[ 52.016644][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.032262][ T41] device veth1_macvtap left promiscuous mode [ 52.039079][ T41] device veth0_macvtap left promiscuous mode [ 52.045233][ T41] device veth1_vlan left promiscuous mode [ 52.051997][ T41] device veth0_vlan left promiscuous mode [ 52.171951][ T41] team0 (unregistering): Port device team_slave_1 removed [ 52.184659][ T41] team0 (unregistering): Port device team_slave_0 removed [ 52.196526][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.212764][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.263967][ T41] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. 2022/06/26 03:43:39 parsed 1 programs 2022/06/26 03:43:39 executed programs: 0 [ 64.804859][ T3982] cgroup: Unknown subsys name 'net' [ 64.814617][ T3982] cgroup: Unknown subsys name 'rlimit' [ 66.189050][ T1233] ieee802154 phy0 wpan0: encryption failed: -22 [ 66.195667][ T1233] ieee802154 phy1 wpan1: encryption failed: -22 [ 68.027127][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 71.309978][ T14] cfg80211: failed to load regulatory.db [ 72.187124][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 76.347104][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 80.507060][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 82.592523][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.601244][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.609431][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.618066][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.625774][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 82.633279][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.696645][ T4063] chnl_net:caif_netlink_parms(): no params data found [ 82.733464][ T4063] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.740648][ T4063] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.748559][ T4063] device bridge_slave_0 entered promiscuous mode [ 82.756444][ T4063] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.763885][ T4063] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.771835][ T4063] device bridge_slave_1 entered promiscuous mode [ 82.789290][ T4063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.800821][ T4063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.821957][ T4063] team0: Port device team_slave_0 added [ 82.830357][ T4063] team0: Port device team_slave_1 added [ 82.847772][ T4063] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.854896][ T4063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.880963][ T4063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.892705][ T4063] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.900020][ T4063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.926305][ T4063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.950514][ T4063] device hsr_slave_0 entered promiscuous mode [ 82.958028][ T4063] device hsr_slave_1 entered promiscuous mode [ 83.010363][ T4063] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.017537][ T4063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.024882][ T4063] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.032143][ T4063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.067417][ T4063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.078921][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.088435][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.098033][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.105626][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.117878][ T4063] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.128638][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.137379][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.144615][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.155357][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.164355][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.171695][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.194156][ T4063] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.206058][ T4063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.218829][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.227530][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.236419][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.245663][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.254207][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.262068][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.279715][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.287976][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.299019][ T4063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.458856][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.475029][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.483997][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.492688][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.502501][ T4063] device veth0_vlan entered promiscuous mode [ 83.512445][ T4063] device veth1_vlan entered promiscuous mode [ 83.529366][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.537963][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.546046][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.556506][ T4063] device veth0_macvtap entered promiscuous mode [ 83.565912][ T4063] device veth1_macvtap entered promiscuous mode [ 83.581012][ T4063] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.589479][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.599607][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.611227][ T4063] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.619536][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.664336][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.680005][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.689652][ T977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.691075][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.698614][ T977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.717366][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.744638][ T4086] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 83.755148][ T4086] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 83.765792][ T4086] [ 83.771712][ T4086] ============================= [ 83.776648][ T4086] WARNING: suspicious RCU usage [ 83.782008][ T4086] 5.19.0-rc3-syzkaller #0 Not tainted [ 83.789035][ T4086] ----------------------------- [ 83.793977][ T4086] net/hsr/hsr_framereg.c:41 suspicious rcu_dereference_check() usage! [ 83.802705][ T4086] [ 83.802705][ T4086] other info that might help us debug this: [ 83.802705][ T4086] [ 83.813472][ T4086] [ 83.813472][ T4086] rcu_scheduler_active = 2, debug_locks = 1 [ 83.821778][ T4086] 3 locks held by syz-executor.0/4086: [ 83.827809][ T4086] #0: ffffffff8c9554d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 [ 83.836071][ T4086] #1: ffffffff8c955588 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x315/0x4a0 [ 83.845177][ T4086] #2: ffffffff8b17c7a0 (rcu_read_lock){....