DUID 00:04:02:40:b4:1b:63:80:2c:d1:41:b7:a3:cb:95:3e:6a:64 forked to background, child pid 4757 [ 46.376798][ T4758] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.393169][ T4758] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.155' (ED25519) to the list of known hosts. 2024/05/24 19:10:22 fuzzer started 2024/05/24 19:10:22 dialing manager at 10.128.0.169:30002 syzkaller login: [ 68.964936][ T5093] cgroup: Unknown subsys name 'net' [ 69.124348][ T5093] cgroup: Unknown subsys name 'rlimit' 2024/05/24 19:10:24 starting 6 executor processes [ 70.449672][ T5094] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.988380][ T1231] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.995137][ T1231] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.064738][ T5121] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.081383][ T5126] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.109573][ T5133] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.118042][ T5133] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.125738][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.133359][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.136593][ T5134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.142905][ T5133] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.151669][ T5135] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.155669][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.162448][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.173269][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.177210][ T5134] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.191049][ T5134] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.200937][ T5137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.201397][ T5135] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.208184][ T5137] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.217583][ T5135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.223963][ T5137] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.230323][ T5134] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.236117][ T5137] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.244252][ T5135] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.251813][ T5138] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.257819][ T5134] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 72.264384][ T5135] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.270925][ T5134] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.277611][ T5138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.285976][ T5134] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.292642][ T5138] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.298987][ T5134] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.307960][ T5138] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.320848][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.321208][ T5138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.355415][ T5134] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.379897][ T5138] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.387739][ T5134] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.163860][ T5115] chnl_net:caif_netlink_parms(): no params data found [ 73.240346][ T5123] chnl_net:caif_netlink_parms(): no params data found [ 73.373207][ T5118] chnl_net:caif_netlink_parms(): no params data found [ 73.453305][ T5114] chnl_net:caif_netlink_parms(): no params data found [ 73.498450][ T5117] chnl_net:caif_netlink_parms(): no params data found [ 73.571656][ T5115] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.578983][ T5115] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.587640][ T5115] bridge_slave_0: entered allmulticast mode [ 73.595152][ T5115] bridge_slave_0: entered promiscuous mode [ 73.604946][ T5116] chnl_net:caif_netlink_parms(): no params data found [ 73.630278][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.637630][ T5123] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.645033][ T5123] bridge_slave_0: entered allmulticast mode [ 73.652549][ T5123] bridge_slave_0: entered promiscuous mode [ 73.661195][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.668488][ T5123] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.676116][ T5123] bridge_slave_1: entered allmulticast mode [ 73.683742][ T5123] bridge_slave_1: entered promiscuous mode [ 73.707267][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.714888][ T5115] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.722649][ T5115] bridge_slave_1: entered allmulticast mode [ 73.729848][ T5115] bridge_slave_1: entered promiscuous mode [ 73.850272][ T5123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.876489][ T5115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.890686][ T5115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.928137][ T5123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.045135][ T5118] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.052969][ T5118] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.060152][ T5118] bridge_slave_0: entered allmulticast mode [ 74.068578][ T5118] bridge_slave_0: entered promiscuous