Warning: Permanently added '[localhost]:1657' (ED25519) to the list of known hosts.
2025/08/08 19:03:25 ignoring optional flag "sandboxArg"="0"
2025/08/08 19:03:26 parsed 1 programs
syzkaller login: [ 89.730938][ T5344] cgroup: Unknown subsys name 'net'
[ 89.787434][ T5344] cgroup: Unknown subsys name 'cpuset'
[ 89.793891][ T5344] cgroup: Unknown subsys name 'rlimit'
[ 91.914122][ T10] cfg80211: failed to load regulatory.db
[ 91.933351][ T5344] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 96.115430][ T5366] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.119605][ T5366] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.124079][ T5366] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.128314][ T5366] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.131943][ T5366] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.312674][ T5364] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 98.151475][ T5366] Bluetooth: hci0: command tx timeout
[ 99.818988][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.869484][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 100.257688][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 100.270253][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.107019][ T5405] chnl_net:caif_netlink_parms(): no params data found
[ 103.441746][ T5405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.455492][ T5405] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.458954][ T5405] bridge_slave_0: entered allmulticast mode
[ 103.485999][ T5405] bridge_slave_0: entered promiscuous mode
[ 103.507664][ T5405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.526757][ T5405] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.530035][ T5405] bridge_slave_1: entered allmulticast mode
[ 103.548526][ T5405] bridge_slave_1: entered promiscuous mode
[ 103.611315][ T5405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.632868][ T5405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 103.731126][ T5405] team0: Port device team_slave_0 added
[ 103.742535][ T5405] team0: Port device team_slave_1 added
[ 103.811010][ T5405] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 103.814684][ T5405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.836611][ T5405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 103.867247][ T5405] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 103.877333][ T5405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.899502][ T5405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 104.004295][ T5405] hsr_slave_0: entered promiscuous mode
[ 104.024007][ T5405] hsr_slave_1: entered promiscuous mode
[ 104.373345][ T5405] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 104.399235][ T5405] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 104.406829][ T5405] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 104.414123][ T5405] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 104.502137][ T5405] 8021q: adding VLAN 0 to HW filter on device bond0
[ 104.522549][ T5405] 8021q: adding VLAN 0 to HW filter on device team0
[ 104.530941][ T1044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 104.534114][ T1044] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 104.547583][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 104.551003][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.756978][ T5405] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.963862][ T5405] veth0_vlan: entered promiscuous mode
[ 104.972912][ T5405] veth1_vlan: entered promiscuous mode
[ 105.003244][ T5405] veth0_macvtap: entered promiscuous mode
[ 105.009722][ T5405] veth1_macvtap: entered promiscuous mode
[ 105.029999][ T5405] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 105.045820][ T5405] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 105.062027][ T1093] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.075621][ T1093] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.079453][ T1093] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.096347][ T1093] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/08/08 19:03:44 executed programs: 0
[ 105.448556][ T4701] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 105.460183][ T4701] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 105.464431][ T4701] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 105.468573][ T4701] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 105.473197][ T4701] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 105.604062][ T45] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 105.615631][ T4701] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 105.621558][ T4701] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 105.625637][ T4701] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 105.629437][ T4701] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 105.633006][ T4701] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 105.637661][ T4701] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 105.641377][ T4701] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 105.647304][ T4701] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 105.652772][ T5483] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 