last executing test programs: 408.261945ms ago: executing program 1 (id=2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f018581c0bc0065666765f36f0f33f0100a660f3a0cb9000000752066b9800000c00f3a32c632c6004000a50f01d70f0901", 0x32}], 0x1, 0x54, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000001, 0x800000000, 0x20, 0x0, 0x0, 0x2004cc, 0x5, 0x0, 0x0, 0xfffffffdfffffffc, 0xfffffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0xc0086}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x24000040) 156.363738ms ago: executing program 1 (id=6): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x29a83a768e447add) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r1, {0x5, 0x2}, {}, {0x5, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 1 (id=7): socket$key(0xf, 0x3, 0x2) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="200029bd7000fddbdf25260000001e18"], 0x4c}}, 0x80) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.154' (ED25519) to the list of known hosts. [ 56.682990][ T4156] cgroup: Unknown subsys name 'net' [ 56.817597][ T4156] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.254994][ T4156] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 59.761380][ T4166] chnl_net:caif_netlink_parms(): no params data found [ 59.784173][ T4169] chnl_net:caif_netlink_parms(): no params data found [ 59.809982][ T4168] chnl_net:caif_netlink_parms(): no params data found [ 59.934225][ T4179] chnl_net:caif_netlink_parms(): no params data found [ 59.943725][ T4167] chnl_net:caif_netlink_parms(): no params data found [ 59.967557][ T4166] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.974978][ T4166] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.983481][ T4166] device bridge_slave_0 entered promiscuous mode [ 59.997006][ T4166] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.004644][ T4166] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.013536][ T4166] device bridge_slave_1 entered promiscuous mode [ 60.081567][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.088664][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.097376][ T4169] device bridge_slave_0 entered promiscuous mode [ 60.124499][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.131817][ T4168] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.139797][ T4168] device bridge_slave_0 entered promiscuous mode [ 60.147933][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.155218][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.163324][ T4169] device bridge_slave_1 entered promiscuous mode [ 60.180726][ T4166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.195460][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.202703][ T4168] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.211001][ T4168] device bridge_slave_1 entered promiscuous mode [ 60.229412][ T4166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.278510][ T4179] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.285752][ T4179] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.294157][ T4179] device bridge_slave_0 entered promiscuous mode [ 60.310014][ T4169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.322341][ T4169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.349102][ T4179] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.356611][ T4179] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.364777][ T4179] device bridge_slave_1 entered promiscuous mode [ 60.374538][ T4168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.408310][ T4166] team0: Port device team_slave_0 added [ 60.416979][ T4166] team0: Port device team_slave_1 added [ 60.431318][ T4168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.444603][ T4169] team0: Port device team_slave_0 added [ 60.450895][ T4167] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.458072][ T4167] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.466644][ T4167] device bridge_slave_0 entered promiscuous mode [ 60.506218][ T4169] team0: Port device team_slave_1 added [ 60.512631][ T4167] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.519690][ T4167] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.528019][ T4167] device bridge_slave_1 entered promiscuous mode [ 60.535974][ T4166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.543282][ T4166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.569330][ T4166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.582906][ T4179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.624930][ T4166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.632134][ T4166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.658229][ T4166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.670915][ T4179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.686687][ T4168] team0: Port device team_slave_0 added [ 60.694201][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.701266][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.727906][ T4169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.761164][ T4168] team0: Port device team_slave_1 added [ 60.767768][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.775319][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.801592][ T4169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.814963][ T4167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.853166][ T4167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.864970][ T4179] team0: Port device team_slave_0 added [ 60.903420][ T4179] team0: Port device team_slave_1 added [ 60.920921][ T4166] device hsr_slave_0 entered promiscuous mode [ 60.927848][ T4166] device hsr_slave_1 entered promiscuous mode [ 60.942369][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.949366][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.975928][ T4168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.005182][ T4167] team0: Port device team_slave_0 added [ 61.013251][ T4167] team0: Port device team_slave_1 added [ 61.019863][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.027097][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.053177][ T4168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.066956][ T4169] device hsr_slave_0 entered promiscuous mode [ 61.074174][ T4169] device hsr_slave_1 entered promiscuous mode [ 61.081465][ T4169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.089287][ T4169] Cannot create hsr debugfs directory [ 61.151559][ T4179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.158533][ T4179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.185187][ T4179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.205199][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.212302][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.238658][ T4167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.254004][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.261188][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.287449][ T4167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.308136][ T4179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.315139][ T4179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.341333][ T4179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.370690][ T4168] device hsr_slave_0 entered promiscuous mode [ 61.377585][ T4168] device hsr_slave_1 entered promiscuous mode [ 61.384386][ T4168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.392118][ T4168] Cannot create hsr debugfs directory [ 61.411128][ T2350] Bluetooth: hci1: command 0x0409 tx timeout [ 61.417994][ T2350] Bluetooth: hci0: command 0x0409 tx timeout [ 61.420369][ T4211] Bluetooth: hci4: command 0x0409 tx timeout [ 61.430113][ T4211] Bluetooth: hci3: command 0x0409 tx timeout [ 61.451382][ T4211] Bluetooth: hci2: command 0x0409 tx timeout [ 61.486406][ T4167] device hsr_slave_0 entered promiscuous mode [ 61.493727][ T4167] device hsr_slave_1 entered promiscuous mode [ 61.500472][ T4167] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.508112][ T4167] Cannot create hsr debugfs directory [ 61.527466][ T4179] device hsr_slave_0 entered promiscuous mode [ 61.534457][ T4179] device hsr_slave_1 entered promiscuous mode [ 61.541257][ T4179] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.548812][ T4179] Cannot create hsr debugfs directory [ 61.839168][ T4169] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.856505][ T4169] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.866343][ T4169] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.881360][ T4169] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.924069][ T4168] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.935055][ T4168] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.945358][ T4168] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.975378][ T4168] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.017576][ T4179] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.026836][ T4179] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.054760][ T4179] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.066932][ T4179] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.156762][ T4169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.174390][ T4166] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.187775][ T4166] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.198822][ T4166] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.225467][ T4169] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.233600][ T4166] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.245626][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.256332][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.304188][ T4167] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.319657][ T4167] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.331209][ T4167] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.340495][ T4167] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.350280][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.359532][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.370283][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.377888][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.387292][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.399577][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.408207][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.415300][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.423426][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.433928][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.452728][ T4168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.487959][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.498492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.509054][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.518997][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.528109][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.537370][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.545582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.553882][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.582699][ T4179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.592138][ T4168] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.603637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.614318][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.624565][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.633397][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.644200][ T4169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.662933][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.671166][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.694294][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.704580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.713557][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.720664][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.729468][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.748304][ T4179] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.769284][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.788410][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.798377][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.805513][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.818520][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.840684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.849376][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.864890][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.872051][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.882853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.920888][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.929053][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.938865][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.948020][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.955160][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.963093][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.972712][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.981480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.990121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.999393][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.027515][ T4166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.047923][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.056522][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.065488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.075057][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.084400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.094814][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.102774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.124767][ T4168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.139877][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.150695][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.158632][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.168677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.178978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.192984][ T4166] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.216512][ T4169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.226840][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.265012][ T4179] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.275795][ T4179] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.296916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.305887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.314750][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.321880][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.330787][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.339884][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.349121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.358013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.366761][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.376186][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.384595][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.393233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.402191][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.409245][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.428655][ T4167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.447857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.457678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.467295][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.476467][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.490431][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 63.491506][ T4215] Bluetooth: hci2: command 0x041b tx timeout [ 63.515581][ T4167] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.527674][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.537540][ T4215] Bluetooth: hci3: command 0x041b tx timeout [ 63.542336][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.553429][ T4215] Bluetooth: hci4: command 0x041b tx timeout [ 63.553943][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.559482][ T4215] Bluetooth: hci1: command 0x041b tx timeout [ 63.567955][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.582975][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.595294][ T4169] device veth0_vlan entered promiscuous mode [ 63.606779][ T4168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.622095][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.631674][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.642019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.652833][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.661717][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.668786][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.676907][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.685685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.694526][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.702705][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.716707][ T4169] device veth1_vlan entered promiscuous mode [ 63.728239][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.738024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.746936][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.756507][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.763629][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.782606][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.811213][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.819992][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.836971][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.847725][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.857226][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.866327][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.876224][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.885088][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.893958][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.908222][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.922902][ T4166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.946312][ T4169] device veth0_macvtap entered promiscuous mode [ 63.978678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.989874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.004176][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.013280][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.022513][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.031409][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.040047][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.049528][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.058771][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.067687][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.076543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.085496][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.094172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.103588][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.111377][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.132613][ T4168] device veth0_vlan entered promiscuous mode [ 64.142305][ T4169] device veth1_macvtap entered promiscuous mode [ 64.158442][ T4167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.171559][ T4167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.179522][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.189808][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.199055][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.208511][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.219248][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.228152][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.236561][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.259313][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.275667][ T4179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.285424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.295513][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.303360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.312977][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.335332][ T4168] device veth1_vlan entered promiscuous mode [ 64.362230][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.386207][ T4169] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.402080][ T4169] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.413871][ T4169] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.422723][ T4169] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.435564][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.445034][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.454017][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.462828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.479357][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.489173][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.502686][ T4166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.524831][ T4168] device veth0_macvtap entered promiscuous mode [ 64.563949][ T4168] device veth1_macvtap entered promiscuous mode [ 64.589320][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.606910][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.616601][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.626266][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.659866][ T4179] device veth0_vlan entered promiscuous mode [ 64.674285][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.686607][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.697209][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.706584][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.715488][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.723790][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.737460][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.748439][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.762947][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.796283][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.807086][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.816241][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.824098][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.832866][ T4179] device veth1_vlan entered promiscuous mode [ 64.841936][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.854073][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.867272][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.901192][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.909210][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.920582][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.929576][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.939336][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.955569][ T4168] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.965373][ T4168] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.974353][ T4168] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.983764][ T4168] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.024825][ T4238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.031427][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.040724][ T4238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.048419][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.059272][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.067700][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.075611][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.086744][ T4167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.099863][ T4179] device veth0_macvtap entered promiscuous mode [ 65.127083][ T4166] device veth0_vlan entered promiscuous mode [ 65.142900][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.162448][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.184447][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.209490][ T4166] device veth1_vlan entered promiscuous mode [ 65.239350][ T4179] device veth1_macvtap entered promiscuous mode [ 65.287642][ T4238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.319390][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.331644][ T4238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.356677][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.375195][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.391645][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.403472][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.404868][ T4245] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 65.437162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.451365][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.467705][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.478178][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.497478][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.507624][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.517544][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.526845][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.547504][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.563950][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.574717][ T4217] Bluetooth: hci4: command 0x040f tx timeout [ 65.594315][ T4217] Bluetooth: hci3: command 0x040f tx timeout [ 65.602305][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.608192][ T4217] Bluetooth: hci2: command 0x040f tx timeout [ 65.630770][ T4217] Bluetooth: hci0: command 0x040f tx timeout [ 65.636274][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.651329][ T4217] Bluetooth: hci1: command 0x040f tx timeout [ 65.679816][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.693462][ T4166] device veth0_macvtap entered promiscuous mode [ 65.704487][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.713138][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.722815][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.733306][ T4251] Zero length message leads to an empty skb [ 65.753920][ T4179] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.766005][ T4179] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.790552][ T4179] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.799305][ T4179] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.804947][ T4182] ================================================================== [ 65.816220][ T4182] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x11f1/0x3f50 [ 65.824066][ T4182] Read of size 1 at addr ffff8880756ed402 by task kworker/u5:7/4182 [ 65.832043][ T4182] [ 65.834384][ T4182] CPU: 1 PID: 4182 Comm: kworker/u5:7 Not tainted 5.15.180-syzkaller #0 [ 65.842725][ T4182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 65.852804][ T4182] Workqueue: hci3 hci_rx_work [ 65.857514][ T4182] Call Trace: [ 65.860796][ T4182] [ 65.863743][ T4182] dump_stack_lvl+0x1e3/0x2d0 [ 65.868423][ T4182] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 65.874053][ T4182] ? _printk+0xd1/0x120 [ 65.878226][ T4182] ? __wake_up_klogd+0xcc/0x100 [ 65.883075][ T4182] ? panic+0x860/0x860 [ 65.887139][ T4182] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 65.892630][ T4182] print_address_description+0x63/0x3b0 [ 65.898196][ T4182] ? hci_le_meta_evt+0x11f1/0x3f50 [ 65.903304][ T4182] kasan_report+0x16b/0x1c0 [ 65.907803][ T4182] ? hci_le_meta_evt+0x11f1/0x3f50 [ 65.912926][ T4182] hci_le_meta_evt+0x11f1/0x3f50 [ 65.917876][ T4182] ? __lock_acquire+0x1ff0/0x1ff0 [ 65.922920][ T4182] ? hci_remote_host_features_evt+0x280/0x280 [ 65.928982][ T4182] ? __mutex_unlock_slowpath+0x218/0x750 [ 65.934609][ T4182] ? hci_event_packet+0x3b4/0x1550 [ 65.939751][ T4182] ? mutex_unlock+0x10/0x10 [ 65.944403][ T4182] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 65.950395][ T4182] ? print_irqtrace_events+0x210/0x210 [ 65.955872][ T4182] hci_event_packet+0xc41/0x1550 [ 65.960823][ T4182] ? rcu_lock_release+0x20/0x20 [ 65.965695][ T4182] ? hci_send_to_monitor+0x99/0x4d0 [ 65.970928][ T4182] hci_rx_work+0x237/0xa10 [ 65.975379][ T4182] process_one_work+0x8a1/0x10c0 [ 65.980442][ T4182] ? worker_detach_from_pool+0x260/0x260 [ 65.986116][ T4182] ? _raw_spin_lock_irqsave+0x120/0x120 [ 65.991666][ T4182] ? kthread_data+0x4e/0xc0 [ 65.996188][ T4182] ? wq_worker_running+0x97/0x170 [ 66.001219][ T4182] worker_thread+0xaca/0x1280 [ 66.005912][ T4182] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 66.011831][ T4182] kthread+0x3f6/0x4f0 [ 66.015909][ T4182] ? rcu_lock_release+0x20/0x20 [ 66.020755][ T4182] ? kthread_blkcg+0xd0/0xd0 [ 66.025380][ T4182] ret_from_fork+0x1f/0x30 [ 66.029802][ T4182] [ 66.032824][ T4182] [ 66.035152][ T4182] Allocated by task 4253: [ 66.039495][ T4182] ____kasan_kmalloc+0xba/0xf0 [ 66.044257][ T4182] __kmalloc_node_track_caller+0x195/0x390 [ 66.050059][ T4182] __alloc_skb+0x12c/0x590 [ 66.054472][ T4182] vhci_write+0xbc/0x430 [ 66.058726][ T4182] vfs_write+0xacd/0xe50 [ 66.062985][ T4182] ksys_write+0x1a2/0x2c0 [ 66.067325][ T4182] do_syscall_64+0x3b/0x80 [ 66.071740][ T4182] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.077644][ T4182] [ 66.079956][ T4182] The buggy address belongs to the object at ffff8880756ed000 [ 66.079956][ T4182] which belongs to the cache kmalloc-1k of size 1024 [ 66.094190][ T4182] The buggy address is located 2 bytes to the right of [ 66.094190][ T4182] 1024-byte region [ffff8880756ed000, ffff8880756ed400) [ 66.107910][ T4182] The buggy address belongs to the page: [ 66.113549][ T4182] page:ffffea0001d5ba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756e8 [ 66.123714][ T4182] head:ffffea0001d5ba00 order:3 compound_mapcount:0 compound_pincount:0 [ 66.132037][ T4182] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 66.140081][ T4182] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441dc0 [ 66.148679][ T4182] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 66.157287][ T4182] page dumped because: kasan: bad access detected [ 66.163716][ T4182] page_owner tracks the page as allocated [ 66.169435][ T4182] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 154, ts 65712698797, free_ts 65683850531 [ 66.189224][ T4182] get_page_from_freelist+0x3b78/0x3d40 [ 66.194771][ T4182] __alloc_pages+0x272/0x700 [ 66.199352][ T4182] new_slab+0xbb/0x4b0 [ 66.203527][ T4182] ___slab_alloc+0x6f6/0xe10 [ 66.208135][ T4182] __kmalloc_node_track_caller+0x1f6/0x390 [ 66.213943][ T4182] __alloc_skb+0x12c/0x590 [ 66.218364][ T4182] inet6_rt_notify+0xdc/0x280 [ 66.223037][ T4182] fib6_add+0x1db2/0x3c80 [ 66.227377][ T4182] ip6_route_add+0x84/0x120 [ 66.231874][ T4182] addrconf_add_linklocal+0x5f1/0x9e0 [ 66.237240][ T4182] addrconf_addr_gen+0x85b/0xc00 [ 66.242175][ T4182] addrconf_init_auto_addrs+0x944/0xea0 [ 66.247729][ T4182] addrconf_notify+0xabc/0xf40 [ 66.252498][ T4182] raw_notifier_call_chain+0xd0/0x170 [ 66.257864][ T4182] netdev_state_change+0x11b/0x190 [ 66.262968][ T4182] linkwatch_do_dev+0x10c/0x160 [ 66.267825][ T4182] page last free stack trace: [ 66.272497][ T4182] free_unref_page_prepare+0xc34/0xcf0 [ 66.277951][ T4182] free_unref_page+0x95/0x2d0 [ 66.282625][ T4182] __unfreeze_partials+0x1b7/0x210 [ 66.287743][ T4182] put_cpu_partial+0x132/0x1a0 [ 66.292499][ T4182] ___cache_free+0xe3/0x100 [ 66.296993][ T4182] qlist_free_all+0x36/0x90 [ 66.301496][ T4182] kasan_quarantine_reduce+0x162/0x180 [ 66.306961][ T4182] __kasan_slab_alloc+0x2f/0xc0 [ 66.311808][ T4182] slab_post_alloc_hook+0x53/0x380 [ 66.316934][ T4182] kmem_cache_alloc+0xf3/0x280 [ 66.321703][ T4182] vm_area_dup+0x1e/0xb0 [ 66.325951][ T4182] __split_vma+0xb4/0x420 [ 66.330276][ T4182] mprotect_fixup+0x727/0x7d0 [ 66.334956][ T4182] do_mprotect_pkey+0x75b/0xa50 [ 66.339799][ T4182] __x64_sys_mprotect+0x7c/0x90 [ 66.344650][ T4182] do_syscall_64+0x3b/0x80 [ 66.349097][ T4182] [ 66.351410][ T4182] Memory state around the buggy address: [ 66.357027][ T4182] ffff8880756ed300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.365088][ T4182] ffff8880756ed380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.373163][ T4182] >ffff8880756ed400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.381218][ T4182] ^ [ 66.385287][ T4182] ffff8880756ed480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.393344][ T4182] ffff8880756ed500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.401402][ T4182] ================================================================== [ 66.409555][ T4182] Disabling lock debugging due to kernel taint [ 66.437362][ T4182] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 66.444593][ T4182] CPU: 1 PID: 4182 Comm: kworker/u5:7 Tainted: G B 5.15.180-syzkaller #0 [ 66.454322][ T4182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 66.464406][ T4182] Workqueue: hci3 hci_rx_work [ 66.469114][ T4182] Call Trace: [ 66.472408][ T4182] [ 66.475365][ T4182] dump_stack_lvl+0x1e3/0x2d0 [ 66.480063][ T4182] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 66.485693][ T4182] ? panic+0x860/0x860 [ 66.489760][ T4182] ? rcu_is_watching+0x11/0xa0 [ 66.494518][ T4182] ? preempt_schedule_common+0xa6/0xd0 [ 66.499977][ T4182] panic+0x318/0x860 [ 66.503865][ T4182] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 66.510011][ T4182] ? check_panic_on_warn+0x1d/0xa0 [ 66.515249][ T4182] ? fb_is_primary_device+0xd0/0xd0 [ 66.520449][ T4182] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 66.526450][ T4182] ? _raw_spin_unlock+0x40/0x40 [ 66.531299][ T4182] check_panic_on_warn+0x7e/0xa0 [ 66.536251][ T4182] ? hci_le_meta_evt+0x11f1/0x3f50 [ 66.541391][ T4182] end_report+0x6d/0xf0 [ 66.545565][ T4182] kasan_report+0x18e/0x1c0 [ 66.550151][ T4182] ? hci_le_meta_evt+0x11f1/0x3f50 [ 66.555260][ T4182] hci_le_meta_evt+0x11f1/0x3f50 [ 66.560231][ T4182] ? __lock_acquire+0x1ff0/0x1ff0 [ 66.565268][ T4182] ? hci_remote_host_features_evt+0x280/0x280 [ 66.571336][ T4182] ? __mutex_unlock_slowpath+0x218/0x750 [ 66.576973][ T4182] ? hci_event_packet+0x3b4/0x1550 [ 66.582077][ T4182] ? mutex_unlock+0x10/0x10 [ 66.586569][ T4182] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 66.592566][ T4182] ? print_irqtrace_events+0x210/0x210 [ 66.598021][ T4182] hci_event_packet+0xc41/0x1550 [ 66.602950][ T4182] ? rcu_lock_release+0x20/0x20 [ 66.607793][ T4182] ? hci_send_to_monitor+0x99/0x4d0 [ 66.612989][ T4182] hci_rx_work+0x237/0xa10 [ 66.617407][ T4182] process_one_work+0x8a1/0x10c0 [ 66.622367][ T4182] ? worker_detach_from_pool+0x260/0x260 [ 66.627993][ T4182] ? _raw_spin_lock_irqsave+0x120/0x120 [ 66.633552][ T4182] ? kthread_data+0x4e/0xc0 [ 66.638068][ T4182] ? wq_worker_running+0x97/0x170 [ 66.643082][ T4182] worker_thread+0xaca/0x1280 [ 66.647750][ T4182] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 66.653665][ T4182] kthread+0x3f6/0x4f0 [ 66.657743][ T4182] ? rcu_lock_release+0x20/0x20 [ 66.662582][ T4182] ? kthread_blkcg+0xd0/0xd0 [ 66.667161][ T4182] ret_from_fork+0x1f/0x30 [ 66.671580][ T4182] [ 66.674871][ T4182] Kernel Offset: disabled [ 66.679195][ T4182] Rebooting in 86400 seconds..