Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. 2021/05/23 15:52:25 parsed 1 programs 2021/05/23 15:52:26 executed programs: 0 syzkaller login: [ 1584.640377][ T8427] chnl_net:caif_netlink_parms(): no params data found [ 1584.706999][ T8427] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.714330][ T8427] bridge0: port 1(bridge_slave_0) entered disabled state [ 1584.723536][ T8427] device bridge_slave_0 entered promiscuous mode [ 1584.733045][ T8427] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.740141][ T8427] bridge0: port 2(bridge_slave_1) entered disabled state [ 1584.749653][ T8427] device bridge_slave_1 entered promiscuous mode [ 1584.772598][ T8427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1584.784559][ T8427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1584.807327][ T8427] team0: Port device team_slave_0 added [ 1584.815323][ T8427] team0: Port device team_slave_1 added [ 1584.834180][ T8427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1584.841128][ T8427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1584.867761][ T8427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1584.881772][ T8427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1584.888728][ T8427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1584.916234][ T8427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1584.944670][ T8427] device hsr_slave_0 entered promiscuous mode [ 1584.951950][ T8427] device hsr_slave_1 entered promiscuous mode [ 1585.058382][ T8427] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1585.068499][ T8427] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1585.078352][ T8427] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1585.090923][ T8427] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1585.115494][ T8427] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.122717][ T8427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.130437][ T8427] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.137541][ T8427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.183649][ T8427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1585.196800][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1585.208708][ T8532] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.218220][ T8532] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.227433][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1585.241166][ T8427] 8021q: adding VLAN 0 to HW filter on device team0 [ 1585.253898][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1585.263547][ T8569] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.270608][ T8569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.292299][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1585.300718][ T8569] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.307817][ T8569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.316927][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1585.329080][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1585.338181][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1585.353358][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1585.368280][ T8427] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1585.380403][ T8427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1585.388990][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1585.409573][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1585.417145][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1585.432675][ T8427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1585.453484][ T8569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1585.474355][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1585.483721][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1585.491294][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1585.502627][ T8427] device veth0_vlan entered promiscuous mode [ 1585.515472][ T8427] device veth1_vlan entered promiscuous mode [ 