last executing test programs: 446.436457ms ago: executing program 2 (id=3): bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_usb_connect(0x5, 0x51, &(0x7f0000000040)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63000000000009050300000000000009050cf2000002060209050f000000400000090507"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) 254.829906ms ago: executing program 4 (id=5): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x10) 185.388335ms ago: executing program 4 (id=6): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000040)) socket$inet_udp(0x2, 0x2, 0x0) 178.280185ms ago: executing program 0 (id=1): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x1c, r1, 0xd, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x80) 168.540396ms ago: executing program 3 (id=4): dup(0xffffffffffffffff) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r1, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r1, 0x26, &(0x7f00000031c0)={0x1, 0x2, 0x0, 0x9}) 156.255789ms ago: executing program 1 (id=2): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x80081, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x23894) 43.370417ms ago: executing program 4 (id=7): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) unshare(0x2040400) newfstatat(0xffffffff0000005d, 0x0, 0x0, 0x1000) 43.184797ms ago: executing program 1 (id=8): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b595000000000000000002000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) 17.157423ms ago: executing program 1 (id=9): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x110c4, 0x1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x1e03}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xab10}]}, 0x44}, 0x1, 0x0, 0x0, 0x8084}, 0x40010) 0s ago: executing program 0 (id=10): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="b875a1431a05b9319c", 0x9}], 0x1}}], 0x1, 0x0) writev(r0, &(0x7f0000002800)=[{&(0x7f00000028c0)="3f4218fc0a7cc78369", 0x9}], 0x1) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. [ 36.932269][ T6421] cgroup: Unknown subsys name 'net' [ 37.184076][ T6421] cgroup: Unknown subsys name 'cpuset' [ 37.187727][ T6421] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 37.541804][ T6421] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 39.717289][ T6433] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.738435][ T6442] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.741082][ T6442] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 39.753669][ T6445] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 39.755902][ T6445] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 39.757687][ T6445] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.759578][ T6445] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 39.761035][ T6445] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 39.763468][ T6445] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 39.765414][ T6445] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 39.767642][ T6445] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 39.769266][ T6445] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 39.769432][ T6446] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 39.771609][ T6445] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.773036][ T6446] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 39.774362][ T6445] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.775892][ T6446] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 39.776635][ T6445] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 39.778547][ T6446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 39.779480][ T6445] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 39.780918][ T6446] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 39.783197][ T6445] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.784878][ T6446] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 39.785970][ T6445] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 39.786839][ T6446] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 39.788396][ T6445] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 39.790087][ T6446] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 39.792511][ T5993] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 39.793266][ T6446] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 39.794739][ T5993] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 39.962350][ T6441] chnl_net:caif_netlink_parms(): no params data found [ 40.074522][ T6441] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.076166][ T6441] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.077680][ T6441] bridge_slave_0: entered allmulticast mode [ 40.079373][ T6441] bridge_slave_0: entered promiscuous mode [ 40.082446][ T6441] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.083978][ T6441] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.085494][ T6441] bridge_slave_1: entered allmulticast mode [ 40.087242][ T6441] bridge_slave_1: entered promiscuous mode [ 40.105966][ T6441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.114148][ T6431] chnl_net:caif_netlink_parms(): no params data found [ 40.118137][ T6435] chnl_net:caif_netlink_parms(): no params data found [ 40.132628][ T6441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.165865][ T6434] chnl_net:caif_netlink_parms(): no params data found [ 40.203741][ T6441] team0: Port device team_slave_0 added [ 40.221304][ T6441] team0: Port device team_slave_1 added [ 40.222936][ T6435] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.224437][ T6435] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.226028][ T6435] bridge_slave_0: entered allmulticast mode [ 40.227867][ T6435] bridge_slave_0: entered promiscuous mode [ 40.262649][ T6435] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.264221][ T6435] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.265721][ T6435] bridge_slave_1: entered allmulticast mode [ 40.267399][ T6435] bridge_slave_1: entered promiscuous mode [ 40.277111][ T6431] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.278520][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.280053][ T6431] bridge_slave_0: entered allmulticast mode [ 40.281993][ T6431] bridge_slave_0: entered promiscuous mode [ 40.295667][ T6435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.301037][ T6435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.303686][ T6431] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.305232][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.306797][ T6431] bridge_slave_1: entered allmulticast mode [ 40.308538][ T6431] bridge_slave_1: entered promiscuous mode [ 40.320905][ T6441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.322749][ T6441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.328055][ T6441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.342731][ T6439] chnl_net:caif_netlink_parms(): no params data found [ 40.355703][ T6441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.357159][ T6441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.363025][ T6441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.371818][ T6435] team0: Port device team_slave_0 added [ 40.375122][ T6431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.377141][ T6434] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.378632][ T6434] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.380183][ T6434] bridge_slave_0: entered allmulticast mode [ 40.382328][ T6434] bridge_slave_0: entered promiscuous mode [ 40.385189][ T6434] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.386781][ T6434] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.388412][ T6434] bridge_slave_1: entered allmulticast mode [ 40.390465][ T6434] bridge_slave_1: entered promiscuous mode [ 40.397702][ T6435] team0: Port device team_slave_1 added [ 40.406370][ T6431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.419492][ T6434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.452465][ T6434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.503825][ T6441] hsr_slave_0: entered promiscuous mode [ 40.552119][ T6441] hsr_slave_1: entered promiscuous mode [ 40.594832][ T6435] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.596230][ T6435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.601363][ T6435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.604838][ T6435] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.606322][ T6435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.612008][ T6435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.616214][ T6431] team0: Port device team_slave_0 added [ 40.637469][ T6431] team0: Port device team_slave_1 added [ 40.644599][ T6434] team0: Port device team_slave_0 added [ 40.661826][ T6439] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.663366][ T6439] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.664903][ T6439] bridge_slave_0: entered allmulticast mode [ 40.666712][ T6439] bridge_slave_0: entered promiscuous mode [ 40.680467][ T6434] team0: Port device team_slave_1 added [ 40.682344][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.683857][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.688926][ T6431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.694451][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.696092][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.701346][ T6431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.704858][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.706416][ T6439] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.707954][ T6439] bridge_slave_1: entered allmulticast mode [ 40.709852][ T6439] bridge_slave_1: entered promiscuous mode [ 40.744657][ T6434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.746177][ T6434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.751286][ T6434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.759111][ T6434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.760734][ T6434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.766049][ T6434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.804709][ T6435] hsr_slave_0: entered promiscuous mode [ 40.842774][ T6435] hsr_slave_1: entered promiscuous mode [ 40.892120][ T6435] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.893840][ T6435] Cannot create hsr debugfs directory [ 40.902623][ T6439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.906216][ T6439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.932710][ T6439] team0: Port device team_slave_0 added [ 40.956616][ T6439] team0: Port device team_slave_1 added [ 41.003160][ T6431] hsr_slave_0: entered promiscuous mode [ 41.042075][ T6431] hsr_slave_1: entered promiscuous mode [ 41.081888][ T6431] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.083420][ T6431] Cannot create hsr debugfs directory [ 41.123325][ T6434] hsr_slave_0: entered promiscuous mode [ 41.162850][ T6434] hsr_slave_1: entered promiscuous mode [ 41.201973][ T6434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.203595][ T6434] Cannot create hsr debugfs directory [ 41.272859][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.274429][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.279417][ T6439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.282996][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.284477][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.289587][ T6439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.393687][ T6439] hsr_slave_0: entered promiscuous mode [ 41.442580][ T6439] hsr_slave_1: entered promiscuous mode [ 41.481906][ T6439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.483604][ T6439] Cannot create hsr debugfs directory [ 41.539673][ T6441] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 41.553299][ T6441] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 41.566822][ T6441] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 41.569884][ T6441] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 41.615531][ T6435] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.618661][ T6435] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.623637][ T6435] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.632813][ T6435] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.666386][ T6439] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 41.673124][ T6439] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 41.677006][ T6439] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 41.680481][ T6439] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 41.736616][ T6441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.748634][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.750185][ T6439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.757485][ T6434] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 41.762969][ T6434] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 41.766837][ T6434] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 41.778863][ T6441] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.783344][ T6435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.785058][ T6434] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 41.793955][ T247] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.808562][ T6435] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.820168][ T247] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.821901][ T247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.837727][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.839176][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.841502][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.843032][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.852994][ T6442] Bluetooth: hci1: command tx timeout [ 41.853285][ T53] Bluetooth: hci4: command tx timeout [ 41.854356][ T6442] Bluetooth: hci2: command tx timeout [ 41.855502][ T53] Bluetooth: hci0: command tx timeout [ 41.856861][ T5993] Bluetooth: hci3: command tx timeout [ 41.885029][ T172] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.886643][ T172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.895293][ T6431] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 41.899244][ T6431] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 41.906218][ T6431] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 41.909859][ T6431] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 41.953567][ T6441] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 41.955720][ T6441] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.961988][ T6439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.013689][ T6439] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.030013][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.031518][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.044819][ T247] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.046395][ T247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.050645][ T6434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.112368][ T6439] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.114681][ T6439] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.126507][ T6434] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.145445][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.147016][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.149498][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.151052][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.189969][ T6441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.219275][ T6435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.229028][ T6431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.244130][ T6439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.277075][ T6431] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.318111][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.319686][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.326820][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.328515][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.340190][ T6441] veth0_vlan: entered promiscuous mode [ 42.343358][ T6435] veth0_vlan: entered promiscuous mode [ 42.350875][ T6431] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.354394][ T6431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.369801][ T6441] veth1_vlan: entered promiscuous mode [ 42.382706][ T6434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.423497][ T6441] veth0_macvtap: entered promiscuous mode [ 42.426631][ T6441] veth1_macvtap: entered promiscuous mode [ 42.434904][ T6435] veth1_vlan: entered promiscuous mode [ 42.456544][ T6441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.461436][ T6439] veth0_vlan: entered promiscuous mode [ 42.476406][ T6441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.479670][ T6441] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.481589][ T6441] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.483988][ T6441] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.485828][ T6441] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.498880][ T6431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.506374][ T6439] veth1_vlan: entered promiscuous mode [ 42.530389][ T6434] veth0_vlan: entered promiscuous mode [ 42.535401][ T6434] veth1_vlan: entered promiscuous mode [ 42.560587][ T6439] veth0_macvtap: entered promiscuous mode [ 42.580880][ T6435] veth0_macvtap: entered promiscuous mode [ 42.599416][ T6439] veth1_macvtap: entered promiscuous mode [ 42.604020][ T6435] veth1_macvtap: entered promiscuous mode [ 42.629512][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.634304][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.637337][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.652801][ T6434] veth0_macvtap: entered promiscuous mode [ 42.656991][ T6434] veth1_macvtap: entered promiscuous mode [ 42.659477][ T6431] veth0_vlan: entered promiscuous mode [ 42.661310][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.664800][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.668909][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.671121][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.674001][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.678277][ T6439] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.680098][ T6439] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.683758][ T6439] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.685657][ T6439] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.689165][ T6435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.691332][ T6435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.695739][ T6435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.697880][ T6435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.700740][ T6435] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.704614][ T6435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.706853][ T6435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.708921][ T6435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.711106][ T6435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.714827][ T6435] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.734255][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.736397][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.738384][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.740437][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.743786][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.746057][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.749134][ T6434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.753168][ T6435] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.755026][ T6435] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.756784][ T6435] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.758562][ T6435] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.767726][ T6431] veth1_vlan: entered promiscuous mode [ 42.773893][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.776110][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.778145][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.780192][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.783081][ T6434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.785217][ T6434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.788007][ T6434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.800464][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.807793][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.818806][ T6434] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.821128][ T6434] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.823945][ T6434] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.825733][ T6434] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.855668][ T6431] veth0_macvtap: entered promiscuous mode [ 42.859537][ T6431] veth1_macvtap: entered promiscuous mode [ 42.899021][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.901367][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.905152][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.907401][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.909502][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.915673][ T6441] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 42.919690][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.921982][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.924131][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.927268][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.933862][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.936159][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.938179][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.940328][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.945635][ T315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.947088][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.947428][ T315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.949628][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.953860][ T6431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.956112][ T6431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.958982][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.995440][ T6431] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.996238][ T247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.997270][ T6431] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.998822][ T247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.000538][ T6431] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.009945][ T6431] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.022680][ T6513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.026409][ T6513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.051234][ T247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.054060][ T247] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.103523][ T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.105200][ T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.107749][ T172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.109354][ T172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.129083][ T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.130802][ T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.150079][ T315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.152385][ T315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.171039][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.175825][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.386042][ T6528] netlink: 'syz.1.8': attribute type 1 has an invalid length. [ 43.388286][ T6528] netlink: 'syz.1.8': attribute type 2 has an invalid length. [ 43.390061][ T6528] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8'. [ 43.466701][ C1] ------------[ cut here ]------------ [ 43.467897][ C1] refcount_t: underflow; use-after-free. [ 43.469365][ C1] WARNING: CPU: 1 PID: 6535 at lib/refcount.c:28 refcount_warn_saturate+0x1c8/0x20c [ 43.471349][ C1] Modules linked in: [ 43.472144][ C1] CPU: 1 UID: 0 PID: 6535 Comm: syz.0.10 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0 [ 43.474168][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.476313][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.477946][ C1] pc : refcount_warn_saturate+0x1c8/0x20c [ 43.479383][ C1] lr : refcount_warn_saturate+0x1c8/0x20c [ 43.480650][ C1] sp : ffff8000800176f0 [ 43.481627][ C1] x29: ffff8000800176f0 x28: 0000000000000001 x27: 00000000ffffffff [ 43.483631][ C1] x26: 1fffe0001ae77418 x25: dfff800000000000 x24: 0000000000000000 [ 43.485349][ C1] x23: ffff0000c7102ea4 x22: ffff80008a63b670 x21: 0000000000000003 [ 43.487122][ C1] x20: ffff0000c7102ea4 x19: ffff800092b74000 x18: 0000000000000008 [ 43.489038][ C1] x17: 0000000000000000 x16: ffff8000831615b0 x15: 0000000000000001 [ 43.490907][ C1] x14: 1fffe000366c80e2 x13: 0000000000000000 x12: 0000000000000000 [ 43.492649][ C1] x11: 0000000000000103 x10: 0000000000ff0100 x9 : f54a0ea1699caa00 [ 43.494450][ C1] x8 : f54a0ea1699caa00 x7 : 0000000000000001 x6 : 0000000000000001 [ 43.496255][ C1] x5 : ffff800080016e18 x4 : ffff80008f9bd220 x3 : ffff800080626d8c [ 43.498010][ C1] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000000 [ 43.499836][ C1] Call trace: [ 43.500612][ C1] refcount_warn_saturate+0x1c8/0x20c (P) [ 43.501942][ C1] refcount_warn_saturate+0x1c8/0x20c (L) [ 43.503182][ C1] sk_skb_reason_drop+0x210/0x43c [ 43.504290][ C1] j1939_session_put+0x1c8/0x460 [ 43.505409][ C1] j1939_xtp_rx_eoma+0x2d0/0x4c0 [ 43.506492][ C1] j1939_tp_recv+0x698/0xe14 [ 43.507609][ C1] j1939_can_recv+0x5bc/0x934 [ 43.508634][ C1] can_rcv_filter+0x308/0x714 [ 43.509647][ C1] can_receive+0x328/0x488 [ 43.510742][ C1] can_rcv+0x128/0x240 [ 43.511707][ C1] __netif_receive_skb+0x18c/0x3c8 [ 43.512929][ C1] process_backlog+0x640/0x123c [ 43.514183][ C1] __napi_poll+0xb4/0x3fc [ 43.515185][ C1] net_rx_action+0x6a8/0xf4c [ 43.516161][ C1] handle_softirqs+0x2e0/0xbf8 [ 43.517305][ C1] __do_softirq+0x14/0x20 [ 43.518217][ C1] ____do_softirq+0x14/0x20 [ 43.519195][ C1] call_on_irq_stack+0x24/0x4c [ 43.520301][ C1] do_softirq_own_stack+0x20/0x2c [ 43.521570][ C1] __irq_exit_rcu+0x1d8/0x544 [ 43.522575][ C1] irq_exit_rcu+0x14/0x84 [ 43.523604][ C1] el1_interrupt+0x38/0x68 [ 43.524490][ C1] el1h_64_irq_handler+0x18/0x24 [ 43.525649][ C1] el1h_64_irq+0x6c/0x70 [ 43.526534][ C1] _raw_spin_unlock_irqrestore+0x44/0x98 (P) [ 43.527802][ C1] _raw_spin_unlock_irqrestore+0x38/0x98 (L) [ 43.529176][ C1] hrtimer_start_range_ns+0x8bc/0x9e0 [ 43.530381][ C1] j1939_tp_schedule_txtimer+0x88/0xdc [ 43.531715][ C1] j1939_sk_sendmsg+0xb00/0x10d0 [ 43.532876][ C1] ____sys_sendmsg+0x56c/0x840 [ 43.534009][ C1] __sys_sendmmsg+0x318/0x7e0 [ 43.535029][ C1] __arm64_sys_sendmmsg+0xa0/0xbc [ 43.536232][ C1] invoke_syscall+0x98/0x2b8 [ 43.537242][ C1] el0_svc_common+0x130/0x23c [ 43.538304][ C1] do_el0_svc+0x48/0x58 [ 43.539241][ C1] el0_svc+0x54/0x168 [ 43.540119][ C1] el0t_64_sync_handler+0x84/0x108 [ 43.541209][ C1] el0t_64_sync+0x198/0x19c [ 43.542292][ C1] irq event stamp: 659 [ 43.543164][ C1] hardirqs last enabled at (658): [] __console_unlock+0x70/0xc4 [ 43.545097][ C1] hardirqs last disabled at (659): [] el1_dbg+0x24/0x80 [ 43.546949][ C1] softirqs last enabled at (248): [] j1939_session_activate+0x238/0x378 [ 43.549082][ C1] softirqs last disabled at (253): [] __do_softirq+0x14/0x20 [ 43.551118][ C1] ---[ end trace 0000000000000000 ]--- [ 43.931950][ T5993] Bluetooth: hci0: command tx timeout [ 43.943201][ T5993] Bluetooth: hci3: command tx timeout [ 43.944477][ T5993] Bluetooth: hci2: command tx timeout [ 43.945704][ T5993] Bluetooth: hci4: command tx timeout [ 43.946831][ T5993] Bluetooth: hci1: command tx timeout [ 46.011835][ T6437] Bluetooth: hci1: command tx timeout [ 46.012791][ T5993] Bluetooth: hci4: command tx timeout [ 46.013169][ T53] Bluetooth: hci2: command tx timeout [ 46.014192][ T5993] Bluetooth: hci3: command tx timeout [ 46.015237][ T53] Bluetooth: hci0: command tx timeout [ 48.094068][ T53] Bluetooth: hci0: command tx timeout [ 48.094562][ T6437] Bluetooth: hci1: command tx timeout [ 48.095269][ T53] Bluetooth: hci3: command tx timeout [ 48.096365][ T6437] Bluetooth: hci2: command tx timeout [ 48.097358][ T53] Bluetooth: hci4: command tx timeout