last executing test programs: 2.567914681s ago: executing program 0 (id=1): syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00d0867e65d443152ee691a70d225b73c01164645c70ff689f607da7a169dbbfebbeb349b043f54d088bcd11a44f2074aa41532279b5718bc4d89fe5010d6bf465008743337cddaefbc0f0293d06483bec82e15366358709c5d5c0049ff9dcb7ea7e855e3c24bc3b4173720476fb379ce25c0ea42027ba6a7d"], 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0) 1.777215372s ago: executing program 3 (id=4): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) setitimer(0x2, &(0x7f0000000080)={{0xfffffffffffffffc, 0x4}, {0x0, 0x6}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000040)) 1.229418036s ago: executing program 0 (id=6): semget$private(0x0, 0x7, 0x85) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', 0x0}) getitimer(0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], 0x0}, 0x94) r5 = socket$kcm(0xa, 0x2, 0x73) sendmsg$sock(r5, &(0x7f0000000000)={&(0x7f00000001c0)=@nl=@unspec={0x0, 0x0, 0x0, 0xd8ff}, 0x80, 0x0, 0x0, &(0x7f0000000380)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x4) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@gettaction={0x18, 0x5a, 0x1, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x8) 1.008688834s ago: executing program 2 (id=3): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x80}, 0x0) recvfrom(r2, &(0x7f0000000280)=""/90, 0xfffffffffffffe4a, 0x530, 0x0, 0x0) 0s ago: executing program 3 (id=7): openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts. [ 224.669203][ T5552] cgroup: Unknown subsys name 'net' [ 224.808376][ T5552] cgroup: Unknown subsys name 'cpuset' [ 224.829050][ T5552] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 232.701704][ T5552] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 238.774996][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 238.786953][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 238.795982][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 238.806652][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 238.815589][ T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 238.830910][ T48] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 238.843322][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 238.858317][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 238.869355][ T5579] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 238.899816][ T5579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 238.915203][ T5579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 238.926605][ T5583] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 238.936722][ T5583] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 238.956553][ T5579] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 238.965084][ T4869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 238.973903][ T5579] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 238.998599][ T5586] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 239.010675][ T5575] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 239.040433][ T5575] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 239.066695][ T5575] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 239.084067][ T5586] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 239.094855][ T5575] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 239.097615][ T5586] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 239.127836][ T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 239.142409][ T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 241.042716][ T5583] Bluetooth: hci1: command tx timeout [ 241.042782][ T48] Bluetooth: hci0: command tx timeout [ 241.116488][ T5583] Bluetooth: hci2: command tx timeout [ 241.198629][ T5583] Bluetooth: hci4: command tx timeout [ 241.204716][ T5583] Bluetooth: hci3: command tx timeout [ 243.113458][ T5583] Bluetooth: hci0: command tx timeout [ 243.113661][ T48] Bluetooth: hci1: command tx timeout [ 243.192845][ T48] Bluetooth: hci2: command tx timeout [ 243.272572][ T48] Bluetooth: hci3: command tx timeout [ 243.282311][ T48] Bluetooth: hci4: command tx timeout [ 245.151322][ T5570] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.163691][ T5570] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.172883][ T5570] bridge_slave_0: entered allmulticast mode [ 245.185836][ T5570] bridge_slave_0: entered promiscuous mode [ 245.192990][ T48] Bluetooth: hci0: command tx timeout [ 245.202934][ T48] Bluetooth: hci1: command tx timeout [ 245.267406][ T5570] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.275524][ T48] Bluetooth: hci2: command tx timeout [ 245.287770][ T5570] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.297242][ T5570] bridge_slave_1: entered allmulticast mode [ 245.309850][ T5570] bridge_slave_1: entered promiscuous mode [ 245.352642][ T48] Bluetooth: hci4: command tx timeout [ 245.358496][ T48] Bluetooth: hci3: command tx timeout [ 245.645393][ T5570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.764968][ T5570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.068800][ T5571] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.077288][ T5571] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.085377][ T5571] bridge_slave_0: entered allmulticast mode [ 246.095401][ T5571] bridge_slave_0: entered promiscuous mode [ 246.122975][ T5570] team0: Port device team_slave_0 added [ 246.129454][ T5573] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.141236][ T5573] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.149580][ T5573] bridge_slave_0: entered allmulticast mode [ 246.160758][ T5573] bridge_slave_0: entered promiscuous mode [ 246.221494][ T5571] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.232962][ T5571] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.240932][ T5571] bridge_slave_1: entered allmulticast mode [ 246.251678][ T5571] bridge_slave_1: entered promiscuous mode [ 246.279136][ T5570] team0: Port device team_slave_1 added [ 246.285908][ T5573] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.294226][ T5573] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.302385][ T5573] bridge_slave_1: entered allmulticast mode [ 246.311726][ T5573] bridge_slave_1: entered promiscuous mode [ 246.329288][ T5577] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.337358][ T5577] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.345852][ T5577] bridge_slave_0: entered allmulticast mode [ 246.355646][ T5577] bridge_slave_0: entered promiscuous mode [ 246.499723][ T5577] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.507945][ T5577] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.515938][ T5577] bridge_slave_1: entered allmulticast mode [ 246.525894][ T5577] bridge_slave_1: entered promiscuous mode [ 246.716249][ T5571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.726484][ T5572] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.735461][ T5572] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.743794][ T5572] bridge_slave_0: entered allmulticast mode [ 246.753855][ T5572] bridge_slave_0: entered promiscuous mode [ 246.770455][ T5570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.778028][ T5570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.805116][ T5570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.829594][ T5573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.884411][ T5571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.894760][ T5572] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.903289][ T5572] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.911075][ T5572] bridge_slave_1: entered allmulticast mode [ 246.920595][ T5572] bridge_slave_1: entered promiscuous mode [ 246.934216][ T5570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.941450][ T5570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.968126][ T5570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.989585][ T5573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.013284][ T5577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.161867][ T5577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.272920][ T48] Bluetooth: hci1: command tx timeout [ 247.273023][ T5575] Bluetooth: hci0: command tx timeout [ 247.301205][ T5572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.352385][ T48] Bluetooth: hci2: command tx timeout [ 247.400237][ T5571] team0: Port device team_slave_0 added [ 247.423145][ T5572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.432982][ T48] Bluetooth: hci3: command tx timeout [ 247.442841][ T48] Bluetooth: hci4: command tx timeout [ 247.453371][ T5573] team0: Port device team_slave_0 added [ 247.470876][ T5577] team0: Port device team_slave_0 added [ 247.488645][ T5571] team0: Port device team_slave_1 added [ 247.574436][ T5573] team0: Port device team_slave_1 added [ 247.590110][ T5577] team0: Port device team_slave_1 added [ 247.836160][ T5570] hsr_slave_0: entered promiscuous mode [ 247.847194][ T5570] hsr_slave_1: entered promiscuous mode [ 247.868091][ T5572] team0: Port device team_slave_0 added [ 247.941282][ T5571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.949022][ T5571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 247.975620][ T5571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.000463][ T5572] team0: Port device team_slave_1 added [ 248.009239][ T5573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.016995][ T5573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.043878][ T5573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.060485][ T5577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.068143][ T5577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.094920][ T5577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.110547][ T5571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.118229][ T5571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.145005][ T5571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.195114][ T5573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.202856][ T5573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.229523][ T5573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.245072][ T5577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.252443][ T5577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.278863][ T5577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.450827][ T5572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.458188][ T5572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.485538][ T5572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.546592][ T5572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.554722][ T5572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.581448][ T5572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.893340][ T5571] hsr_slave_0: entered promiscuous mode [ 248.904263][ T5571] hsr_slave_1: entered promiscuous mode [ 248.913585][ T5571] debugfs: 'hsr0' already exists in 'hsr' [ 248.919694][ T5571] Cannot create hsr debugfs directory [ 248.992194][ T5573] hsr_slave_0: entered promiscuous mode [ 249.001844][ T5573] hsr_slave_1: entered promiscuous mode [ 249.011454][ T5573] debugfs: 'hsr0' already exists in 'hsr' [ 249.017714][ T5573] Cannot create hsr debugfs directory [ 249.044814][ T5577] hsr_slave_0: entered promiscuous mode [ 249.055941][ T5577] hsr_slave_1: entered promiscuous mode [ 249.064997][ T5577] debugfs: 'hsr0' already exists in 'hsr' [ 249.070907][ T5577] Cannot create