Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
syzkaller login: [   42.431564][ T4051] chnl_net:caif_netlink_parms(): no params data found
[   42.472665][ T4051] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.474831][ T4051] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.477662][ T4051] device bridge_slave_0 entered promiscuous mode
[   42.482059][ T4051] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.483846][ T4051] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.486424][ T4051] device bridge_slave_1 entered promiscuous mode
[   42.502829][ T4051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.507268][ T4051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.522748][ T4051] team0: Port device team_slave_0 added
[   42.526316][ T4051] team0: Port device team_slave_1 added
[   42.541538][ T4051] batman_adv: batadv0: Adding interface: batadv_slave_0
[   42.543273][ T4051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.549703][ T4051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   42.554429][ T4051] batman_adv: batadv0: Adding interface: batadv_slave_1
[   42.556555][ T4051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.562768][ T4051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.638359][ T4051] device hsr_slave_0 entered promiscuous mode
[   42.696139][ T4051] device hsr_slave_1 entered promiscuous mode
[   42.836670][ T4051] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   42.888969][ T4051] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   42.939592][ T4051] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   42.978562][ T4051] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   43.044788][ T4051] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.046668][ T4051] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.048683][ T4051] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.050307][ T4051] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.093969][ T4051] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.102375][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.105929][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.109500][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.112250][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   43.120690][ T4051] 8021q: adding VLAN 0 to HW filter on device team0
[   43.127425][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.129612][ T3549] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.131248][ T3549] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.146856][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.149204][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.150901][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.153607][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.158710][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   43.164526][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.173704][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.176728][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.181588][ T4051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   43.195690][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   43.197756][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   43.204863][ T4051] 8021q: adding VLAN 0 to HW filter on device batadv0
[   43.223504][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.239766][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.242343][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.244649][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.249139][ T4051] device veth0_vlan entered promiscuous mode
[   43.255334][ T4051] device veth1_vlan entered promiscuous mode
[   43.270283][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   43.272595][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   43.275014][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.281138][ T4051] device veth0_macvtap entered promiscuous mode
[   43.285353][ T4051] device veth1_macvtap entered promiscuous mode
[   43.297371][ T4051] batman_adv: batadv0: Interface activated: batadv_slave_0
[   43.300227][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.303298][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   43.308276][ T4051] batman_adv: batadv0: Interface activated: batadv_slave_1
[   43.313404][ T4051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.315587][ T4051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.319420][ T4051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.321468][ T4051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.324796][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   43.356679][ T4062] device vlan2 entered promiscuous mode
