last executing test programs: 2.293770599s ago: executing program 1 (id=2): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000fc010000000000000000000000000000ac1414aa00000100000000000000000000200005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000002000000000000000000000000000ffffffffffffffff000000000000000080000000000000000000000000000000000a00000000000000000000008040000000000000000008000000000000000000000000000000004400050064010102000000000000000000000000000000003c"], 0xfc}}, 0x40800) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0, 0xfc}}, 0x4050) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r1, &(0x7f00000003c0)={&(0x7f0000000040)={0xa, 0x4e24, 0x140, @empty, 0xaa}, 0x1c, 0x0}, 0x11) 2.123525708s ago: executing program 1 (id=5): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_usb_disconnect(r0) ioctl$HIDIOCGNAME(r1, 0x80404806, &(0x7f0000000040)) 1.982594857s ago: executing program 3 (id=4): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000180)={@val={0x0, 0x88a8}, @void, @eth={@broadcast, @empty, @val={@val={0x88a8, 0x3, 0x1, 0x1}, {0x8100, 0x1}}, {@ipv6={0x86dd, @dccp_packet={0x6, 0x6, "a10160", 0x10, 0x21, 0x1, @ipv4={'\x00', '\xff\xff', @multicast1}, @ipv4={'\x00', '\xff\xff', @remote}, {[], {{0x4e22, 0x4e23, 0x4, 0x1, 0x7, 0x0, 0x0, 0x9, 0x4, "d23bd7", 0x1, "33fe48"}}}}}}}}, 0x52) 1.849456794s ago: executing program 2 (id=3): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020756c2500000000002020207b1af8ff00000000bfa10000000000"], 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x140, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 1.710236842s ago: executing program 0 (id=1): r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000040)={0x8, 0x9, 0x4, {0x2, @vbi={0x9, 0x1, 0x7, 0x34565559, [0x34565348, 0xb22], [0x7], 0x1}}, 0x8}) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000100)={'wlan1\x00', @random='\n\x00'}) 1.41103967s ago: executing program 3 (id=6): syz_usb_connect(0x5, 0x51, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0}) 1.339717443s ago: executing program 2 (id=7): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local, 0x6}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0xfa8, 0x6, 0xd, 0x4, 0xfffffffffffffffd, 0xdf}, &(0x7f0000000180)={0x9, 0x8, 0x2, 0x8, 0x8000000000000000, 0x7ff, 0x4, 0x6}, 0x0, 0x0, 0x0) 1.207114841s ago: executing program 2 (id=8): sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(r0) 142.117702ms ago: executing program 0 (id=9): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x90, r1, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x53, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_b, @device_b, @initial, {0x6}}, 0x9, @default, 0x1971, @val, @void, @val={0x3, 0x1, 0xb5}, @void, @val={0x6, 0x2, 0xe}, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x9, 0x30, 0xb6}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0xb}}, @val={0x76, 0x6, {0x4, 0x2, 0x7, 0x5}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x90}}, 0x24000080) mount(&(0x7f0000000040)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000000)='sysv\x00', 0x113c051, 0x0) 0s ago: executing program 0 (id=10): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000fc010000000000000000000000000000ac1414aa00000100000000000000000000200005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000002000000000000000000000000000ffffffffffffffff000000000000000080000000000000000000000000000000000a00000000000000000000008040000000000000000008000000000000000000000000000000004400050064010102000000000000000000000000000000003c"], 0xfc}}, 0x40800) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0, 0xfc}}, 0x4050) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r1, &(0x7f00000003c0)={&(0x7f0000000040)={0xa, 0x4e24, 0x140, @empty, 0xaa}, 0x1c, 0x0}, 0x11) kernel console output (not intermixed with test programs): [ 47.727350][ T5432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.747204][ T5432] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK [ 48.213038][ T5514] ssh-keygen (5514) used greatest stack depth: 19720 bytes left Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts. syzkaller login: [ 67.080447][ T5755] cgroup: Unknown subsys name 'net' [ 67.212953][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.944327][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.071403][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.087071][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.105609][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.114513][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.119351][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.129991][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.138040][ T5774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.147013][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.147041][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.162083][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.163156][ T5774] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.171321][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.176925][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 