Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. 2024/04/06 08:41:12 fuzzer started 2024/04/06 08:41:12 dialing manager at 10.128.0.169:30007 [ 52.186216][ T5064] cgroup: Unknown subsys name 'net' [ 52.322100][ T5064] cgroup: Unknown subsys name 'rlimit' 2024/04/06 08:41:14 syscalls: 138 2024/04/06 08:41:14 code coverage: enabled 2024/04/06 08:41:14 comparison tracing: enabled 2024/04/06 08:41:14 extra coverage: enabled 2024/04/06 08:41:14 delay kcov mmap: enabled 2024/04/06 08:41:14 setuid sandbox: enabled 2024/04/06 08:41:14 namespace sandbox: enabled 2024/04/06 08:41:14 Android sandbox: /sys/fs/selinux/policy does not exist 2024/04/06 08:41:14 fault injection: enabled 2024/04/06 08:41:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2024/04/06 08:41:14 net packet injection: enabled 2024/04/06 08:41:14 net device setup: enabled 2024/04/06 08:41:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/04/06 08:41:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/04/06 08:41:14 NIC VF setup: PCI device 0000:00:11.0 is not available 2024/04/06 08:41:14 USB emulation: enabled 2024/04/06 08:41:14 hci packet injection: enabled 2024/04/06 08:41:14 wifi device emulation: enabled 2024/04/06 08:41:14 802.15.4 emulation: enabled 2024/04/06 08:41:14 swap file: enabled [ 53.682587][ T5064] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/04/06 08:41:14 starting 5 executor processes [ 54.427326][ T5081] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.443050][ T5084] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.447682][ T5080] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.452091][ T5084] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.459086][ T5080] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.474243][ T5088] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.482671][ T5087] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.492536][ T5087] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.499864][ T5087] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.507115][ T5084] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.507901][ T5087] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.515940][ T5084] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.523872][ T5087] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.530117][ T5084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.536534][ T5087] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.542902][ T5084] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.550267][ T5087] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.564133][ T5087] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.567081][ T5091] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.571597][ T5087] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.579071][ T5084] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.589379][ T5087] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.593115][ T5091] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.606725][ T5091] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.611624][ T5087] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.619460][ T5081] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.635232][ T5091] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.642764][ T5087] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.650105][ T5087] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 54.653887][ T5091] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 55.110644][ T5082] chnl_net:caif_netlink_parms(): no params data found [ 55.209842][ T5085] chnl_net:caif_netlink_parms(): no params data found [ 55.221657][ T5077] chnl_net:caif_netlink_parms(): no params data found [ 55.349970][ T5076] chnl_net:caif_netlink_parms(): no params data found [ 55.380055][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.388064][ T5082] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.395781][ T5082] bridge_slave_0: entered allmulticast mode [ 55.402860][ T5082] bridge_slave_0: entered promiscuous mode [ 55.434260][ T5083] chnl_net:caif_netlink_parms(): no params data found [ 55.470214][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.477486][ T5082] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.484651][ T5082] bridge_slave_1: entered allmulticast mode [ 55.492233][ T5082] bridge_slave_1: entered promiscuous mode [ 55.545432][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.552545][ T5085] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.559806][ T5085] bridge_slave_0: entered allmulticast mode [ 55.566619][ T5085] bridge_slave_0: entered promiscuous mode [ 55.611197][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.619557][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.626808][ T5077] bridge_slave_0: entered allmulticast mode [ 55.633531][ T5077] bridge_slave_0: entered promiscuous mode [ 55.641423][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.648771][ T5085] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.656099][ T5085] bridge_slave_1: entered allmulticast mode [ 55.662812][ T5085] bridge_slave_1: entered promiscuous mode [ 55.672626][ T5082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.687094][ T5082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.720257][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.727598][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.735120][ T5077] bridge_slave_1: entered allmulticast mode [ 55.742004][ T5077] bridge_slave_1: entered promiscuous mode [ 55.832621][ T5085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.844190][ T5082] team0: Port device team_slave_0 added [ 55.854054][ T5082] team0: Port device team_slave_1 added [ 55.860204][ T5076] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.867669][ T5076] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.874969][ T5076] bridge_slave_0: entered allmulticast mode [ 55.881767][ T5076] bridge_slave_0: entered promiscuous mode [ 55.889653][ T5076] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.896911][ T5076] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.904065][ T5076] bridge_slave_1: entered allmulticast mode [ 55.910905][ T5076] bridge_slave_1: entered promiscuous mode [ 55.938335][ T5077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.949712][ T5085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.989490][ T5083] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.999532][ T5083] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.006722][ T5083] bridge_slave_0: entered allmulticast mode [ 56.013386][ T5083] bridge_slave_0: entered promiscuous mode [ 56.024649][ T5077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.056380][ T5085] team0: Port device team_slave_0 added [ 56.087019][ T5076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.096552][ T5083] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.103665][ T5083] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.111736][ T5083] bridge_slave_1: entered allmulticast mode [ 56.118801][ T5083] bridge_slave_1: entered promiscuous mode [ 56.147078][ T5085] team0: Port device team_slave_1 added [ 56.160902][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.167968][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.194166][ T5082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.208419][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.215557][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.241522][ T5082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.262149][ T5076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.294276][ T5083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.308480][ T5077] team0: Port device team_slave_0 added [ 56.354278][ T5076] team0: Port device team_slave_0 added [ 56.362411][ T5083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.382483][ T5077] team0: Port device team_slave_1 added [ 56.398827][ T5085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.405946][ T5085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.431973][ T5085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.458673][ T5076] team0: Port device team_slave_1 added [ 56.488028][ T5083] team0: Port device team_slave_0 added [ 56.505003][ T5085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.511978][ T5085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.538062][ T5085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.567030][ T5082] hsr_slave_0: entered promiscuous mode [ 56.573651][ T5082] hsr_slave_1: entered promiscuous mode [ 56.592658][ T5083] team0: Port device team_slave_1 added [ 56.611016][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.618163][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.625784][ T5088] Bluetooth: hci0: command tx timeout [ 56.644215][ T5077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.661938][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.669007][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.698002][ T5077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.708635][ T5088] Bluetooth: hci3: command tx timeout [ 56.708700][ T5080] Bluetooth: hci4: command tx timeout [ 56.714235][ T5093] Bluetooth: hci1: command tx timeout [ 56.724889][ T5080] Bluetooth: hci2: command tx timeout [ 56.756383][ T5076] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.763359][ T5076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.790137][ T5076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.805152][ T5076] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.812111][ T5076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.838217][ T5076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.877747][ T5085] hsr_slave_0: entered promiscuous mode [ 56.883997][ T5085] hsr_slave_1: entered promiscuous mode [ 56.891028][ T5085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.899247][ T5085] Cannot create hsr debugfs directory [ 56.912861][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.919981][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.945959][ T5083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.959234][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.966311][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.992428][ T5083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.116983][ T5077] hsr_slave_0: entered promiscuous mode [ 57.123231][ T5077] hsr_slave_1: entered promiscuous mode [ 57.129669][ T5077] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.137526][ T5077] Cannot create hsr debugfs directory [ 57.162127][ T5076] hsr_slave_0: entered promiscuous mode [ 57.168650][ T5076] hsr_slave_1: entered promiscuous mode [ 57.176032][ T5076] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.183619][ T5076] Cannot create hsr debugfs directory [ 57.253706][ T5083] hsr_slave_0: entered promiscuous mode [ 57.260182][ T5083] hsr_slave_1: entered promiscuous mode [ 57.270503][ T5083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.278573][ T5083] Cannot create hsr debugfs directory [ 57.552119][ T5085] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 57.562607][ T5085] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 57.596361][ T5085] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 57.624325][ T5085] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 57.712623][ T5082] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 57.752513][ T5082] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 57.777479][ T5082] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 57.801122][ T5077] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.814345][ T5077] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.823414][ T5082] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 57.840512][ T5077] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.882560][ T5077] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.948473][ T5076] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 57.966001][ T5076] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 57.996026][ T5076] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 58.006959][ T5076] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 58.092591][ T5083] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 58.118919][ T5085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.126004][ T5083] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 58.135960][ T5083] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 58.164040][ T5083] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 58.219512][ T5082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.231595][ T5085] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.301759][ T5128] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.309086][ T5128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.333655][ T5082] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.362147][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.369276][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.384217][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.391444][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.416267][ T5077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.449044][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.456188][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.502390][ T5076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.559561][ T5077] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.580309][ T5076] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.603938][ T5083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.641093][ T5085] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 58.653222][ T5085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.673993][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.681120][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.707310][ T5091] Bluetooth: hci0: command tx timeout [ 58.710400][ T5083] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.727644][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.734852][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.747062][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.754227][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.784883][ T5091] Bluetooth: hci2: command tx timeout [ 58.790322][ T5091] Bluetooth: hci1: command tx timeout [ 58.798226][ T5080] Bluetooth: hci3: command tx timeout [ 58.798396][ T5093] Bluetooth: hci4: command tx timeout [ 58.811590][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.818825][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.874045][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.881261][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.900609][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.907815][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.002809][ T5076] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.050989][ T5085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.099217][ T5083] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.249986][ T5082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.283593][ T5085] veth0_vlan: entered promiscuous mode [ 59.340503][ T5085] veth1_vlan: entered promiscuous mode [ 59.488644][ T5082] veth0_vlan: entered promiscuous mode [ 59.524618][ T5085] veth0_macvtap: entered promiscuous mode [ 59.535623][ T5082] veth1_vlan: entered promiscuous mode [ 59.557881][ T5076] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.578229][ T5085] veth1_macvtap: entered promiscuous mode [ 59.631516][ T5083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.648751][ T5077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.659067][ T5082] veth0_macvtap: entered promiscuous mode [ 59.700282][ T5082] veth1_macvtap: entered promiscuous mode [ 59.722578][ T5076] veth0_vlan: entered promiscuous mode [ 59.753056][ T5085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.793480][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.805801][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.818509][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.828817][ T5076] veth1_vlan: entered promiscuous mode [ 59.840719][ T5085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.869480][ T5085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.881869][ T5085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.891338][ T5085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.902293][ T5085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.940340][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.952632][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.964211][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.979994][ T5082] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.989530][ T5082] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.999305][ T5082] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.008552][ T5082] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.058841][ T5076] veth0_macvtap: entered promiscuous mode [ 60.066651][ T5077] veth0_vlan: entered promiscuous mode [ 60.095900][ T5076] veth1_macvtap: entered promiscuous mode [ 60.138710][ T5077] veth1_vlan: entered promiscuous mode [ 60.201699][ T5083] veth0_vlan: entered promiscuous mode [ 60.219478][ T5076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.231420][ T5076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.241702][ T5076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.252192][ T5076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.264129][ T5076] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.292450][ T5083] veth1_vlan: entered promiscuous mode [ 60.334493][ T5076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.338281][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.345977][ T5076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.360208][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.363505][ T5076] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.383340][ T5076] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.396841][ T5076] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.441680][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.447262][ T5076] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.449760][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.464876][ T5076] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.477326][ T5076] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.487377][ T5076] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.534593][ T5077] veth0_macvtap: entered promiscuous mode [ 60.571862][ T5077] veth1_macvtap: entered promiscuous mode [ 60.578388][ T5126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.589064][ T5126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.607443][ T5083] veth0_macvtap: entered promiscuous mode [ 60.667439][ T5083] veth1_macvtap: entered promiscuous mode [ 60.690607][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.704293][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.720469][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.731158][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.741262][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.753645][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.766242][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.775025][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.783277][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.790719][ T5093] Bluetooth: hci0: command tx timeout 08:41:21 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8201, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="18e7ffb9bafa70f500010000000100000000020000b98abf52000046475ac9652a15c3ff127bcbe774b73a1c826c1721577d6e09730d2fa1b295d2a52421c4161ff44963b8fc755d6d27e07d67ba4c7d70483770c79f0c87dfe521a59bce51f36dc5223d30be1fc1a5b16060f4246e"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x9, 0xf, &(0x7f0000001000)=ANY=[@ANYBLOB="18000000000000000000c8efebf83c0c00000000000003110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], 0x0}, 0x90) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016000400014002000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001640)={&(0x7f0000001540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union={0x200001}]}}, 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000d40)={r3, 0x20, &(0x7f0000000d00)={&(0x7f0000000bc0)=""/144, 0x90, 0x0, &(0x7f0000000c80)=""/127, 0x7f}}, 0x10) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d80)={0xffffffffffffffff, 0xffffffff}, 0xc) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r7}, {}, {0x3, 0x3, 0x3, 0x2}, {0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0xa}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@cb_func={0x18, 0xa, 0x4, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x26}, 0x90) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000dc0)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x4}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r9}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r9, 