syzkaller login: [ 92.088782][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:36037' (ED25519) to the list of known hosts.
2025/08/08 20:47:13 ignoring optional flag "sandboxArg"="0"
2025/08/08 20:47:15 parsed 1 programs
[ 101.551198][ T5355] cgroup: Unknown subsys name 'net'
[ 101.642624][ T5355] cgroup: Unknown subsys name 'cpuset'
[ 101.648079][ T5355] cgroup: Unknown subsys name 'rlimit'
[ 103.415178][ T5355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 108.054448][ T5370] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 108.471349][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.474823][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.919555][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.948934][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.288747][ T5404] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 109.293955][ T5404] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 109.298342][ T5404] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 109.302390][ T5404] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 109.306578][ T5404] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 110.646999][ T5368] chnl_net:caif_netlink_parms(): no params data found
[ 111.395540][ T5404] Bluetooth: hci0: command tx timeout
[ 112.515564][ T5368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.520574][ T5368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.524042][ T5368] bridge_slave_0: entered allmulticast mode
[ 112.528066][ T5368] bridge_slave_0: entered promiscuous mode
[ 112.543680][ T5368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.547097][ T5368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.551627][ T5368] bridge_slave_1: entered allmulticast mode
[ 112.555248][ T5368] bridge_slave_1: entered promiscuous mode
[ 112.687349][ T5368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 112.717973][ T5368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 112.799713][ T5368] team0: Port device team_slave_0 added
[ 112.842385][ T5368] team0: Port device team_slave_1 added
[ 113.330584][ T5368] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.333972][ T5368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.382681][ T5368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.413943][ T5368] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.417149][ T5368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.462813][ T5368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.691091][ T5368] hsr_slave_0: entered promiscuous mode
[ 113.709903][ T5368] hsr_slave_1: entered promiscuous mode
[ 114.221256][ T5368] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 114.266999][ T5368] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 114.287208][ T5368] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 114.310673][ T5368] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 114.581556][ T5368] 8021q: adding VLAN 0 to HW filter on device bond0
[ 114.633261][ T5368] 8021q: adding VLAN 0 to HW filter on device team0
[ 114.663231][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.666485][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 114.693577][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.696539][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.230997][ T5368] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.319063][ T5368] veth0_vlan: entered promiscuous mode
[ 115.331419][ T5368] veth1_vlan: entered promiscuous mode
[ 115.381901][ T5368] veth0_macvtap: entered promiscuous mode
[ 115.399819][ T5368] veth1_macvtap: entered promiscuous mode
[ 115.423602][ T5368] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 115.443133][ T5368] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 115.482362][ T1098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.486180][ T1098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.499674][ T1098] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.503923][ T1098] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/08/08 20:47:31 executed programs: 0
[ 115.829483][ T5368] syz-executor (5368) used greatest stack depth: 19752 bytes left
[ 115.948589][ T4701] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 115.971871][ T5474] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 115.976488][ T5474] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 115.985237][ T5474] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 115.990947][ T5474] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 115.994152][ T5474] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 115.998334][ T5474] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 116.009866][ T5474] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 116.013345][ T5474] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 116.017744][ T5474] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 116.022396][ T5474] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 116.028835][ T5474] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 116.033009][ T5474] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 116.037234][ T5477] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 116.072883][ T5477] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 116.175162][ T45] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 116.186932][ T45] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 116.203026][ T45] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 116.206490][ T4701] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 116.211149][ T45] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 116.217243][ T45] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 116.258856][ T45] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 116.282007][ T45] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 116.296788][ T45] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 116.300432][ T45] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 116.399165][ T5478] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 116.410909][ T5478] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 116.414861][ T5478] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 116.424006][ T5478] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 116.427550][ T5478] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 116.923625][ T1098] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 117.392177][ T1098] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 117.767141][ T1098] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.108365][ T5478] Bluetooth: hci0: command tx timeout
[ 118.162472][ T5478] Bluetooth: hci2: command tx timeout
[ 118.165594][ T5478] Bluetooth: hci1: command tx timeout
[ 118.213753][ T1098] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.238904][ T5478] Bluetooth: hci3: command tx timeout
[ 118.321598][ T5478] Bluetooth: hci4: command tx timeout
[ 118.405965][ T5467] chnl_net:caif_netlink_parms(): no params data found
[ 118.478382][ T5478] Bluetooth: hci5: command tx timeout
[ 118.784049][ T5467] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.788079][ T5467] bridge0: port 1(bridge_slave_0) entered disabled state
[ 118.793948][ T5467] bridge_slave_0: entered allmulticast mode
[ 118.809954][ T5467] bridge_slave_0: entered promiscuous mode
[ 118.891374][ T5467] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.894670][ T5467] bridge0: port 2(bridge_slave_1) entered disabled state
[ 118.899057][ T5467] bridge_slave_1: entered allmulticast mode
[ 118.903533][ T5467] bridge_slave_1: entered promiscuous mode
[ 119.253641][ T1098] bridge_slave_1: left allmulticast mode
[ 119.256152][ T1098] bridge_slave_1: left promiscuous mode
[ 119.263813][ T1098] bridge0: port 2(bridge_slave_1) entered disabled state
[ 119.280911][ T1098] bridge_slave_0: left allmulticast mode
[ 119.283633][ T1098] bridge_slave_0: left promiscuous mode
[ 119.286107][ T1098] bridge0: port 1(bridge_slave_0) entered disabled state
[ 119.732692][ T1098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 119.740779][ T1098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 119.746012][ T1098] bond0 (unregistering): Released all slaves
[ 119.766109][ T5467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 119.788007][ T5467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 119.807811][ T5489] chnl_net:caif_netlink_parms(): no params data found
[ 119.921765][ T1098] hsr_slave_0: left promiscuous mode
[ 119.924795][ T1098] hsr_slave_1: left promiscuous mode
[ 119.927907][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 119.932618][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 119.936597][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 119.941935][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 119.955661][ T1098] veth1_macvtap: left promiscuous mode
[ 119.960885][ T1098] veth0_macvtap: left promiscuous mode
[ 119.964055][ T1098] veth1_vlan: left promiscuous mode
[ 119.967077][ T1098] veth0_vlan: left promiscuous mode
[ 120.159596][ T5478] Bluetooth: hci0: command tx timeout
[ 120.239558][ T5478] Bluetooth: hci1: command tx timeout
[ 120.242260][ T5478] Bluetooth: hci2: command tx timeout
[ 120.319356][ T45] Bluetooth: hci3: command tx timeout
[ 120.328665][ T1098] team0 (unregistering): Port device team_slave_1 removed
[ 120.351065][ T1098] team0 (unregistering): Port device team_slave_0 removed
[ 120.402600][ T45] Bluetooth: hci4: command tx timeout
[ 120.561851][ T45] Bluetooth: hci5: command tx timeout
[ 120.812074][ T5469] chnl_net:caif_netlink_parms(): no params data found
[ 120.835145][ T5467] team0: Port device team_slave_0 added
[ 120.909737][ T5467] team0: Port device team_slave_1 added
[ 121.150355][ T5489] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.153351][ T5489] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.156512][ T5489] bridge_slave_0: entered allmulticast mode
[ 121.169670][ T5489] bridge_slave_0: entered promiscuous mode
[ 121.204756][ T5482] chnl_net:caif_netlink_parms(): no params data found
[ 121.236009][ T5479] chnl_net:caif_netlink_parms(): no params data found
[ 121.245585][ T5489] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.268417][ T5489] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.271571][ T5489] bridge_slave_1: entered allmulticast mode
[ 121.275653][ T5489] bridge_slave_1: entered promiscuous mode
