syzkaller login: [   91.823401][   T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:23785' (ED25519) to the list of known hosts.
2025/07/13 13:12:30 ignoring optional flag "sandboxArg"="0"
2025/07/13 13:12:32 parsed 1 programs
[  162.925256][ T5354] cgroup: Unknown subsys name 'net'
[  163.016948][ T5354] cgroup: Unknown subsys name 'cpuset'
[  163.022299][ T5354] cgroup: Unknown subsys name 'rlimit'
[  164.722536][ T5354] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  169.174147][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  169.186341][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  169.201224][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  169.223595][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  169.233820][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  170.221744][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.253120][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.270767][ T5370] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  170.809721][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.813320][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.908213][ T5403] chnl_net:caif_netlink_parms(): no params data found
[  178.125965][ T5403] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.128938][ T5403] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.131958][ T5403] bridge_slave_0: entered allmulticast mode
[  178.155352][ T5403] bridge_slave_0: entered promiscuous mode
[  178.162015][ T5403] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.179547][ T5403] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.189994][ T5403] bridge_slave_1: entered allmulticast mode
[  178.201675][ T5403] bridge_slave_1: entered promiscuous mode
[  178.285368][ T5403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  178.291737][ T5403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  178.384305][ T5403] team0: Port device team_slave_0 added
[  178.402779][ T5403] team0: Port device team_slave_1 added
[  178.457174][ T5403] batman_adv: batadv0: Adding interface: batadv_slave_0
[  178.460282][ T5403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.493075][ T5403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.500059][ T5403] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.513112][ T5403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.543816][ T5403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.634725][ T5403] hsr_slave_0: entered promiscuous mode
[  178.647601][ T5403] hsr_slave_1: entered promiscuous mode
[  178.949778][ T5403] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  178.972626][ T5403] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  178.987483][ T5403] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  179.005915][ T5403] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  179.257658][ T5403] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.294029][ T5403] 8021q: adding VLAN 0 to HW filter on device team0
[  179.306334][   T14] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.309643][   T14] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.336698][   T14] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.339684][   T14] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.697742][ T5403] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.774437][ T5403] veth0_vlan: entered promiscuous mode
[  179.798983][ T5403] veth1_vlan: entered promiscuous mode
[  179.858251][ T5403] veth0_macvtap: entered promiscuous mode
[  179.865870][ T5403] veth1_macvtap: entered promiscuous mode
[  179.880854][ T5403] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.891689][ T5403] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.901412][ T5403] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.906750][ T5403] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.910771][ T5403] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.916418][ T5403] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.185502][ T4686] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  180.200106][ T4686] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  180.211965][ T4686] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  180.219388][ T4686] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  180.223791][ T4686] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/07/13 13:12:51 executed programs: 0
[  180.353240][   T45] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  180.388497][   T45] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  180.403865][   T45] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  180.432358][ T5476] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  180.436880][ T5476] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  180.440290][ T5476] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  180.444190][ T5476] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  180.447937][ T5476] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  180.451452][ T5476] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  180.457391][ T4686] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  180.536601][ T5479] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  180.553332][ T5476] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  180.563597][ T5478] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  180.567146][ T5478] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  180.571783][ T5476] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  180.576109][ T5476] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  180.579831][ T5478] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  180.583753][ T5476] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  180.588255][ T5372] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  180.597007][ T5478] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  180.709860][ T5476] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  180.716367][ T5476] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  180.719964][ T5476] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  180.723998][ T5476] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  180.727480][ T5476] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  182.294540][ T5476] Bluetooth: hci0: command tx timeout