105.671535][ T5484] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 105.680582][ T5484] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 105.685110][ T5484] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 105.689610][ T5484] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 105.694270][ T5484] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 105.848716][ T5484] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 105.853260][ T5484] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 105.857364][ T5484] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 105.876464][ T5484] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 105.879980][ T5484] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 105.994135][ T4701] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 106.012287][ T4701] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 106.017640][ T4701] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 106.024498][ T4701] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 106.027986][ T4701] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 107.643113][ T1044] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 107.679075][ T4701] Bluetooth: hci2: command tx timeout
[ 107.684284][ T45] Bluetooth: hci0: command tx timeout
[ 107.755359][ T4701] Bluetooth: hci1: command tx timeout
[ 107.758140][ T4701] Bluetooth: hci3: command tx timeout
[ 107.992992][ T4701] Bluetooth: hci5: command tx timeout
[ 108.080845][ T4701] Bluetooth: hci4: command tx timeout
[ 108.181757][ T1044] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 108.451786][ T1044] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 108.572776][ T1044] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 108.596472][ T5472] chnl_net:caif_netlink_parms(): no params data found
[ 109.282083][ T5472] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.285088][ T5472] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.288267][ T5472] bridge_slave_0: entered allmulticast mode
[ 109.327977][ T5472] bridge_slave_0: entered promiscuous mode
[ 109.337851][ T5472] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.350833][ T5472] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.354150][ T5472] bridge_slave_1: entered allmulticast mode
[ 109.371129][ T5472] bridge_slave_1: entered promiscuous mode
[ 109.487149][ T1044] bridge_slave_1: left allmulticast mode
[ 109.489960][ T1044] bridge_slave_1: left promiscuous mode
[ 109.506186][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.555409][ T1044] bridge_slave_0: left allmulticast mode
[ 109.559913][ T1044] bridge_slave_0: left promiscuous mode
[ 109.580814][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.751709][ T4701] Bluetooth: hci2: command tx timeout
[ 109.754874][ T5484] Bluetooth: hci0: command tx timeout
[ 109.830792][ T4701] Bluetooth: hci3: command tx timeout
[ 109.833138][ T4701] Bluetooth: hci1: command tx timeout
[ 110.070677][ T5484] Bluetooth: hci5: command tx timeout
[ 110.152491][ T5484] Bluetooth: hci4: command tx timeout
[ 110.510618][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 110.546453][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 110.572662][ T1044] bond0 (unregistering): Released all slaves
[ 111.082941][ T1044] hsr_slave_0: left promiscuous mode
[ 111.111803][ T1044] hsr_slave_1: left promiscuous mode
[ 111.131282][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 111.134636][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 111.170635][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 111.174123][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 111.208877][ T1044] veth1_macvtap: left promiscuous mode
[ 111.228346][ T1044] veth0_macvtap: left promiscuous mode
[ 111.241099][ T1044] veth1_vlan: left promiscuous mode
[ 111.243669][ T1044] veth0_vlan: left promiscuous mode
[ 111.578450][ T1044] team0 (unregistering): Port device team_slave_1 removed
[ 111.606025][ T1044] team0 (unregistering): Port device team_slave_0 removed
[ 111.831777][ T5484] Bluetooth: hci2: command tx timeout
[ 111.834635][ T5484] Bluetooth: hci0: command tx timeout
[ 111.906878][ T5472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 111.912988][ T4701] Bluetooth: hci1: command tx timeout
[ 111.915383][ T4701] Bluetooth: hci3: command tx timeout
[ 111.937044][ T5472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 112.036634][ T5491] chnl_net:caif_netlink_parms(): no params data found
[ 112.146815][ T5474] chnl_net:caif_netlink_parms(): no params data found
[ 112.150458][ T5484] Bluetooth: hci5: command tx timeout
[ 112.234092][ T5484] Bluetooth: hci4: command tx timeout
[ 112.251249][ T5478] chnl_net:caif_netlink_parms(): no params data found
[ 112.259657][ T5472] team0: Port device team_slave_0 added
[ 112.277294][ T5473] chnl_net:caif_netlink_parms(): no params data found
[ 112.311671][ T5490] chnl_net:caif_netlink_parms(): no params data found
[ 112.336843][ T5472] team0: Port device team_slave_1 added
