Warning: Permanently added '[localhost]:36016' (ECDSA) to the list of known hosts. 2020/09/27 14:45:54 fuzzer started 2020/09/27 14:45:56 dialing manager at 10.0.2.10:44485 2020/09/27 14:45:56 syscalls: 3366 2020/09/27 14:45:56 code coverage: enabled 2020/09/27 14:45:56 comparison tracing: enabled 2020/09/27 14:45:56 extra coverage: enabled 2020/09/27 14:45:56 setuid sandbox: enabled 2020/09/27 14:45:56 namespace sandbox: enabled 2020/09/27 14:45:56 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/27 14:45:56 fault injection: enabled 2020/09/27 14:45:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/27 14:45:56 net packet injection: enabled 2020/09/27 14:45:56 net device setup: enabled 2020/09/27 14:45:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/27 14:45:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/27 14:45:56 USB emulation: enabled 2020/09/27 14:45:56 hci packet injection: enabled 2020/09/27 14:45:56 wifi device emulation: enabled 14:47:38 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES32, @ANYBLOB="0000000000000000180000000000000000000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0xe2, 0x1000, &(0x7f0000002700)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf7}, 0x48) 14:47:38 executing program 1: clone(0x82000200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n% ', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fcntl$setown(r0, 0x8, 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) clone(0x8021800017fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() r5 = getpid() getpid() kcmp(r5, r5, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(0x0, 0x1000000000016) 14:47:39 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000040), 0x14123f2dc6a8be1, 0x0) 14:47:39 executing program 3: syz_emit_ethernet(0x88, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xd, 0x4, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}, @timestamp={0x7, 0x4}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) syzkaller login: [ 322.279344][ T9461] IPVS: ftp: loaded support on port[0] = 21 [ 322.279384][ T9459] IPVS: ftp: loaded support on port[0] = 21 [ 322.773250][ T9463] IPVS: ftp: loaded support on port[0] = 21 [ 323.027196][ T9461] chnl_net:caif_netlink_parms(): no params data found [ 323.050259][ T9464] IPVS: ftp: loaded support on port[0] = 21 [ 323.090978][ T9459] chnl_net:caif_netlink_parms(): no params data found [ 323.420419][ T9461] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.442639][ T9461] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.471506][ T9461] device bridge_slave_0 entered promiscuous mode [ 323.526765][ T9459] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.549340][ T9459] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.572723][ T9459] device bridge_slave_0 entered promiscuous mode [ 323.595552][ T9461] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.611936][ T9461] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.627520][ T9461] device bridge_slave_1 entered promiscuous mode [ 323.670001][ T9459] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.692730][ T9459] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.713936][ T9459] device bridge_slave_1 entered promiscuous mode [ 323.757495][ T9461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.795159][ T9459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.833755][ T9461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.860143][ T9459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.928179][ T9459] team0: Port device team_slave_0 added [ 323.963266][ T9459] team0: Port device team_slave_1 added [ 323.982846][ T5] Bluetooth: hci0: command 0x0409 tx timeout [ 324.043465][ T9461] team0: Port device team_slave_0 added [ 324.078114][ T9463] chnl_net:caif_netlink_parms(): no params data found [ 324.116377][ T9461] team0: Port device team_slave_1 added [ 324.141975][ T34] Bluetooth: hci1: command 0x0409 tx timeout [ 324.145705][ T9459] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.165890][ T9459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.228177][ T9459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.252908][ T9459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.263858][ T9459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.313906][ T9459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.345133][ T9464] chnl_net:caif_netlink_parms(): no params data found [ 324.391254][ T9461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.407140][ T9461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.470409][ T9461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.580425][ T9461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.621059][ T9461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.745769][ T34] Bluetooth: hci2: command 0x0409 tx timeout [ 324.746148][ T9461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.885801][ T9459] device hsr_slave_0 entered promiscuous mode [ 324.920060][ T9459] device hsr_slave_1 entered promiscuous mode [ 324.952466][ T5] Bluetooth: hci3: command 0x0409 tx timeout [ 325.009420][ T9463] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.042377][ T9463] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.077709][ T9463] device bridge_slave_0 entered promiscuous mode [ 325.109012][ T9464] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.155547][ T9464] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.195510][ T9464] device bridge_slave_0 entered promiscuous mode [ 325.252982][ T9461] device hsr_slave_0 entered promiscuous mode [ 325.285142][ T9461] device hsr_slave_1 entered promiscuous mode [ 325.317252][ T9461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.355527][ T9461] Cannot create hsr