hsr debugfs directory [ 249.305984][ T5572] hsr_slave_0: entered promiscuous mode [ 249.316634][ T5572] hsr_slave_1: entered promiscuous mode [ 249.325314][ T5572] debugfs: 'hsr0' already exists in 'hsr' [ 249.331323][ T5572] Cannot create hsr debugfs directory [ 250.794184][ T5570] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 250.833048][ T5570] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 250.847906][ T5570] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 250.871527][ T5570] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 250.886109][ T5570] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 250.909412][ T5570] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 250.939542][ T5570] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 250.964745][ T5570] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 251.088552][ T5571] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 251.140842][ T5571] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 251.162554][ T5571] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 251.191043][ T5571] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 251.206932][ T5571] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 251.236803][ T5571] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 251.268184][ T5571] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 251.296463][ T5571] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 251.493743][ T5577] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 251.534384][ T5577] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 251.548867][ T5577] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 251.578236][ T5577] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 251.609099][ T5577] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 251.639653][ T5577] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 251.693955][ T5577] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 251.719328][ T5577] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 252.021066][ T5572] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 252.050277][ T5572] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 252.080538][ T5572] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 252.105680][ T5572] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 252.123425][ T5572] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 252.154639][ T5572] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 252.167073][ T5572] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 252.190606][ T5572] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 252.595822][ T5573] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 252.625197][ T5573] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 252.668531][ T5573] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 252.699221][ T5573] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 252.710107][ T5573] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 252.739072][ T5573] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 252.780912][ T5573] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 252.814737][ T5573] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 253.087822][ T5570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.351316][ T5570] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.398033][ T5571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.540344][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.548045][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.667959][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.675625][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.713327][ T5577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.753330][ T5571] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.889448][ T1331] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.897068][ T1331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.998845][ T1331] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.006434][ T1331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.039564][ T5572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.145549][ T5577] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.267209][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.274840][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.310642][ T5572] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.429443][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.437141][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.530821][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.538572][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.624207][ T5573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.730214][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.738155][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.100968][ T5573] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.328130][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.335921][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.503132][ T1241] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.510936][ T1241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.959707][ T5570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.651517][ T5571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.271113][ T5570] veth0_vlan: entered promiscuous mode [ 260.365936][ T5577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.543604][ T5572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.610947][ T5570] veth1_vlan: entered promiscuous mode [ 261.105949][ T5571] veth0_vlan: entered promiscuous mode [ 261.228793][ T5573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.391871][ T5571] veth1_vlan: entered promiscuous mode [ 261.528696][ T5577] veth0_vlan: entered promiscuous mode [ 261.645689][ T5570] veth0_macvtap: entered promiscuous mode [ 261.761635][ T5577] veth1_vlan: entered promiscuous mode [ 261.775424][ T5570] veth1_macvtap: entered promiscuous mode [ 262.108629][ T5571] veth0_macvtap: entered promiscuous mode [ 262.147658][ T5570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.283427][ T5571] veth1_macvtap: entered promiscuous mode [ 262.325229][ T5570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.333851][ T5573] veth0_vlan: entered promiscuous mode [ 262.502230][ T387] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.515810][ T387] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.537050][ T5572] veth0_vlan: entered promiscuous mode [ 262.561816][ T5573] veth1_vlan: entered promiscuous mode [ 262.578787][ T5577] veth0_macvtap: entered promiscuous mode [ 262.597766][ T387] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.661622][ T387] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.704011][ T5577] veth1_macvtap: entered promiscuous mode [ 262.803344][ T5571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.886301][ T5572] veth1_vlan: entered promiscuous mode [ 262.936665][ T5571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.099761][ T35] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.116168][ T35] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.173798][ T35] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.193843][ T35] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.238567][ T5577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.370112][ T5577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.551261][ T5573] veth0_macvtap: entered promiscuous mode [ 263.587129][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.614548][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.629326][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.707011][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.858219][ T5573] veth1_macvtap: entered promiscuous mode [ 263.963124][ T5572] veth0_macvtap: entered promiscuous mode [ 264.086380][ T5572] veth1_macvtap: entered promiscuous mode [ 264.349637][ T5573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.547705][ T5573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 264.764299][ T5572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.783162][ T93] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.826757][ T93] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.917783][ T93] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.948620][ T387] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.099191][ T5572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 265.301472][ T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.334314][ T35] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.381273][ T35] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.420271][ T35] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.478247][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.521875][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.827412][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 270.839071][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.847704][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.871594][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.486759][ T5570] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 271.524593][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.570776][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.783073][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.827746][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.250942][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.311258][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.381390][ T5829] loop0: detected capacity change from 0 to 22 [ 272.429165][ T5829] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 272.683014][ T1331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.742742][ T1331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.742781][ T5829] process 'syz.0.1' launched './file1' with NULL argv: empty string added [ 274.582188][ T387] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.693360][ T387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.452694][ T5842] ===================================================== [ 275.460322][ T5842] BUG: KMSAN: uninit-value in mptcp_established_options+0x112f/0x3530 [ 275.469192][ T5842] mptcp_established_options+0x112f/0x3530 [ 275.475676][ T5842] tcp_established_options+0x312/0xcc0 [ 275.481590][ T5842] __tcp_transmit_skb+0x5dc/0x5fe0 [ 275.487227][ T5842] __tcp_send_ack+0x967/0xad0 [ 275.492430][ T5842] tcp_send_ack+0x3d/0x60 [ 275.497214][ T5842] mptcp_subflow_shutdown+0x164/0x690 [ 275.503041][ T5842] mptcp_check_send_data_fin+0x31b/0x3d0 [ 275.514708][ T5842] __mptcp_close+0x860/0x1360 [ 275.519975][ T5842] mptcp_close+0x42/0x260 [ 275.524833][ T5842] inet_release+0x1ee/0x2a0 [ 275.530683][ T5842] sock_close+0xd6/0x2f0 [ 275.535852][ T5842] __fput+0x60e/0x1010 [ 275.540191][ T5842] ____fput+0x25/0x30 [ 275.544751][ T5842] task_work_run+0x208/0x2b0 [ 275.549645][ T5842] get_signal+0x136/0x2a20 [ 275.554533][ T5842] arch_do_signal_or_restart+0x53/0xc00 [ 275.560373][ T5842] exit_to_user_mode_loop+0x117/0x1b60 [ 275.568126][ T5842] do_syscall_64+0x236/0xf80 [ 275.573142][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.579280][ T5842] [ 275.581745][ T5842] Local variable opts created at: [ 275.587063][ T5842] __tcp_transmit_skb+0x4d/0x5fe0 [ 275.592597][ T5842] __tcp_send_ack+0x967/0xad0 [ 275.597760][ T5842] [ 275.600290][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 