0x0, 0x100000000000000}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0x16, 0x0, &(0x7f0000000ac0), &(0x7f0000000b00)='GPL\x00', 0x101, 0x26, &(0x7f0000000780)=""/38, 0x41100, 0x1d, '\x00', 0x0, 0x5, r3, 0x8, &(0x7f0000000b80)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r4, r1, 0x0, &(0x7f0000000e40)=[r5, r6, r8, r9, 0x1, 0x1], &(0x7f0000000e80), 0x10, 0xffffffff}, 0x90) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x33, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfff}}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0xa2}, @alu={0x0, 0x1, 0x5, 0x0, 0x8, 0xc, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3ff}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x5}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0xd5, &(0x7f0000000400)=""/213, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000001c0)=[0x1, 0x1, 0x1, 0x1], &(0x7f0000000500)=[{0x2, 0x1, 0xe, 0x1}, {0x0, 0x4, 0xd, 0x5}, {0x3, 0x1, 0x6, 0x5}, {0x3, 0x5, 0xf, 0x4}, {0x0, 0x1, 0x4, 0x1}, {0x5, 0x4, 0x7, 0xb}, {0x4, 0x1, 0x10, 0x9}, {0x1, 0x3, 0x5, 0x2}], 0x10, 0x1}, 0x90) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000640)=r10) socket$kcm(0x10, 0x2, 0x0) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) r12 = socket$kcm(0x11, 0x200000000000002, 0x300) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r12, 0x107, 0x12, &(0x7f0000000100)=r13, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r14 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0xed, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8619, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x4, @perf_config_ext, 0x57aea82eb0ffc6f4, 0x0, 0x0, 0x0, 0xb0c, 0x0, 0xac4, 0x0, 0xffffffff, 0x0, 0x7}, 0x0, 0x2, 0xffffffffffffffff, 0x3) r15 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x7, 0xb, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x49, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r13, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r14, 0x40042408, r15) r16 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r16, 0x84, 0x79, &(0x7f0000000000), 0x8) [ 60.815708][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.828983][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.859942][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.871645][ T5093] Bluetooth: hci1: command tx timeout [ 60.874857][ T5088] Bluetooth: hci3: command tx timeout [ 60.877794][ T5093] Bluetooth: hci2: command tx timeout [ 60.882417][ T5088] Bluetooth: hci4: command tx timeout [ 60.895634][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.905621][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.916164][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.927833][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.940390][ T5083] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.950782][ T5083] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.962695][ T5083] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.971635][ T5083] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.993968][ T5161] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 61.003125][ T5161] netlink: 160 bytes leftover after parsing attributes in process `syz-executor.2'. 08:41:21 executing program 3: r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB], 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x401c5820, &(0x7f0000000040)={r2, r1}) 08:41:21 executing program 2: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000200000000000000000085000000200000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) [ 61.176556][ T7] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.207778][ T7] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:41:21 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="2da9be5cd60405268eb06cd92793b82200ec1de4e82d30aa72f44ff7e174e5352e97a2e03b2d00303019"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) (async) r1 = socket$kcm(0x29, 0x2, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) sendmsg$kcm(r1, &(0x7f0000000600)={&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x0, 0x2, 0x3, {0xa, 0x4e20, 0x4f, @mcast2, 0x432f}}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000540)="5df54bbe962a452fcb7914fdedebc78702f7fe5348c234b9bb7e223f7b0a49e33cb004bc2c52b4ee20ff5dddf6e0aa5a6b1e26ea6946e843090184dc0844", 0x3e}, {&(0x7f0000000680)="19ae316ec1b3df1db6d5d097bbd872ba2a6529da6531826833bd831b3018f5b1b614e34ed7901db58ddb2d82a665a7d45391be958fa18cbc9b099c482b1564c807f39c7957b522e3c3379ec59813c2008800d19c994b4ab5087a18fc75ebbd5393adf2547f5ac0477a3f0000aeb919a5ac500be48dce2b79851b96e9537ed4ce36e7041b81f4b587f46286990f20948ecc77fc6873c7e043f587eea086a7a36a69b4c7d946644692720cd8ab50b401f9c296cf2a471eeea64d0bbc941ff1ab4611466e212857", 0xc6}, {&(0x7f0000000780)="2491c9c578215b42dd79ef409c3a7ec25a88e222195f2ae3332b5378f34d3b552feb3a459d89e4f6660aa662139b770f22f782d9090eb6fbccd23fcf88266ca9860f8ed0f12ea26e74c15d409a481c65fdf34f1edfe70a09b960b287579826a6807c7eadb53caa74b45531f71749e67b47e228c53fd0156fcb710a203309aa67821f6980b60cba6d94d52d77d8aabfa6f1a39d5f4de74a836f15a2c92d406b05b54100f13258f3acc997a4a1def649e2a5c228fa2794efea9c90545e8b52a5b10de66264b48ddd0756c3cc657101b0", 