[ 121.324111][ T5467] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 121.327265][ T5467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 121.360267][ T5467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 121.440556][ T5467] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 121.443730][ T5467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 121.488542][ T5467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 121.555854][ T5489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 121.589909][ T5489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 121.658809][ T5468] chnl_net:caif_netlink_parms(): no params data found
[ 122.097564][ T5469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.120172][ T5469] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.123682][ T5469] bridge_slave_0: entered allmulticast mode
[ 122.147744][ T5469] bridge_slave_0: entered promiscuous mode
[ 122.160982][ T5469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.165054][ T5469] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.184552][ T5469] bridge_slave_1: entered allmulticast mode
[ 122.197514][ T5469] bridge_slave_1: entered promiscuous mode
[ 122.222391][ T5489] team0: Port device team_slave_0 added
[ 122.241858][ T45] Bluetooth: hci0: command tx timeout
[ 122.273952][ T5467] hsr_slave_0: entered promiscuous mode
[ 122.287795][ T5467] hsr_slave_1: entered promiscuous mode
[ 122.320827][ T45] Bluetooth: hci2: command tx timeout
[ 122.323404][ T45] Bluetooth: hci1: command tx timeout
[ 122.364671][ T5489] team0: Port device team_slave_1 added
[ 122.399236][ T5478] Bluetooth: hci3: command tx timeout
[ 122.435016][ T5482] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.443980][ T5482] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.447011][ T5482] bridge_slave_0: entered allmulticast mode
[ 122.462595][ T5482] bridge_slave_0: entered promiscuous mode
[ 122.478553][ T5478] Bluetooth: hci4: command tx timeout
[ 122.481809][ T5482] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.484703][ T5482] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.487774][ T5482] bridge_slave_1: entered allmulticast mode
[ 122.500111][ T5482] bridge_slave_1: entered promiscuous mode
[ 122.513045][ T5469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 122.548901][ T5479] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.551904][ T5479] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.555006][ T5479] bridge_slave_0: entered allmulticast mode
[ 122.566134][ T5479] bridge_slave_0: entered promiscuous mode
[ 122.639747][ T5478] Bluetooth: hci5: command tx timeout
[ 122.682912][ T5469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 122.687289][ T5479] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.699446][ T5479] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.712114][ T5479] bridge_slave_1: entered allmulticast mode
[ 122.719975][ T5479] bridge_slave_1: entered promiscuous mode
[ 122.760275][ T5489] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 122.763838][ T5489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 122.813021][ T5489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 122.872806][ T5482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 122.901761][ T5482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 122.978740][ T5489] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 122.981418][ T5489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.000171][ T5489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.049410][ T5479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 123.053521][ T5468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.056559][ T5468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.072724][ T5468] bridge_slave_0: entered allmulticast mode
[ 123.077757][ T5468] bridge_slave_0: entered promiscuous mode
[ 123.108947][ T5469] team0: Port device team_slave_0 added
[ 123.114232][ T5479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 123.123861][ T5468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.127180][ T5468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.135379][ T5468] bridge_slave_1: entered allmulticast mode
[ 123.142770][ T5468] bridge_slave_1: entered promiscuous mode
[ 123.147337][ T5482] team0: Port device team_slave_0 added
[ 123.153000][ T5482] team0: Port device team_slave_1 added
[ 123.156770][ T5469] team0: Port device team_slave_1 added
[ 123.303103][ T5489] hsr_slave_0: entered promiscuous mode
[ 123.306808][ T5489] hsr_slave_1: entered promiscuous mode
[ 123.325792][ T5489] debugfs: 'hsr0' already exists in 'hsr'
[ 123.334445][ T5489] Cannot create hsr debugfs directory
[ 123.353122][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.356245][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.388354][ T5469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.423427][ T5479] team0: Port device team_slave_0 added
[ 123.430023][ T5468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 123.457746][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.462736][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.499454][ T5482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.507197][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.528446][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.560928][ T5469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.606582][ T5479] team0: Port device team_slave_1 added