71.184752][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 71.190803][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.197115][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.205686][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.212038][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.219972][ T5784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.237815][ T5784] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 71.245535][ T5082] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.286611][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.295457][ T5082] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.302911][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.671581][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.678392][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.710612][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 71.811341][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 71.902127][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 71.956631][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 71.967492][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.974698][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.984309][ T5766] bridge_slave_0: entered allmulticast mode [ 71.991438][ T5766] bridge_slave_0: entered promiscuous mode [ 72.025966][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.033096][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.040548][ T5766] bridge_slave_1: entered allmulticast mode [ 72.047571][ T5766] bridge_slave_1: entered promiscuous mode [ 72.110097][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.117333][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.124459][ T5770] bridge_slave_0: entered allmulticast mode [ 72.132360][ T5770] bridge_slave_0: entered promiscuous mode [ 72.162825][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.170100][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.177337][ T5770] bridge_slave_1: entered allmulticast mode [ 72.184102][ T5770] bridge_slave_1: entered promiscuous mode [ 72.195067][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.202263][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.209631][ T5768] bridge_slave_0: entered allmulticast mode [ 72.217140][ T5768] bridge_slave_0: entered promiscuous mode [ 72.229035][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.263082][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.270838][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.278971][ T5768] bridge_slave_1: entered allmulticast mode [ 72.286221][ T5768] bridge_slave_1: entered promiscuous mode [ 72.294588][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.308575][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.358827][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.389497][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.396719][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.403971][ T5767] bridge_slave_0: entered allmulticast mode [ 72.411121][ T5767] bridge_slave_0: entered promiscuous mode [ 72.443407][ T5766] team0: Port device team_slave_0 added [ 72.454434][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.463925][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.473813][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.481600][ T5767] bridge_slave_1: entered allmulticast mode [ 72.488665][ T5767] bridge_slave_1: entered promiscuous mode [ 72.508039][ T5766] team0: Port device team_slave_1 added [ 72.519061][ T5770] team0: Port device team_slave_0 added [ 72.527789][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.560201][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.581813][ T5770] team0: Port device team_slave_1 added [ 72.601321][ T5768] team0: Port device team_slave_0 added [ 72.610201][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.650792][ T5768] team0: Port device team_slave_1 added [ 72.683849][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.690976][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.717267][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.751375][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.758666][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.784705][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.798726][ T5767] team0: Port device team_slave_0 added [ 72.805410][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.812469][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.838538][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.852510][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.859710][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.886283][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.898461][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.908090][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.935338][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.948571][ T5767] team0: Port device team_slave_1 added [ 