[ 112.639423][ T5472] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 112.650615][ T5472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.681182][ T5472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 112.755534][ T5491] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.763236][ T5491] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.771135][ T5491] bridge_slave_0: entered allmulticast mode
[ 112.783315][ T5491] bridge_slave_0: entered promiscuous mode
[ 112.793023][ T5472] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 112.796197][ T5472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.831196][ T5472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 112.905926][ T5490] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.909151][ T5490] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.927643][ T5490] bridge_slave_0: entered allmulticast mode
[ 112.935630][ T5490] bridge_slave_0: entered promiscuous mode
[ 112.944742][ T5490] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.947706][ T5490] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.955768][ T5490] bridge_slave_1: entered allmulticast mode
[ 112.959665][ T5490] bridge_slave_1: entered promiscuous mode
[ 112.963296][ T5491] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.966120][ T5491] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.969149][ T5491] bridge_slave_1: entered allmulticast mode
[ 112.977040][ T5491] bridge_slave_1: entered promiscuous mode
[ 113.075349][ T5474] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.078463][ T5474] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.082346][ T5474] bridge_slave_0: entered allmulticast mode
[ 113.086584][ T5474] bridge_slave_0: entered promiscuous mode
[ 113.147767][ T5474] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.154192][ T5474] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.157584][ T5474] bridge_slave_1: entered allmulticast mode
[ 113.162195][ T5474] bridge_slave_1: entered promiscuous mode
[ 113.167527][ T5473] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.175311][ T5473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.178591][ T5473] bridge_slave_0: entered allmulticast mode
[ 113.183293][ T5473] bridge_slave_0: entered promiscuous mode
[ 113.202484][ T5490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.207989][ T5491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.217181][ T5478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.221606][ T5478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.224972][ T5478] bridge_slave_0: entered allmulticast mode
[ 113.229093][ T5478] bridge_slave_0: entered promiscuous mode
[ 113.249902][ T5473] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.258180][ T5473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.263041][ T5473] bridge_slave_1: entered allmulticast mode
[ 113.267167][ T5473] bridge_slave_1: entered promiscuous mode
[ 113.279374][ T5472] hsr_slave_0: entered promiscuous mode
[ 113.283008][ T5472] hsr_slave_1: entered promiscuous mode
[ 113.287766][ T5490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.297533][ T5491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.308683][ T5478] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.314786][ T5478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.318157][ T5478] bridge_slave_1: entered allmulticast mode
[ 113.322752][ T5478] bridge_slave_1: entered promiscuous mode
[ 113.382475][ T5474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.427752][ T5490] team0: Port device team_slave_0 added
[ 113.443167][ T5491] team0: Port device team_slave_0 added
[ 113.517493][ T5474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.539469][ T5473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.555573][ T5473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.595515][ T5490] team0: Port device team_slave_1 added
[ 113.619156][ T5491] team0: Port device team_slave_1 added
[ 113.640093][ T5478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.654574][ T5478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.704110][ T5473] team0: Port device team_slave_0 added
[ 113.803256][ T5474] team0: Port device team_slave_0 added
[ 113.824160][ T5473] team0: Port device team_slave_1 added
[ 113.827549][ T5491] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.841379][ T5491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.864266][ T5491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.884159][ T5478] team0: Port device team_slave_0 added
[ 113.888314][ T5491] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.892301][ T5491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.909724][ T5491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.914720][ T5484] Bluetooth: hci0: command tx timeout
[ 113.917226][ T5484] Bluetooth: hci2: command tx timeout
[ 113.929749][ T5474] team0: Port device team_slave_1 added
[ 113.934390][ T5490] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.937630][ T5490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.952043][ T5490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.984251][ T5478] team0: Port device team_slave_1 added
[ 114.001300][ T4701] Bluetooth: hci3: command tx timeout
[ 114.003764][ T4701] Bluetooth: hci1: command tx timeout