[  182.482323][   T22] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.538752][ T5476] Bluetooth: hci1: command tx timeout
[  182.541592][ T5476] Bluetooth: hci2: command tx timeout
[  182.615991][ T5476] Bluetooth: hci4: command tx timeout
[  182.694034][ T5476] Bluetooth: hci3: command tx timeout
[  182.784471][ T5476] Bluetooth: hci5: command tx timeout
[  182.892652][ T5465] chnl_net:caif_netlink_parms(): no params data found
[  183.124690][   T22] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.202406][   T22] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.316524][   T22] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.406144][ T5465] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.409446][ T5465] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.412731][ T5465] bridge_slave_0: entered allmulticast mode
[  183.424469][ T5465] bridge_slave_0: entered promiscuous mode
[  183.440590][ T5465] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.455250][ T5465] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.458340][ T5465] bridge_slave_1: entered allmulticast mode
[  183.473481][ T5465] bridge_slave_1: entered promiscuous mode
[  183.665291][ T5465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  183.709021][ T5470] chnl_net:caif_netlink_parms(): no params data found
[  183.736063][ T5465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  183.920825][ T5465] team0: Port device team_slave_0 added
[  184.005918][ T5465] team0: Port device team_slave_1 added
[  184.201400][ T5477] chnl_net:caif_netlink_parms(): no params data found
[  184.248698][ T5465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.251770][ T5465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.288270][ T5465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.327487][ T5465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.330577][ T5465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.375966][ T5476] Bluetooth: hci0: command tx timeout
[  184.378826][ T5465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.407416][ T5474] chnl_net:caif_netlink_parms(): no params data found
[  184.413893][   T22] bridge_slave_1: left allmulticast mode
[  184.416124][   T22] bridge_slave_1: left promiscuous mode
[  184.419183][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.454988][   T22] bridge_slave_0: left allmulticast mode
[  184.458308][   T22] bridge_slave_0: left promiscuous mode
[  184.462036][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.614218][ T5476] Bluetooth: hci2: command tx timeout
[  184.616658][ T5476] Bluetooth: hci1: command tx timeout
[  184.694746][ T5478] Bluetooth: hci4: command tx timeout
[  184.776438][ T5478] Bluetooth: hci3: command tx timeout
[  184.855248][ T5478] Bluetooth: hci5: command tx timeout
[  185.154912][   T22] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.160949][   T22] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.168587][   T22] bond0 (unregistering): Released all slaves
[  185.291933][ T5470] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.306110][ T5470] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.309406][ T5470] bridge_slave_0: entered allmulticast mode
[  185.324555][ T5470] bridge_slave_0: entered promiscuous mode
[  185.579926][ T5470] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.593609][ T5470] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.596977][ T5470] bridge_slave_1: entered allmulticast mode
[  185.619760][ T5470] bridge_slave_1: entered promiscuous mode
[  185.687576][   T22] hsr_slave_0: left promiscuous mode
[  185.695740][   T22] hsr_slave_1: left promiscuous mode
[  185.710102][   T22] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.715433][   T22] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.726933][   T22] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.730328][   T22] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.768396][   T22] veth1_macvtap: left promiscuous mode
[  185.771149][   T22] veth0_macvtap: left promiscuous mode
[  185.774432][   T22] veth1_vlan: left promiscuous mode
[  185.776895][   T22] veth0_vlan: left promiscuous mode
[  186.211444][   T22] team0 (unregistering): Port device team_slave_1 removed
[  186.238404][   T22] team0 (unregistering): Port device team_slave_0 removed
[  186.456997][ T5478] Bluetooth: hci0: command tx timeout
[  186.694393][ T5478] Bluetooth: hci1: command tx timeout
[  186.696871][ T5478] Bluetooth: hci2: command tx timeout
[  186.776262][ T5476] Bluetooth: hci4: command tx timeout
[  186.789079][ T5470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.804029][ T5470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.822852][ T5465] hsr_slave_0: entered promiscuous mode
[  186.836637][ T5465] hsr_slave_1: entered promiscuous mode