debugfs directory [ 325.384242][ T9463] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.414250][ T9463] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.443072][ T9463] device bridge_slave_1 entered promiscuous mode [ 325.486355][ T9464] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.532754][ T9464] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.579392][ T9464] device bridge_slave_1 entered promiscuous mode [ 325.662580][ T9463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.734387][ T9464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.769821][ T9463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.850222][ T9463] team0: Port device team_slave_0 added [ 325.875252][ T9464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.969399][ T9463] team0: Port device team_slave_1 added [ 326.062556][ T5] Bluetooth: hci0: command 0x041b tx timeout [ 326.074221][ T9464] team0: Port device team_slave_0 added [ 326.178233][ T9463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.221332][ T9463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.222166][ T5] Bluetooth: hci1: command 0x041b tx timeout [ 326.358522][ T9463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.433519][ T9464] team0: Port device team_slave_1 added [ 326.505884][ T9463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.529332][ T9463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.599106][ T9463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.666706][ T9464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.688532][ T9464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.768780][ T9464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.782036][ T34] Bluetooth: hci2: command 0x041b tx timeout [ 326.819780][ T9464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.867648][ T9464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.986865][ T9464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.022023][ T34] Bluetooth: hci3: command 0x041b tx timeout [ 327.085712][ T9463] device hsr_slave_0 entered promiscuous mode [ 327.114993][ T9463] device hsr_slave_1 entered promiscuous mode [ 327.153497][ T9463] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 327.180839][ T9463] Cannot create hsr debugfs directory [ 327.288342][ T9464] device hsr_slave_0 entered promiscuous mode [ 327.307171][ T9464] device hsr_slave_1 entered promiscuous mode [ 327.337927][ T9464] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 327.367064][ T9464] Cannot create hsr debugfs directory [ 327.474859][ T9461] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 327.514968][ T9461] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 327.540136][ T9461] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 327.579623][ T9461] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 327.710957][ T9459] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 327.758325][ T9459] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 327.823814][ T9459] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 327.849747][ T9459] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 327.933748][ T9463] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 327.956704][ T9463] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 327.989248][ T9463] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 328.029557][ T9463] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 328.097223][ T9464] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 328.127275][ T9464] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 328.142003][ T34] Bluetooth: hci0: command 0x040f tx timeout [ 328.183624][ T9464] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 328.221400][ T9464] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 328.321303][ T9461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.386225][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 328.414813][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 328.456619][ T9461] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.462269][ T34] Bluetooth: hci1: command 0x040f tx timeout [ 328.503481][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 328.537926][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 328.564232][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.593073][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.619045][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 328.651287][ T9459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.681196][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 328.720278][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 328.747580][ T2918] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.766383][ T2918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.827542][ T9464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.855108][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.862104][ T35] Bluetooth: hci2: command 0x040f tx timeout [ 328.882713][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.917393][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 328.936391][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 328.960261][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 328.982785][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.004561][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 329.033449][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.060287][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.087317][ T9459] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.102057][ T35] Bluetooth: hci3: command 0x040f tx timeout [ 329.120789][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.144987][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.180369][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 