[ 114.022167][ T5490] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.025284][ T5490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.042820][ T5490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.105324][ T5473] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.108415][ T5473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.122972][ T5473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.129103][ T5474] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.133151][ T5474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.146965][ T5474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.230900][ T5484] Bluetooth: hci5: command tx timeout
[ 114.266700][ T5473] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.269515][ T5473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.304111][ T5473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.311083][ T5484] Bluetooth: hci4: command tx timeout
[ 114.327186][ T5474] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.337431][ T5474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.372411][ T5474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.396373][ T5478] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.399689][ T5478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.433140][ T5478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.454307][ T5478] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.457136][ T5478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.483634][ T5478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.511432][ T5491] hsr_slave_0: entered promiscuous mode
[ 114.523277][ T5491] hsr_slave_1: entered promiscuous mode
[ 114.526720][ T5491] debugfs: 'hsr0' already exists in 'hsr'
[ 114.529403][ T5491] Cannot create hsr debugfs directory
[ 114.631586][ T5490] hsr_slave_0: entered promiscuous mode
[ 114.634593][ T5490] hsr_slave_1: entered promiscuous mode
[ 114.637416][ T5490] debugfs: 'hsr0' already exists in 'hsr'
[ 114.639914][ T5490] Cannot create hsr debugfs directory
[ 114.697731][ T5473] hsr_slave_0: entered promiscuous mode
[ 114.704888][ T5473] hsr_slave_1: entered promiscuous mode
[ 114.708114][ T5473] debugfs: 'hsr0' already exists in 'hsr'
[ 114.712595][ T5473] Cannot create hsr debugfs directory
[ 114.893795][ T5474] hsr_slave_0: entered promiscuous mode
[ 114.908359][ T5474] hsr_slave_1: entered promiscuous mode
[ 114.912606][ T5474] debugfs: 'hsr0' already exists in 'hsr'
[ 114.915269][ T5474] Cannot create hsr debugfs directory
[ 114.946357][ T5478] hsr_slave_0: entered promiscuous mode
[ 114.949698][ T5478] hsr_slave_1: entered promiscuous mode
[ 114.956254][ T5478] debugfs: 'hsr0' already exists in 'hsr'
[ 114.958842][ T5478] Cannot create hsr debugfs directory
[ 115.223542][ T5472] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 115.241862][ T5472] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 115.263803][ T5472] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 115.384477][ T5472] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 116.234494][ T5472] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.246700][ T5491] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 116.284239][ T5491] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 116.296006][ T5491] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 116.337126][ T5491] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 116.376884][ T5472] 8021q: adding VLAN 0 to HW filter on device team0
[ 116.452813][ T66] bridge0: port 1(bridge_slave_0) entered blocking state
[ 116.456082][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 116.463951][ T66] bridge0: port 2(bridge_slave_1) entered blocking state
[ 116.467191][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 116.590650][ T5473] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 116.659544][ T5473] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 116.685058][ T5473] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 116.767395][ T5473] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 116.915518][ T5491] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.929970][ T5490] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 116.971686][ T5490] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 117.078684][ T5491] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.114833][ T5490] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 117.192888][ T5490] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 117.227559][ T3106] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.231018][ T3106] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.244832][ T3106] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.247945][ T3106] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.361643][ T5472] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 117.413182][ T5474] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 117.435684][ T5474] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 117.509035][ T5474] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 117.540192][ T5474] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 117.789715][ T5478] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 117.846024][ T5478] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 117.885774][ T5472] veth0_vlan: entered promiscuous mode