[ 123.631705][ T5468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 123.651836][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.655078][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.679828][ T5482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.816249][ T5479] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.823314][ T5479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.836534][ T5479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.902968][ T5469] hsr_slave_0: entered promiscuous mode
[ 123.907492][ T5469] hsr_slave_1: entered promiscuous mode
[ 123.915952][ T5469] debugfs: 'hsr0' already exists in 'hsr'
[ 123.919988][ T5469] Cannot create hsr debugfs directory
[ 123.923291][ T5479] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.926248][ T5479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 123.941493][ T5479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.957372][ T5468] team0: Port device team_slave_0 added
[ 124.031823][ T5468] team0: Port device team_slave_1 added
[ 124.104316][ T5482] hsr_slave_0: entered promiscuous mode
[ 124.109097][ T5482] hsr_slave_1: entered promiscuous mode
[ 124.111982][ T5482] debugfs: 'hsr0' already exists in 'hsr'
[ 124.114626][ T5482] Cannot create hsr debugfs directory
[ 124.127550][ T5479] hsr_slave_0: entered promiscuous mode
[ 124.131267][ T5479] hsr_slave_1: entered promiscuous mode
[ 124.134182][ T5479] debugfs: 'hsr0' already exists in 'hsr'
[ 124.136746][ T5479] Cannot create hsr debugfs directory
[ 124.221416][ T5468] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 124.224468][ T5468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.243003][ T5468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 124.294398][ T5468] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 124.297741][ T5468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.321688][ T5478] Bluetooth: hci0: command tx timeout
[ 124.338896][ T5468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 124.398473][ T5478] Bluetooth: hci1: command tx timeout
[ 124.401290][ T5478] Bluetooth: hci2: command tx timeout
[ 124.478659][ T45] Bluetooth: hci3: command tx timeout
[ 124.524553][ T5467] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 124.560266][ T45] Bluetooth: hci4: command tx timeout
[ 124.630914][ T5467] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 124.658665][ T5467] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 124.720687][ T45] Bluetooth: hci5: command tx timeout
[ 124.733858][ T5468] hsr_slave_0: entered promiscuous mode
[ 124.749289][ T5468] hsr_slave_1: entered promiscuous mode
[ 124.752225][ T5468] debugfs: 'hsr0' already exists in 'hsr'
[ 124.754832][ T5468] Cannot create hsr debugfs directory
[ 124.785302][ T5467] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 125.037611][ T5489] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 125.216428][ T5489] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 125.376193][ T5489] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 125.395514][ T5489] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 125.797792][ T5467] 8021q: adding VLAN 0 to HW filter on device bond0
[ 125.902246][ T5467] 8021q: adding VLAN 0 to HW filter on device team0
[ 125.931642][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 125.935182][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 125.956061][ T5469] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 126.022707][ T5469] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 126.044433][ T5469] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 126.086755][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.090131][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 126.104063][ T5469] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 126.197320][ T5489] 8021q: adding VLAN 0 to HW filter on device bond0
[ 126.285023][ T5482] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 126.343393][ T5489] 8021q: adding VLAN 0 to HW filter on device team0
[ 126.363489][ T5482] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 126.446763][ T5482] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 126.500955][ T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.504981][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 126.588104][ T5482] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 126.686295][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.689641][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 126.915067][ T5479] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 126.942387][ T5479] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 127.033023][ T5479] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 127.151822][ T5479] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 127.164218][ T5467] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 127.342933][ T5469] 8021q: adding VLAN 0 to HW filter on device bond0