[   43.357969][ T4062] device gretap0 entered promiscuous mode
[   43.359543][ T4062] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[   43.361523][ T4062] batman_adv: batadv0: Adding interface: vlan2
[   43.362978][ T4062] batman_adv: batadv0: The MTU of interface vlan2 is too small (8) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.369553][ T4062] batman_adv: batadv0: Interface activated: vlan2
[   43.376087][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.383571][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.390805][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.397940][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.405194][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.412452][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.419708][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.426968][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.434583][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   43.441871][ T4062] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-192)
[   44.186280][    T7] ==================================================================
[   44.188209][    T7] BUG: KASAN: slab-out-of-bounds in pskb_expand_head+0x1c4/0x1064
[   44.190090][    T7] Write of size 48 at addr ffff0000c1c3e1c0 by task kworker/0:0/7
[   44.191860][    T7] 
[   44.192453][    T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.99-syzkaller #0
[   44.194402][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   44.196865][    T7] Workqueue: mld mld_ifc_work
[   44.197972][    T7] Call trace:
[   44.198767][    T7]  dump_backtrace+0x0/0x530
[   44.199774][    T7]  show_stack+0x2c/0x3c
[   44.200783][    T7]  dump_stack_lvl+0x108/0x170
[   44.201882][    T7]  print_address_description+0x7c/0x3f0
[   44.203195][    T7]  kasan_report+0x174/0x1e4
[   44.204258][    T7]  kasan_check_range+0x274/0x2b4
[   44.205393][    T7]  memcpy+0xb4/0xe8
[   44.206310][    T7]  pskb_expand_head+0x1c4/0x1064
[   44.207430][    T7]  batadv_skb_head_push+0x158/0x1e8
[   44.208581][    T7]  batadv_interface_tx+0xb74/0x12d8
[   44.209799][    T7]  dev_hard_start_xmit+0x3a0/0xc50
[   44.211029][    T7]  __dev_queue_xmit+0x1500/0x2c20
[   44.212159][    T7]  dev_queue_xmit+0x24/0x34
[   44.213208][    T7]  ip6_finish_output2+0x1310/0x1c48
[   44.214398][    T7]  __ip6_finish_output+0x518/0x67c
[   44.215608][    T7]  ip6_finish_output+0x40/0x218
[   44.216782][    T7]  ip6_output+0x270/0x594
[   44.217798][    T7]  NF_HOOK+0x160/0x4ec
[   44.218729][    T7]  mld_sendpack+0x828/0x1264
[   44.219781][    T7]  mld_ifc_work+0x85c/0xb9c
[   44.220843][    T7]  process_one_work+0x84c/0x14b8
[   44.222053][    T7]  worker_thread+0x910/0x1034
[   44.223058][    T7]  kthread+0x37c/0x45c
[   44.223960][    T7]  ret_from_fork+0x10/0x20
[   44.225014][    T7] 
[   44.225563][    T7] Allocated by task 1:
[   44.226559][    T7]  ____kasan_kmalloc+0xbc/0xfc
[   44.227718][    T7]  __kasan_kmalloc+0x10/0x1c
[   44.228815][    T7]  kmem_cache_alloc_trace+0x248/0x3b4
[   44.230080][    T7]  call_usermodehelper_setup+0xa8/0x254
[   44.231423][    T7]  kobject_uevent_env+0x660/0x898
[   44.232651][    T7]  kobject_uevent+0x2c/0x3c
[   44.233669][    T7]  kernel_add_sysfs_param+0x104/0x138
[   44.234932][    T7]  param_sysfs_builtin+0x180/0x1ec
[   44.236172][    T7]  param_sysfs_init+0x70/0x80
[   44.237266][    T7]  do_one_initcall+0x2e4/0xc68
[   44.238441][    T7]  do_initcall_level+0x154/0x214
[   44.239649][    T7]  do_initcalls+0x58/0xac
[   44.240731][    T7]  do_basic_setup+0x8c/0xa0
[   44.241798][    T7]  kernel_init_freeable+0x470/0x650
[   44.243022][    T7]  kernel_init+0x24/0x294
[   44.244085][    T7]  ret_from_fork+0x10/0x20
[   44.245151][    T7] 
[   44.245650][    T7] The buggy address belongs to the object at ffff0000c1c3e000
[   44.245650][    T7]  which belongs to the cache kmalloc-256 of size 256
[   44.248806][    T7] The buggy address is located 192 bytes to the right of
[   44.248806][    T7]  256-byte region [ffff0000c1c3e000, ffff0000c1c3e100)
[   44.252124][    T7] The buggy address belongs to the page:
[   44.253405][    T7] page:0000000069d69f6d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c3e
[   44.255792][    T7] head:0000000069d69f6d order:1 compound_mapcount:0