[ 117.950755][ T5478] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 118.018207][ T5472] veth1_vlan: entered promiscuous mode
[ 118.028987][ T5478] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 118.149731][ T5473] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.240010][ T5490] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.307793][ T5473] 8021q: adding VLAN 0 to HW filter on device team0
[ 118.355458][ T5490] 8021q: adding VLAN 0 to HW filter on device team0
[ 118.405450][ T5472] veth0_macvtap: entered promiscuous mode
[ 118.476798][ T5474] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.503953][ T5491] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.525548][ T1044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.528858][ T1044] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 118.574441][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.577460][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.605563][ T5472] veth1_macvtap: entered promiscuous mode
[ 118.656033][ T5474] 8021q: adding VLAN 0 to HW filter on device team0
[ 118.676401][ T66] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.679804][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 118.738110][ T5473] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 118.773109][ T5473] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 118.819669][ T1044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.822813][ T1044] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 118.844448][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.848100][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.883507][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.886546][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 119.000190][ T5490] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 119.054253][ T5490] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 119.092484][ T5472] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.195891][ T5474] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 119.242854][ T5474] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 119.267097][ T5472] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.393688][ T1037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.466061][ T1037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.580588][ T1093] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.656677][ T1093] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.809555][ T5478] 8021q: adding VLAN 0 to HW filter on device bond0
[ 119.859901][ T5478] 8021q: adding VLAN 0 to HW filter on device team0
[ 120.046027][ T5473] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 120.082514][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 120.085684][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 120.090147][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 120.093583][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 120.178512][ T5490] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 120.247082][ T3014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.267445][ T3014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.287992][ T5478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 120.335571][ T5478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 120.397984][ T5474] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 120.544612][ T5491] veth0_vlan: entered promiscuous mode
[ 120.727289][ T5491] veth1_vlan: entered promiscuous mode
[ 120.797576][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.809474][ T5474] veth0_vlan: entered promiscuous mode
[ 120.819394][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.849835][ T5473] veth0_vlan: entered promiscuous mode
[ 120.915117][ T5473] veth1_vlan: entered promiscuous mode
[ 120.974956][ T5474] veth1_vlan: entered promiscuous mode
2025/08/08 19:04:00 executed programs: 12
[ 121.180466][ T5710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 121.210944][ T5710] netlink: 'syz.0.17': attribute type 10 has an invalid length.
[ 121.359567][ T5710] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 121.368038][ T5474] veth0_macvtap: entered promiscuous mode
[ 121.377846][ T5473] veth0_macvtap: entered promiscuous mode
[ 121.389810][ T5473] veth1_macvtap: entered promiscuous mode
[ 121.398829][ T5491] veth0_macvtap: entered promiscuous mode
[ 121.413927][ T5713] wlan1: No basic rates, using min rate instead
[ 121.439812][ T5713] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=aa:aa:aa:aa:aa:17)
[ 121.449426][ T5713] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[ 121.465728][ T3014] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[ 121.475501][ T3014] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[ 121.479074][ T5710] bond0: entered promiscuous mode
[ 121.484116][ T5710] bond_slave_0: entered promiscuous mode
[ 121.486890][ T3014] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[ 121.494880][ T5710] bond_slave_1: entered promiscuous mode
[ 121.498121][ T3014] ==================================================================