[  186.853604][ T5476] Bluetooth: hci3: command tx timeout
[  186.933425][ T5476] Bluetooth: hci5: command tx timeout
[  187.026992][ T5469] chnl_net:caif_netlink_parms(): no params data found
[  187.050689][ T5477] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.060994][ T5477] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.074915][ T5477] bridge_slave_0: entered allmulticast mode
[  187.095364][ T5477] bridge_slave_0: entered promiscuous mode
[  187.124222][ T5477] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.127223][ T5477] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.130215][ T5477] bridge_slave_1: entered allmulticast mode
[  187.145249][ T5477] bridge_slave_1: entered promiscuous mode
[  187.165992][ T5470] team0: Port device team_slave_0 added
[  187.275779][ T5470] team0: Port device team_slave_1 added
[  187.391264][ T5486] chnl_net:caif_netlink_parms(): no params data found
[  187.411887][ T5477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.447139][ T5474] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.450332][ T5474] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.465455][ T5474] bridge_slave_0: entered allmulticast mode
[  187.476164][ T5474] bridge_slave_0: entered promiscuous mode
[  187.493995][ T5474] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.497068][ T5474] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.500308][ T5474] bridge_slave_1: entered allmulticast mode
[  187.524222][ T5474] bridge_slave_1: entered promiscuous mode
[  187.549077][ T5477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.894399][ T5477] team0: Port device team_slave_0 added
[  187.898725][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.901792][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.943579][ T5470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.018856][ T5477] team0: Port device team_slave_1 added
[  188.036690][ T5474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.042933][ T5474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.086256][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.089185][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.126715][ T5470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.197653][ T5469] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.201057][ T5469] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.214513][ T5469] bridge_slave_0: entered allmulticast mode
[  188.218177][ T5469] bridge_slave_0: entered promiscuous mode
[  188.324602][ T5469] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.327841][ T5469] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.331147][ T5469] bridge_slave_1: entered allmulticast mode
[  188.338667][ T5469] bridge_slave_1: entered promiscuous mode
[  188.356101][ T5477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.358903][ T5477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.383635][ T5477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.465942][ T5474] team0: Port device team_slave_0 added
[  188.489236][ T5474] team0: Port device team_slave_1 added
[  188.492407][ T5477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.504017][ T5477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.526262][ T5477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.533615][ T5476] Bluetooth: hci0: command tx timeout
[  188.557851][ T5486] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.560858][ T5486] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.571497][ T5486] bridge_slave_0: entered allmulticast mode
[  188.588600][ T5486] bridge_slave_0: entered promiscuous mode
[  188.711780][ T5486] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.727095][ T5486] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.730258][ T5486] bridge_slave_1: entered allmulticast mode
[  188.742420][ T5486] bridge_slave_1: entered promiscuous mode
[  188.774854][ T5476] Bluetooth: hci2: command tx timeout
[  188.777135][ T5476] Bluetooth: hci1: command tx timeout
[  188.780016][ T5469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.798270][ T5469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.815231][ T5470] hsr_slave_0: entered promiscuous mode
[  188.825755][ T5470] hsr_slave_1: entered promiscuous mode
[  188.829162][ T5470] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.832517][ T5470] Cannot create hsr debugfs directory
[  188.853359][ T5478] Bluetooth: hci4: command tx timeout
[  188.933461][ T5478] Bluetooth: hci3: command tx timeout
[  188.965102][ T5474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.967978][ T5474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.995727][ T5474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.008037][ T5477] hsr_slave_0: entered promiscuous mode
[  189.011161][ T5477] hsr_slave_1: entered promiscuous mode
[  189.015961][ T5478] Bluetooth: hci5: command tx timeout
[  189.021609][ T5477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  189.026828][ T5477] Cannot create hsr debugfs directory
[  189.042143][ T5486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.076647][ T5474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.079594][ T5474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.092853][ T5474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.118086][ T5486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.132446][ T5469] team0: Port device team_slave_0 added
[  189.182510][ T5469] team0: Port device team_slave_1 added