0xcf}, {&(0x7f0000000580)="c882550b869140ff770f5c840753d699610c237124ffa04a230c9c4f14e7ea3e4a097fa9cdb0aad9216fb37a38156a8b0799a5421f9b27ffe6b6e974b0d1f07a", 0x40}], 0x4, &(0x7f0000000880)=[{0xc8, 0x104, 0x8, "57826f5fe67219f1c0c38af20af5a22ae9139e3f2170bc9f85459665c9bf789dbb8461be7e2017ce9a663f7e236ababd58c30f4f23ee2d0beca36f66c23062eade17a6e1de085d0123e641131649e5fb86c791f2edaf31e1a7e6e5374844593ec2d31fabef3c5a35b7f3643c0b2f448a642c0f7d25689f0297e156f5619577885f76d20812afad497bd44b95732888d17118e7e30f0890186e34be9484251028688ea2fce881a83120f5eb48eeaf4d561177c87c95"}, {0xf0, 0x112, 0x8, "58d9dc4555938762dc99c25a128c816bd20e4dc97605d2f2f4ca7ecce3ca53e8ebec032324561dbc8e67ef9b2d0053ac53de856e747806a04381db6c71691257898a9afd4c0842c5b17cfbfc5ecf81508c3cff25d9c99b39f33725091c6517cd4e7a9e159802b73fe6e6a4333db3d47c0cbdad2fa7d0c58e38f7f13e1c4e47fb8382d1e46a9201671c4b89ddee291cb9440df876d0c41133b17916347d6845341f40245175e853b9d843bb815c476b3cdb18cce1d5a6bb0e99044019d1e6923ed25b565ab2eb9a2afc433229735a5e88c6a73e5ddc12cb0f5fd1d36c723cf4a5"}, {0x90, 0x118, 0xcc, "a510cb0739eda85eb76bb3f2b35153ff95af70ceb6d6c88383e929a7d248f22c47fbb78c7db726c48fd9029c04a5c703c51742c36bc441a6bc23ce699695a97416c66f1610e51498130ef2ae10edf24241de0d3a0eb792134c7ccfca6ca8f2dd1cb3fc53200bdfa584dd48413cc1d98003b1a51ab2985f714ad969e65d"}, {0x110, 0x116, 0x5, "47e248ad9161569a1e6c531d5f84a663ef4e43f8c475efe165eeee3ec275eb400daf33db0a9c386662d75114d210c67c585c42de03f47404093e720a701e33df6472e5a4f23f1dda214a1cbf08f85f798b5ff6bd8aa80043be3c3ba04f97956aa57ea018a5169fb298eba4bc4966dd4e203ce46fcc324613e682bc21ef2bce1019424089a506a8f4bdc6ea6a0aca0c0c534ef3c6e9aaa6b5900ac5f4fa32e2e646a9ec882c3fb39ee88ddc7240ebf3892ed63f864c17d9f15d77ee9f133584ab24b5c5b3e7d7cb543ef83cd7987f9e88108194b723ce06d83a30f02c634c85800fa81d21a0e4ee3047a20593542cfd5035390b4025dbff1beb0d"}], 0x358}, 0x88090) (async, rerun: 64) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (rerun: 64) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000009500001900000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x2, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4}, 0x48) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r7}, 0x10) (async, rerun: 32) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000800)=@abs, 0x6e, &(0x7f0000000b00)=[{0x0}, {&(0x7f0000000540)=""/27, 0x1b}, {&(0x7f00000005c0)=""/31, 0x1f}, {&(0x7f0000000a40)=""/174, 0xae}, {&(0x7f0000000d80)=""/158, 0x9e}, {&(0x7f0000000c00)=""/164, 0xa4}], 0x100000000000006b, &(0x7f0000000780)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}, 0x7) (async, rerun: 32) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) close(r9) write$cgroup_type(r9, &(0x7f0000000080), 0x11ffffce1) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x6, 0x8, 0x6aec, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r8}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000007f000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0x1f, 0x4, 0x5, 0x0, r5, 0x4, '\x00', r11, 0xffffffffffffffff, 0x2, 0x3, 0x2, 0xc}, 0x48) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x3e}}, &(0x7f0000000480)='GPL\x00'}, 0x80) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xd9800}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r13 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)='R', 0x1}], 0x1}, 0x0) (async) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000100)={r13}) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000001080)="5292008bea92886552b4ba5cb212624af07eacec24dd09fb6371c68226ad9436f0dcddbc3227295809007701842d8585f335f22edc89abfff596035b57573f21d9d2f9f226ef1698e33bbe36707a7dde9739e5ef8915ef97a318c7d2139c13baf7eaed65b5aedf8403424a30a0f016e4eb22c9e24e80bdb61167e104df6da0a542edb4c7eb3e6b17e61f984fe14c3907cebf4665628c059d849391101b46e119e7e8b17fa3b6d657213945489c47e340173466975579ad99dd8b1092c59e1832abe246000000000000000090127c70b14da3547b5fbfc06b5d5962b36e601516d3", &(0x7f0000000f40)="60702a52254b530c11fe9a39fbe0c1d3d43c6593f2122383d347ab6df3087f99c777858c8a57de8595a0f3b0a5a2e9eb920e0088c59443120c97a254b7a7a19c2552bc99625258cd79dd9078db618933cf2403da10ca797a00b450f0f1a2b3682c605502c7bdd2839b591c3009e8b349cba812dacfab395c122fd3598399af6f1ac0352846c4f381e2660d4ac8374699313da00e863a11fa2d4fff0b80f497c8813d414ee03cdf3e5bf7574840eb2f29a6d329922c62c454c38fa412cfc61abced137e47757bb9e1e43b2bea8552d3129c45709e9f326696c936b5dfe9f3b613b43b79389df2cf3bbca11daee3f062b5c1d4236c2b05f538fe49c14d72c85de31aa4207a055c61cd6727b2b5718de33a6b78e24bc1", 0x8, r14}, 0x38) (async, rerun: 32) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r14}, 0x38) (async, rerun: 32) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r4, r12}, 0xc) [ 61.270248][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.287172][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.297238][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.307861][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.332504][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.367363][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.395843][ T5077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.420219][ T5077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.457551][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.469593][ T5077] ================================================================== [ 61.477691][ T5077] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0xfa/0x530 [ 61.485366][ T5077] Read of size 8 at addr ffff888021686f18 by task syz-executor.0/5077 [ 61.493530][ T5077] [ 61.495867][ T5077] CPU: 0 PID: 5077 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-05243-g14bb1e8c8d4a #0 [ 61.505856][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.515928][ T5077] Call Trace: [ 61.519224][ T5077] [ 61.522179][ T5077] dump_stack_lvl+0x1e7/0x2e0 [ 61.526900][ T5077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.532121][ T5077] ? __pfx__printk+0x10/0x10 [ 61.536733][ T5077] ? _printk+0xd5/0x120 [ 61.540891][ T5077] ? __virt_addr_valid+0x183/0x520 [ 61.545999][ T5077] ? __virt_addr_valid+0x183/0x520 [ 61.551101][ T5077] print_report+0x169/0x550 [ 61.555597][ T5077] ? __virt_addr_valid+0x183/0x520 [ 61.560701][ T5077] ? __virt_addr_valid+0x183/0x520 [ 61.565804][ T5077] ? __virt_addr_valid+0x44e/0x520 [ 61.570907][ T5077] ? __phys_addr+0xba/0x170 [ 61.575418][ T5077] ? bpf_trace_run2+0xfa/0x530 [ 61.580172][ T5077] kasan_report+0x143/0x180 [ 61.584666][ T5077] ? bpf_trace_run2+0xfa/0x530 [ 61.589423][ T5077] bpf_trace_run2+0xfa/0x530 [ 61.594001][ T5077] ? do_syscall_64+0xfb/0x240 [ 61.598670][ T5077] ? __pfx_bpf_trace_run2+0x10/0x10 [ 61.603855][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 61.609566][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 61.615289][ T5077] __traceiter_kfree+0x2b/0x50 [ 61.620052][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 61.625760][ T5077] kfree+0x291/0x380 [ 61.629651][ T5077] tomoyo_realpath_from_path+0xc2/0x5e0 [ 61.635202][ T5077] tomoyo_path_number_perm+0x23a/0x880 [ 61.640670][ T5077] ? tomoyo_path_number_perm+0x208/0x880 [ 61.646301][ T5077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 61.652272][ T5077] ? fd_install+0x9c/0x5d0 [ 61.656682][ T5077] ? __pfx_lock_release+0x10/0x10 [ 61.661703][ T5077] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 61.667670][ T5077] security_file_ioctl+0x75/0xb0 [ 61.672596][ T5077] __se_sys_ioctl+0x47/0x170 [ 61.677178][ T5077] do_syscall_64+0xfb/0x240 [ 61.681675][ T5077] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.687560][ T5077] RIP: 0033:0x7f6ef387dbcb [ 61.691962][ T5077] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 61.711555][ T5077] RSP: 002b:00007ffc8293ef90 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.719957][ T5077] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f6ef387dbcb [ 61.727918][ T5077] RDX: 00007ffc8293eff0 RSI: 0000000000008933 RDI: 0000000000000005 [ 61.735877][ T5077] RBP: 00007ffc8293eff0 R08: 0000000000000001 R09: 00315f6576616c73 [ 61.743833][ T5077] R10: 0000000000000016 R11: 0000000000000246 R12: 00007ffc8293f07c [ 61.751888][ T5077] R13: 00007f6ef38c9f4b R14: 00007f6ef44d4620 R15: 00007f6ef38c9f4b [ 61.759853][ T5077] [ 61.762860][ T5077] [ 61.765171][ T5077] Allocated by task 5170: [ 61.769480][ T5077] kasan_save_track+0x3f/0x80 [ 61.774164][ T5077] __kasan_kmalloc+0x98/0xb0 [ 61.778754][ T5077] kmalloc_trace+0x1d9/0x360 [ 61.783336][ T5077] bpf_raw_tp_link_attach+0x2a0/0x6e0 [ 61.788694][ T5077] bpf_raw_tracepoint_open+0x1c2/0x240 [ 61.794138][ T5077] __sys_bpf+0x3c0/0x810 [ 61.798364][ T5077] __x64_sys_bpf+0x7c/0x90 [ 61.802764][ T5077] do_syscall_64+0xfb/0x240 [ 61.807277][ T5077] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.813161][ T5077] [ 61.815472][ T5077] Freed by task 5172: [ 61.819433][ T5077] kasan_save_track+0x3f/0x80 [ 61.824097][ T5077] kasan_save_free_info+0x40/0x50 [ 61.829123][ T5077] poison_slab_object+0xa6/0xe0 [ 61.833970][ T5077] __kasan_slab_free+0x37/0x60 [ 61.838719][ T5077] kfree+0x14a/0x380 [ 61.842604][ T5077] bpf_link_release+0x3b/0x50 [ 61.847266][ T5077] __fput+0x429/0x8a0 [ 61.851409][ T5077] task_work_run+0x24f/0x310 [ 61.855991][ T5077] do_exit+0xa1b/0x27e0 [ 61.860133][ T5077] do_group_exit+0x207/0x2c0 [ 61.864707][ T5077] get_signal+0x176e/0x1850 [ 61.869199][ T5077] arch_do_signal_or_restart+0x96/0x860 [ 61.874737][ T5077] syscall_exit_to_user_mode+0xc9/0x360 [ 61.880363][ T5077] do_syscall_64+0x10a/0x240 [ 61.885115][ T5077] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.891011][ T5077] [ 61.893335][ T5077] The buggy address belongs to the object at ffff888021686f00 [ 61.893335][ T5077] which belongs to the cache kmalloc-128 of size 128 [ 61.907390][ T5077] The buggy address is located 24 bytes inside of [ 61.907390][ T5077] freed 128-byte region [ffff888021686f00, ffff888021686f80) [ 61.921105][ T5077] [ 61.923422][ T5077] The buggy address belongs to the physical page: [ 61.929828][ T5077] page:ffffea000085a180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21686 [ 61.939967][ T5077] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 61.948083][ T5077] page_type: 0xffffffff() [ 61.952402][ T5077] raw: 00fff00000000800 ffff888014c418c0 0000000000000000 dead000000000001 [ 61.960991][ T5077] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 61.969651][ T5077] page dumped because: kasan: bad access detected [ 61.976132][ T5077] page_owner tracks the page as allocated [ 61.981828][ T5077] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 10, tgid 10 (kworker/u8:0), ts 7547725029, free_ts 7546856645 [ 61.999453][ T5077] post_alloc_hook+0x1ea/0x210 [ 62.004209][ T5077] get_page_from_freelist+0x33ea/0x3580 [ 62.009747][ T5077] __alloc_pages+0x256/0x680 [ 62.014412][ T5077] alloc_slab_page+0x5f/0x160 [ 62.019074][ T5077] new_slab+0x84/0x2f0 [ 62.023124][ T5077] ___slab_alloc+0xd1b/0x13e0 [ 62.027784][ T5077] __kmalloc_node+0x2d9/0x4e0 [ 62.032450][ T5077] kvmalloc_node+0x72/0x190 [ 62.036939][ T5077] sbitmap_init_node+0x29e/0x530 [ 62.041875][ T5077] blk_mq_alloc_and_init_hctx+0x4e4/0xdc0 [ 62.047580][ T5077] blk_mq_realloc_hw_ctxs+0x198/0x4a0 [ 62.052951][ T5077] blk_mq_init_allocated_queue+0x3ce/0x15b0 [ 62.058842][ T5077] blk_mq_alloc_queue+0x10b/0x1a0 [ 62.063858][ T5077] scsi_alloc_sdev+0x74f/0xb10 [ 62.068621][ T5077] scsi_probe_and_add_lun+0x1ca/0x4940 [ 62.074068][ T5077] __scsi_scan_target+0x20f/0x10a0 [ 62.079169][ T5077] page last free pid 40 tgid 40 stack trace: [ 62.085127][ T5077] free_unref_page_prepare+0x968/0xa90 [ 62.090574][ T5077] free_unref_page+0x37/0x3f0 [ 62.095241][ T5077] vfree+0x186/0x2e0 [ 62.099207][ T5077] delayed_vfree_work+0x56/0x80 [ 62.104044][ T5077] process_scheduled_works+0xa00/0x1770 [ 62.109572][ T5077] worker_thread+0x86d/0xd70 [ 62.114146][ T5077] kthread+0x2f0/0x390 [ 62.118200][ T5077] ret_from_fork+0x4b/0x80 [ 62.122622][ T5077] ret_from_fork_asm+0x1a/0x30 [ 62.127375][ T5077] [ 62.129681][ T5077] Memory state around the buggy address: [ 62.135300][ T5077] ffff888021686e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.143381][ T5077] ffff888021686e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.151440][ T5077] >ffff888021686f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.159489][ T5077] ^ [ 62.164689][ T5077] ffff888021686f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.172752][ T5077] ffff888021687000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.180816][ T5077] ================================================================== [ 62.191708][ T5077] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.199028][ T5077] CPU: 0 PID: 5077 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-05243-g14bb1e8c8d4a #0 [ 62.209021][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.219096][ T5077] Call Trace: [ 62.222380][ T5077] [ 62.225318][ T5077] dump_stack_lvl+0x1e7/0x2e0 [ 62.230016][ T5077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.235235][ T5077] ? __pfx__printk+0x10/0x10 [ 62.243672][ T5077] ? vscnprintf+0x5d/0x90 [ 62.244333][ T5076] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 62.255654][ T5077] panic+0x349/0x860 [ 62.259576][ T5077] ? check_panic_on_warn+0x21/0xb0 [ 62.264709][ T5077] ? __pfx_panic+0x10/0x10 [ 62.269145][ T5077] ? mark_lock+0x9a/0x350 [ 62.273500][ T5077] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 62.279421][ T5077] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 62.285346][ T5077] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 62.292135][ T5077] ? print_report+0x502/0x550 [ 62.296837][ T5077] check_panic_on_warn+0x86/0xb0 [ 62.301794][ T5077] ? bpf_trace_run2+0xfa/0x530 [ 62.302169][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.302182][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.321649][ T5077] end_report+0x6e/0x140 [ 62.325894][ T5077] kasan_report+0x154/0x180 [ 62.330398][ T5077] ? bpf_trace_run2+0xfa/0x530 [ 62.335157][ T5077] bpf_trace_run2+0xfa/0x530 [ 62.339736][ T5077] ? do_syscall_64+0xfb/0x240 [ 62.344401][ T5077] ? __pfx_bpf_trace_run2+0x10/0x10 [ 62.349595][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 62.355313][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 62.361042][ T5077] __traceiter_kfree+0x2b/0x50 [ 62.365798][ T5077] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 62.371504][ T5077] kfree+0x291/0x380 [ 62.375393][ T5077] tomoyo_realpath_from_path+0xc2/0x5e0 [ 62.380935][ T5077] tomoyo_path_number_perm+0x23a/0x880 [ 62.386389][ T5077] ? tomoyo_path_number_perm+0x208/0x880 [ 62.392019][ T5077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 62.398007][ T5077] ? fd_install+0x9c/0x5d0 [ 62.402428][ T5077] ? __pfx_lock_release+0x10/0x10 [ 62.407473][ T5077] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.413572][ T5077] security_file_ioctl+0x75/0xb0 [ 62.418508][ T5077] __se_sys_ioctl+0x47/0x170 [ 62.423088][ T5077] do_syscall_64+0xfb/0x240 [ 62.427584][ T5077] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.433496][ T5077] RIP: 0033:0x7f6ef387dbcb [ 62.437907][ T5077] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 62.457546][ T5077] RSP: 002b:00007ffc8293ef90 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.465946][ T5077] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f6ef387dbcb [ 62.473929][ T5077] RDX: 00007ffc8293eff0 RSI: 0000000000008933 RDI: 0000000000000005 [ 62.481907][ T5077] RBP: 00007ffc8293eff0 R08: 0000000000000001 R09: 00315f6576616c73 [ 62.489873][ T5077] R10: 0000000000000016 R11: 0000000000000246 R12: 00007ffc8293f07c [ 62.497840][ T5077] R13: 00007f6ef38c9f4b R14: 00007f6ef44d4620 R15: 00007f6ef38c9f4b [ 62.505817][ T5077] [ 62.509171][ T5077] Kernel Offset: disabled [ 62.513475][ T5077] Rebooting in 86400 seconds..