[ 121.501819][ T3014] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 121.505459][ T3014] Read of size 1 at addr ffff8880427b8538 by task kworker/u4:10/3014
[ 121.510057][ T3014]
[ 121.511134][ T3014] CPU: 0 UID: 0 PID: 3014 Comm: kworker/u4:10 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full)
[ 121.511150][ T3014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 121.511158][ T3014] Workqueue: events_unbound cfg80211_wiphy_work
[ 121.511222][ T3014] Call Trace:
[ 121.511230][ T3014]
[ 121.511236][ T3014] dump_stack_lvl+0x189/0x250
[ 121.511251][ T3014] ? __virt_addr_valid+0x1c8/0x5c0
[ 121.511264][ T3014] ? rcu_is_watching+0x15/0xb0
[ 121.511306][ T3014] ? __pfx_dump_stack_lvl+0x10/0x10
[ 121.511316][ T3014] ? rcu_is_watching+0x15/0xb0
[ 121.511324][ T3014] ? lock_release+0x4b/0x3e0
[ 121.511336][ T3014] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 121.511348][ T3014] ? __virt_addr_valid+0x1c8/0x5c0
[ 121.511359][ T3014] ? __virt_addr_valid+0x4a5/0x5c0
[ 121.511371][ T3014] print_report+0xca/0x240
[ 121.511381][ T3014] ? _raw_spin_lock+0x2e/0x40
[ 121.511388][ T3014] kasan_report+0x118/0x150
[ 121.511400][ T3014] ? _raw_spin_lock+0x2e/0x40
[ 121.511411][ T3014] ? lockref_get+0x15/0x60
[ 121.511423][ T3014] __kasan_check_byte+0x2a/0x40
[ 121.511433][ T3014] lock_acquire+0x8d/0x360
[ 121.511445][ T3014] ? do_raw_spin_lock+0x121/0x290
[ 121.511457][ T3014] _raw_spin_lock+0x2e/0x40
[ 121.511466][ T3014] ? lockref_get+0x15/0x60
[ 121.511476][ T3014] lockref_get+0x15/0x60
[ 121.511486][ T3014] __simple_recursive_removal+0x33/0x510
[ 121.511497][ T3014] ? mntput+0x65/0xc0
[ 121.511506][ T3014] ? __pfx_remove_one+0x10/0x10
[ 121.511518][ T3014] debugfs_remove+0x5b/0x70
[ 121.511527][ T3014] ieee80211_sta_debugfs_remove+0x40/0x70
[ 121.511540][ T3014] __sta_info_destroy_part2+0x352/0x450
[ 121.511553][ T3014] sta_info_destroy_addr+0xf5/0x140
[ 121.511562][ T3014] ieee80211_destroy_auth_data+0x12d/0x260
[ 121.511577][ T3014] ieee80211_sta_work+0x11cf/0x3600
[ 121.511590][ T3014] ? do_raw_spin_unlock+0x4d/0x240
[ 121.511602][ T3014] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 121.511611][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 121.511622][ T3014] ? __lock_acquire+0xab9/0xd20
[ 121.511635][ T3014] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 121.511648][ T3014] ? do_raw_spin_lock+0x121/0x290
[ 121.511659][ T3014] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 121.511669][ T3014] ? lockdep_hardirqs_on+0x9c/0x150
[ 121.511680][ T3014] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 121.511689][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 121.511700][ T3014] ? queue_work_on+0x1d7/0x270
[ 121.511711][ T3014] ? skb_dequeue+0x10e/0x150
[ 121.511720][ T3014] ? ieee80211_iface_work+0xfc4/0x12d0
[ 121.511732][ T3014] ? ieee80211_iface_work+0x11d6/0x12d0
[ 121.511743][ T3014] ? rcu_is_watching+0x15/0xb0
[ 121.511752][ T3014] cfg80211_wiphy_work+0x2b8/0x470
[ 121.511764][ T3014] ? process_scheduled_works+0x9ef/0x17b0
[ 121.511773][ T3014] process_scheduled_works+0xade/0x17b0
[ 121.511789][ T3014] ? __pfx_process_scheduled_works+0x10/0x10
[ 121.511801][ T3014] worker_thread+0x8a0/0xda0
[ 121.511811][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 121.511821][ T3014] ? __kthread_parkme+0x7b/0x200
[ 121.511834][ T3014] kthread+0x70e/0x8a0
[ 121.511852][ T3014] ? __pfx_worker_thread+0x10/0x10
[ 121.511860][ T3014] ? __pfx_kthread+0x10/0x10
[ 121.511871][ T3014] ? _raw_spin_unlock_irq+0x23/0x50
[ 121.511879][ T3014] ? lockdep_hardirqs_on+0x9c/0x150
[ 121.511888][ T3014] ? __pfx_kthread+0x10/0x10
[ 121.511899][ T3014] ret_from_fork+0x3fc/0x770
[ 121.511910][ T3014] ? __pfx_ret_from_fork+0x10/0x10
[ 121.511920][ T3014] ? __pfx_kthread+0x10/0x10
[ 121.511931][ T3014] ret_from_fork_asm+0x1a/0x30
[ 121.511949][ T3014]
[ 121.511953][ T3014]
[ 121.668698][ T3014] Allocated by task 5713:
[ 121.670516][ T3014] kasan_save_track+0x3e/0x80
[ 121.672593][ T3014] __kasan_slab_alloc+0x6c/0x80
[ 121.674784][ T3014] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 121.677298][ T3014] __d_alloc+0x36/0x7a0
[ 121.679166][ T3014] d_alloc_parallel+0xe5/0x15e0
[ 121.681826][ T3014] __lookup_slow+0x116/0x3d0
[ 121.684320][ T3014] simple_start_creating+0xfd/0x1e0
[ 121.687081][ T3014] start_creating+0x10f/0x180
[ 121.689877][ T3014] debugfs_create_dir+0x28/0x420
[ 121.692523][ T3014] ieee80211_sta_debugfs_add+0x12c/0x850
[ 121.695322][ T3014] sta_info_insert_rcu+0xfac/0x1940
[ 121.697723][ T3014] sta_info_insert+0x16/0xc0
[ 121.699745][ T3014] ieee80211_prep_connection+0xfce/0x13f0
[ 121.702170][ T3014] ieee80211_mgd_auth+0xee3/0x1770
[ 121.704344][ T3014] cfg80211_mlme_auth+0x632/0x9c0
[ 121.706488][ T3014] cfg80211_conn_do_work+0x501/0xd10
[ 121.708759][ T3014] cfg80211_connect+0x1862/0x21a0
[ 121.710962][ T3014] nl80211_connect+0x17bc/0x1cd0
[ 121.713088][ T3014] genl_family_rcv_msg_doit+0x215/0x300
[ 121.715465][ T3014] genl_rcv_msg+0x60e/0x790
[ 121.717530][ T3014] netlink_rcv_skb+0x208/0x470
[ 121.719603][ T3014] genl_rcv+0x28/0x40
[ 121.721377][ T3014] netlink_unicast+0x82c/0x9e0
[ 121.723421][ T3014] netlink_sendmsg+0x805/0xb30
[ 121.725453][ T3014] __sock_sendmsg+0x21c/0x270