[  189.321001][ T5465] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  189.340259][ T5465] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  189.490755][ T5465] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  189.509509][ T5486] team0: Port device team_slave_0 added
[  189.513725][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.516659][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.553944][ T5469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.579540][ T5474] hsr_slave_0: entered promiscuous mode
[  189.593883][ T5474] hsr_slave_1: entered promiscuous mode
[  189.597207][ T5474] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  189.600331][ T5474] Cannot create hsr debugfs directory
[  189.634956][ T5465] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  189.645488][ T5486] team0: Port device team_slave_1 added
[  189.651751][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.666259][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.686507][ T5469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.865922][ T5486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.868692][ T5486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.882312][ T5486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.970199][ T5486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.975795][ T5486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.994891][ T5486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.092664][ T5469] hsr_slave_0: entered promiscuous mode
[  190.101618][ T5469] hsr_slave_1: entered promiscuous mode
[  190.107791][ T5469] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.110913][ T5469] Cannot create hsr debugfs directory
[  190.320448][ T5486] hsr_slave_0: entered promiscuous mode
[  190.327164][ T5486] hsr_slave_1: entered promiscuous mode
[  190.329918][ T5486] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.334358][ T5486] Cannot create hsr debugfs directory
[  190.664190][ T5477] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  190.717927][ T5465] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.728675][ T5477] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  190.767717][ T5477] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  190.806338][ T5477] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  190.820270][ T5465] 8021q: adding VLAN 0 to HW filter on device team0
[  190.884770][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.887430][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.898649][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.901536][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.942875][ T5470] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  190.962813][ T5465] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  190.974037][ T5465] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.010509][ T5470] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  191.080800][ T5470] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  191.111210][ T5470] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  191.250886][ T5474] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  191.279540][ T5474] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  191.398898][ T5477] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.402134][ T5474] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  191.436286][ T5474] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  191.527445][ T5477] 8021q: adding VLAN 0 to HW filter on device team0
[  191.636836][ T5469] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  191.661822][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.665120][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.698149][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.701460][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.771764][ T5465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.804071][ T5469] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  191.852713][ T5469] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  191.957960][ T5469] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  192.308550][ T5477] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  192.312695][ T5477] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  192.339874][ T5465] veth0_vlan: entered promiscuous mode
[  192.352306][ T5486] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  192.438019][ T5465] veth1_vlan: entered promiscuous mode
[  192.468096][ T5486] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  192.550735][ T5470] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.602687][ T5486] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  192.718575][ T5474] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.721635][ T5486] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  192.788745][ T5465] veth0_macvtap: entered promiscuous mode
[  192.867498][ T5470] 8021q: adding VLAN 0 to HW filter on device team0
[  192.917833][ T5465] veth1_macvtap: entered promiscuous mode
[  192.929327][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.932282][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.965435][ T5474] 8021q: adding VLAN 0 to HW filter on device team0