mode [ 74.121214][ T5115] team0: Port device team_slave_0 added [ 74.147213][ T5123] team0: Port device team_slave_0 added [ 74.154207][ T5118] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.161358][ T5118] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.168763][ T5118] bridge_slave_1: entered allmulticast mode [ 74.176883][ T5118] bridge_slave_1: entered promiscuous mode [ 74.228452][ T5115] team0: Port device team_slave_1 added [ 74.253444][ T5123] team0: Port device team_slave_1 added [ 74.259712][ T5114] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.267688][ T5114] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.275227][ T5114] bridge_slave_0: entered allmulticast mode [ 74.282930][ T5114] bridge_slave_0: entered promiscuous mode [ 74.304697][ T5117] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.316767][ T5117] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.324345][ T5117] bridge_slave_0: entered allmulticast mode [ 74.331512][ T5117] bridge_slave_0: entered promiscuous mode [ 74.397031][ T5114] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.409786][ T5114] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.417009][ T5114] bridge_slave_1: entered allmulticast mode [ 74.423355][ T5124] Bluetooth: hci3: command tx timeout [ 74.423853][ T5124] Bluetooth: hci5: command tx timeout [ 74.431961][ T5138] Bluetooth: hci4: command tx timeout [ 74.435250][ T5124] Bluetooth: hci0: command tx timeout [ 74.440212][ T5138] Bluetooth: hci2: command tx timeout [ 74.446247][ T5124] Bluetooth: hci1: command tx timeout [ 74.459534][ T5114] bridge_slave_1: entered promiscuous mode [ 74.469313][ T5118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.483411][ T5118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.493097][ T5117] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.500240][ T5117] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.508068][ T5117] bridge_slave_1: entered allmulticast mode [ 74.516009][ T5117] bridge_slave_1: entered promiscuous mode [ 74.537471][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.544647][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.552198][ T5116] bridge_slave_0: entered allmulticast mode [ 74.559641][ T5116] bridge_slave_0: entered promiscuous mode [ 74.568866][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.576291][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.602644][ T5115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.616579][ T5123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.623692][ T5123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.649749][ T5123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.718675][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.726315][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.733677][ T5116] bridge_slave_1: entered allmulticast mode [ 74.740818][ T5116] bridge_slave_1: entered promiscuous mode [ 74.749309][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.756634][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.783239][ T5115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.795147][ T5123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.802537][ T5123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.828926][ T5123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.845502][ T5114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.859204][ T5114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.885426][ T5117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.944669][ T5118] team0: Port device team_slave_0 added [ 74.953500][ T5117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.015429][ T5118] team0: Port device team_slave_1 added [ 75.025275][ T5114] team0: Port device team_slave_0 added [ 75.048781][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.078153][ T5115] hsr_slave_0: entered promiscuous mode [ 75.088171][ T5115] hsr_slave_1: entered promiscuous mode [ 75.112551][ T5114] team0: Port device team_slave_1 added [ 75.137142][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.208343][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.215466][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.242149][ T5118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.272192][ T5117] team0: Port device team_slave_0 added [ 75.310365][ T5123] hsr_slave_0: entered promiscuous mode [ 75.318490][ T5123] hsr_slave_1: entered promiscuous mode [ 75.325410][ T5123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.333427][ T5123] Cannot create hsr debugfs directory [ 75.339858][ T5118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.347403][ T5118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.373580][ T5118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.402718][ T5117] team0: Port device team_slave_1 added [ 75.409369][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.416413][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.443029][ T5114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.482494][ T5116] team0: Port device team_slave_0 added [ 75.511027][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.518615][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.545044][ T5114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.573961][ T5116] team0: Port device team_slave_1 added [ 75.659714][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.667738][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.695607][ T5117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.776100][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.783311][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.809413][ T5117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.853353][ T5114] hsr_slave_0: entered promiscuous mode [ 75.860099][ T5114] hsr_slave_1: entered promiscuous mode [ 75.866956][ T5114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.874596][ T5114] Cannot create hsr debugfs directory [ 75.880938][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.889037][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.915562][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.987056][ T5118] hsr_slave_0: entered promiscuous mode [ 75.994917][ T5118] hsr_slave_1: entered promiscuous mode [ 76.001220][ T5118] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.009896][ T5118] Cannot create hsr debugfs directory [ 76.017098][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.024167][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.050114][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.273532][ T5117] hsr_slave_0: entered promiscuous mode [ 76.280130][ T5117] hsr_slave_1: entered promiscuous mode [ 76.286916][ T5117] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.294731][ T5117] Cannot create hsr debugfs directory [ 76.349074][ T5116] hsr_slave_0: entered promiscuous mode [ 76.356169][ T5116] hsr_slave_1: entered promiscuous mode [ 76.363010][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.370566][ T5116] Cannot create hsr debugfs directory [ 76.503043][ T5124] Bluetooth: hci1: command tx timeout [ 76.508487][ T5124] Bluetooth: hci2: command tx timeout [ 76.510773][ T5138] Bluetooth: hci0: command tx timeout [ 76.514588][ T5124] Bluetooth: hci4: command tx timeout [ 76.519487][ T5134] Bluetooth: hci5: command tx timeout [ 76.525407][ T5124] Bluetooth: hci3: command tx timeout [ 76.816190][ T5123] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.858058][ T5123] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.898657][ T5123] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.917149][ T5123] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.974325][ T5115] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.999070][ T5115] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.019032][ T5115] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.029865][ T5115] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.131121][ T5118] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 77.155360][ T5118] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 77.169776][ T5118] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 77.197132][ T5118] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 77.298421][ T5114] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.340711][ T5114] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.378773][ T5114] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.414421][ T5114] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.464403][ T5123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.519461][ T5117] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 77.564848][ T5115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.586435][ T5117] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 77.604353][ T5123] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.627929][ T5117] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 77.640090][ T5117] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 77.728793][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.736223][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.764646][ T5116] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.779586][ T5116] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.806689][ T5118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.821162][ T5116] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.838185][ T5116] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.853795][ T5115] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.865663][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.872846][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.910038][ T5118] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.965764][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.973101][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.988500][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.995817][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.032608][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.039701][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.076634][ T5180] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.083776][ T5180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.170280][ T5114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.380977][ T5114] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.401149][ T5118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.478361][ T5180] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.485567][ T5180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.545599][ T5180] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.552815][ T5180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.586967][ T5117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.590685][ T5121] Bluetooth: hci0: command tx timeout [ 78.593914][ T5138] Bluetooth: hci5: command tx timeout [ 78.599157][ T5121] Bluetooth: hci1: command tx timeout [ 78.605091][ T5134] Bluetooth: hci4: command tx timeout [ 78.615625][ T4488] Bluetooth: hci2: command tx timeout [ 78.618365][ T5124] Bluetooth: hci3: command tx timeout [ 78.675937][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.792544][ T5117] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.915521][ T5116] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.946610][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.953825][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.967617][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.974786][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.025208][ T5123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.048696][ T5115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.075294][ T5181] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.082542][ T5181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.095398][ T5181] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.102573][ T5181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.120984][ T5118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.201386][ T5117] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.415635][ T5115] veth0_vlan: entered promiscuous mode [ 79.495789][ T5115] veth1_vlan: entered promiscuous mode [ 79.527922][ T5123] veth0_vlan: entered promiscuous mode [ 79.621786][ T5123] veth1_vlan: entered promiscuous mode [ 79.777835][ T5115] veth0_macvtap: entered promiscuous mode [ 79.835448][ T5115] veth1_macvtap: entered promiscuous mode [ 79.919304][ T5117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.953720][ T5114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.969919][ T5123] veth0_macvtap: entered promiscuous mode [ 79.987605][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.045451][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.071176][ T5123] veth1_macvtap: entered promiscuous mode [ 80.090300][ T5115] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.101174][ T5115] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.111143][ T5115] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.127631][ T5115] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.143540][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.175555][ T5118] veth0_vlan: entered promiscuous mode [ 80.202417][ T5114] veth0_vlan: entered promiscuous mode [ 80.231220][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.242634][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.268768][ T5123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.318536][ T5118] veth1_vlan: entered promiscuous mode [ 80.337540][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.351775][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.367110][ T5123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.379813][ T5114] veth1_vlan: entered promiscuous mode [ 80.424505][ T5123] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.433972][ T5123] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.443280][ T5123] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.453435][ T5123] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.573895][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.592912][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.649049][ T5118] veth0_macvtap: entered promiscuous mode [ 80.664746][ T5124] Bluetooth: hci3: command tx timeout [ 80.664773][ T5138] Bluetooth: hci1: command tx timeout [ 80.670156][ T5124] Bluetooth: hci0: command tx timeout [ 80.676018][ T5138] Bluetooth: hci5: command tx timeout [ 80.681616][ T5134] Bluetooth: hci4: command tx timeout [ 80.686799][ T5126] Bluetooth: hci2: command tx timeout [ 80.730713][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.734737][ T5114] veth0_macvtap: entered promiscuous mode [ 80.748585][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.756968][ T5118] veth1_macvtap: entered promiscuous mode [ 80.783909][ T5114] veth1_macvtap: entered promiscuous mode [ 80.860173][ T5116] veth0_vlan: entered promiscuous mode [ 80.871574][ T5117] veth0_vlan: entered promiscuous mode executing program 3: syz_emit_ethernet(0x82, &(0x7f0000000880)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "ff690b", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x81000000}}}}}}}, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=@framed, &(0x7f00000001c0)='syzkaller\x00'}, 0x90) (async) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=@framed, &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'netdevsim0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3}, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) [ 