72.954945][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.962214][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.990850][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.042604][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.049701][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.075811][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.111622][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.118701][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.144829][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.181502][ T5768] hsr_slave_0: entered promiscuous mode [ 73.188155][ T5768] hsr_slave_1: entered promiscuous mode [ 73.266159][ T5772] Bluetooth: hci1: command tx timeout [ 73.266176][ T5082] Bluetooth: hci2: command tx timeout [ 73.267025][ T5766] hsr_slave_0: entered promiscuous mode [ 73.283943][ T5766] hsr_slave_1: entered promiscuous mode [ 73.290421][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.298672][ T5766] Cannot create hsr debugfs directory [ 73.308400][ T5770] hsr_slave_0: entered promiscuous mode [ 73.314732][ T5770] hsr_slave_1: entered promiscuous mode [ 73.321215][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.328891][ T5770] Cannot create hsr debugfs directory [ 73.351047][ T5772] Bluetooth: hci3: command tx timeout [ 73.352224][ T5082] Bluetooth: hci0: command tx timeout [ 73.368489][ T5767] hsr_slave_0: entered promiscuous mode [ 73.374953][ T5767] hsr_slave_1: entered promiscuous mode [ 73.382056][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.390210][ T5767] Cannot create hsr debugfs directory [ 73.794197][ T5766] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.808334][ T5766] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.823110][ T5766] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.833515][ T5766] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.894977][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.915920][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.933470][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.943607][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.039617][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.052130][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.061636][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.089609][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.177691][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.193149][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.205179][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.228251][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.280244][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.322585][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.349639][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.379784][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.387082][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.433230][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.440508][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.453919][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.482653][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.498086][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.505301][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.554915][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.562426][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.584290][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.622025][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.629229][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.640551][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.647687][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.685947][ T5768] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.753016][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.855077][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.906090][ T1032] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.913286][ T1032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.943702][ T1032] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.950904][ T1032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.253429][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.281048][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.335085][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.345515][ T5082] Bluetooth: hci1: command tx timeout [ 75.358246][ T5082] Bluetooth: hci2: command tx timeout [ 75.426136][ T5082] Bluetooth: hci3: command tx timeout [ 75.426146][ T5772] Bluetooth: hci0: command tx timeout [ 75.474560][ T5768] veth0_vlan: entered promiscuous mode [ 75.483612][ T5770] veth0_vlan: entered promiscuous mode [ 75.521449][ T5770] veth1_vlan: entered promiscuous mode [ 75.541656][ T5768] veth1_vlan: entered promiscuous mode [ 75.578989][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.599332][ T5766] veth0_vlan: entered promiscuous mode [ 75.613386][ T5766] veth1_vlan: entered promiscuous mode [ 75.657664][ T5770] veth0_macvtap: entered promiscuous mode [ 75.686296][ T5770] veth1_macvtap: entered promiscuous mode [ 