329.226753][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 329.269599][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.319907][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.368320][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.414292][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.458077][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.513160][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.559909][ T9484] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.598430][ T9484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.634709][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 329.674955][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 329.717533][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 329.758665][ T9464] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.795426][ T9463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.826698][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 329.861264][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 329.897349][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 329.935621][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.974783][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 330.012684][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.044838][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.074870][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.111378][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 330.145580][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.185264][ T9461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 330.222308][ T3889] Bluetooth: hci0: command 0x0419 tx timeout [ 330.245937][ T9461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.281168][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 330.314002][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 330.348783][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 330.384118][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 330.414238][ T2555] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.436605][ T2555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.460811][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 330.490722][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 330.524964][ T9459] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 330.557815][ T9459] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 330.562156][ T34] Bluetooth: hci1: command 0x0419 tx timeout [ 330.609203][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 330.635435][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 330.654779][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 330.682617][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 330.711224][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 330.740261][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 330.763278][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 330.795833][ T9463] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.830987][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 330.851372][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 330.887877][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 330.903524][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 330.917418][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 330.942291][ T3889] Bluetooth: hci2: command 0x0419 tx timeout [ 330.947908][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.978801][ T2918] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.003737][ T2918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.024005][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 331.037473][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 331.049502][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 331.068320][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 331.092128][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 331.115488][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 331.155406][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 331.173178][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 331.194850][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 331.212925][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 331.227088][ T35] Bluetooth: hci3: command 0x0419 tx timeout [ 331.233509][ T9464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.251287][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 331.269549][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 331.293551][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.320493][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.366590][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 331.438069][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 331.486588][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 331.533667][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 331.587692][ T9459] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.629068][ T9461] device veth0_vlan entered promiscuous mode [ 331.653402][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 331.681305][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 331.702823][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 331.723857][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.750964][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 331.769815][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.782184][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 331.799679][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 331.814190][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 331.846422][ T9464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.881390][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 