[ 127.405327][ T5468] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 127.505291][ T5468] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 127.533852][ T5469] 8021q: adding VLAN 0 to HW filter on device team0
[ 127.539689][ T5468] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 127.596816][ T5482] 8021q: adding VLAN 0 to HW filter on device bond0
[ 127.641150][ T5468] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 127.785454][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.788782][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 127.816239][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.819778][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 127.865482][ T5482] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.034058][ T5469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 128.063624][ T5489] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 128.097777][ T5467] veth0_vlan: entered promiscuous mode
[ 128.147414][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.150797][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.208068][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.211410][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.323473][ T5479] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.446256][ T5467] veth1_vlan: entered promiscuous mode
[ 128.579619][ T5479] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.676526][ T5468] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.717809][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.721587][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.772767][ T5467] veth0_macvtap: entered promiscuous mode
[ 128.934623][ T5467] veth1_macvtap: entered promiscuous mode
[ 129.005449][ T5468] 8021q: adding VLAN 0 to HW filter on device team0
[ 129.061228][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.064689][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.192981][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.196264][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 129.377897][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.381324][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.443446][ T5467] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 129.524841][ T5467] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 129.568605][ T1152] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.573929][ T1152] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.579436][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.583352][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.604888][ T5469] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 129.808061][ T5482] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 130.040895][ T5489] veth0_vlan: entered promiscuous mode
[ 130.107059][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 130.133284][ T5479] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 130.139152][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 130.252174][ T5489] veth1_vlan: entered promiscuous mode
[ 130.282731][ T5469] veth0_vlan: entered promiscuous mode
[ 130.290208][ T5482] veth0_vlan: entered promiscuous mode
[ 130.366311][ T5482] veth1_vlan: entered promiscuous mode
[ 130.443096][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 130.461091][ T5469] veth1_vlan: entered promiscuous mode
[ 130.464948][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 130.656846][ T5489] veth0_macvtap: entered promiscuous mode
[ 130.735133][ T5469] veth0_macvtap: entered promiscuous mode
[ 130.820462][ T5489] veth1_macvtap: entered promiscuous mode
2025/08/08 20:47:46 executed programs: 12
[ 130.886548][ T5718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 130.894920][ T5469] veth1_macvtap: entered promiscuous mode
[ 130.921372][ T5718] netlink: 'syz.0.17': attribute type 10 has an invalid length.
[ 130.999947][ T5489] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 131.158927][ T5718] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 131.250012][ T5489] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 131.263552][ T5724] wlan1: No basic rates, using min rate instead
[ 131.290250][ T5724] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=aa:aa:aa:aa:aa:17)
[ 131.303283][ T5724] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[ 131.335218][ T1152] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[ 131.359259][ T1152] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[ 131.366830][ T5726] bond0: entered promiscuous mode
[ 131.370999][ T1152] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[ 131.375008][ T5726] bond_slave_0: entered promiscuous mode
[ 131.383414][ T5726] bond_slave_1: entered promiscuous mode
[ 131.386133][ T1152] ==================================================================
[ 131.389504][ T1152] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 131.392806][ T1152] Read of size 1 at addr ffff888043244f80 by task kworker/u4:11/1152
[ 131.397149][ T1152]
[ 131.398223][ T1152] CPU: 0 UID: 0 PID: 1152 Comm: kworker/u4:11 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full)
[ 131.398239][ T1152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 131.398248][ T1152] Workqueue: events_unbound cfg80211_wiphy_work
[ 131.398325][ T1152] Call Trace:
[ 131.398333][ T1152]