75.694805][ T5768] veth0_macvtap: entered promiscuous mode [ 75.725264][ T5768] veth1_macvtap: entered promiscuous mode [ 75.746971][ T5766] veth0_macvtap: entered promiscuous mode [ 75.759288][ T5766] veth1_macvtap: entered promiscuous mode [ 75.787445][ T5767] veth0_vlan: entered promiscuous mode [ 75.828869][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.838234][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.851821][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.863115][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.878950][ T5767] veth1_vlan: entered promiscuous mode [ 75.888653][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.899502][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.910948][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.921579][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.933061][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.945007][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.962052][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.972890][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.984492][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.004903][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.016463][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.026533][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.037238][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.048809][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.066107][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.075009][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.084193][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.093017][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.128696][ T5766] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.138730][ T5766] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.148281][ T5766] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.157079][ T5766] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.169068][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.178500][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.187516][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.197000][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.280419][ T5767] veth0_macvtap: entered promiscuous mode [ 76.299049][ T5767] veth1_macvtap: entered promiscuous mode [ 76.357847][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.377473][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.423396][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.437497][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.447852][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.458692][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.468785][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.480569][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.491902][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.523326][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.533995][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.544272][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.555303][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.565136][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.575818][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.587547][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.612242][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.625077][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.634976][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.643890][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.662541][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.677638][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.709396][ T1032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.729712][ T1032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.854964][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.884489][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.908583][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.924601][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.073301][ T1032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.107133][ T1032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.113658][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.136527][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.209854][ T1032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.230731][ T1032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.376137][ T5834] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 77.427967][ T5082] Bluetooth: hci2: command tx timeout [ 77.433702][ T5772] Bluetooth: hci1: command tx timeout [ 77.507705][ T5772] Bluetooth: hci0: command tx timeout [ 77.513183][ T5772] Bluetooth: hci3: command tx timeout [ 77.729351][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.755626][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.771660][ T5834] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 77.786881][ T5834] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.798806][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.881665][ T5834] usb 2-1: config 0 descriptor?? [ 78.025732][ T5809] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 78.227547][ T5809] usb 4-1: device descriptor read/64, error -71 [ 78.266005][ T5835] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 78.363470][ T5834] usbhid 2-1:0.0: can't add hid device: -71 [ 78.384558][ T5834] usbhid: probe of 2-1:0.0 failed with error -71 [ 78.405586][ T5834] usb 2-1: USB disconnect, device number 2 [ 78.508460][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 78.525831][ T5809] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 78.536116][ T5835] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 78.598686][ T5835] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 78.612766][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.621368][ T5835] usb 3-1: Product: syz [ 78.626340][ T5835] usb 3-1: Manufacturer: syz [ 78.630985][ T5835] usb 3-1: SerialNumber: syz [ 78.655593][ T5835] usb 3-1: config 0 descriptor?? [ 78.670350][ T5835] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 78.696386][ T5809] usb 4-1: device descriptor read/64, error -71 [ 78.826464][ T5809] usb usb4-port1: attempt power cycle [ 79.124357][ C1] ------------[ cut here ]------------ [ 79.130216][ C1] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xfff with flags 0x40 [ 79.140993][ C1] WARNING: CPU: 1 PID: 5767 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 [ 79.151090][ C1] Modules linked in: [ 79.155028][ C1] CPU: 1 PID: 5767 Comm: syz-executor Not tainted syzkaller #0 [ 79.162671][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 79.172940][ C1] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 79.179277][ C1] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 80 cc de 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 7b 94 56 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 79.199032][ C1] RSP: 0018:ffffc900001f0540 EFLAGS: 00010246 [ 79.205143][ C1] RAX: 92d43cae29485f00 RBX: 000000000000000c RCX: ffff88802f2e0000 [ 79.213208][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 79.221285][ C1] RBP: 0000000000000084 R08: ffffc900001f0147 R09: 1ffff9200003e028 [ 79.229346][ C1] R10: dffffc0000000000 R11: fffff5200003e029 R12: 0000000000000040 [ 79.237416][ C1] R13: dffffc0000000000 R14: ffff88802b043358 R15: ffff888023a1d168 [ 79.245484][ C1] FS: 0000555557823500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 79.254461][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.261156][ C1] CR2: 00007f90b99e42f8 CR3: 00000000622f1000 CR4: 00000000003506e0 [ 79.269223][ C1] Call Trace: [ 79.272546][ C1] [ 79.275518][ C1] rate_control_send_low+0x194/0x790 [ 79.275673][ T5809] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 79.280834][ C1] rate_control_get_rate+0x20b/0x5d0 [ 79.280879][ C1] ieee80211_beacon_get_finish+0x3a2/0x6e0 [ 79.299675][ C1] ? ieee80211_set_beacon_cntdwn+0x660/0x660 [ 79.305763][ C1] ? __local_bh_enable_ip+0x13a/0x1c0 [ 79.311193][ C1] ? _local_bh_enable+0xa0/0xa0 [ 79.316159][ C1] ieee80211_beacon_get_ap+0x15a7/0x1b20 [ 79.321865][ C1] ? ieee80211_tx_8023+0x3c0/0x3c0 [ 79.327118][ C1] ? read_lock_is_recursive+0x20/0x20 [ 79.332559][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 79.338239][ C1] __ieee80211_beacon_get+0x10eb/0x1600 [ 79.339566][ T5809] usb 4-1: device descriptor read/8, error -71 [ 79.343814][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 79.343854][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 79.343881][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 79.343915][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 79.373584][ C1] __iterate_interfaces+0x243/0x500 [ 79.378895][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 79.385178][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 79.392481][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 79.398824][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 79.405970][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 79.411229][ C1] __hrtimer_run_queues+0x52a/0xc40 [ 79.416540][ C1] ? hw_scan_work+0xf60/0xf60 [ 79.421277][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 79.426484][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 79.432587][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 79.438027][ C1] handle_softirqs+0x280/0x820 [ 79.442863][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 79.447736][ C1] ? do_softirq+0x1a0/0x1a0 [ 79.452290][ C1] __irq_exit_rcu+0xd3/0x190 [ 79.456972][ C1] ? irq_exit_rcu+0x20/0x20 [ 79.461526][ C1] irq_exit_rcu+0x9/0x20 [ 79.465847][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 79.471519][ C1] [ 79.474476][ C1] [ 79.477498][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 79.483521][ C1] RIP: 0010:__rcu_read_unlock+0x62/0xd0 [ 79.489155][ C1] Code: 75 1d 4c 8d b7 40 04 00 00 4c 89 f0 48 c1 e8 03 42 0f b6 04 38 84 c0 75 5f 41 83 3e 00 75 20 43 0f b6 04 3c 84 c0 75 3a 8b 03 <3d> 00 00 00 40 73 0a 5b 41 5c 41 5d 41 5e 41 5f c3 0f 0b eb f2 e8 [ 79.508940][ C1] RSP: 0018:ffffc9000464f7e8 EFLAGS: 00000246 [ 79.515037][ C1] RAX: 