[  193.088724][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.091892][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.116680][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.119740][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.134773][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.137795][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.197417][ T5469] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.221092][ T5465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.312911][ T5477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.362244][ T5470] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  193.386912][ T5465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.525527][ T5465] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.529056][ T5465] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.532693][ T5465] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.587119][ T5465] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.609882][ T5469] 8021q: adding VLAN 0 to HW filter on device team0
[  193.742652][ T1034] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.746001][ T1034] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.779135][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.782317][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.941311][ T5477] veth0_vlan: entered promiscuous mode
[  194.147413][ T5477] veth1_vlan: entered promiscuous mode
[  194.182776][ T5470] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.258365][ T5469] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  194.288422][ T5469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  194.310975][ T5486] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.382125][ T5477] veth0_macvtap: entered promiscuous mode
[  194.465049][ T5486] 8021q: adding VLAN 0 to HW filter on device team0
[  194.509099][ T1034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.512353][ T1034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.519230][ T5477] veth1_macvtap: entered promiscuous mode
[  194.568426][ T5474] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.581421][ T5477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  194.650279][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.653547][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.717090][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.720095][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.806084][ T5477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  194.811614][ T5477] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.888810][ T5477] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.892364][ T5477] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.913174][ T5477] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  195.001667][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.038165][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  195.272279][ T5470] veth0_vlan: entered promiscuous mode
2025/07/13 13:13:07 executed programs: 12
[  195.561226][ T5470] veth1_vlan: entered promiscuous mode
[  195.753287][ T5469] 8021q: adding VLAN 0 to HW filter on device batadv0
[  195.881478][ T5470] veth0_macvtap: entered promiscuous mode
[  195.935347][ T5470] veth1_macvtap: entered promiscuous mode
[  195.960598][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.981151][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.062056][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_0
[  196.102557][ T5469] veth0_vlan: entered promiscuous mode
[  196.151839][ T5469] veth1_vlan: entered promiscuous mode
[  196.171024][ T5486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.186974][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.190452][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.205961][ T5474] veth0_vlan: entered promiscuous mode
[  196.230033][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.258292][ T5470] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.262256][ T5470] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.297435][ T5470] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.301007][ T5470] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.390041][ T5474] veth1_vlan: entered promiscuous mode
[  196.429997][ T5689] loop0: detected capacity change from 0 to 32768
[  196.674010][ T5469] veth0_macvtap: entered promiscuous mode
[  196.678988][ T5469] veth1_macvtap: entered promiscuous mode
[  196.818302][ T5474] veth0_macvtap: entered promiscuous mode
[  196.958993][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.961834][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.966239][ T5474] veth1_macvtap: entered promiscuous mode
[  197.111160][ T5469] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.161927][ T5474] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.289293][ T5474] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.345126][ T5469] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.415003][ T5474] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.418547][ T5474] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.421995][ T5474] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.486224][ T5474] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.515449][   T22] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.529207][ T5469] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.555326][   T22] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.573467][ T5469] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.582489][ T5469] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.595402][ T5469] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.922146][ T5704] loop0: detected capacity change from 0 to 32768
[  197.945852][ T5486] veth0_vlan: entered promiscuous mode
[  198.070875][ T5486] veth1_vlan: entered promiscuous mode
[  198.328484][ T5486] veth0_macvtap: entered promiscuous mode
[  198.425734][ T5486] veth1_macvtap: entered promiscuous mode