[ 121.727644][ T3014] ____sys_sendmsg+0x505/0x830
[ 121.729792][ T3014] ___sys_sendmsg+0x21f/0x2a0
[ 121.731926][ T3014] __x64_sys_sendmsg+0x19b/0x260
[ 121.734184][ T3014] do_syscall_64+0xfa/0x3b0
[ 121.736447][ T3014] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.739249][ T3014]
[ 121.740353][ T3014] Freed by task 15:
[ 121.742033][ T3014] kasan_save_track+0x3e/0x80
[ 121.744158][ T3014] kasan_save_free_info+0x46/0x50
[ 121.746335][ T3014] __kasan_slab_free+0x5b/0x80
[ 121.748403][ T3014] kmem_cache_free+0x18f/0x400
[ 121.750550][ T3014] rcu_core+0xca8/0x1770
[ 121.752402][ T3014] handle_softirqs+0x283/0x870
[ 121.754669][ T3014] run_ksoftirqd+0x9b/0x100
[ 121.756989][ T3014] smpboot_thread_fn+0x53f/0xa60
[ 121.759126][ T3014] kthread+0x70e/0x8a0
[ 121.760611][ T3014] ret_from_fork+0x3fc/0x770
[ 121.763074][ T3014] ret_from_fork_asm+0x1a/0x30
[ 121.765380][ T3014]
[ 121.766627][ T3014] Last potentially related work creation:
[ 121.769103][ T3014] kasan_save_stack+0x3e/0x60
[ 121.771088][ T3014] kasan_record_aux_stack+0xbd/0xd0
[ 121.773345][ T3014] call_rcu+0x157/0x9c0
[ 121.775092][ T3014] __dentry_kill+0x4d2/0x660
[ 121.777314][ T3014] dput+0x19f/0x2b0
[ 121.779024][ T3014] find_next_child+0x1e5/0x250
[ 121.781094][ T3014] __simple_recursive_removal+0x10b/0x510
[ 121.783746][ T3014] debugfs_remove+0x5b/0x70
[ 121.785762][ T3014] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 121.788646][ T3014] drv_remove_interface+0x1fa/0x590
[ 121.791187][ T3014] ieee80211_change_mac+0x912/0x12d0
[ 121.793402][ T3014] netif_set_mac_address+0x2fc/0x4c0
[ 121.795540][ T3014] dev_set_mac_address+0x12b/0x260
[ 121.797539][ T3014] bond_set_mac_address+0x26c/0x7b0
[ 121.799584][ T3014] netif_set_mac_address+0x2fc/0x4c0
[ 121.801637][ T3014] do_setlink+0x88c/0x41c0
[ 121.803447][ T3014] rtnl_newlink+0x160b/0x1c70
[ 121.805349][ T3014] rtnetlink_rcv_msg+0x7cc/0xb70
[ 121.807357][ T3014] netlink_rcv_skb+0x208/0x470
[ 121.809446][ T3014] netlink_unicast+0x82c/0x9e0
[ 121.811521][ T3014] netlink_sendmsg+0x805/0xb30
[ 121.813571][ T3014] __sock_sendmsg+0x21c/0x270
[ 121.815634][ T3014] ____sys_sendmsg+0x505/0x830
[ 121.817741][ T3014] ___sys_sendmsg+0x21f/0x2a0
[ 121.819834][ T3014] __x64_sys_sendmsg+0x19b/0x260
[ 121.821982][ T3014] do_syscall_64+0xfa/0x3b0
[ 121.824000][ T3014] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.827010][ T3014]
[ 121.828269][ T3014] The buggy address belongs to the object at ffff8880427b8468
[ 121.828269][ T3014] which belongs to the cache dentry of size 312
[ 121.834299][ T3014] The buggy address is located 208 bytes inside of
[ 121.834299][ T3014] freed 312-byte region [ffff8880427b8468, ffff8880427b85a0)
[ 121.840170][ T3014]
[ 121.841269][ T3014] The buggy address belongs to the physical page:
[ 121.844061][ T3014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x427b8
[ 121.847829][ T3014] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 121.851563][ T3014] memcg:ffff8880557a1501
[ 121.853610][ T3014] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 121.856965][ T3014] page_type: f5(slab)
[ 121.858783][ T3014] raw: 04fff00000000040 ffff88801b6cc780 ffffea000105f080 dead000000000002
[ 121.862560][ T3014] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff8880557a1501
[ 121.866432][ T3014] head: 04fff00000000040 ffff88801b6cc780 ffffea000105f080 dead000000000002
[ 121.870873][ T3014] head: 0000000000000000 0000000000150015 00000000f5000000 ffff8880557a1501
[ 121.874948][ T3014] head: 04fff00000000001 ffffea000109ee01 00000000ffffffff 00000000ffffffff
[ 121.878725][ T3014] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 121.882819][ T3014] page dumped because: kasan: bad access detected
[ 121.885680][ T3014] page_owner tracks the page as allocated
[ 121.888203][ T3014] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4755, tgid 4755 (udevd), ts 35802894246, free_ts 0
[ 121.897463][ T3014] post_alloc_hook+0x240/0x2a0
[ 121.899501][ T3014] get_page_from_freelist+0x21e4/0x22c0
[ 121.901471][ T3014] __alloc_frozen_pages_noprof+0x181/0x370
[ 121.904158][ T3014] alloc_pages_mpol+0x232/0x4a0
[ 121.906533][ T3014] allocate_slab+0x8a/0x370
[ 121.908861][ T3014] ___slab_alloc+0xbeb/0x1410
[ 121.911240][ T3014] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 121.913830][ T3014] __d_alloc+0x36/0x7a0
[ 121.915591][ T3014] d_alloc+0x4b/0x190
[ 121.917461][ T3014] lookup_one_qstr_excl+0xdc/0x360
[ 121.919767][ T3014] do_renameat2+0x40e/0xa80
[ 121.921665][ T3014] __x64_sys_rename+0x82/0x90
[ 121.923671][ T3014] do_syscall_64+0xfa/0x3b0
[ 121.925631][ T3014] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.928132][ T3014] page_owner free stack trace missing
[ 121.930618][ T3014]
[ 121.931732][ T3014] Memory state around the buggy address:
[ 121.934209][ T3014] ffff8880427b8400: 00 00 00 00 00 fc fc fc fc fc fc fc fc fa fb fb
[ 121.938086][ T3014] ffff8880427b8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 121.941448][ T3014] >ffff8880427b8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 121.944976][ T3014] ^
[ 121.947794][ T3014] ffff8880427b8580: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[ 121.951212][ T3014] ffff8880427b8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 121.954787][ T3014] ==================================================================