[ 131.398339][ T1152] dump_stack_lvl+0x189/0x250
[ 131.398354][ T1152] ? __virt_addr_valid+0x1c8/0x5c0
[ 131.398368][ T1152] ? rcu_is_watching+0x15/0xb0
[ 131.398408][ T1152] ? __pfx_dump_stack_lvl+0x10/0x10
[ 131.398420][ T1152] ? rcu_is_watching+0x15/0xb0
[ 131.398430][ T1152] ? lock_release+0x4b/0x3e0
[ 131.398444][ T1152] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 131.398458][ T1152] ? __virt_addr_valid+0x1c8/0x5c0
[ 131.398472][ T1152] ? __virt_addr_valid+0x4a5/0x5c0
[ 131.398484][ T1152] print_report+0xca/0x240
[ 131.398495][ T1152] ? _raw_spin_lock+0x2e/0x40
[ 131.398503][ T1152] kasan_report+0x118/0x150
[ 131.398519][ T1152] ? _raw_spin_lock+0x2e/0x40
[ 131.398530][ T1152] ? lockref_get+0x15/0x60
[ 131.398542][ T1152] __kasan_check_byte+0x2a/0x40
[ 131.398554][ T1152] lock_acquire+0x8d/0x360
[ 131.398571][ T1152] ? do_raw_spin_lock+0x121/0x290
[ 131.398584][ T1152] _raw_spin_lock+0x2e/0x40
[ 131.398593][ T1152] ? lockref_get+0x15/0x60
[ 131.398605][ T1152] lockref_get+0x15/0x60
[ 131.398619][ T1152] __simple_recursive_removal+0x33/0x510
[ 131.398630][ T1152] ? mntput+0x65/0xc0
[ 131.398641][ T1152] ? __pfx_remove_one+0x10/0x10
[ 131.398655][ T1152] debugfs_remove+0x5b/0x70
[ 131.398676][ T1152] ieee80211_sta_debugfs_remove+0x40/0x70
[ 131.398689][ T1152] __sta_info_destroy_part2+0x352/0x450
[ 131.398704][ T1152] sta_info_destroy_addr+0xf5/0x140
[ 131.398715][ T1152] ieee80211_destroy_auth_data+0x12d/0x260
[ 131.398731][ T1152] ieee80211_sta_work+0x11cf/0x3600
[ 131.398748][ T1152] ? __lock_acquire+0xab9/0xd20
[ 131.398765][ T1152] ? __lock_acquire+0xab9/0xd20
[ 131.398778][ T1152] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 131.398793][ T1152] ? do_raw_spin_lock+0x121/0x290
[ 131.398807][ T1152] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 131.398818][ T1152] ? lockdep_hardirqs_on+0x9c/0x150
[ 131.398831][ T1152] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 131.398843][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 131.398853][ T1152] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 131.398866][ T1152] ? skb_dequeue+0x10e/0x150
[ 131.398875][ T1152] ? ieee80211_iface_work+0xfc4/0x12d0
[ 131.398888][ T1152] ? ieee80211_iface_work+0x11d6/0x12d0
[ 131.398898][ T1152] ? rcu_is_watching+0x15/0xb0
[ 131.398909][ T1152] cfg80211_wiphy_work+0x2b8/0x470
[ 131.398919][ T1152] ? process_scheduled_works+0x9ef/0x17b0
[ 131.398930][ T1152] process_scheduled_works+0xade/0x17b0
[ 131.398947][ T1152] ? __pfx_process_scheduled_works+0x10/0x10
[ 131.398960][ T1152] worker_thread+0x8a0/0xda0
[ 131.398972][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 131.398985][ T1152] ? __kthread_parkme+0x7b/0x200
[ 131.398999][ T1152] kthread+0x70e/0x8a0
[ 131.399012][ T1152] ? __pfx_worker_thread+0x10/0x10
[ 131.399021][ T1152] ? __pfx_kthread+0x10/0x10
[ 131.399035][ T1152] ? _raw_spin_unlock_irq+0x23/0x50
[ 131.399045][ T1152] ? lockdep_hardirqs_on+0x9c/0x150
[ 131.399054][ T1152] ? __pfx_kthread+0x10/0x10
[ 131.399066][ T1152] ret_from_fork+0x3fc/0x770
[ 131.399078][ T1152] ? __pfx_ret_from_fork+0x10/0x10
[ 131.399091][ T1152] ? __pfx_kthread+0x10/0x10
[ 131.399103][ T1152] ret_from_fork_asm+0x1a/0x30
[ 131.399120][ T1152]
[ 131.399124][ T1152]
[ 131.552805][ T1152] Allocated by task 5724:
[ 131.554703][ T1152] kasan_save_track+0x3e/0x80
[ 131.556709][ T1152] __kasan_slab_alloc+0x6c/0x80
[ 131.558852][ T1152] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 131.561664][ T1152] __d_alloc+0x36/0x7a0
[ 131.563735][ T1152] d_alloc_parallel+0xe5/0x15e0
[ 131.566113][ T1152] __lookup_slow+0x116/0x3d0
[ 131.568353][ T1152] simple_start_creating+0xfd/0x1e0
[ 131.570658][ T1152] start_creating+0x10f/0x180
[ 131.572717][ T1152] debugfs_create_dir+0x28/0x420
[ 131.574848][ T1152] ieee80211_sta_debugfs_add+0x12c/0x850
[ 131.577246][ T1152] sta_info_insert_rcu+0xfac/0x1940
[ 131.579347][ T1152] sta_info_insert+0x16/0xc0
[ 131.581376][ T1152] ieee80211_prep_connection+0xfce/0x13f0
[ 131.583683][ T1152] ieee80211_mgd_auth+0xee3/0x1770
[ 131.586074][ T1152] cfg80211_mlme_auth+0x632/0x9c0
[ 131.588540][ T1152] cfg80211_conn_do_work+0x501/0xd10
[ 131.591442][ T1152] cfg80211_connect+0x1862/0x21a0
[ 131.593932][ T1152] nl80211_connect+0x17bc/0x1cd0
[ 131.596223][ T1152] genl_family_rcv_msg_doit+0x215/0x300
[ 131.598724][ T1152] genl_rcv_msg+0x60e/0x790
[ 131.600781][ T1152] netlink_rcv_skb+0x208/0x470
[ 131.602969][ T1152] genl_rcv+0x28/0x40
[ 131.604785][ T1152] netlink_unicast+0x82c/0x9e0
[ 131.607032][ T1152] netlink_sendmsg+0x805/0xb30
[ 131.609130][ T1152] __sock_sendmsg+0x21c/0x270
[ 131.611343][ T1152] ____sys_sendmsg+0x505/0x830
[ 131.613733][ T1152] ___sys_sendmsg+0x21f/0x2a0
[ 131.616072][ T1152] __x64_sys_sendmsg+0x19b/0x260
[ 131.618709][ T1152] do_syscall_64+0xfa/0x3b0
[ 131.620979][ T1152] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.623679][ T1152]
[ 131.624787][ T1152] Freed by task 5726:
[ 131.626546][ T1152] kasan_save_track+0x3e/0x80
[ 131.628508][ T1152] kasan_save_free_info+0x46/0x50
[ 131.630711][ T1152] __kasan_slab_free+0x5b/0x80
[ 131.632874][ T1152] kmem_cache_free+0x18f/0x400
[ 131.635000][ T1152] rcu_core+0xca8/0x1770
[ 131.636884][ T1152] handle_softirqs+0x283/0x870
