ 215.829869][ T5065] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.837134][ T5065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.863560][ T5065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.953371][ T5065] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.961576][ T5065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.987900][ T5065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.213371][ T5075] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.221416][ T5075] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.229236][ T5075] bridge_slave_0: entered allmulticast mode [ 216.238452][ T5075] bridge_slave_0: entered promiscuous mode [ 216.346432][ T5071] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.354327][ T5071] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.362348][ T5071] bridge_slave_0: entered allmulticast mode [ 216.371398][ T5071] bridge_slave_0: entered promiscuous mode [ 216.384120][ T5075] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.392004][ T5075] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.399935][ T5075] bridge_slave_1: entered allmulticast mode [ 216.412252][ T5075] bridge_slave_1: entered promiscuous mode [ 216.484565][ T5065] hsr_slave_0: entered promiscuous mode [ 216.493516][ T5065] hsr_slave_1: entered promiscuous mode [ 216.507099][ T5071] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.514803][ T5071] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.522490][ T5071] bridge_slave_1: entered allmulticast mode [ 216.530769][ T5071] bridge_slave_1: entered promiscuous mode [ 216.643180][ T5069] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.650885][ T5069] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.658974][ T5069] bridge_slave_0: entered allmulticast mode [ 216.667793][ T5069] bridge_slave_0: entered promiscuous mode [ 216.771066][ T4425] Bluetooth: hci0: command tx timeout [ 216.784224][ T5080] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.794267][ T5080] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.802127][ T5080] bridge_slave_0: entered allmulticast mode [ 216.811365][ T5080] bridge_slave_0: entered promiscuous mode [ 216.916454][ T4425] Bluetooth: hci1: command tx timeout [ 216.920910][ T5075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.932380][ T5069] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.942501][ T5069] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.950331][ T5069] bridge_slave_1: entered allmulticast mode [ 216.959334][ T5069] bridge_slave_1: entered promiscuous mode [ 216.976934][ T5075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.995640][ T4425] Bluetooth: hci2: command tx timeout [ 217.035809][ T5080] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.043533][ T5080] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.051679][ T5080] bridge_slave_1: entered allmulticast mode [ 217.060298][ T5080] bridge_slave_1: entered promiscuous mode [ 217.169988][ T5071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.191213][ T5071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.311867][ T5069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.322040][ T4425] Bluetooth: hci3: command tx timeout [ 217.404607][ T5075] team0: Port device team_slave_0 added [ 217.422080][ T5080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.441628][ T5069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.460805][ T5080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.555502][ T4425] Bluetooth: hci4: command tx timeout [ 217.580256][ T5075] team0: Port device team_slave_1 added [ 217.646313][ T5071] team0: Port device team_slave_0 added [ 217.661109][ T5069] team0: Port device team_slave_0 added [ 217.749044][ T5069] team0: Port device team_slave_1 added [ 217.763605][ T5071] team0: Port device team_slave_1 added [ 217.810565][ T5080] team0: Port device team_slave_0 added [ 217.887265][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.894443][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.920786][ T5075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.008357][ T5080] team0: Port device team_slave_1 added [ 218.032978][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.041362][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.069076][ T5075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.118247][ T5071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.125642][ T5071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.151950][ T5071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.257125][ T5069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.264286][ T5069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.292041][ T5069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.307116][ T5071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.314260][ T5071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.340662][ T5071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.398174][ T5080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.405549][ T5080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.431868][ T5080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.461628][ T5069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.469780][ T5069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.496722][ T5069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.529576][ T5080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.537004][ T5080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.563636][ T5080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.738797][ T5075] hsr_slave_0: entered promiscuous mode [ 218.749620][ T5075] hsr_slave_1: entered promiscuous mode [ 218.757699][ T5075] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.765566][ T5075] Cannot create hsr debugfs directory [ 218.839662][ T4425] Bluetooth: hci0: command tx timeout [ 218.982271][ T5071] hsr_slave_0: entered promiscuous mode [ 218.992697][ T5071] hsr_slave_1: entered promiscuous mode [ 218.999370][ T4425] Bluetooth: hci1: command tx timeout [ 219.005234][ T5071] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.013201][ T5071] Cannot create hsr debugfs directory [ 219.085631][ T4425] Bluetooth: hci2: command tx timeout [ 219.109600][ T5080] hsr_slave_0: entered promiscuous mode [ 219.120562][ T5080] hsr_slave_1: entered promiscuous mode [ 219.128966][ T5080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.136836][ T5080] Cannot create hsr debugfs directory [ 