331.906771][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 331.932107][ T9461] device veth1_vlan entered promiscuous mode [ 331.973002][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 331.995053][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 332.018447][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 332.043120][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.061188][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 332.073502][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 332.089467][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 332.112594][ T2918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 332.141090][ T9463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 332.171146][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 332.202648][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 332.244196][ T9461] device veth0_macvtap entered promiscuous mode [ 332.280332][ T9459] device veth0_vlan entered promiscuous mode [ 332.319799][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 332.343965][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 332.367048][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 332.384169][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 332.404553][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 332.437422][ T9459] device veth1_vlan entered promiscuous mode [ 332.452492][ T9464] device veth0_vlan entered promiscuous mode [ 332.469524][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 332.489766][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 332.508238][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 332.519753][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 332.530555][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 332.545556][ T9461] device veth1_macvtap entered promiscuous mode [ 332.572885][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 332.584597][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 332.594956][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 332.616793][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 332.643976][ T9463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.672045][ T9464] device veth1_vlan entered promiscuous mode [ 332.704257][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 332.719565][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 332.732544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 332.745057][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 332.768300][ T9461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.780063][ T9459] device veth0_macvtap entered promiscuous mode [ 332.795429][ T9459] device veth1_macvtap entered promiscuous mode [ 332.805396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 332.818947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 332.835257][ T9461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.850817][ T9461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.864004][ T9461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.880503][ T9461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.896239][ T9461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.919616][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 332.932157][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 332.945860][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 332.957259][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 332.991353][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 333.024667][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.061396][ T9464] device veth0_macvtap entered promiscuous mode [ 333.100801][ T9464] device veth1_macvtap entered promiscuous mode [ 333.129176][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 333.166643][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.206968][ T9459] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.271115][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 333.293847][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 333.317226][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.337918][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.363866][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 333.390536][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.421208][ T9459] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.448017][ T9464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 333.469730][ T9464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.492162][ T9464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 333.511244][ T9464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.533310][ T9464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.546398][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.560860][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.573076][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.584517][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.599366][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.613595][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.658353][ T9463] device veth0_vlan entered promiscuous mode [ 333.683089][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.693182][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.713354][ T9459] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.728522][ T9459] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.746694][ T9459] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.761784][ T9459] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.789561][ T9464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 333.807089][ T9464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.823718][ T9464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 333.850216][ T9464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.870267][ T9464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.890970][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.904313][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.950724][ T9463] device veth1_vlan entered promiscuous mode [ 333.978656][ T9464] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.995955][ T9464] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.032927][ T9464] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.064650][ T9464] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.198107][ T9481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.222844][ T9481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.252218][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 334.316014][ T9481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.331017][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 334.346379][ T9481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.375117][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 334.379082][ T9463] device veth0_macvtap entered promiscuous mode [ 334.443272][ T9463] device veth1_macvtap entered promiscuous mode [ 334.455103][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 334.469332][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 334.483064][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 334.499612][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.517062][ T2455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.520547][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.525912][ T9496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.525929][ T9496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.528180][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 334.535982][ T2455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.539981][ T9483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.539999][ T9483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.548005][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 334.714643][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 334.733527][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 334.771083][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 334.813057][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.860918][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 334.893849][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.929216][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 334.964257][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.006393][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.050032][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 335.092540][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 335.130739][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 335.166789][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.215249][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 335.260944][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.296880][ T9463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 335.340605][ T9463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.406337][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.447310][ T9464] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 335.453762][ T9494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 335.541166][ T9494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 335.665121][ T9463] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.748918][ T9463] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.903063][ T9463] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 14:47:54 executing program 3: syz_emit_ethernet(0x88, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xd, 0x4, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}, @timestamp={0x7, 0x4}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) [ 336.010362][ T9463] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.049817][ T9504] ERROR: Domain ' /sbin/init /etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon /usr/sbin/sshd /usr/sbin/sshd /bin/bash /syz-fuzzer /syz-executor.1 proc:/self/fd/3' not defined. 14:47:54 executing program 3: syz_emit_ethernet(0x88, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xd, 0x4, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}, @timestamp={0x7, 0x4}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:54 executing program 3: syz_emit_ethernet(0x88, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xd, 0x4, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}, @timestamp={0x7, 0x4}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) [ 336.326150][ T9481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.359215][ T9481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:47:54 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) [ 336.405738][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 14:47:54 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4ba0ff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) link(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='./file0/file0\x00') write$FUSE_DIRENT(r2, 0x0, 0x0) [ 336.514450][ T2455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 14:47:54 executing program 1: write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0003be90000ed190e02", 0x11) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00'}) [ 336.613401][ T2455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.677373][ T3889] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:47:55 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:55 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) 14:47:55 