[ 131.639002][ T1152] do_softirq+0xec/0x180
[ 131.641752][ T1152] __local_bh_enable_ip+0x17d/0x1c0
[ 131.644570][ T1152] pppoe_device_event+0x475/0x4a0
[ 131.646765][ T1152] notifier_call_chain+0x1b6/0x3e0
[ 131.649016][ T1152] __dev_close_many+0x106/0x6f0
[ 131.651188][ T1152] __dev_change_flags+0x2c7/0x6d0
[ 131.653460][ T1152] netif_change_flags+0x88/0x1a0
[ 131.655768][ T1152] do_setlink+0xc55/0x41c0
[ 131.657868][ T1152] rtnl_newlink+0x160b/0x1c70
[ 131.660165][ T1152] rtnetlink_rcv_msg+0x7cc/0xb70
[ 131.662643][ T1152] netlink_rcv_skb+0x208/0x470
[ 131.665136][ T1152] netlink_unicast+0x82c/0x9e0
[ 131.667329][ T1152] netlink_sendmsg+0x805/0xb30
[ 131.669562][ T1152] __sock_sendmsg+0x21c/0x270
[ 131.671707][ T1152] ____sys_sendmsg+0x505/0x830
[ 131.674004][ T1152] ___sys_sendmsg+0x21f/0x2a0
[ 131.676102][ T1152] __x64_sys_sendmsg+0x19b/0x260
[ 131.678474][ T1152] do_syscall_64+0xfa/0x3b0
[ 131.680618][ T1152] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.683358][ T1152]
[ 131.684385][ T1152] Last potentially related work creation:
[ 131.686863][ T1152] kasan_save_stack+0x3e/0x60
[ 131.689004][ T1152] kasan_record_aux_stack+0xbd/0xd0
[ 131.691342][ T1152] call_rcu+0x157/0x9c0
[ 131.693243][ T1152] __dentry_kill+0x4d2/0x660
[ 131.695495][ T1152] dput+0x19f/0x2b0
[ 131.697343][ T1152] find_next_child+0x1e5/0x250
[ 131.699734][ T1152] __simple_recursive_removal+0x10b/0x510
[ 131.702612][ T1152] debugfs_remove+0x5b/0x70
[ 131.704792][ T1152] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 131.707623][ T1152] drv_remove_interface+0x1fa/0x590
[ 131.709996][ T1152] ieee80211_change_mac+0x912/0x12d0
[ 131.712397][ T1152] netif_set_mac_address+0x2fc/0x4c0
[ 131.714898][ T1152] dev_set_mac_address+0x12b/0x260
[ 131.717359][ T1152] bond_set_mac_address+0x26c/0x7b0
[ 131.719973][ T1152] netif_set_mac_address+0x2fc/0x4c0
[ 131.722543][ T1152] do_setlink+0x88c/0x41c0
[ 131.724587][ T1152] rtnl_newlink+0x160b/0x1c70
[ 131.726779][ T1152] rtnetlink_rcv_msg+0x7cc/0xb70
[ 131.728989][ T1152] netlink_rcv_skb+0x208/0x470
[ 131.731213][ T1152] netlink_unicast+0x82c/0x9e0
[ 131.733613][ T1152] netlink_sendmsg+0x805/0xb30
[ 131.736281][ T1152] __sock_sendmsg+0x21c/0x270
[ 131.738793][ T1152] ____sys_sendmsg+0x505/0x830
[ 131.741244][ T1152] ___sys_sendmsg+0x21f/0x2a0
[ 131.743353][ T1152] __x64_sys_sendmsg+0x19b/0x260
[ 131.745764][ T1152] do_syscall_64+0xfa/0x3b0
[ 131.747846][ T1152] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.750550][ T1152]
[ 131.751744][ T1152] The buggy address belongs to the object at ffff888043244eb0
[ 131.751744][ T1152] which belongs to the cache dentry of size 312
[ 131.758268][ T1152] The buggy address is located 208 bytes inside of
[ 131.758268][ T1152] freed 312-byte region [ffff888043244eb0, ffff888043244fe8)
[ 131.764787][ T1152]
[ 131.765977][ T1152] The buggy address belongs to the physical page:
[ 131.769338][ T1152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43244
[ 131.774201][ T1152] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 131.778069][ T1152] memcg:ffff88804e6e1801
[ 131.780053][ T1152] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 131.783621][ T1152] page_type: f5(slab)
[ 131.785472][ T1152] raw: 04fff00000000040 ffff88801b6cc780 0000000000000000 dead000000000001
[ 131.789443][ T1152] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff88804e6e1801
[ 131.794214][ T1152] head: 04fff00000000040 ffff88801b6cc780 0000000000000000 dead000000000001
[ 131.798769][ T1152] head: 0000000000000000 0000000000150015 00000000f5000000 ffff88804e6e1801
[ 131.802584][ T1152] head: 04fff00000000001 ffffea00010c9101 00000000ffffffff 00000000ffffffff
[ 131.806510][ T1152] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 131.810488][ T1152] page dumped because: kasan: bad access detected
[ 131.813567][ T1152] page_owner tracks the page as allocated
[ 131.816431][ T1152] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4762, tgid 4762 (udevd), ts 58697131000, free_ts 0
[ 131.826456][ T1152] post_alloc_hook+0x240/0x2a0
[ 131.828725][ T1152] get_page_from_freelist+0x21e4/0x22c0
[ 131.831386][ T1152] __alloc_frozen_pages_noprof+0x181/0x370
[ 131.834367][ T1152] alloc_pages_mpol+0x232/0x4a0
[ 131.836888][ T1152] allocate_slab+0x8a/0x370
[ 131.839184][ T1152] ___slab_alloc+0xbeb/0x1410
[ 131.841423][ T1152] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 131.844094][ T1152] __d_alloc+0x36/0x7a0
[ 131.846029][ T1152] d_alloc_parallel+0xe5/0x15e0
[ 131.848258][ T1152] path_openat+0xa3b/0x3830
[ 131.850650][ T1152] do_filp_open+0x1fa/0x410
[ 131.853238][ T1152] do_sys_openat2+0x121/0x1c0
[ 131.856038][ T1152] __x64_sys_openat+0x138/0x170
[ 131.858491][ T1152] do_syscall_64+0xfa/0x3b0
[ 131.860660][ T1152] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.863466][ T1152] page_owner free stack trace missing
[ 131.865919][ T1152]
[ 131.867067][ T1152] Memory state around the buggy address:
[ 131.869561][ T1152] ffff888043244e80: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 131.873307][ T1152] ffff888043244f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 131.877089][ T1152] >ffff888043244f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 131.881387][ T1152] ^