219.186109][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.192779][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 219.236149][ T5069] hsr_slave_0: entered promiscuous mode [ 219.246202][ T5069] hsr_slave_1: entered promiscuous mode [ 219.254358][ T5069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.263116][ T5069] Cannot create hsr debugfs directory [ 219.327033][ T5065] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 219.350693][ T5065] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 219.397420][ T4425] Bluetooth: hci3: command tx timeout [ 219.466936][ T5065] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 219.502346][ T5065] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 219.664381][ T4425] Bluetooth: hci4: command tx timeout [ 220.523624][ T5075] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 220.555989][ T5075] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 220.602733][ T5075] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 220.650788][ T5075] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 220.911792][ T5071] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 220.928052][ T4425] Bluetooth: hci0: command tx timeout [ 220.948552][ T5071] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 220.970837][ T5069] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 220.992479][ T5069] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 221.014394][ T5080] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.037904][ T5080] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.072234][ T5080] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.082111][ T4425] Bluetooth: hci1: command tx timeout [ 221.094616][ T5071] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 221.117875][ T5071] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 221.143082][ T5069] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 221.166516][ T4425] Bluetooth: hci2: command tx timeout [ 221.180431][ T5069] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 221.220218][ T5080] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 221.476056][ T4425] Bluetooth: hci3: command tx timeout [ 221.519110][ T5065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.716799][ T4425] Bluetooth: hci4: command tx timeout [ 221.888966][ T5065] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.037616][ T5122] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.045522][ T5122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.061934][ T5122] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.069695][ T5122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.152921][ T5075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.291466][ T5075] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.374682][ T5122] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.382475][ T5122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.574753][ T5122] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.582572][ T5122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.943190][ T5071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.114020][ T5080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.208276][ T5069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.239147][ T5071] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.358816][ T5080] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.405503][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.413163][ T5118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.478790][ T5069] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.501978][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.509764][ T5118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.715395][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.723065][ T5118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.741394][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.749424][ T5118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.764990][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.772762][ T5118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.798069][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.805814][ T5118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.081329][ T5080] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.093642][ T5080] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.171368][ T5069] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.183372][ T5069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.439215][ T5071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.043491][ T5065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.196835][ T5075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.739151][ T5065] veth0_vlan: entered promiscuous mode [ 225.879269][ T5075] veth0_vlan: entered promiscuous mode [ 225.931957][ T5065] veth1_vlan: entered promiscuous mode [ 226.007727][ T5075] veth1_vlan: entered promiscuous mode [ 226.298831][ T5080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.449037][ T5065] veth0_macvtap: entered promiscuous mode [ 226.473943][ T5069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.508404][ T5075] veth0_macvtap: entered promiscuous mode [ 226.557940][ T5065] veth1_macvtap: entered promiscuous mode [ 226.579817][ T5075] veth1_macvtap: entered promiscuous mode [ 226.654062][ T5071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.895464][ T5065] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.941993][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.954521][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.970939][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.079444][ T5065] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.113004][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.123914][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.139310][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.173289][ T5080] veth0_vlan: entered promiscuous mode [ 227.200909][ T5065] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.211938][ T5065] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.221126][ T5065] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.230295][ T5065] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.328554][ T5069] veth0_vlan: entered promiscuous mode [ 227.358474][ T5075] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.369326][ T5075] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.379822][ T5075] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.388966][ T5075] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.439066][ T5080] veth1_vlan: entered promiscuous mode [ 227.537645][ T5069] veth1_vlan: entered promiscuous mode [ 227.892257][ T5080] veth0_macvtap: entered promiscuous mode [ 227.908314][ T5069] veth0_macvtap: entered promiscuous mode [ 227.967593][ T5080] veth1_macvtap: entered promiscuous mode [ 228.019736][ T5069] veth1_macvtap: entered promiscuous mode [ 228.212949][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.225973][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.237954][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.250677][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.267001][ T5069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.355990][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.366772][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.377915][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.388713][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.398773][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 228.409562][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.424815][ T5080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.504232][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.515100][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.525646][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.536451][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.551586][ T5069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.621205][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.632074][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.644439][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.655200][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.665490][ T5080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 228.676414][ T5080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.691603][ T5080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.728359][ T5069] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.737593][ T5069] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.748343][ T5069] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.760460][ T5069] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.942490][ T5080] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.951773][ T5080] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.961015][ T5080] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.970186][ T5080] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.736192][ T5071] veth0_vlan: entered promiscuous mode [ 229.914523][ T5071] veth1_vlan: entered promiscuous mode [ 230.388486][ T5071] veth0_macvtap: entered promiscuous mode [ 230.489596][ T5071] veth1_macvtap: entered promiscuous mode [ 230.729397][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.740227][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.750682][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.761590][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.773129][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.784176][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.794395][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.806929][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.822403][ T5071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.074620][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.087913][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.098579][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.109396][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.119540][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.130813][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.141105][ T5071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.151976][ T5071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.168717][ T5071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.440103][ T5071] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.451120][ T5071] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.462478][ T5071] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.473235][ T5071] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.366815][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.374891][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.543355][ T4177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.551618][ T4177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.680495][ T5117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.688921][ T5117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.757179][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.766066][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.400416][ T3007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.408595][ T3007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.538161][ T5238] warning: `syz-executor.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 235.552047][ T4693] ===================================================== [ 235.560846][ T4693] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x24b0 [ 235.569184][ T4693] _copy_to_iter+0x366/0x24b0 [ 235.570606][ T3007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.574016][ T4693] __skb_datagram_iter+0x185/0x1000 [ 235.582547][ T3007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.587654][ T4693] skb_copy_datagram_iter+0x5c/0x200 [ 235.602656][ T4693] netlink_recvmsg+0x432/0x1610 [ 235.608348][ T4693] sock_recvmsg+0x2c4/0x340 [ 235.613013][ T4693] ____sys_recvmsg+0x18a/0x620 [ 235.618254][ T4693] ___sys_recvmsg+0x223/0x840 [ 235.623120][ T4693] __x64_sys_recvmsg+0x304/0x4a0 [ 235.628414][ T4693] x64_sys_call+0x38ff/0x3b50 [ 235.633284][ T4693] do_syscall_64+0xcf/0x1e0 [ 235.639767][ T4693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.646006][ T4693] [ 235.648412][ T4693] Uninit was stored to memory at: [ 235.653756][ T4693] pskb_expand_head+0x30f/0x19d0 [ 235.659122][ T4693] netlink_trim+0x2c2/0x330 [ 235.663827][ T4693] netlink_broadcast_filtered+0x82/0x23b0 [ 235.669972][ T4693] nlmsg_notify+0x15f/0x2f0 [ 235.674688][ T4693] rtnl_notify+0xc3/0xf0 [ 235.679694][ T4693] wireless_nlevent_process+0xfe/0x250 2024/06/12 00:15:40 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 235.685487][ T4693] process_scheduled_works+0xa81/0x1bd0 [ 235.691231][ T4693] worker_thread+0xea5/0x1560 [ 235.696234][ T4693] kthread+0x3e2/0x540 [ 235.700489][ T4693] ret_from_fork+0x6d/0x90 [ 235.707033][ T4693] ret_from_fork_asm+0x1a/0x30 [ 235.712002][ T4693] [ 235.714408][ T4693] Uninit was stored to memory at: [ 235.721077][ T4693] wireless_send_event+0x566/0x1020 [ 235.726629][ T4693] ioctl_standard_iw_point+0x12e5/0x13c0 [ 235.732473][ T4693] compat_standard_call+0x179/0x310 [ 235.738048][ T4693] wext_ioctl_dispatch+0x234/0xa30 [ 235.743350][ T4693] compat_wext_handle_ioctl+0x1ae/0x2f0 [ 235.749774][ T4693] compat_sock_ioctl+0x26b/0x1370 [ 235.755022][ T4693] __se_compat_sys_ioctl+0x791/0x1090 [ 235.760755][ T4693] __ia32_compat_sys_ioctl+0x93/0xe0 [ 235.766347][ T4693] ia32_sys_call+0x1481/0x40a0 [ 235.771398][ T4693] __do_fast_syscall_32+0xb4/0x120 [ 235.777238][ T4693] do_fast_syscall_32+0x38/0x80 [ 235.782293][ T4693] do_SYSENTER_32+0x1f/0x30 [ 235.787208][ T4693] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 235.793760][ T4693] [ 235.804282][ T4693] Local variable iwp created at: [ 235.813254][ T4693] compat_standard_call+0x48/0x310 [ 235.820232][ T4693] wext_ioctl_dispatch+0x234/0xa30 [ 235.825673][ T4693] [ 235.828082][ T4693] Bytes 60-63 of 64 are uninitialized [ 235.833558][ T4693] Memory access of size 64 starts at ffff888116206280 [ 235.840651][ T4693] Data copied to user address 00007ffec8ec1228 [ 235.847009][ T4693] [ 235.849441][ T4693] CPU: 0 PID: 4693 Comm: dhcpcd Not tainted 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 235.859139][ T4693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 235.869473][ T4693] ===================================================== [ 235.877396][ T4693] Disabling lock debugging due to kernel taint [ 235.883660][ T4693] Kernel panic - not syncing: kmsan.panic set ... [ 235.890190][ T4693] CPU: 0 PID: 4693 Comm: dhcpcd Tainted: G B 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 235.901127][ T4693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 235.911332][ T4693] Call Trace: [ 235.914729][ T4693] [ 235.917843][ T4693] dump_stack_lvl+0x216/0x2d0 [ 235.922728][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 235.928725][ T4693] dump_stack+0x1e/0x30 [ 235.933071][ T4693] panic+0x4e2/0xcd0 [ 235.937160][ T4693] ? kmsan_get_metadata+0xf1/0x1d0 [ 235.942484][ T4693] kmsan_report+0x2d5/0x2e0 [ 235.947171][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 235.952550][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 235.958550][ T4693] ? kmsan_internal_check_memory+0x48c/0x560 [ 235.964755][ T4693] ? kmsan_copy_to_user+0xd5/0xf0 [ 235.969942][ T4693] ? _copy_to_iter+0x366/0x24b0 [ 235.975005][ T4693] ? __skb_datagram_iter+0x185/0x1000 [ 235.980583][ T4693] ? skb_copy_datagram_iter+0x5c/0x200 [ 235.986239][ T4693] ? netlink_recvmsg+0x432/0x1610 [ 235.991433][ T4693] ? sock_recvmsg+0x2c4/0x340 [ 235.996277][ T4693] ? ____sys_recvmsg+0x18a/0x620 [ 236.001412][ T4693] ? ___sys_recvmsg+0x223/0x840 [ 236.006461][ T4693] ? __x64_sys_recvmsg+0x304/0x4a0 [ 236.011769][ T4693] ? x64_sys_call+0x38ff/0x3b50 [ 236.016843][ T4693] ? do_syscall_64+0xcf/0x1e0 [ 236.021722][ T4693] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.028008][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.033410][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.039441][ T4693] ? rb_erase+0x1d54/0x23b0 [ 236.044136][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.049513][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.055496][ T4693] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 236.061064][ T4693] ? filter_irq_stacks+0x60/0x1a0 [ 236.066310][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.071694][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.077716][ T4693] kmsan_internal_check_memory+0x48c/0x560 [ 236.083766][ T4693] kmsan_copy_to_user+0xd5/0xf0 [ 236.088793][ T4693] ? should_fail_usercopy+0x2e/0x40 [ 236.094183][ T4693] _copy_to_iter+0x366/0x24b0 [ 236.099069][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.104449][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.110463][ T4693] ? __skb_try_recv_from_queue+0x62f/0xcd0 [ 236.116484][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.121861][ T4693] ? kmsan_get_metadata+0xf1/0x1d0 [ 236.127155][ T4693] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 236.133018][ T4693] __skb_datagram_iter+0x185/0x1000 [ 236.138442][ T4693] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 236.144315][ T4693] skb_copy_datagram_iter+0x5c/0x200 [ 236.149809][ T4693] netlink_recvmsg+0x432/0x1610 [ 236.154841][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.160242][ T4693] ? __pfx_netlink_recvmsg+0x10/0x10 [ 236.165709][ T4693] ? __pfx_netlink_recvmsg+0x10/0x10 [ 236.171151][ T4693] sock_recvmsg+0x2c4/0x340 [ 236.175816][ T4693] ____sys_recvmsg+0x18a/0x620 [ 236.180773][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.186757][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.192126][ T4693] ___sys_recvmsg+0x223/0x840 [ 236.196987][ T4693] ? __x64_sys_recvmsg+0x8d/0x4a0 [ 236.202209][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.207569][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.213545][ T4693] ? kmsan_get_metadata+0x146/0x1d0 [ 236.218936][ T4693] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 236.224946][ T4693] __x64_sys_recvmsg+0x304/0x4a0 [ 236.230087][ T4693] ? padata_alloc_pd+0x280/0xd40 [ 236.235219][ T4693] ? syscall_trace_enter+0x279/0x600 [ 236.240686][ T4693] x64_sys_call+0x38ff/0x3b50 [ 236.245549][ T4693] do_syscall_64+0xcf/0x1e0 [ 236.250240][ T4693] ? clear_bhb_loop+0x25/0x80 [ 236.255104][ T4693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.261196][ T4693] RIP: 0033:0x7f81be6d691e [ 236.265732][ T4693] Code: ff 89 ef 48 89 04 24 e8 4f 57 f9 ff 48 8b 04 24 48 83 c4 30 5d c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 21 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 70 48 8b 15 db c4 0c 00 f7 d8 64 89 02 48 83 [ 236.285512][ T4693] RSP: 002b:00007ffec8ec1158 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 236.294095][ T4693] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f81be6d691e [ 236.302203][ T4693] RDX: 0000000000000040 RSI: 00007ffec8ec1190 RDI: 000000000000000c [ 236.310300][ T4693] RBP: 00007ffec8ec5318 R08: 00005652f7177097 R09: 0000000000000000 [ 236.318404][ T4693] R10: 00007ffec8ec5560 R11: 0000000000000246 R12: 00005652f7177097 [ 236.326512][ T4693] R13: 0000000000000000 R14: 00007ffec8ec5318 R15: 0000000000000000 [ 236.334630][ T4693] [ 236.337970][ T4693] Kernel Offset: disabled [ 236.342352][ T4693] Rebooting in 86400 seconds..