0000000000000000 RBX: ffff88802f2e043c RCX: ffff88802f2e0000 [ 79.515880][ T5082] Bluetooth: hci2: command tx timeout [ 79.523247][ C1] RDX: 0000000000000000 RSI: ffffffff8b1c81c0 RDI: ffff88802f2e0000 [ 79.523271][ C1] RBP: 0000000000000000 R08: ffff8880195c9117 R09: 1ffff110032b9222 [ 79.523287][ C1] R10: dffffc0000000000 R11: ffffed10032b9223 R12: 1ffff11005e5c087 [ 79.528790][ T5772] Bluetooth: hci1: command tx timeout [ 79.536698][ C1] R13: dffffc0000000000 R14: ffff88802f2e0440 R15: dffffc0000000000 [ 79.536744][ C1] page_ext_put+0x95/0xb0 [ 79.536774][ C1] free_unref_page_prepare+0x7b2/0x8c0 [ 79.536811][ C1] free_unref_page+0x32/0x2e0 [ 79.536841][ C1] vfree+0x1a6/0x320 [ 79.536882][ C1] do_ipt_get_ctl+0xf15/0x1200 [ 79.536917][ C1] ? do_ipt_set_ctl+0xe00/0xe00 [ 79.536966][ C1] ? nf_getsockopt+0x21f/0x280 [ 79.536994][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 79.537015][ C1] ? rcu_is_watching+0x15/0xb0 [ 79.537042][ C1] ? trace_contention_end+0x39/0xe0 [ 79.537064][ C1] ? __mutex_lock+0x315/0xcc0 [ 79.537100][ C1] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 79.537132][ C1] ? mutex_unlock+0x10/0x10 [ 79.537164][ C1] ? __might_fault+0xaa/0x120 [ 79.537187][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 79.595621][ T5082] Bluetooth: hci0: command tx timeout [ 79.599518][ C1] nf_getsockopt+0x262/0x280 [ 79.604773][ T5772] Bluetooth: hci3: command tx timeout [ 79.609343][ C1] ip_getsockopt+0x19f/0x230 [ 79.609378][ C1] ? ip_get_mcast_msfilter+0x370/0x370 [ 79.664873][ C1] ? __might_fault+0xaa/0x120 [ 79.669675][ C1] ? __might_fault+0xc6/0x120 [ 79.674393][ C1] ? __might_fault+0xaa/0x120 [ 79.679158][ C1] ? sock_common_getsockopt+0x2d/0xb0 [ 79.684578][ C1] ? sock_recv_errqueue+0x590/0x590 [ 79.689849][ C1] do_sock_getsockopt+0x379/0x450 [ 79.695023][ C1] ? __ia32_sys_setsockopt+0x200/0x200 [ 79.700589][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 79.705876][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 79.706531][ T5809] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 79.711892][ C1] __x64_sys_getsockopt+0x1d6/0x280 [ 79.711928][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 79.729946][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 79.735249][ C1] do_syscall_64+0x55/0xa0 [ 79.739711][ C1] ? clear_bhb_loop+0x40/0x90 [ 79.744425][ C1] ? clear_bhb_loop+0x40/0x90 [ 79.749212][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.755157][ C1] RIP: 0033:0x7f90b979d76a [ 79.759709][ C1] Code: 48 83 ec 10 89 d2 48 63 ff 45 31 c9 6a 2a 45 31 c0 31 c9 e8 58 9a fb ff 48 83 c4 18 c3 0f 1f 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 [ 79.779416][ C1] RSP: 002b:00007ffc2d700048 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 [ 79.787969][ C1] RAX: ffffffffffffffda RBX: 00007ffc2d7000d0 RCX: 00007f90b979d76a [ 79.791562][ T5809] usb 4-1: device descriptor read/8, error -71 [ 79.796036][ C1] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 [ 79.796055][ C1] RBP: 0000000000000003 R08: 00007ffc2d70006c R09: 0000000000000000 [ 79.796069][ C1] R10: 00007ffc2d7000d0 R11: 0000000000000202 R12: 00007f90b99e8520 [ 79.796083][ C1] R13: 00007ffc2d70006c R14: 0000000000000000 R15: 00007f90b99ea020 [ 79.796124][ C1] [ 79.837698][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 79.844996][ C1] CPU: 1 PID: 5767 Comm: syz-executor Not tainted syzkaller #0 [ 79.852575][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 79.862727][ C1] Call Trace: [ 79.866033][ C1] [ 79.868890][ C1] dump_stack_lvl+0x18c/0x250 [ 79.873689][ C1] ? show_regs_print_info+0x20/0x20 [ 79.878918][ C1] ? load_image+0x400/0x400 [ 79.883464][ C1] panic+0x2dc/0x730 [ 79.887365][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 79.891923][ C1] __warn+0x2e0/0x470 [ 79.895933][ C1] ? __rate_control_send_low+0x635/0x880 [ 79.901608][ C1] ? __rate_control_send_low+0x635/0x880 [ 79.907250][ C1] report_bug+0x2be/0x4f0 [ 79.911597][ C1] ? __rate_control_send_low+0x635/0x880 [ 79.917243][ C1] ? __rate_control_send_low+0x635/0x880 [ 79.922895][ C1] ? __rate_control_send_low+0x637/0x880 [ 79.928539][ C1] handle_bug+0xcf/0x120 [ 79.932810][ C1] exc_invalid_op+0x1a/0x50 [ 79.937333][ C1] asm_exc_invalid_op+0x1a/0x20 [ 79.942193][ C1] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 79.948449][ C1] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 80 cc de 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 7b 94 56 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 79.968076][ C1] RSP: 0018:ffffc900001f0540 EFLAGS: 00010246 [ 79.974153][ C1] RAX: 92d43cae29485f00 RBX: 000000000000000c RCX: ffff88802f2e0000 [ 79.982284][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 79.990271][ C1] RBP: 0000000000000084 R08: ffffc900001f0147 R09: 1ffff9200003e028 [ 79.998261][ C1] R10: dffffc0000000000 R11: fffff5200003e029 R12: 0000000000000040 [ 80.006254][ C1] R13: dffffc0000000000 R14: ffff88802b043358 R15: ffff888023a1d168 [ 80.014270][ C1] rate_control_send_low+0x194/0x790 [ 80.019584][ C1] rate_control_get_rate+0x20b/0x5d0 [ 80.024900][ C1] ieee80211_beacon_get_finish+0x3a2/0x6e0 [ 