275.609742][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 275.620200][ T5842] ===================================================== [ 275.627430][ T5842] Disabling lock debugging due to kernel taint [ 275.877845][ T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 276.562467][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 276.825103][ T5842] Kernel panic - not syncing: kmsan.panic set ... [ 276.831815][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz.2.3 Tainted: G B syzkaller #0 PREEMPT(full) [ 276.842717][ T5842] Tainted: [B]=BAD_PAGE [ 276.847024][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 276.857324][ T5842] Call Trace: [ 276.860846][ T5842] [ 276.863971][ T5842] __dump_stack+0x26/0x30 [ 276.868623][ T5842] dump_stack_lvl+0x50/0x1c0 [ 276.873480][ T5842] ? dump_stack+0x12/0x25 [ 276.878182][ T5842] dump_stack+0x1e/0x25 [ 276.882658][ T5842] vpanic+0x7b4/0x1430 [ 276.887075][ T5842] panic+0x15d/0x160 [ 276.891345][ T5842] kmsan_report+0x31a/0x320 [ 276.896225][ T5842] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 276.902904][ T5842] ? __msan_warning+0x1b/0x30 [ 276.907892][ T5842] ? mptcp_established_options+0x112f/0x3530 [ 276.914196][ T5842] ? tcp_established_options+0x312/0xcc0 [ 276.920164][ T5842] ? __tcp_transmit_skb+0x5dc/0x5fe0 [ 276.925715][ T5842] ? __tcp_send_ack+0x967/0xad0 [ 276.930778][ T5842] ? tcp_send_ack+0x3d/0x60 [ 276.935508][ T5842] ? mptcp_subflow_shutdown+0x164/0x690 [ 276.941339][ T5842] ? mptcp_check_send_data_fin+0x31b/0x3d0 [ 276.947524][ T5842] ? __mptcp_close+0x860/0x1360 [ 276.952633][ T5842] ? mptcp_close+0x42/0x260 [ 276.957570][ T5842] ? inet_release+0x1ee/0x2a0 [ 276.962904][ T5842] ? sock_close+0xd6/0x2f0 [ 276.967672][ T5842] ? __fput+0x60e/0x1010 [ 276.972159][ T5842] ? ____fput+0x25/0x30 [ 276.976582][ T5842] ? task_work_run+0x208/0x2b0 [ 276.981763][ T5842] ? get_signal+0x136/0x2a20 [ 276.987091][ T5842] ? arch_do_signal_or_restart+0x53/0xc00 [ 276.993094][ T5842] ? exit_to_user_mode_loop+0x117/0x1b60 [ 276.999066][ T5842] ? do_syscall_64+0x236/0xf80 [ 277.004122][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.010453][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.016771][ T5842] ? irqentry_exit_to_kernel_mode_preempt+0x8b/0xc0 [ 277.023645][ T5842] ? irqentry_exit+0x7b/0x760 [ 277.028604][ T5842] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 277.035221][ T5842] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 277.041557][ T5842] ? trace_reschedule_exit+0x22/0x1a0 [ 277.047264][ T5842] ? sysvec_reschedule_ipi+0x74/0x80 [ 277.053201][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.058691][ T5842] __msan_warning+0x1b/0x30 [ 277.063489][ T5842] mptcp_established_options+0x112f/0x3530 [ 277.069600][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.075110][ T5842] tcp_established_options+0x312/0xcc0 [ 277.080962][ T5842] __tcp_transmit_skb+0x5dc/0x5fe0 [ 277.086364][ T5842] ? kmem_cache_alloc_node_noprof+0x3f5/0x12c0 [ 277.092920][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.098431][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.103855][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.109298][ T5842] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 277.115438][ T5842] ? __alloc_skb+0xb7d/0x1190 [ 277.120370][ T5842] __tcp_send_ack+0x967/0xad0 [ 277.125312][ T5842] tcp_send_ack+0x3d/0x60 [ 277.129946][ T5842] mptcp_subflow_shutdown+0x164/0x690 [ 277.135597][ T5842] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 277.141725][ T5842] mptcp_check_send_data_fin+0x31b/0x3d0 [ 277.147651][ T5842] __mptcp_close+0x860/0x1360 [ 277.152695][ T5842] ? __pfx_mptcp_close+0x10/0x10 [ 277.157895][ T5842] mptcp_close+0x42/0x260 [ 277.162509][ T5842] ? __pfx_mptcp_close+0x10/0x10 [ 277.167742][ T5842] inet_release+0x1ee/0x2a0 [ 277.172558][ T5842] ? __pfx_inet_release+0x10/0x10 [ 277.178163][ T5842] sock_close+0xd6/0x2f0 [ 277.183181][ T5842] ? __pfx_sock_close+0x10/0x10 [ 277.188497][ T5842] __fput+0x60e/0x1010 [ 277.192874][ T5842] ? __pfx_____fput+0x10/0x10 [ 277.197878][ T5842] ____fput+0x25/0x30 [ 277.202150][ T5842] task_work_run+0x208/0x2b0 [ 277.207085][ T5842] get_signal+0x136/0x2a20 [ 277.212211][ T5842] ? filter_irq_stacks+0x13f/0x190 [ 277.217633][ T5842] ? stack_depot_save_flags+0x35/0x790 [ 277.223397][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.228834][ T5842] ? arch_do_signal_or_restart+0x43/0xc00 [ 277.234802][ T5842] ? exit_to_user_mode_loop+0x117/0x1b60 [ 277.240675][ T5842] arch_do_signal_or_restart+0x53/0xc00 [ 277.246479][ T5842] ? kfree+0x20/0x1100 [ 277.250996][ T5842] ? kcov_ioctl+0x212/0x640 [ 277.255727][ T5842] ? kmsan_get_metadata+0xf1/0x160 [ 277.261129][ T5842] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 277.267772][ T5842] exit_to_user_mode_loop+0x117/0x1b60 [ 277.273626][ T5842] do_syscall_64+0x236/0xf80 [ 277.278479][ T5842] ? clear_bhb_loop+0x50/0xa0 [ 277.283432][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.289639][ T5842] RIP: 0033:0x7f9e1af9cdd9 [ 277.294240][ T5842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 277.314085][ T5842] RSP: 002b:00007f9e1be6f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 277.322767][ T5842] RAX: fffffffffffffe00 RBX: 00007f9e1b216090 RCX: 00007f9e1af9cdd9 [ 277.330952][ T5842] RDX: fffffffffffffe4a RSI: 0000200000000280 RDI: 0000000000000004 [ 277.339103][ T5842] RBP: 00007f9e1b032d69 R08: 0000000000000000 R09: 0000000000000000 [ 277.347266][ T5842] R10: 0000000000000530 R11: 0000000000000246 R12: 0000000000000000 [ 277.355413][ T5842] R13: 00007f9e1b216128 R14: 00007f9e1b216090 R15: 00007ffd2f2c8a18 [ 277.363621][ T5842] [ 277.367511][ T5842] Kernel Offset: disabled [ 277.372013][ T5842] Rebooting in 86400 seconds..