}-{1:2}, at: hsr_get_node_list+0xc1/0x900 [ 83.854976][ T4086] [ 83.854976][ T4086] stack backtrace: [ 83.862069][ T4086] CPU: 0 PID: 4086 Comm: syz-executor.0 Not tainted 5.19.0-rc3-syzkaller #0 [ 83.870740][ T4086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.880780][ T4086] Call Trace: [ 83.884042][ T4086] [ 83.886954][ T4086] dump_stack_lvl+0x57/0x7d [ 83.891579][ T4086] hsr_node_get_first+0x76/0xa0 [ 83.896427][ T4086] hsr_get_next_node+0x1b3/0x330 [ 83.901607][ T4086] hsr_get_node_list+0x2c2/0x900 [ 83.906883][ T4086] ? hsr_get_node_status+0xba0/0xba0 [ 83.912177][ T4086] ? __nla_parse+0x22/0x30 [ 83.916793][ T4086] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x159/0x230 [ 83.924172][ T4086] genl_family_rcv_msg_doit+0x1e4/0x2f0 [ 83.929756][ T4086] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230 [ 83.937116][ T4086] ? mutex_lock_io_nested+0x1190/0x1190 [ 83.942651][ T4086] ? genl_op_from_small+0x1e/0x3c0 [ 83.947749][ T4086] genl_rcv_msg+0x27a/0x4a0 [ 83.952236][ T4086] ? genl_get_cmd+0x3c0/0x3c0 [ 83.956900][ T4086] ? lock_acquire+0x1ab/0x570 [ 83.961570][ T4086] ? hsr_get_node_status+0xba0/0xba0 [ 83.966949][ T4086] ? lock_release+0x780/0x780 [ 83.971693][ T4086] ? ref_tracker_dir_exit+0x3b0/0x3b0 [ 83.977134][ T4086] netlink_rcv_skb+0x118/0x370 [ 83.981976][ T4086] ? genl_get_cmd+0x3c0/0x3c0 [ 83.986719][ T4086] ? netlink_ack+0x950/0x950 [ 83.991384][ T4086] ? netlink_deliver_tap+0x135/0xab0 [ 83.996911][ T4086] genl_rcv+0x1f/0x30 [ 84.000871][ T4086] netlink_unicast+0x433/0x710 [ 84.005616][ T4086] ? do_raw_spin_unlock+0x171/0x230 [ 84.010902][ T4086] ? netlink_attachskb+0x740/0x740 [ 84.016178][ T4086] ? _raw_spin_unlock+0x24/0x40 [ 84.021100][ T4086] ? find_vmap_area+0xa2/0xe0 [ 84.025758][ T4086] ? __check_object_size+0x1c0/0x490 [ 84.031023][ T4086] netlink_sendmsg+0x782/0xc30 [ 84.035770][ T4086] ? netlink_unicast+0x710/0x710 [ 84.040783][ T4086] ? netlink_unicast+0x710/0x710 [ 84.045696][ T4086] sock_sendmsg+0xab/0xe0 [ 84.050011][ T4086] ____sys_sendmsg+0x5c2/0x7a0 [ 84.054754][ T4086] ? kernel_sendmsg+0x30/0x30 [ 84.059496][ T4086] ? do_recvmmsg+0x550/0x550 [ 84.064065][ T4086] ? try_to_wake_up+0xa04/0x1800 [ 84.068982][ T4086] ___sys_sendmsg+0xd3/0x150 [ 84.073601][ T4086] ? sendmsg_copy_msghdr+0x110/0x110 [ 84.078888][ T4086] ? __fget_files+0x1a7/0x3a0 [ 84.083610][ T4086] ? lock_downgrade+0x6e0/0x6e0 [ 84.088454][ T4086] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 84.094418][ T4086] ? futex_wake_mark+0x140/0x140 [ 84.099351][ T4086] ? __fget_files+0x1bf/0x3a0 [ 84.104008][ T4086] ? __fget_light+0xb9/0x210 [ 84.108664][ T4086] __sys_sendmsg+0xb9/0x150 [ 84.113323][ T4086] ? __sys_sendmsg_sock+0x10/0x10 [ 84.118337][ T4086] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 84.124501][ T4086] ? syscall_enter_from_user_mode+0x21/0x70 [ 84.130382][ T4086] ? lockdep_hardirqs_on+0x79/0x100 [ 84.135562][ T4086] do_syscall_64+0x35/0xb0 [ 84.139981][ T4086] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 84.146087][ T4086] RIP: 0033:0x7fbabf0890e9 [ 84.150515][ T4086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.170290][ T4086] RSP: 002b:00007fbac0105168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.178789][ T4086] RAX: ffffffffffffffda RBX: 00007fbabf19bf60 RCX: 00007fbabf0890e9 [ 84.186772][ T4086] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 84.194755][ T4086] RBP: 00007fbabf0e308d R08: 0000000000000000 R09: 0000000000000000 [ 84.202904][ T4086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.211223][ T4086] R13: 00007ffc2b5a806f R14: 00007fbac0105300 R15: 0000000000022000 2022/06/26 03:43:59 executed programs: 1 [ 84.219462][ T4086] [ 84.264006][ T4089] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.272843][ T4089] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.303561][ T4091] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.312328][ T4091] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.336349][ T4093] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.344809][ T4093] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.379528][ T4095] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.388446][ T4095] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.414309][ T4097] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.422524][ T4097] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.449671][ T4099] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.458484][ T4099] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.485960][ T4101] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.494248][ T4101] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.521738][ T4103] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.530453][ T4103] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.562105][ T4105] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 84.570507][ T4105] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 84.669496][ T3711] Bluetooth: hci0: command 0x0409 tx timeout [ 86.747729][ T14] Bluetooth: hci0: command 0x041b tx timeout [ 88.751494][ T4793] validate_nla: 342 callbacks suppressed [ 88.751556][ T4793] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.766222][ T4793] __nla_validate_parse: 342 callbacks suppressed [ 88.766229][ T4793] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.796012][ T4795] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.804927][ T4795] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.826800][ T4797] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.835068][ T14] Bluetooth: hci0: command 0x040f tx timeout [ 88.841340][ T4797] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.863884][ T4799] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.872423][ T4799] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.894034][ T4801] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.903052][ T4801] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.925906][ T4803] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.934926][ T4803] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.955644][ T4805] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.964282][ T4805] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 88.986130][ T4807] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 88.995241][ T4807] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 89.021135][ T4809] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 89.029674][ T4809] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. [ 89.051889][ T4811] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 89.060344][ T4811] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'. 2022/06/26 03:44:04 executed programs: 376 [ 90.906985][ T3615] Bluetooth: hci0: command 0x0419 tx timeout [ 93.766428][ T5606] validate_nla: 396 callbacks suppressed [ 93.766436][ T5606] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 93.781227][ T5606] __nla_validate_parse: 396 callbacks suppressed [ 93.781233][ T5606] netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.0'.