80.030728][ C1] ? ieee80211_set_beacon_cntdwn+0x660/0x660 [ 80.036718][ C1] ? __local_bh_enable_ip+0x13a/0x1c0 [ 80.042108][ C1] ? _local_bh_enable+0xa0/0xa0 [ 80.046973][ C1] ieee80211_beacon_get_ap+0x15a7/0x1b20 [ 80.052652][ C1] ? ieee80211_tx_8023+0x3c0/0x3c0 [ 80.057786][ C1] ? read_lock_is_recursive+0x20/0x20 [ 80.063181][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 80.068740][ C1] __ieee80211_beacon_get+0x10eb/0x1600 [ 80.074294][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 80.079865][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 80.085344][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 80.092120][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 80.097697][ C1] __iterate_interfaces+0x243/0x500 [ 80.102911][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 80.109155][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 80.116374][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 80.122620][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 80.129661][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 80.134870][ C1] __hrtimer_run_queues+0x52a/0xc40 [ 80.140099][ C1] ? hw_scan_work+0xf60/0xf60 [ 80.144794][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 80.149944][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 80.156028][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 80.161147][ C1] handle_softirqs+0x280/0x820 [ 80.165927][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 80.170698][ C1] ? do_softirq+0x1a0/0x1a0 [ 80.175397][ C1] __irq_exit_rcu+0xd3/0x190 [ 80.180002][ C1] ? irq_exit_rcu+0x20/0x20 [ 80.184520][ C1] irq_exit_rcu+0x9/0x20 [ 80.188770][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 80.194413][ C1] [ 80.197368][ C1] [ 80.200308][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 80.206295][ C1] RIP: 0010:__rcu_read_unlock+0x62/0xd0 [ 80.211858][ C1] Code: 75 1d 4c 8d b7 40 04 00 00 4c 89 f0 48 c1 e8 03 42 0f b6 04 38 84 c0 75 5f 41 83 3e 00 75 20 43 0f b6 04 3c 84 c0 75 3a 8b 03 <3d> 00 00 00 40 73 0a 5b 41 5c 41 5d 41 5e 41 5f c3 0f 0b eb f2 e8 [ 80.231481][ C1] RSP: 0018:ffffc9000464f7e8 EFLAGS: 00000246 [ 80.237560][ C1] RAX: 0000000000000000 RBX: ffff88802f2e043c RCX: ffff88802f2e0000 [ 80.245551][ C1] RDX: 0000000000000000 RSI: ffffffff8b1c81c0 RDI: ffff88802f2e0000 [ 80.253555][ C1] RBP: 0000000000000000 R08: ffff8880195c9117 R09: 1ffff110032b9222 [ 80.261537][ C1] R10: dffffc0000000000 R11: ffffed10032b9223 R12: 1ffff11005e5c087 [ 80.269514][ C1] R13: dffffc0000000000 R14: ffff88802f2e0440 R15: dffffc0000000000 [ 80.277519][ C1] page_ext_put+0x95/0xb0 [ 80.281863][ C1] free_unref_page_prepare+0x7b2/0x8c0 [ 80.287353][ C1] free_unref_page+0x32/0x2e0 [ 80.292070][ C1] vfree+0x1a6/0x320 [ 80.295983][ C1] do_ipt_get_ctl+0xf15/0x1200 [ 80.300764][ C1] ? do_ipt_set_ctl+0xe00/0xe00 [ 80.305746][ C1] ? nf_getsockopt+0x21f/0x280 [ 80.310609][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 80.315678][ C1] ? rcu_is_watching+0x15/0xb0 [ 80.320449][ C1] ? trace_contention_end+0x39/0xe0 [ 80.325653][ C1] ? __mutex_lock+0x315/0xcc0 [ 80.330371][ C1] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 80.336107][ C1] ? mutex_unlock+0x10/0x10 [ 80.340626][ C1] ? __might_fault+0xaa/0x120 [ 80.345323][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 80.350392][ C1] nf_getsockopt+0x262/0x280 [ 80.355023][ C1] ip_getsockopt+0x19f/0x230 [ 80.359819][ C1] ? ip_get_mcast_msfilter+0x370/0x370 [ 80.365303][ C1] ? __might_fault+0xaa/0x120 [ 80.370002][ C1] ? __might_fault+0xc6/0x120 [ 80.374691][ C1] ? __might_fault+0xaa/0x120 [ 80.379385][ C1] ? sock_common_getsockopt+0x2d/0xb0 [ 80.385124][ C1] ? sock_recv_errqueue+0x590/0x590 [ 80.390347][ C1] do_sock_getsockopt+0x379/0x450 [ 80.395400][ C1] ? __ia32_sys_setsockopt+0x200/0x200 [ 80.400905][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 80.406204][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 80.412206][ C1] __x64_sys_getsockopt+0x1d6/0x280 [ 80.417418][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 80.422642][ C1] ? lockdep_hardirqs_on+0x50/0x150 [ 80.427863][ C1] do_syscall_64+0x55/0xa0 [ 80.432293][ C1] ? clear_bhb_loop+0x40/0x90 [ 80.436975][ C1] ? clear_bhb_loop+0x40/0x90 [ 80.441659][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.447562][ C1] RIP: 0033:0x7f90b979d76a [ 80.451995][ C1] Code: 48 83 ec 10 89 d2 48 63 ff 45 31 c9 6a 2a 45 31 c0 31 c9 e8 58 9a fb ff 48 83 c4 18 c3 0f 1f 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 [ 80.471661][ C1] RSP: 002b:00007ffc2d700048 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 [ 80.480085][ C1] RAX: ffffffffffffffda RBX: 00007ffc2d7000d0 RCX: 00007f90b979d76a [ 80.488085][ C1] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 [ 80.496066][ C1] RBP: 0000000000000003 R08: 00007ffc2d70006c R09: 0000000000000000 [ 80.504053][ C1] R10: 00007ffc2d7000d0 R11: 0000000000000202 R12: 00007f90b99e8520 [ 80.512036][ C1] R13: 00007ffc2d70006c R14: 0000000000000000 R15: 00007f90b99ea020 [ 80.520034][ C1] [ 80.523401][ C1] Kernel Offset: disabled [ 80.527748][ C1] Rebooting in 86400 seconds..