[   44.257256][    T7] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   44.259172][    T7] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   44.261190][    T7] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   44.263263][    T7] page dumped because: kasan: bad access detected
[   44.264741][    T7] 
[   44.265300][    T7] Memory state around the buggy address:
[   44.266594][    T7]  ffff0000c1c3e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.268456][    T7]  ffff0000c1c3e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.270408][    T7] >ffff0000c1c3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.272392][    T7]                                            ^
[   44.273731][    T7]  ffff0000c1c3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.275580][    T7]  ffff0000c1c3e280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.277450][    T7] ==================================================================
[   44.279368][    T7] Disabling lock debugging due to kernel taint
[   44.280886][    T7] Unable to handle kernel paging request at virtual address dfff800000000000
[   44.282903][    T7] Mem abort info:
[   44.283592][    T7]   ESR = 0x0000000096000006
[   44.284408][    T7]   EC = 0x25: DABT (current EL), IL = 32 bits
[   44.285468][    T7]   SET = 0, FnV = 0
[   44.286151][    T7]   EA = 0, S1PTW = 0
[   44.286822][    T7]   FSC = 0x06: level 2 translation fault
[   44.287779][    T7] Data abort info:
[   44.288434][    T7]   ISV = 0, ISS = 0x00000006
[   44.289468][    T7]   CM = 0, WnR = 0
[   44.290347][    T7] [dfff800000000000] address between user and kernel address ranges
[   44.292185][    T7] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   44.293677][    T7] Modules linked in:
[   44.294594][    T7] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G    B             5.15.99-syzkaller #0
[   44.296751][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   44.299097][    T7] Workqueue: mld mld_ifc_work
[   44.299902][    T7] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   44.301246][    T7] pc : put_page+0x2c/0x21c
[   44.302025][    T7] lr : put_page+0x24/0x21c
[   44.302819][    T7] sp : ffff8000189a7050
[   44.303558][    T7] x29: ffff8000189a7050 x28: ffff0001c1c3e1f0 x27: 1fffe0001b4eb00f
[   44.305153][    T7] x26: dfff800000000000 x25: ffffffffffffffff x24: 1fffe00038387c38
[   44.306752][    T7] x23: ffff0001c1c3e1f0 x22: 0000000000000000 x21: dfff800000000000
[   44.308663][    T7] x20: 0000000000000007 x19: ffffffffffffffff x18: 0000000000000402
[   44.310597][    T7] x17: ff808000083386a0 x16: ffff800011a08b18 x15: ffff8000083386a0
[   44.312526][    T7] x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
[   44.314403][    T7] x11: ff8080000fdc8df0 x10: 0000000000000000 x9 : ffff80000fdc8df0
[   44.316350][    T7] x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff80000fdbd374
[   44.318193][    T7] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000fdb3d58
[   44.320120][    T7] x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffffffffffffffff
[   44.322022][    T7] Call trace:
[   44.322769][    T7]  put_page+0x2c/0x21c
[   44.323734][    T7]  skb_release_data+0x2e4/0x5fc
[   44.324818][    T7]  consume_skb+0xa0/0x18c
[   44.325809][    T7]  batadv_send_bcast_packet+0x44/0x58
[   44.327108][    T7]  batadv_interface_tx+0xcec/0x12d8
[   44.328373][    T7]  dev_hard_start_xmit+0x3a0/0xc50
[   44.329591][    T7]  __dev_queue_xmit+0x1500/0x2c20
[   44.330724][    T7]  dev_queue_xmit+0x24/0x34
[   44.331744][    T7]  ip6_finish_output2+0x1310/0x1c48
[   44.332997][    T7]  __ip6_finish_output+0x518/0x67c
[   44.334153][    T7]  ip6_finish_output+0x40/0x218
[   44.335313][    T7]  ip6_output+0x270/0x594
[   44.336376][    T7]  NF_HOOK+0x160/0x4ec
[   44.337341][    T7]  mld_sendpack+0x828/0x1264
[   44.338410][    T7]  mld_ifc_work+0x85c/0xb9c
[   44.339462][    T7]  process_one_work+0x84c/0x14b8
[   44.340591][    T7]  worker_thread+0x910/0x1034
[   44.341679][    T7]  kthread+0x37c/0x45c
[   44.342605][    T7]  ret_from_fork+0x10/0x20
[   44.343742][    T7] Code: f2fbfff5 961bf75c 91002274 d343fe88 (38756908) 
[   44.345352][    T7] ---[ end trace e2058ed71e43c7ab ]---
[   44.692443][    T7] Kernel panic - not syncing: Oops: Fatal exception in interrupt
[   44.694325][    T7] SMP: stopping secondary CPUs
[   44.695447][    T7] Kernel Offset: disabled
[   44.696529][    T7] CPU features: 0x000081c1,21302e40
[   44.697762][    T7] Memory Limit: none
[   45.040068][    T7] Rebooting in 86400 seconds..