80.914127][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.925101][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.940987][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.953364][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.977084][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.999428][ T5116] veth1_vlan: entered promiscuous mode [ 81.044894][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.057386][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.067707][ T5118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.079974][ T5118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.094471][ T5118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.113617][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.124334][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.135023][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.146261][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.156882][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.169047][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.180644][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_0 executing program 3: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000080), 0x10) [ 81.201580][ T5118] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.211125][ T5118] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.220320][ T5118] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.229881][ T5118] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.252637][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.260532][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.272945][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.321823][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.331674][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.362111][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.393208][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0x8000}, {0x80000006}]}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f00000001c0), &(0x7f0000000440)}) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) setxattr(&(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=ANY=[@ANYRES32=r3], &(0x7f00000003c0)=',&-b\x00', 0x5, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000300)=[{0xbcf0, 0x1, 0x7, 0x80000002}]}) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mkdirat(r4, &(0x7f0000000000)='./file1\x00', 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000e80)={@map, 0xffffffffffffffff, 0x2f, 0x6028, 0x0, @prog_fd}, 0x20) move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x220) mkdir(&(0x7f0000000540)='./file1\x00', 0x0) pipe2$9p(&(0x7f0000000400), 0x800) mount$overlay(0x0, &(0x7f00000001c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@dont_appraise}]}) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000380)='./bus\x00') syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x2100020, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60e400ff00403a00fe880000000000000000000000000001ff0200000000000000000059cf94997b3c206f78000000006000000000001100000000000000000000000000000000000000000000000000000000000000000117c1ff2bbd7f66270b"], 0x0) creat(&(0x7f0000000280)='./bus\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x20000000201, 0x191100) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x6}) ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x0, 0xa, 0x1ff, 0x1}) close_range(r1, 0xffffffffffffffff, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) [ 81.411846][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.433823][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.472595][ T5117] veth1_vlan: entered promiscuous mode executing program 3: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) pipe2$watch_queue(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r1, 0x5761, &(0x7f0000000680)={0x1, 0x0, [{}]}) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r1, 0x5761, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x2000000}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@can_delroute={0x154, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_CS_XOR={0x8, 0x5, {0x80}}, @CGW_CS_CRC8={0x11e, 0x6, {0x2, 0x0, 0x0, 0x0, 0x0, "c87b656e285d281181111413f0081ddc21c51ffc7e9526ed8503c2aa9a5e0a96d01a3ad6c30d6baa1bdf0f6c4db0f4286fccba8944cee7e579a8dc8b3cde07b51c0a437334c8c52b2cc9301fdc5a473aaf13fbd5536aa0c719f9e37963f8e40ae29ee94ccd6deef4750b5d9d6e8dc3967a4a5190ce4bc0dc8fac276a4270ec73d98334dbb9a2c0797698e4386e2c1872d2a04e6904ccd29d2a7b59082689da3602b982a9a619fa91f33a33723f92930f8a430d10ca1d979db27615a77556811503f3e6f300770b42f29d54f7f5f2fbe93144d1ee8a63e74d5f84c61acf20e8931d09f7c29048edbaff2ea4b29242fd9eec8082002947c4fa12d0fbffe2c4befd", 0x0, "dbf6ad242710a12236ec1625ac06613fc5f12f67"}}, @CGW_MOD_SET={0x15, 0x4, {{{}, 0x0, 0x0, 0x0, 0x0, "2dc85f04a912dea2"}, 0x1}}]}, 0x154}}, 0x0) sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000800)="c4", 0x1}], 0x1}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r3, 0x715, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}]}]}, 0x30}}, 0x0) bind$llc(r0, &(0x7f0000000080), 0x10) [ 81.617414][ T5114] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.638880][ T5114] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.648418][ T5114] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.661802][ T5114] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.735105][ T5116] veth0_macvtap: entered promiscuous mode [ 81.816901][ T5116] veth1_macvtap: entered promiscuous mode [ 81.839265][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.871167][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.948815][ T5117] veth0_macvtap: entered promiscuous mode [ 81.963542][ T5230] ================================================================== [ 81.971608][ T5230] BUG: KASAN: slab-use-after-free in bpf_link_free+0x234/0x2d0 [ 81.979199][ T5230] Read of size 8 at addr ffff88807aacaa10 by task syz-executor.3/5230 [ 81.987355][ T5230] 2024/05/24 19:10:36 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 81.989675][ T5230] CPU: 0 PID: 5230 Comm: syz-executor.3 Not tainted 6.9.0-syzkaller-10323-g8f6a15f095a6 #0 [ 81.999657][ T5230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 82.009717][ T5230] Call Trace: [ 82.013003][ T5230] [ 82.015933][ T5230] dump_stack_lvl+0x241/0x360 [ 82.020631][ T5230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.025840][ T5230] ? __pfx__printk+0x10/0x10 [ 82.030459][ T5230] ? _printk+0xd5/0x120 [ 82.034643][ T5230] ? __virt_addr_valid+0x183/0x520 [ 82.039948][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.045600][ T5230] print_report+0x169/0x550 [ 82.050121][ T5230] ? __virt_addr_valid+0x183/0x520 [ 82.055254][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.060896][ T5230] ? __virt_addr_valid+0x44e/0x520 [ 82.066112][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.071846][ T5230] ? __phys_addr+0xba/0x170 [ 82.076373][ T5230] ? bpf_link_free+0x234/0x2d0 [ 82.081161][ T5230] kasan_report+0x143/0x180 [ 82.085679][ T5230] ? __pfx_call_rcu+0x10/0x10 [ 82.090374][ T5230] ? bpf_link_free+0x234/0x2d0 [ 82.095163][ T5230] bpf_link_free+0x234/0x2d0 [ 82.099774][ T5230] bpf_link_release+0x7b/0x90 [ 82.104475][ T5230] ? __pfx_bpf_link_release+0x10/0x10 [ 82.109869][ T5230] __fput+0x408/0x8b0 [ 82.113864][ T5230] __x64_sys_close+0x7f/0x110 [ 82.118545][ T5230] do_syscall_64+0xf5/0x240 [ 82.123059][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.128978][ T5230] RIP: 0033:0x7fbca2c7bdda [ 82.133401][ T5230] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 [ 82.153023][ T5230] RSP: 002b:00007ffcf1f9d070 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 82.161455][ T5230] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007fbca2c7bdda [ 82.161780][ T1040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.169505][ T5230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 82.185281][ T5230] RBP: 00007ffcf1f9d148 R08: 00007fbca2c00000 R09: 0000000000000001 [ 82.193350][ T5230] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000014015 [ 82.201418][ T5230] R13: 00007fbca2dabf8c R14: 00007fbca2dabf80 R15: 0000000000000032 [ 82.209496][ T5230] [ 82.212520][ T5230] [ 82.214840][ T5230] Allocated by task 5231: [ 82.219252][ T5230] kasan_save_track+0x3f/0x80 [ 82.223941][ T5230] __kasan_kmalloc+0x98/0xb0 [ 82.228098][ T1040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.228523][ T5230] kmalloc_trace_noprof+0x19c/0x2c0 [ 82.240985][ T5230] bpf_raw_tp_link_attach+0x2a0/0x6e0 [ 82.246374][ T5230] bpf_raw_tracepoint_open+0x1c2/0x240 [ 82.251841][ T5230] __sys_bpf+0x3c0/0x810 [ 82.256107][ T5230] __x64_sys_bpf+0x7c/0x90 [ 82.260544][ T5230] do_syscall_64+0xf5/0x240 [ 82.265055][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.270971][ T5230] [ 82.273292][ T5230] Freed by task 16: [ 82.277093][ T5230] kasan_save_track+0x3f/0x80 [ 82.281780][ T5230] kasan_save_free_info+0x40/0x50 [ 82.286819][ T5230] poison_slab_object+0xe0/0x150 [ 82.291763][ T5230] __kasan_slab_free+0x37/0x60 [ 82.296533][ T5230] kfree+0x149/0x360 [ 82.300439][ T5230] rcu_core+0xaff/0x1830 [ 82.304685][ T5230] handle_softirqs+0x2d8/0x990 [ 82.309449][ T5230] run_ksoftirqd+0xca/0x130 [ 82.313959][ T5230] smpboot_thread_fn+0x546/0xa30 [ 82.318902][ T5230] kthread+0x2f2/0x390 [ 82.322983][ T5230] ret_from_fork+0x4d/0x80 [ 82.327414][ T5230] ret_from_fork_asm+0x1a/0x30 [ 82.332194][ T5230] [ 82.334525][ T5230] Last potentially related work creation: [ 82.340243][ T5230] kasan_save_stack+0x3f/0x60 [ 82.344925][ T5230] __kasan_record_aux_stack+0xac/0xc0 [ 82.350316][ T5230] call_rcu+0x167/0xa70 [ 82.354482][ T5230] bpf_link_free+0x1f8/0x2d0 [ 82.359090][ T5230] bpf_link_release+0x7b/0x90 [ 82.363783][ T5230] __fput+0x408/0x8b0 [ 82.367765][ T5230] __x64_sys_close+0x7f/0x110 [ 82.372445][ T5230] do_syscall_64+0xf5/0x240 [ 82.376956][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.382898][ T5230] [ 82.385252][ T5230] The buggy address belongs to the object at ffff88807aacaa00 [ 82.385252][ T5230] which belongs to the cache kmalloc-128 of size 128 [ 82.399324][ T5230] The buggy address is located 16 bytes inside of [ 82.399324][ T5230] freed 128-byte region [ffff88807aacaa00, ffff88807aacaa80) [ 82.413042][ T5230] [ 82.415362][ T5230] The buggy address belongs to the physical page: [ 82.421763][ T5230] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7aaca [ 82.430526][ T5230] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 82.437638][ T5230] page_type: 0xffffefff(slab) [ 82.442323][ T5230] raw: 00fff00000000000 ffff888015041a00 dead000000000122 0000000000000000 [ 82.450909][ T5230] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 82.459492][ T5230] page dumped because: kasan: bad access detected [ 82.465901][ T5230] page_owner tracks the page as allocated [ 82.471697][ T5230] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x352800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 5115, tgid 5115 (syz-executor.3), ts 81682230482, free_ts 81682138792 [ 82.492812][ T5230] post_alloc_hook+0x1f3/0x230 [ 82.497597][ T5230] get_page_from_freelist+0x2e2d/0x2ee0 [ 82.503255][ T5230] __alloc_pages_noprof+0x256/0x6c0 [ 82.508482][ T5230] alloc_slab_page+0x5f/0x120 [ 82.513172][ T5230] allocate_slab+0x5a/0x2e0 [ 82.517684][ T5230] ___slab_alloc+0xcd1/0x14b0 [ 82.522366][ T5230] __slab_alloc+0x58/0xa0 [ 82.526698][ T5230] __kmalloc_node_noprof+0x28b/0x450 [ 82.532001][ T5230] alloc_slab_obj_exts+0x3a/0xa0 [ 82.536956][ T5230] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 82.542864][ T5230] __kmalloc_node_noprof+0x2aa/0x450 [ 82.548170][ T5230] kvmalloc_node_noprof+0x72/0x190 [ 82.553305][ T5230] xt_alloc_table_info+0x3d/0xa0 [ 82.558258][ T5230] do_ip6t_set_ctl+0xba0/0x1270 [ 82.563115][ T5230] nf_setsockopt+0x297/0x2c0 [ 82.567716][ T5230] do_sock_setsockopt+0x3b1/0x720 [ 82.572760][ T5230] page last free pid 5115 tgid 5115 stack trace: [ 82.579171][ T5230] free_unref_page+0xd22/0xea0 [ 82.583953][ T5230] vfree+0x186/0x2e0 [ 82.587850][ T5230] do_ip6t_get_ctl+0x11eb/0x1820 [ 82.592811][ T5230] nf_getsockopt+0x29b/0x2c0 [ 82.597417][ T5230] ipv6_getsockopt+0x263/0x380 [ 82.602198][ T5230] tcp_getsockopt+0x165/0x1c0 [ 82.606878][ T5230] do_sock_getsockopt+0x375/0x850 [ 82.611919][ T5230] __sys_getsockopt+0x271/0x330 [ 82.616785][ T5230] __x64_sys_getsockopt+0xb5/0xd0 [ 82.621825][ T5230] do_syscall_64+0xf5/0x240 [ 82.626333][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.632255][ T5230] [ 82.634575][ T5230] Memory state around the buggy address: [ 82.640197][ T5230] ffff88807aaca900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.648266][ T5230] ffff88807aaca980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.656332][ T5230] >ffff88807aacaa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.664391][ T5230] ^ [ 82.668973][ T5230] ffff88807aacaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.677036][ T5230] ffff88807aacab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.685096][ T5230] ================================================================== [ 82.693241][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.732319][ T5230] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.739534][ T5230] CPU: 1 PID: 5230 Comm: syz-executor.3 Not tainted 6.9.0-syzkaller-10323-g8f6a15f095a6 #0 [ 82.749524][ T5230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 82.759596][ T5230] Call Trace: [ 82.762884][ T5230] [ 82.765825][ T5230] dump_stack_lvl+0x241/0x360 [ 82.770532][ T5230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.775746][ T5230] ? __pfx__printk+0x10/0x10 [ 82.780363][ T5230] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 82.786366][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.792023][ T5230] ? vscnprintf+0x5d/0x90 [ 82.796377][ T5230] panic+0x349/0x860 [ 82.800309][ T5230] ? check_panic_on_warn+0x21/0xb0 [ 82.805448][ T5230] ? __pfx_panic+0x10/0x10 [ 82.809901][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.815560][ T5230] ? srso_alias_return_thunk+0x5/0xfbef5 [ 82.821217][ T5230] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 82.827228][ T5230] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 82.833582][ T5230] check_panic_on_warn+0x86/0xb0 [ 82.838546][ T5230] ? bpf_link_free+0x234/0x2d0 [ 82.843341][ T5230] end_report+0x77/0x160 [ 82.847606][ T5230] kasan_report+0x154/0x180 [ 82.852134][ T5230] ? __pfx_call_rcu+0x10/0x10 [ 82.856833][ T5230] ? bpf_link_free+0x234/0x2d0 [ 82.861634][ T5230] bpf_link_free+0x234/0x2d0 [ 82.866263][ T5230] bpf_link_release+0x7b/0x90 [ 82.870987][ T5230] ? __pfx_bpf_link_release+0x10/0x10 [ 82.876403][ T5230] __fput+0x408/0x8b0 [ 82.880420][ T5230] __x64_sys_close+0x7f/0x110 [ 82.885122][ T5230] do_syscall_64+0xf5/0x240 [ 82.889647][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.895573][ T5230] RIP: 0033:0x7fbca2c7bdda [ 82.899996][ T5230] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 [ 82.919614][ T5230] RSP: 002b:00007ffcf1f9d070 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 82.928049][ T5230] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007fbca2c7bdda [ 82.936033][ T5230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 82.944010][ T5230] RBP: 00007ffcf1f9d148 R08: 00007fbca2c00000 R09: 0000000000000001 [ 82.951993][ T5230] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000014015 [ 82.959988][ T5230] R13: 00007fbca2dabf8c R14: 00007fbca2dabf80 R15: 0000000000000032 [ 82.967994][ T5230] [ 82.971112][ T5230] Kernel Offset: disabled [ 82.975428][ T5230] Rebooting in 86400 seconds..