[  198.432375][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.505601][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.634624][ T5486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.670682][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.700942][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.745918][ T5486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.844541][ T5486] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.893781][ T5486] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.905989][ T5486] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.942890][ T5486] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.062705][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.088667][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.302209][ T3020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.336931][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  199.339868][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  199.351601][ T3020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.519662][ T5710] loop0: detected capacity change from 0 to 32768
[  199.629854][ T3020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.678510][ T3020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.948488][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.985699][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/13 13:13:12 executed programs: 23
[  201.472070][ T5718] loop0: detected capacity change from 0 to 32768
[  203.212052][ T5726] loop0: detected capacity change from 0 to 32768
[  204.790495][ T5738] loop0: detected capacity change from 0 to 32768
2025/07/13 13:13:18 executed programs: 37
[  206.430250][ T5744] loop0: detected capacity change from 0 to 32768
[  207.141777][ T5631] ==================================================================
[  207.145382][ T5631] BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x2ca/0x550
[  207.148763][ T5631] Read of size 8 at addr ffff8880555a35d8 by task kworker/0:7/5631
[  207.153295][ T5631] 
[  207.154363][ T5631] CPU: 0 UID: 0 PID: 5631 Comm: kworker/0:7 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[  207.154378][ T5631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  207.154386][ T5631] Workqueue: events hci_uart_write_work
[  207.154403][ T5631] Call Trace:
[  207.154409][ T5631]  
[  207.154413][ T5631]  dump_stack_lvl+0x189/0x250
[  207.154423][ T5631]  ? __virt_addr_valid+0x1c8/0x5c0
[  207.154437][ T5631]  ? rcu_is_watching+0x15/0xb0
[  207.154504][ T5631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.154517][ T5631]  ? rcu_is_watching+0x15/0xb0
[  207.154528][ T5631]  ? lock_release+0x4b/0x3e0
[  207.154539][ T5631]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  207.154590][ T5631]  ? __virt_addr_valid+0x1c8/0x5c0
[  207.154604][ T5631]  ? __virt_addr_valid+0x4a5/0x5c0
[  207.154618][ T5631]  print_report+0xca/0x230
[  207.154628][ T5631]  ? hci_uart_write_work+0x2ca/0x550
[  207.154641][ T5631]  kasan_report+0x118/0x150
[  207.154656][ T5631]  ? hci_uart_write_work+0x2ca/0x550
[  207.154668][ T5631]  ? __pfx_pty_write+0x10/0x10
[  207.154680][ T5631]  hci_uart_write_work+0x2ca/0x550
[  207.154696][ T5631]  ? process_scheduled_works+0x9ef/0x17b0
[  207.154708][ T5631]  process_scheduled_works+0xae1/0x17b0
[  207.154725][ T5631]  ? __pfx_process_scheduled_works+0x10/0x10
[  207.154740][ T5631]  worker_thread+0x8a0/0xda0
[  207.154753][ T5631]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  207.154769][ T5631]  ? __kthread_parkme+0x7b/0x200
[  207.154782][ T5631]  kthread+0x70e/0x8a0
[  207.154797][ T5631]  ? __pfx_worker_thread+0x10/0x10
[  207.154810][ T5631]  ? __pfx_kthread+0x10/0x10
[  207.154824][ T5631]  ? _raw_spin_unlock_irq+0x23/0x50
[  207.154845][ T5631]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.154860][ T5631]  ? __pfx_kthread+0x10/0x10
[  207.154874][ T5631]  ret_from_fork+0x3fc/0x770
[  207.154887][ T5631]  ? __pfx_ret_from_fork+0x10/0x10
[  207.154898][ T5631]  ? __pfx_kthread+0x10/0x10
[  207.154912][ T5631]  ret_from_fork_asm+0x1a/0x30
[  207.154931][ T5631]  
[  207.154935][ T5631] 
[  207.242101][ T5631] Allocated by task 54:
[  207.243923][ T5631]  kasan_save_track+0x3e/0x80
[  207.246085][ T5631]  __kasan_slab_alloc+0x6c/0x80
[  207.248236][ T5631]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  207.250904][ T5631]  __alloc_skb+0x112/0x2d0
[  207.252857][ T5631]  h5_prepare_pkt+0x184/0x530
[  207.254924][ T5631]  h5_dequeue+0x197/0x790
[  207.256871][ T5631]  hci_uart_write_work+0x24a/0x550
[  207.259140][ T5631]  process_scheduled_works+0xae1/0x17b0
[  207.261631][ T5631]  worker_thread+0x8a0/0xda0
[  207.263766][ T5631]  kthread+0x70e/0x8a0
[  207.265670][ T5631]  ret_from_fork+0x3fc/0x770
[  207.267768][ T5631]  ret_from_fork_asm+0x1a/0x30
[  207.269883][ T5631] 
[  207.271400][ T5631] The buggy address belongs to the object at ffff8880555a3500
[  207.271400][ T5631]  which belongs to the cache skbuff_head_cache of size 240
[  207.277639][ T5631] The buggy address is located 216 bytes inside of
[  207.277639][ T5631]  freed 240-byte region [ffff8880555a3500, ffff8880555a35f0)
[  207.283534][ T5631] 
[  207.284653][ T5631] The buggy address belongs to the physical page:
[  207.287439][ T5631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x555a3
[  207.291471][ T5631] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  207.294796][ T5631] page_type: f5(slab)
[  207.296533][ T5631] raw: 04fff00000000000 ffff8880304e0b40 dead000000000100 dead000000000122