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) 14:47:55 executing program 3: syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x0, 0x0, 0x76, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:55 executing program 3: syz_emit_ethernet(0x68, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:55 executing program 1: 14:47:55 executing program 0: 14:47:55 executing program 3: syz_emit_ethernet(0x68, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 1: 14:47:56 executing program 3: syz_emit_ethernet(0x68, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:56 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 3: syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x0, 0x0, 0x76, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x0, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 0: 14:47:56 executing program 3: syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x0, 0x0, 0x76, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x0, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 3: syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x0, 0x0, 0x76, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x1c, 0x0, 0x1, 0x0, [{@multicast2}, {@multicast1}, {@broadcast}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 3: syz_emit_ethernet(0x7c, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xa, 0x4, 0x0, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x14, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 3: syz_emit_ethernet(0x7c, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xa, 0x4, 0x0, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x14, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:56 executing program 0: 14:47:56 executing program 3: syz_emit_ethernet(0x7c, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xa, 0x4, 0x0, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x14, 0x14, 0x1, 0x0, [{@multicast2}, {@multicast1}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) 14:47:57 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r0, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x8}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0xfc}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 14:47:57 executing program 0: 14:47:57 executing program 3: syz_emit_ethernet(0x7c, &(0x7f00000002c0)={@local, @random="9589feffffbd", @void, {@ipv4={0x800, @gre={{0xa, 0x4, 0x0, 0x0, 0x6e, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x7, 0x14, 0x14, 0x1, 0x0, [{@multicast2}, {@broadcast}]}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}, 0x0) [ 339.144282][ C3] ================================================================== [ 339.151991][ C3] BUG: KASAN: use-after-free in sock_def_write_space+0x609/0x630 [ 339.203696][ C3] Read of size 8 at addr ffff8880174c7080 by task ksoftirqd/3/27 [ 339.217488][ C3] [ 339.217488][ C3] CPU: 3 PID: 27 Comm: ksoftirqd/3 Not tainted 5.9.0-rc6-syzkaller #0 [ 339.217488][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 339.217488][ C3] Call Trace: [ 339.217488][ C3] dump_stack+0x198/0x1fd [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] print_address_description.constprop.0.cold+0xae/0x497 [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] ? lockdep_hardirqs_off+0x96/0xd0 [ 339.217488][ C3] ? vprintk_func+0x95/0x1d4 [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] kasan_report.cold+0x1f/0x37 [ 339.217488][ C3] ? sock_def_write_space+0x609/0x630 [ 339.217488][ C3] sock_def_write_space+0x609/0x630 [ 339.217488][ C3] sock_wfree+0x1cc/0x240 [ 339.217488][ C3] ? __sk_receive_skb+0x830/0x830 [ 339.217488][ C3] skb_release_head_state+0x9f/0x250 [ 339.217488][ C3] consume_skb+0x89/0x160 [ 339.217488][ C3] __dev_kfree_skb_any+0x9c/0xc0 [ 339.217488][ C3] e1000_unmap_and_free_tx_resource+0x141/0x200 [ 339.217488][ C3] e1000_clean+0x4a8/0x1c30 [ 339.217488][ C3] ? __run_timers.part.0+0x337/0xaa0 [ 339.217488][ C3] ? _raw_spin_unlock_irq+0x1f/0x80 [ 339.217488][ C3] ? lockdep_hardirqs_on_prepare+0x19c/0x530 [ 339.217488][ C3] ? _raw_spin_unlock_irq+0x1f/0x80 [ 339.217488][ C3] ? e1000_configure+0xd90/0xd90 [ 339.217488][ C3] ? net_rx_action+0x2ad/0xfc0 [ 339.217488][ C3] ? lockdep_hardirqs_on_prepare+0x19c/0x530 [ 339.217488][ C3] net_rx_action+0x50d/0xfc0 [ 339.217488][ C3] ? napi_complete_done+0x940/0x940 [ 339.217488][ C3] ? sched_clock_cpu+0x17b/0x1f0 [ 339.217488][ C3] ? lock_is_held_type+0xbb/0xf0 [ 339.217488][ C3] __do_softirq+0x1f8/0xb23 [ 339.217488][ C3] ? __local_bh_disable_ip+0x190/0x190 [ 339.217488][ C3] run_ksoftirqd+0xcf/0x170 [ 339.217488][ C3] smpboot_thread_fn+0x655/0x9e0 [ 339.217488][ C3] ? __smpboot_create_thread.part.0+0x360/0x360 [ 339.217488][ C3] ? __kthread_parkme+0x13f/0x1e0 [ 339.217488][ C3] ? __smpboot_create_thread.part.0+0x360/0x360 [ 339.217488][ C3] kthread+0x3b5/0x4a0 [ 339.217488][ C3] ? __kthread_bind_mask+0xc0/0xc0 [ 339.217488][ C3] ret_from_fork+0x1f/0x30 [ 339.217488][ C3] [ 339.217488][ C3] Allocated by task 9617: [ 339.217488][ C3] kasan_save_stack+0x1b/0x40 [ 339.217488][ C3] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 339.217488][ C3] kmem_cache_alloc+0x13a/0x3f0 [ 339.217488][ C3] sock_alloc_inode+0x18/0x1c0 [ 339.217488][ C3] alloc_inode+0x61/0x230 [ 340.382325][ C3] new_inode_pseudo+0x14/0xe0 [ 340.382325][ C3] sock_alloc+0x3c/0x260 [ 340.382325][ C3] __sock_create+0xb9/0x780 [ 340.472269][ C3] __sys_socket+0xef/0x200 [ 340.472269][ C3] __ia32_sys_socket+0x6f/0xb0 [ 340.472269][ C3] __do_fast_syscall_32+0x60/0x90 [ 340.472269][ C3] do_fast_syscall_32+0x2f/0x70 [ 340.472269][ C3] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 340.618092][ C3] [ 340.618092][ C3] Freed by task 9641: [ 340.618092][ C3] kasan_save_stack+0x1b/0x40 [ 340.618092][ C3] kasan_set_track+0x1c/0x30 [ 340.618092][ C3] kasan_set_free_info+0x1b/0x30 [ 340.618092][ C3] __kasan_slab_free+0xd8/0x120 [ 340.763110][ C3] kmem_cache_free.part.0+0x74/0x1e0 [ 340.792225][ C3] i_callback+0x3f/0x70 [ 340.815299][ C3] rcu_core+0x5ca/0x1130 [ 340.815299][ C3] __do_softirq+0x1f8/0xb23 [ 340.815299][ C3] [ 340.815299][ C3] Last call_rcu(): [ 340.894950][ C3] kasan_save_stack+0x1b/0x40 [ 340.894950][ C3] kasan_record_aux_stack+0x82/0xb0 [ 340.894950][ C3] call_rcu+0x15e/0x7c0 [ 340.951961][ C3] destroy_inode+0x129/0x1b0 [ 340.954822][ C3] iput.part.0+0x424/0x850 [ 340.954822][ C3] iput+0x58/0x70 [ 340.954822][ C3] dentry_unlink_inode+0x2b1/0x3d0 [ 340.954822][ C3] __dentry_kill+0x3c0/0x640 [ 341.042560][ C3] dput+0x725/0xbc0 [ 341.055046][ C3] __fput+0x3ab/0x920 [ 341.074942][ C3] task_work_run+0xdd/0x190 [ 341.074942][ C3] exit_to_user_mode_prepare+0x1e1/0x200 [ 341.074942][ C3] syscall_exit_to_user_mode+0x7e/0x2e0 [ 341.074942][ C3] __do_fast_syscall_32+0x6c/0x90 [ 341.074942][ C3] do_fast_syscall_32+0x2f/0x70 [ 341.074942][ C3] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 341.074942][ C3] [ 341.074942][ C3] Second to last call_rcu(): [ 341.074942][ C3] kasan_save_stack+0x1b/0x40 [ 341.276418][ C3] kasan_record_aux_stack+0x82/0xb0 [ 341.338510][ C3] call_rcu+0x15e/0x7c0 [ 341.382217][ C3] destroy_inode+0x129/0x1b0 [ 341.412400][ C3] iput.part.0+0x424/0x850 [ 341.452500][ C3] iput+0x58/0x70 [ 341.452500][ C3] dentry_unlink_inode+0x2b1/0x3d0 [ 341.452500][ C3] __dentry_kill+0x3c0/0x640 [ 341.452500][ C3] dput+0x725/0xbc0 [ 341.452500][ C3] __fput+0x3ab/0x920 [ 341.592652][ C3] task_work_run+0xdd/0x190 [ 341.592652][ C3] exit_to_user_mode_prepare+0x1e1/0x200 [ 341.592652][ C3] syscall_exit_to_user_mode+0x7e/0x2e0 [ 341.592652][ C3] __do_fast_syscall_32+0x6c/0x90 [ 341.732139][ C3] do_fast_syscall_32+0x2f/0x70 [ 341.747784][ C3] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 341.772000][ C3] [ 341.782018][ C3] The buggy address belongs to the object at ffff8880174c7000 [ 341.782018][ C3] which belongs to the cache sock_inode_cache of size 1216 [ 341.826047][ C3] The buggy address is located 128 bytes inside of [ 341.826047][ C3] 1216-byte region [ffff8880174c7000, ffff8880174c74c0) [ 341.864589][ C3] The buggy address belongs to the page: [ 341.891957][ C3] page:00000000de579c37 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880174c7ffd pfn:0x174c7 [ 341.952507][ C3] flags: 0xfffe0000000200(slab) [ 341.964837][ C3] raw: 00fffe0000000200 ffffea00006ec188 ffffea00005d6088 ffff88807aa5b400 [ 341.992012][ C3] raw: ffff8880174c7ffd ffff8880174c7000 0000000100000003 ffff888023598f01 [ 342.032365][ C3] page dumped because: kasan: bad access detected [ 342.032365][ C3] page->mem_cgroup:ffff888023598f01 [ 342.072232][ C3] [ 342.081942][ C3] Memory state around the buggy address: [ 342.091916][ C3] ffff8880174c6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 342.111974][ C3] ffff8880174c7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 342.135947][ C3] >ffff8880174c7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 342.142561][ C3] ^ [ 342.142561][ C3] ffff8880174c7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 342.202054][ C3] ffff8880174c7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 342.214926][ C3] ================================================================== [ 342.214926][ C3] Disabling lock debugging due to kernel taint [ 342.272813][ C3] Kernel panic - not syncing: panic_on_warn set ... [ 342.294976][ C3] CPU: 3 PID: 27 Comm: ksoftirqd/3 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 342.337531][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 342.342050][ C3] Call Trace: [ 342.381871][ C3] dump_stack+0x198/0x1fd [ 342.395255][ C3] ? sock_def_write_space+0x520/0x630 [ 342.402790][ C3] panic+0x382/0x7fb [ 342.402790][ C3] ? __warn_printk+0xf3/0xf3 [ 342.402790][ C3] ? sock_def_write_space+0x609/0x630 [ 342.402790][ C3] ? trace_hardirqs_on+0x55/0x220 [ 342.402790][ C3] ? sock_def_write_space+0x609/0x630 [ 342.470653][ C3] ? sock_def_write_space+0x609/0x630 [ 342.473190][ C3] end_report+0x4d/0x53 [ 342.473190][ C3] kasan_report.cold+0xd/0x37 [ 342.473190][ C3] ? sock_def_write_space+0x609/0x630 [ 342.522131][ C3] sock_def_write_space+0x609/0x630 [ 342.522131][ C3] sock_wfree+0x1cc/0x240 [ 342.522131][ C3] ? __sk_receive_skb+0x830/0x830 [ 342.568929][ C3] skb_release_head_state+0x9f/0x250 [ 342.575015][ C3] consume_skb+0x89/0x160 [ 342.575015][ C3] __dev_kfree_skb_any+0x9c/0xc0 [ 342.600949][ C3] e1000_unmap_and_free_tx_resource+0x141/0x200 [ 342.618703][ C3] e1000_clean+0x4a8/0x1c30 [ 342.618703][ C3] ? __run_timers.part.0+0x337/0xaa0 [ 342.618703][ C3] ? _raw_spin_unlock_irq+0x1f/0x80 [ 342.651813][ C3] ? lockdep_hardirqs_on_prepare+0x19c/0x530 [ 342.651813][ C3] ? _raw_spin_unlock_irq+0x1f/0x80 [ 342.651813][ C3] ? e1000_configure+0xd90/0xd90 [ 342.651813][ C3] ? net_rx_action+0x2ad/0xfc0 [ 342.725524][ C3] ? lockdep_hardirqs_on_prepare+0x19c/0x530 [ 342.725524][ C3] net_rx_action+0x50d/0xfc0 [ 342.725524][ C3] ? napi_complete_done+0x940/0x940 [ 342.765737][ C3] ? sched_clock_cpu+0x17b/0x1f0 [ 342.769921][ C3] ? lock_is_held_type+0xbb/0xf0 [ 342.782004][ C3] __do_softirq+0x1f8/0xb23 [ 342.791784][ C3] ? __local_bh_disable_ip+0x190/0x190 [ 342.813568][ C3] run_ksoftirqd+0xcf/0x170 [ 342.817308][ C3] smpboot_thread_fn+0x655/0x9e0 [ 342.817308][ C3] ? __smpboot_create_thread.part.0+0x360/0x360 [ 342.817308][ C3] ? __kthread_parkme+0x13f/0x1e0 [ 342.817308][ C3] ? __smpboot_create_thread.part.0+0x360/0x360 [ 342.868745][ C3] kthread+0x3b5/0x4a0 [ 342.868745][ C3] ? __kthread_bind_mask+0xc0/0xc0 [ 342.884781][ C3] ret_from_fork+0x1f/0x30 [ 342.906454][ C3] Kernel Offset: disabled [ 342.906454][ C3] Rebooting in 86400 seconds..