[ 121.962276][ T3014] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 121.965356][ T3014] CPU: 0 UID: 0 PID: 3014 Comm: kworker/u4:10 Not tainted 6.16.0-syzkaller-12016-gbec077162bd0 #0 PREEMPT(full)
[ 121.970444][ T3014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 121.975083][ T3014] Workqueue: events_unbound cfg80211_wiphy_work
[ 121.977829][ T3014] Call Trace:
[ 121.979342][ T3014]
[ 121.980688][ T3014] dump_stack_lvl+0x99/0x250
[ 121.982857][ T3014] ? __asan_memcpy+0x40/0x70
[ 121.984980][ T3014] ? __pfx_dump_stack_lvl+0x10/0x10
[ 121.987547][ T3014] ? __pfx__printk+0x10/0x10
[ 121.989676][ T3014] vpanic+0x281/0x750
[ 121.991550][ T3014] ? __pfx_vpanic+0x10/0x10
[ 121.993603][ T3014] ? irqentry_exit+0x74/0x90
[ 121.995617][ T3014] panic+0xb9/0xc0
[ 121.997382][ T3014] ? __pfx_panic+0x10/0x10
[ 121.999303][ T3014] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 122.002027][ T3014] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 122.004585][ T3014] ? is_module_address+0x17/0xf0
[ 122.006754][ T3014] ? _raw_spin_lock+0x2e/0x40
[ 122.008756][ T3014] check_panic_on_warn+0x89/0xb0
[ 122.011038][ T3014] ? _raw_spin_lock+0x2e/0x40
[ 122.013275][ T3014] end_report+0x78/0x160
[ 122.015603][ T3014] kasan_report+0x129/0x150
[ 122.017730][ T3014] ? _raw_spin_lock+0x2e/0x40
[ 122.019858][ T3014] ? lockref_get+0x15/0x60
[ 122.021872][ T3014] __kasan_check_byte+0x2a/0x40
[ 122.024055][ T3014] lock_acquire+0x8d/0x360
[ 122.026325][ T3014] ? do_raw_spin_lock+0x121/0x290
[ 122.029122][ T3014] _raw_spin_lock+0x2e/0x40
[ 122.031750][ T3014] ? lockref_get+0x15/0x60
[ 122.033816][ T3014] lockref_get+0x15/0x60
[ 122.035907][ T3014] __simple_recursive_removal+0x33/0x510
[ 122.038360][ T3014] ? mntput+0x65/0xc0
[ 122.040047][ T3014] ? __pfx_remove_one+0x10/0x10
[ 122.042071][ T3014] debugfs_remove+0x5b/0x70
[ 122.044301][ T3014] ieee80211_sta_debugfs_remove+0x40/0x70
[ 122.046949][ T3014] __sta_info_destroy_part2+0x352/0x450
[ 122.049384][ T3014] sta_info_destroy_addr+0xf5/0x140
[ 122.051697][ T3014] ieee80211_destroy_auth_data+0x12d/0x260
[ 122.054201][ T3014] ieee80211_sta_work+0x11cf/0x3600
[ 122.056427][ T3014] ? do_raw_spin_unlock+0x4d/0x240
[ 122.058796][ T3014] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 122.061495][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 122.064321][ T3014] ? __lock_acquire+0xab9/0xd20
[ 122.066532][ T3014] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 122.069088][ T3014] ? do_raw_spin_lock+0x121/0x290
[ 122.071290][ T3014] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 122.073867][ T3014] ? lockdep_hardirqs_on+0x9c/0x150
[ 122.076136][ T3014] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 122.078687][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 122.082065][ T3014] ? queue_work_on+0x1d7/0x270
[ 122.084550][ T3014] ? skb_dequeue+0x10e/0x150
[ 122.087064][ T3014] ? ieee80211_iface_work+0xfc4/0x12d0
[ 122.089372][ T3014] ? ieee80211_iface_work+0x11d6/0x12d0
[ 122.091721][ T3014] ? rcu_is_watching+0x15/0xb0
[ 122.093766][ T3014] cfg80211_wiphy_work+0x2b8/0x470
[ 122.095983][ T3014] ? process_scheduled_works+0x9ef/0x17b0
[ 122.098444][ T3014] process_scheduled_works+0xade/0x17b0
[ 122.100743][ T3014] ? __pfx_process_scheduled_works+0x10/0x10
[ 122.103299][ T3014] worker_thread+0x8a0/0xda0
[ 122.105489][ T3014] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 122.108177][ T3014] ? __kthread_parkme+0x7b/0x200
[ 122.110225][ T3014] kthread+0x70e/0x8a0
[ 122.111986][ T3014] ? __pfx_worker_thread+0x10/0x10
[ 122.114013][ T3014] ? __pfx_kthread+0x10/0x10
[ 122.115974][ T3014] ? _raw_spin_unlock_irq+0x23/0x50
[ 122.118264][ T3014] ? lockdep_hardirqs_on+0x9c/0x150
[ 122.120523][ T3014] ? __pfx_kthread+0x10/0x10
[ 122.122494][ T3014] ret_from_fork+0x3fc/0x770
[ 122.124426][ T3014] ? __pfx_ret_from_fork+0x10/0x10
[ 122.126622][ T3014] ? __pfx_kthread+0x10/0x10
[ 122.128479][ T3014] ret_from_fork_asm+0x1a/0x30
[ 122.130447][ T3014]
[ 122.132153][ T3014] Kernel Offset: disabled
[ 122.133874][ T3014] Rebooting in 86400 seconds..
VM DIAGNOSIS:
19:04:01 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000d9aed70
R8 =ffff888033968237 R9 =1ffff1100672d046 R10=dffffc0000000000 R11=ffffffff85500110
R12=dffffc0000000000 R13=ffffffff99afd8e8 R14=ffffffff99df28e0 R15=0000000000000000
RIP=ffffffff8550018c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d218000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdd16787b50 CR3=000000004486e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1a8e01e6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1a8e01e6 00007ffd1a8e01ec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406c12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00050005ff480224 0001000e00140325 fb6ebde80000000f 000e480a2eb94cdb
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24078ed100 00007f2406d87460 00007f2406d87478 0000000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2406d874b8 00007f2406d874b0 00007f2406d874a8 00007f2406d874a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000