[ 131.883315][ T1152] ffff888043245000: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[ 131.887036][ T1152] ffff888043245080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.891276][ T1152] ==================================================================
[ 131.899100][ T1152] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 131.902583][ T1152] CPU: 0 UID: 0 PID: 1152 Comm: kworker/u4:11 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full)
[ 131.908206][ T1152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 131.914360][ T1152] Workqueue: events_unbound cfg80211_wiphy_work
[ 131.917260][ T1152] Call Trace:
[ 131.918789][ T1152]
[ 131.920144][ T1152] dump_stack_lvl+0x99/0x250
[ 131.922288][ T1152] ? __asan_memcpy+0x40/0x70
[ 131.924560][ T1152] ? __pfx_dump_stack_lvl+0x10/0x10
[ 131.927048][ T1152] ? __pfx__printk+0x10/0x10
[ 131.929382][ T1152] vpanic+0x281/0x750
[ 131.931426][ T1152] ? __pfx_vpanic+0x10/0x10
[ 131.933860][ T1152] ? irqentry_exit+0x74/0x90
[ 131.936217][ T1152] panic+0xb9/0xc0
[ 131.938109][ T1152] ? __pfx_panic+0x10/0x10
[ 131.940198][ T1152] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 131.942947][ T1152] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 131.945681][ T1152] ? is_module_address+0x17/0xf0
[ 131.948059][ T1152] ? _raw_spin_lock+0x2e/0x40
[ 131.950446][ T1152] check_panic_on_warn+0x89/0xb0
[ 131.953053][ T1152] ? _raw_spin_lock+0x2e/0x40
[ 131.955364][ T1152] end_report+0x78/0x160
[ 131.957304][ T1152] kasan_report+0x129/0x150
[ 131.959417][ T1152] ? _raw_spin_lock+0x2e/0x40
[ 131.961636][ T1152] ? lockref_get+0x15/0x60
[ 131.963712][ T1152] __kasan_check_byte+0x2a/0x40
[ 131.965872][ T1152] lock_acquire+0x8d/0x360
[ 131.967931][ T1152] ? do_raw_spin_lock+0x121/0x290
[ 131.970208][ T1152] _raw_spin_lock+0x2e/0x40
[ 131.972804][ T1152] ? lockref_get+0x15/0x60
[ 131.975725][ T1152] lockref_get+0x15/0x60
[ 131.978270][ T1152] __simple_recursive_removal+0x33/0x510
[ 131.980776][ T1152] ? mntput+0x65/0xc0
[ 131.982645][ T1152] ? __pfx_remove_one+0x10/0x10
[ 131.984793][ T1152] debugfs_remove+0x5b/0x70
[ 131.986811][ T1152] ieee80211_sta_debugfs_remove+0x40/0x70
[ 131.989325][ T1152] __sta_info_destroy_part2+0x352/0x450
[ 131.991798][ T1152] sta_info_destroy_addr+0xf5/0x140
[ 131.994155][ T1152] ieee80211_destroy_auth_data+0x12d/0x260
[ 131.996687][ T1152] ieee80211_sta_work+0x11cf/0x3600
[ 131.998971][ T1152] ? __lock_acquire+0xab9/0xd20
[ 132.001190][ T1152] ? __lock_acquire+0xab9/0xd20
[ 132.003318][ T1152] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 132.005826][ T1152] ? do_raw_spin_lock+0x121/0x290
[ 132.008105][ T1152] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 132.011038][ T1152] ? lockdep_hardirqs_on+0x9c/0x150
[ 132.013447][ T1152] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 132.016051][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.018922][ T1152] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 132.021479][ T1152] ? skb_dequeue+0x10e/0x150
[ 132.023885][ T1152] ? ieee80211_iface_work+0xfc4/0x12d0
[ 132.026514][ T1152] ? ieee80211_iface_work+0x11d6/0x12d0
[ 132.029130][ T1152] ? rcu_is_watching+0x15/0xb0
[ 132.031180][ T1152] cfg80211_wiphy_work+0x2b8/0x470
[ 132.033328][ T1152] ? process_scheduled_works+0x9ef/0x17b0
[ 132.035633][ T1152] process_scheduled_works+0xade/0x17b0
[ 132.037822][ T1152] ? __pfx_process_scheduled_works+0x10/0x10
[ 132.040355][ T1152] worker_thread+0x8a0/0xda0
[ 132.042346][ T1152] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.045275][ T1152] ? __kthread_parkme+0x7b/0x200
[ 132.047488][ T1152] kthread+0x70e/0x8a0
[ 132.049330][ T1152] ? __pfx_worker_thread+0x10/0x10
[ 132.051562][ T1152] ? __pfx_kthread+0x10/0x10
[ 132.053740][ T1152] ? _raw_spin_unlock_irq+0x23/0x50
[ 132.056174][ T1152] ? lockdep_hardirqs_on+0x9c/0x150
[ 132.058635][ T1152] ? __pfx_kthread+0x10/0x10
[ 132.060769][ T1152] ret_from_fork+0x3fc/0x770
[ 132.062823][ T1152] ? __pfx_ret_from_fork+0x10/0x10
[ 132.065069][ T1152] ? __pfx_kthread+0x10/0x10
[ 132.067427][ T1152] ret_from_fork_asm+0x1a/0x30
[ 132.069791][ T1152]
[ 132.071548][ T1152] Kernel Offset: disabled
[ 132.073541][ T1152] Rebooting in 86400 seconds..
VM DIAGNOSIS:
20:47:47 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000292ed70
R8 =ffff888033e98237 R9 =1ffff110067d3046 R10=dffffc0000000000 R11=ffffffff85500110
R12=dffffc0000000000 R13=ffffffff99afd8e6 R14=ffffffff99df28e0 R15=0000000000000000
RIP=ffffffff8550018c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d218000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f977c7463f0 CR3=00000000564bd000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff86eccfa6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff86eccfa6 00007fff86eccfac
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bba12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bbb874a8 00007f31bbb874a0 00007f31bbb87498 00007f31bbb87470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bc6ed100 00007f31bbb87460 00007f31bbb87478 0000000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f31bbb874b8 00007f31bbb874b0 00007f31bbb874a8 00007f31bbb874a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000