1585.537366][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1585.545661][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1585.554719][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1585.566739][ T8427] device veth0_macvtap entered promiscuous mode [ 1585.577010][ T8427] device veth1_macvtap entered promiscuous mode [ 1585.597674][ T8427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1585.605253][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1585.615323][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1585.627599][ T8427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1585.636563][ T8532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1585.648248][ T8427] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1585.658575][ T8427] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1585.667865][ T8427] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1585.679900][ T8427] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1585.797838][ T25] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1585.807181][ T25] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1585.834360][ T3167] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1585.852514][ T311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1585.860482][ T311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1585.878619][ T8649] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1586.452710][ T8649] Bluetooth: hci0: command 0x0409 tx timeout 2021/05/23 15:52:31 executed programs: 60 [ 1588.532186][ T8649] Bluetooth: hci0: command 0x041b tx timeout [ 1590.612695][ T8402] Bluetooth: hci0: command 0x040f tx timeout [ 1592.691502][ T8402] Bluetooth: hci0: command 0x0419 tx timeout 2021/05/23 15:52:36 executed programs: 194 2021/05/23 15:52:41 executed programs: 330 2021/05/23 15:52:46 executed programs: 459 [ 1606.942598][ T3250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1606.949212][ T3250] ieee802154 phy1 wpan1: encryption failed: -22 2021/05/23 15:52:51 executed programs: 598 2021/05/23 15:52:56 executed programs: 736 2021/05/23 15:53:01 executed programs: 874 2021/05/23 15:53:06 executed programs: 1008 2021/05/23 15:53:11 executed programs: 1144 2021/05/23 15:53:16 executed programs: 1280 2021/05/23 15:53:21 executed programs: 1416 2021/05/23 15:53:26 executed programs: 1549 2021/05/23 15:53:31 executed programs: 1685 2021/05/23 15:53:36 executed programs: 1819 2021/05/23 15:53:41 executed programs: 1957 2021/05/23 15:53:46 executed programs: 2095 [ 1668.382410][ T3250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.382494][ T3250] ieee802154 phy1 wpan1: encryption failed: -22 2021/05/23 15:53:51 executed programs: 2226 2021/05/23 15:53:56 executed programs: 2362 2021/05/23 15:54:01 executed programs: 2498 2021/05/23 15:54:06 executed programs: 2628 2021/05/23 15:54:11 executed programs: 2760 2021/05/23 15:54:16 executed programs: 2891 2021/05/23 15:54:21 executed programs: 3021 2021/05/23 15:54:26 executed programs: 3154 2021/05/23 15:54:31 executed programs: 3286 [ 1711.411931][ T8402] Bluetooth: hci0: command 0x0406 tx timeout 2021/05/23 15:54:36 executed programs: 3418 2021/05/23 15:54:41 executed programs: 3553 2021/05/23 15:54:46 executed programs: 3678 2021/05/23 15:54:51 executed programs: 3809 [ 1729.812798][ T3250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1729.819512][ T3250] ieee802154 phy1 wpan1: encryption failed: -22 2021/05/23 15:54:56 executed programs: 3937 2021/05/23 15:55:01 executed programs: 4073 2021/05/23 15:55:06 executed programs: 4209 2021/05/23 15:55:12 executed programs: 4341 2021/05/23 15:55:17 executed programs: 4469 2021/05/23 15:55:22 executed programs: 4597 2021/05/23 15:55:27 executed programs: 4728 2021/05/23 15:55:32 executed programs: 4861 2021/05/23 15:55:37 executed programs: 4984 2021/05/23 15:55:42 executed programs: 5115 2021/05/23 15:55:47 executed programs: 5241 2021/05/23 15:55:52 executed programs: 5368 [ 1791.263090][ T3250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.269621][ T3250] ieee802154 phy1 wpan1: encryption failed: -22 2021/05/23 15:55:57 executed programs: 5494 2021/05/23 15:56:02 executed programs: 5629 2021/05/23 15:56:07 executed programs: 5760 2021/05/23 15:56:12 executed programs: 5890 2021/05/23 15:56:17 executed programs: 6018 2021/05/23 15:56:22 executed programs: 6149 2021/05/23 15:56:27 executed programs: 6274 2021/05/23 15:56:32 executed programs: 6406 2021/05/23 15:56:37 executed programs: 6537 2021/05/23 15:56:42 executed programs: 6663 2021/05/23 15:56:47 executed programs: 6790 2021/05/23 15:56:52 executed programs: 6908 [ 1852.703319][ T3250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1852.709700][ T3250] ieee802154 phy1 wpan1: encryption failed: -22 2021/05/23 15:56:57 executed programs: 7028 2021/05/23 15:57:02 executed programs: 7164 2021/05/23 15:57:07 executed programs: 7300 2021/05/23 15:57:12 executed programs: 7433 2021/05/23 15:57:17 executed programs: 7569 2021/05/23 15:57:22 executed programs: 7699 2021/05/23 15:57:27 executed programs: 7828 2021/05/23 15:57:32 executed programs: 7959 2021/05/23 15:57:37 executed programs: 8086 2021/05/23 15:57:42 executed programs: 8291 [ 1899.802702][ T6069] ================================================================== [ 1899.810954][ T6069] BUG: KASAN: use-after-free in dump_schedule+0x758/0x7d0 [ 1899.818147][ T6069] Read of size 8 at addr ffff8880166e4440 by task syz-executor.0/6069 [ 1899.826320][ T6069] [ 1899.828679][ T6069] CPU: 0 PID: 6069 Comm: syz-executor.0 Not tainted 5.12.0-syzkaller #0 [ 1899.837144][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1899.847311][ T6069] Call Trace: [ 1899.850966][ T6069] dump_stack+0x141/0x1d7 [ 1899.855386][ T6069] ? dump_schedule+0x758/0x7d0 [ 1899.860143][ T6069] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 1899.867181][ T6069] ? dump_schedule+0x758/0x7d0 [ 1899.871942][ T6069] ? dump_schedule+0x758/0x7d0 [ 1899.876718][ T6069] kasan_report.cold+0x7c/0xd8 [ 1899.881493][ T6069] ? dump_schedule+0x758/0x7d0 [ 1899.886259][ T6069] dump_schedule+0x758/0x7d0 [ 1899.890864][ T6069] ? lock_release+0x720/0x720 [ 1899.895596][ T6069] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1899.901363][ T6069] ? taprio_dequeue_offload+0x410/0x410 [ 1899.906919][ T6069] ? __nla_reserve+0x9a/0xc0 [ 1899.911557][ T6069] ? memcpy+0x39/0x60 [ 1899.915581][ T6069] taprio_dump+0x591/0xd80 [ 1899.919997][ T6069] ? mark_lock+0xef/0x17b0 [ 1899.924427][ T6069] ? advance_sched+0x990/0x990 [ 1899.929195][ T6069] ? sock_sendmsg+0xcf/0x120 [ 1899.933822][ T6069] ? ____sys_sendmsg+0x6e8/0x810 [ 1899.938761][ T6069] ? memcpy+0x39/0x60 [ 1899.942762][ T6069] ? advance_sched+0x990/0x990 [ 1899.947519][ T6069] tc_fill_qdisc+0x60e/0x12a0 [ 1899.952298][ T6069] ? qdisc_class_hash_grow+0x710/0x710 [ 1899.957778][ T6069] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1899.964069][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1899.970413][ T6069] ? __phys_addr+0xc4/0x140 [ 1899.974986][ T6069] ? memset+0x20/0x40 [ 1899.978977][ T6069] ? __build_skb_around+0x23e/0x2f0 [ 1899.984217][ T6069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1899.990456][ T6069] ? __alloc_skb+0x17c/0x340 [ 1899.995071][ T6069] qdisc_notify.isra.0+0x2b1/0x310 [ 1900.000213][ T6069] tc_modify_qdisc+0xf54/0x1a50 [ 1900.005113][ T6069] ? qdisc_create+0x1310/0x1310 [ 1900.010010][ T6069] ? qdisc_create+0x1310/0x1310 [ 1900.014884][ T6069] rtnetlink_rcv_msg+0x44e/0xad0 [ 1900.019879][ T6069] ? rtnetlink_put_metrics+0x510/0x510 [ 1900.025333][ T6069] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1900.030651][ T6069] netlink_rcv_skb+0x153/0x420 [ 1900.035447][ T6069] ? rtnetlink_put_metrics+0x510/0x510 [ 1900.040921][ T6069] ? netlink_ack+0xaa0/0xaa0 [ 1900.045561][ T6069] ? netlink_deliver_tap+0x227/0xba0 [ 1900.050929][ T6069] netlink_unicast+0x533/0x7d0 [ 1900.055941][ T6069] ? netlink_attachskb+0x870/0x870 [ 1900.061050][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1900.067300][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1900.073636][ T6069] ? __phys_addr_symbol+0x2c/0x70 [ 1900.078792][ T6069] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1900.084541][ T6069] ? __check_object_size+0x171/0x3f0 [ 1900.089956][ T6069] netlink_sendmsg+0x856/0xd90 [ 1900.094737][ T6069] ? netlink_unicast+0x7d0/0x7d0 [ 1900.099674][ T6069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1900.105916][ T6069] ? netlink_unicast+0x7d0/0x7d0 [ 1900.110946][ T6069] sock_sendmsg+0xcf/0x120 [ 1900.115365][ T6069] ____sys_sendmsg+0x6e8/0x810 [ 1900.120147][ T6069] ? kernel_sendmsg+0x50/0x50 [ 1900.124816][ T6069] ? do_recvmmsg+0x6d0/0x6d0 [ 1900.129405][ T6069] ? lock_chain_count+0x20/0x20 [ 1900.134266][ T6069] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1900.140318][ T6069] ___sys_sendmsg+0xf3/0x170 [ 1900.145017][ T6069] ? sendmsg_copy_msghdr+0x160/0x160 [ 1900.150487][ T6069] ? __fget_files+0x266/0x3d0 [ 1900.155326][ T6069] ? lock_downgrade+0x6e0/0x6e0 [ 1900.160202][ T6069] ? __fget_files+0x288/0x3d0 [ 1900.164938][ T6069] ? __fget_light+0xea/0x280 [ 1900.169541][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1900.175783][ T6069] __sys_sendmsg+0xe5/0x1b0 [ 1900.180302][ T6069] ? __sys_sendmsg_sock+0x30/0x30 [ 1900.185342][ T6069] ? syscall_enter_from_user_mode+0x27/0x70 [ 1900.191292][ T6069] do_syscall_64+0x3a/0xb0 [ 1900.195702][ T6069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1900.201638][ T6069] RIP: 0033:0x4665d9 [ 1900.205523][ T6069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1900.225126][ T6069] RSP: 002b:00007f6cc5087188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1900.233550][ T6069] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1900.241657][ T6069] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 1900.249677][ T6069] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1900.257683][ T6069] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1900.265666][ T6069] R13: 00007ffdc5442b2f R14: 00007f6cc5087300 R15: 0000000000022000 [ 1900.273797][ T6069] [ 1900.276137][ T6069] Allocated by task 6061: [ 1900.280522][ T6069] kasan_save_stack+0x1b/0x40 [ 1900.285281][ T6069] __kasan_kmalloc+0x9b/0xd0 [ 1900.289873][ T6069] taprio_change+0x5fb/0x4030 [ 1900.294672][ T6069] tc_modify_qdisc+0xd50/0x1a50 [ 1900.299667][ T6069] rtnetlink_rcv_msg+0x44e/0xad0 [ 1900.304662][ T6069] netlink_rcv_skb+0x153/0x420 [ 1900.309437][ T6069] netlink_unicast+0x533/0x7d0 [ 1900.314310][ T6069] netlink_sendmsg+0x856/0xd90 [ 1900.319082][ T6069] sock_sendmsg+0xcf/0x120 [ 1900.323532][ T6069] ____sys_sendmsg+0x6e8/0x810 [ 1900.328313][ T6069] ___sys_sendmsg+0xf3/0x170 [ 1900.332903][ T6069] __sys_sendmsg+0xe5/0x1b0 [ 1900.337435][ T6069] do_syscall_64+0x3a/0xb0 [ 1900.341950][ T6069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1900.347842][ T6069] [ 1900.350182][ T6069] Freed by task 8427: [ 1900.354170][ T6069] kasan_save_stack+0x1b/0x40 [ 1900.358870][ T6069] kasan_set_track+0x1c/0x30 [ 1900.363504][ T6069] kasan_set_free_info+0x20/0x30 [ 1900.368489][ T6069] __kasan_slab_free+0xfb/0x130 [ 1900.373415][ T6069] slab_free_freelist_hook+0xdf/0x240 [ 1900.378816][ T6069] kfree+0xe5/0x7f0 [ 1900.382678][ T6069] taprio_free_sched_cb+0x18b/0x240 [ 1900.387879][ T6069] rcu_core+0x7ab/0x13b0 [ 1900.392171][ T6069] __do_softirq+0x29b/0x9f6 [ 1900.396720][ T6069] [ 1900.399059][ T6069] Last potentially related work creation: [ 1900.404760][ T6069] kasan_save_stack+0x1b/0x40 [ 1900.409437][ T6069] kasan_record_aux_stack+0xe5/0x110 [ 1900.414736][ T6069] call_rcu+0xb1/0x750 [ 1900.418798][ T6069] taprio_change+0x2e82/0x4030 [ 1900.423717][ T6069] tc_modify_qdisc+0xd50/0x1a50 [ 1900.428567][ T6069] rtnetlink_rcv_msg+0x44e/0xad0 [ 1900.433497][ T6069] netlink_rcv_skb+0x153/0x420 [ 1900.438255][ T6069] netlink_unicast+0x533/0x7d0 [ 1900.443018][ T6069] netlink_sendmsg+0x856/0xd90 [ 1900.447780][ T6069] sock_sendmsg+0xcf/0x120 [ 1900.452228][ T6069] ____sys_sendmsg+0x6e8/0x810 [ 1900.456999][ T6069] ___sys_sendmsg+0xf3/0x170 [ 1900.461585][ T6069] __sys_sendmsg+0xe5/0x1b0 [ 1900.466079][ T6069] do_syscall_64+0x3a/0xb0 [ 1900.470495][ T6069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1900.476420][ T6069] [ 1900.478730][ T6069] The buggy address belongs to the object at ffff8880166e4400 [ 1900.478730][ T6069] which belongs to the cache kmalloc-96 of size 96 [ 1900.492606][ T6069] The buggy address is located 64 bytes inside of [ 1900.492606][ T6069] 96-byte region [ffff8880166e4400, ffff8880166e4460) [ 1900.505708][ T6069] The buggy address belongs to the page: [ 1900.511352][ T6069] page:ffffea000059b900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x166e4 [ 1900.521518][ T6069] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 1900.529156][ T6069] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888011041780 [ 1900.537753][ T6069] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 1900.546322][ T6069] page dumped because: kasan: bad access detected [ 1900.552741][ T6069] page_owner tracks the page as allocated [ 1900.558452][ T6069] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 6056, ts 1899716741514, free_ts 1899585907773 [ 1900.574873][ T6069] get_page_from_freelist+0x1033/0x2b60 [ 1900.580528][ T6069] __alloc_pages+0x1b2/0x500 [ 1900.585114][ T6069] alloc_pages+0x18c/0x2a0 [ 1900.589518][ T6069] allocate_slab+0x2c5/0x4c0 [ 1900.594111][ T6069] ___slab_alloc+0x44c/0x7a0 [ 1900.598708][ T6069] __slab_alloc.constprop.0+0xa7/0xf0 [ 1900.604073][ T6069] kmem_cache_alloc_trace+0x2a3/0x2c0 [ 1900.609453][ T6069] copy_semundo+0x187/0x2f0 [ 1900.614005][ T6069] copy_process+0x2015/0x7120 [ 1900.618726][ T6069] kernel_clone+0xe7/0xab0 [ 1900.623368][ T6069] __do_sys_clone+0xc8/0x110 [ 1900.628014][ T6069] do_syscall_64+0x3a/0xb0 [ 1900.632446][ T6069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1900.638341][ T6069] page last free stack trace: [ 1900.642998][ T6069] free_pcp_prepare+0x223/0x300 [ 1900.647859][ T6069] free_unref_page+0x12/0x1d0 [ 1900.653398][ T6069] __vunmap+0x783/0xb60 [ 1900.657553][ T6069] free_work+0x58/0x70 [ 1900.661631][ T6069] process_one_work+0x98d/0x1600 [ 1900.666632][ T6069] worker_thread+0x64c/0x1120 [ 1900.671310][ T6069] kthread+0x3b1/0x4a0 [ 1900.675526][ T6069] ret_from_fork+0x1f/0x30 [ 1900.680017][ T6069] [ 1900.682546][ T6069] Memory state around the buggy address: [ 1900.688215][ T6069] ffff8880166e4300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1900.696825][ T6069] ffff8880166e4380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1900.704878][ T6069] >ffff8880166e4400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1900.713028][ T6069] ^ [ 1900.719165][ T6069] ffff8880166e4480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1900.727225][ T6069] ffff8880166e4500: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1900.735278][ T6069] ================================================================== [ 1900.743342][ T6069] Disabling lock debugging due to kernel taint [ 1900.755708][ T6069] Kernel panic - not syncing: panic_on_warn set ... [ 1900.762337][ T6069] CPU: 0 PID: 6069 Comm: syz-executor.0 Tainted: G B 5.12.0-syzkaller #0 [ 1900.772070][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1900.782134][ T6069] Call Trace: [ 1900.785417][ T6069] dump_stack+0x141/0x1d7 [ 1900.789768][ T6069] panic+0x306/0x73d [ 1900.793714][ T6069] ? __warn_printk+0xf3/0xf3 [ 1900.798407][ T6069] ? preempt_schedule_common+0x59/0xc0 [ 1900.803878][ T6069] ? dump_schedule+0x758/0x7d0 [ 1900.808664][ T6069] ? preempt_schedule_thunk+0x16/0x18 [ 1900.814107][ T6069] ? trace_hardirqs_on+0x38/0x1c0 [ 1900.819167][ T6069] ? trace_hardirqs_on+0x51/0x1c0 [ 1900.824288][ T6069] ? dump_schedule+0x758/0x7d0 [ 1900.829160][ T6069] ? dump_schedule+0x758/0x7d0 [ 1900.833920][ T6069] end_report.cold+0x5a/0x5a [ 1900.838522][ T6069] kasan_report.cold+0x6a/0xd8 [ 1900.843287][ T6069] ? dump_schedule+0x758/0x7d0 [ 1900.848052][ T6069] dump_schedule+0x758/0x7d0 [ 1900.852646][ T6069] ? lock_release+0x720/0x720 [ 1900.857325][ T6069] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1900.863092][ T6069] ? taprio_dequeue_offload+0x410/0x410 [ 1900.868830][ T6069] ? __nla_reserve+0x9a/0xc0 [ 1900.873627][ T6069] ? memcpy+0x39/0x60 [ 1900.877820][ T6069] taprio_dump+0x591/0xd80 [ 1900.882227][ T6069] ? mark_lock+0xef/0x17b0 [ 1900.886648][ T6069] ? advance_sched+0x990/0x990 [ 1900.891407][ T6069] ? sock_sendmsg+0xcf/0x120 [ 1900.895995][ T6069] ? ____sys_sendmsg+0x6e8/0x810 [ 1900.900917][ T6069] ? memcpy+0x39/0x60 [ 1900.904907][ T6069] ? advance_sched+0x990/0x990 [ 1900.909661][ T6069] tc_fill_qdisc+0x60e/0x12a0 [ 1900.914361][ T6069] ? qdisc_class_hash_grow+0x710/0x710 [ 1900.919834][ T6069] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1900.926075][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1900.932310][ T6069] ? __phys_addr+0xc4/0x140 [ 1900.936907][ T6069] ? memset+0x20/0x40 [ 1900.940881][ T6069] ? __build_skb_around+0x23e/0x2f0 [ 1900.946136][ T6069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1900.952383][ T6069] ? __alloc_skb+0x17c/0x340 [ 1900.956990][ T6069] qdisc_notify.isra.0+0x2b1/0x310 [ 1900.962118][ T6069] tc_modify_qdisc+0xf54/0x1a50 [ 1900.967052][ T6069] ? qdisc_create+0x1310/0x1310 [ 1900.971924][ T6069] ? qdisc_create+0x1310/0x1310 [ 1900.976787][ T6069] rtnetlink_rcv_msg+0x44e/0xad0 [ 1900.981717][ T6069] ? rtnetlink_put_metrics+0x510/0x510 [ 1900.987171][ T6069] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1900.992446][ T6069] netlink_rcv_skb+0x153/0x420 [ 1900.997200][ T6069] ? rtnetlink_put_metrics+0x510/0x510 [ 1901.002644][ T6069] ? netlink_ack+0xaa0/0xaa0 [ 1901.007232][ T6069] ? netlink_deliver_tap+0x227/0xba0 [ 1901.012512][ T6069] netlink_unicast+0x533/0x7d0 [ 1901.017280][ T6069] ? netlink_attachskb+0x870/0x870 [ 1901.022439][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1901.028674][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1901.034904][ T6069] ? __phys_addr_symbol+0x2c/0x70 [ 1901.039912][ T6069] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1901.045832][ T6069] ? __check_object_size+0x171/0x3f0 [ 1901.051109][ T6069] netlink_sendmsg+0x856/0xd90 [ 1901.055873][ T6069] ? netlink_unicast+0x7d0/0x7d0 [ 1901.060872][ T6069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1901.067340][ T6069] ? netlink_unicast+0x7d0/0x7d0 [ 1901.072288][ T6069] sock_sendmsg+0xcf/0x120 [ 1901.076849][ T6069] ____sys_sendmsg+0x6e8/0x810 [ 1901.081604][ T6069] ? kernel_sendmsg+0x50/0x50 [ 1901.086268][ T6069] ? do_recvmmsg+0x6d0/0x6d0 [ 1901.090849][ T6069] ? lock_chain_count+0x20/0x20 [ 1901.095691][ T6069] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1901.101659][ T6069] ___sys_sendmsg+0xf3/0x170 [ 1901.106234][ T6069] ? sendmsg_copy_msghdr+0x160/0x160 [ 1901.111516][ T6069] ? __fget_files+0x266/0x3d0 [ 1901.116207][ T6069] ? lock_downgrade+0x6e0/0x6e0 [ 1901.121050][ T6069] ? __fget_files+0x288/0x3d0 [ 1901.125716][ T6069] ? __fget_light+0xea/0x280 [ 1901.130291][ T6069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1901.136526][ T6069] __sys_sendmsg+0xe5/0x1b0 [ 1901.141038][ T6069] ? __sys_sendmsg_sock+0x30/0x30 [ 1901.146369][ T6069] ? syscall_enter_from_user_mode+0x27/0x70 [ 1901.152274][ T6069] do_syscall_64+0x3a/0xb0 [ 1901.156693][ T6069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1901.162576][ T6069] RIP: 0033:0x4665d9 [ 1901.166472][ T6069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1901.186257][ T6069] RSP: 002b:00007f6cc5087188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1901.194673][ T6069] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1901.202648][ T6069] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 1901.210600][ T6069] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1901.218553][ T6069] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1901.226514][ T6069] R13: 00007ffdc5442b2f R14: 00007f6cc5087300 R15: 0000000000022000 [ 1901.235217][ T6069] Kernel Offset: disabled [ 1901.239540][ T6069] Rebooting in 86400 seconds..