[  207.300466][ T5631] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  207.304813][ T5631] page dumped because: kasan: bad access detected
[  207.307565][ T5631] page_owner tracks the page as allocated
[  207.310152][ T5631] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5474, tgid 5474 (syz-executor), ts 183992405509, free_ts 181552341552
[  207.319669][ T5631]  post_alloc_hook+0x240/0x2a0
[  207.321752][ T5631]  get_page_from_freelist+0x21e4/0x22c0
[  207.324225][ T5631]  __alloc_frozen_pages_noprof+0x181/0x370
[  207.326729][ T5631]  alloc_pages_mpol+0x232/0x4a0
[  207.328840][ T5631]  allocate_slab+0x8a/0x3b0
[  207.330816][ T5631]  ___slab_alloc+0xbfc/0x1480
[  207.333024][ T5631]  kmem_cache_alloc_node_noprof+0x280/0x3c0
[  207.335416][ T5631]  __alloc_skb+0x112/0x2d0
[  207.337269][ T5631]  inet_netconf_notify_devconf+0x173/0x240
[  207.339662][ T5631]  __devinet_sysctl_register+0x3f6/0x470
[  207.341977][ T5631]  devinet_sysctl_register+0x187/0x200
[  207.344219][ T5631]  inetdev_init+0x2b4/0x500
[  207.346135][ T5631]  inetdev_event+0x301/0x15b0
[  207.348107][ T5631]  notifier_call_chain+0x1b3/0x3e0
[  207.350413][ T5631]  register_netdevice+0x1608/0x1ae0
[  207.352833][ T5631]  team_newlink+0x114/0x160
[  207.354801][ T5631] page last free pid 5407 tgid 5407 stack trace:
[  207.357569][ T5631]  __free_frozen_pages+0xc71/0xe70
[  207.359715][ T5631]  vfree+0x25a/0x400
[  207.361572][ T5631]  kcov_close+0x28/0x50
[  207.363425][ T5631]  __fput+0x449/0xa70
[  207.365391][ T5631]  task_work_run+0x1d1/0x260
[  207.367605][ T5631]  do_exit+0x6b5/0x22e0
[  207.369536][ T5631]  do_group_exit+0x21c/0x2d0
[  207.371587][ T5631]  get_signal+0x1286/0x1340
[  207.373748][ T5631]  arch_do_signal_or_restart+0x9a/0x750
[  207.376392][ T5631]  exit_to_user_mode_loop+0x75/0x110
[  207.379197][ T5631]  do_syscall_64+0x2bd/0x3b0
[  207.381832][ T5631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.384570][ T5631] 
[  207.385768][ T5631] Memory state around the buggy address:
[  207.388290][ T5631]  ffff8880555a3480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  207.391837][ T5631]  ffff8880555a3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.395241][ T5631] >ffff8880555a3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  207.398639][ T5631]                                                     ^
[  207.401777][ T5631]  ffff8880555a3600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  207.405248][ T5631]  ffff8880555a3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.408849][ T5631] ==================================================================
[  208.076991][ T5754] loop0: detected capacity change from 0 to 32768
[  209.093242][ T5631] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  209.096364][ T5631] CPU: 0 UID: 0 PID: 5631 Comm: kworker/0:7 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[  209.101476][ T5631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.105987][ T5631] Workqueue: events hci_uart_write_work
[  209.108735][ T5631] Call Trace:
[  209.110224][ T5631]  
[  209.111495][ T5631]  dump_stack_lvl+0x99/0x250
[  209.113698][ T5631]  ? __asan_memcpy+0x40/0x70
[  209.115809][ T5631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.118063][ T5631]  ? __pfx__printk+0x10/0x10
[  209.120109][ T5631]  panic+0x2db/0x790
[  209.121942][ T5631]  ? __pfx_preempt_schedule+0x10/0x10
[  209.124260][ T5631]  ? __pfx_panic+0x10/0x10
[  209.126178][ T5631]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  209.128722][ T5631]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  209.131402][ T5631]  ? hci_uart_write_work+0x2ca/0x550
[  209.133742][ T5631]  check_panic_on_warn+0x89/0xb0
[  209.135894][ T5631]  ? hci_uart_write_work+0x2ca/0x550
[  209.138172][ T5631]  end_report+0x78/0x160
[  209.139971][ T5631]  kasan_report+0x129/0x150
[  209.142016][ T5631]  ? hci_uart_write_work+0x2ca/0x550
[  209.144301][ T5631]  ? __pfx_pty_write+0x10/0x10
[  209.146536][ T5631]  hci_uart_write_work+0x2ca/0x550
[  209.148939][ T5631]  ? process_scheduled_works+0x9ef/0x17b0
[  209.151689][ T5631]  process_scheduled_works+0xae1/0x17b0
[  209.154250][ T5631]  ? __pfx_process_scheduled_works+0x10/0x10
[  209.156828][ T5631]  worker_thread+0x8a0/0xda0
[  209.158818][ T5631]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  209.161632][ T5631]  ? __kthread_parkme+0x7b/0x200
[  209.163765][ T5631]  kthread+0x70e/0x8a0
[  209.165556][ T5631]  ? __pfx_worker_thread+0x10/0x10
[  209.167822][ T5631]  ? __pfx_kthread+0x10/0x10
[  209.169919][ T5631]  ? _raw_spin_unlock_irq+0x23/0x50
[  209.172179][ T5631]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.174400][ T5631]  ? __pfx_kthread+0x10/0x10
[  209.176406][ T5631]  ret_from_fork+0x3fc/0x770
[  209.178328][ T5631]  ? __pfx_ret_from_fork+0x10/0x10
[  209.180650][ T5631]  ? __pfx_kthread+0x10/0x10
[  209.183053][ T5631]  ret_from_fork_asm+0x1a/0x30
[  209.185607][ T5631]  
[  209.187513][ T5631] Kernel Offset: disabled
[  209.189448][ T5631] Rebooting in 86400 seconds..
VM DIAGNOSIS:
13:13:19  Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000cdef2b0
R8 =ffff8880339b8237 R9 =1ffff11006737046 R10=dffffc0000000000 R11=ffffffff85479720
R12=dffffc0000000000 R13=ffffffff99af98a6 R14=ffffffff99dfe700 R15=0000000000000000
RIP=ffffffff8547979c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d21b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb1a36d2080 CR3=0000000045c39000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe874fa200 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8438211c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000