Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
syzkaller login: [   78.804221][ T9543] IPVS: ftp: loaded support on port[0] = 21
[   78.860423][ T9543] chnl_net:caif_netlink_parms(): no params data found
[   78.899865][ T9543] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.907511][ T9543] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.915267][ T9543] device bridge_slave_0 entered promiscuous mode
[   78.923892][ T9543] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.931102][ T9543] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.939225][ T9543] device bridge_slave_1 entered promiscuous mode
[   78.958453][ T9543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.969389][ T9543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.989807][ T9543] team0: Port device team_slave_0 added
[   78.997053][ T9543] team0: Port device team_slave_1 added
[   79.012744][ T9543] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.019735][ T9543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.046232][ T9543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.059477][ T9543] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.066640][ T9543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.092775][ T9543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.168932][ T9543] device hsr_slave_0 entered promiscuous mode
[   79.235693][ T9543] device hsr_slave_1 entered promiscuous mode
[   79.382809][ T9543] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.448736][ T9543] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.537843][ T9543] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.577773][ T9543] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.641083][ T9543] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.648311][ T9543] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.656233][ T9543] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.663316][ T9543] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.709811][ T9543] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.722953][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.732765][ T3621] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.741952][ T3621] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.750361][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   79.763698][ T9543] 8021q: adding VLAN 0 to HW filter on device team0
[   79.775068][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.783922][ T2714] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.791037][ T2714] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.803947][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.812352][ T3616] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.819652][ T3616] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.847326][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.856661][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.864992][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.874302][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   79.887301][ T9543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   79.898599][ T9543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   79.906588][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.914996][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.938061][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   79.946413][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   79.959446][ T9543] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.977905][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   79.987096][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.005597][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   80.013961][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.025228][ T9543] device veth0_vlan entered promiscuous mode
[   80.032764][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.040716][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.053487][ T9543] device veth1_vlan entered promiscuous mode
[   80.073682][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   80.083684][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   80.092124][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   80.101005][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.111652][ T9543] device veth0_macvtap entered promiscuous mode
[   80.122625][ T9543] device veth1_macvtap entered promiscuous mode
[   80.141018][ T9543] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.148962][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   80.157656][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   80.166029][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   80.174534][ T2705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.188024][ T9543] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.195573][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   80.204083][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   80.364286][ T9543] general protection fault, probably for non-canonical address 0xdffffc001fffffff: 0000 [#1] PREEMPT SMP KASAN
[   80.376149][ T9543] KASAN: probably user-memory-access in range [0x00000000fffffff8-0x00000000ffffffff]
[   80.386841][ T9543] CPU: 0 PID: 9543 Comm: syz-executor976 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0
[   80.396702][ T9543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.406761][ T9543] RIP: 0010:tcf_action_destroy+0x6a/0x150
[   80.412481][ T9543] Code: 43 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 7b 2f 43 fb 83 fd 20 0f 84 ae 00 00 00 e8 fd 2d 43 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00
[   80.432074][ T9543] RSP: 0018:ffffc90001cf7028 EFLAGS: 00010207
[   80.438113][ T9543] RAX: 000000001fffffff RBX: 00000000ffffffff RCX: 0000000000000000
[   80.446073][ T9543] RDX: 0000000000000000 RSI: ffffffff862f6783 RDI: 00000000ffffffff
[   80.454030][ T9543] RBP: 0000000000000000 R08: ffff8880a11cc480 R09: ffffed1015cc7084
[   80.461999][ T9543] R10: ffffed1015cc7083 R11: ffff8880ae63841b R12: 0000000000000000
[   80.469964][ T9543] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   80.478136][ T9543] FS:  000000000115e880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   80.487040][ T9543] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.493601][ T9543] CR2: 0000000020000280 CR3: 000000009f69f000 CR4: 00000000001406f0
[   80.501554][ T9543] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.509513][ T9543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   80.517460][ T9543] Call Trace:
[   80.520748][ T9543]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   80.526716][ T9543]  tcf_exts_destroy+0x42/0xc0
[   80.531377][ T9543]  tcf_exts_change+0xf4/0x150
[   80.536045][ T9543]  ? tcf_exts_destroy+0xc0/0xc0
[   80.540891][ T9543]  tcindex_set_parms+0xed8/0x1a00
[   80.546012][ T9543]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   80.551886][ T9543]  ? lock_acquire+0x197/0x420
[   80.556558][ T9543]  ? bpf_image_alloc+0x10/0x10
[   80.561313][ T9543]  ? mark_held_locks+0xe0/0xe0
[   80.566238][ T9543]  ? nla_memcpy+0xa0/0xa0
[   80.570632][ T9543]  ? tcindex_change+0x203/0x2e0
[   80.575454][ T9543]  tcindex_change+0x203/0x2e0
[   80.580110][ T9543]  ? tcindex_set_parms+0x1a00/0x1a00
[   80.585386][ T9543]  tc_new_tfilter+0xa59/0x20b0
[   80.590148][ T9543]  ? tcindex_set_parms+0x1a00/0x1a00
[   80.595410][ T9543]  ? tc_del_tfilter+0x1430/0x1430
[   80.600416][ T9543]  ? apparmor_capable+0x49c/0x8a0
[   80.605419][ T9543]  ? rcu_read_lock_held+0x9c/0xb0
[   80.610431][ T9543]  ? tc_del_tfilter+0x1430/0x1430
[   80.615441][ T9543]  rtnetlink_rcv_msg+0x810/0xad0
[   80.620353][ T9543]  ? rtnl_bridge_getlink+0x880/0x880
[   80.625621][ T9543]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   80.630878][ T9543]  ? __copy_skb_header+0x290/0x5b0
[   80.635975][ T9543]  ? skb_splice_bits+0x1a0/0x1a0
[   80.640895][ T9543]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[   80.646682][ T9543]  ? kmem_cache_alloc+0x261/0x730
[   80.651680][ T9543]  netlink_rcv_skb+0x15a/0x410
[   80.656420][ T9543]  ? rtnl_bridge_getlink+0x880/0x880
[   80.661676][ T9543]  ? netlink_ack+0xa80/0xa80
[   80.666245][ T9543]  netlink_unicast+0x537/0x740
[   80.670999][ T9543]  ? netlink_attachskb+0x810/0x810
[   80.676087][ T9543]  ? _copy_from_iter_full+0x25c/0x870
[   80.681442][ T9543]  ? __phys_addr_symbol+0x2c/0x70
[   80.686440][ T9543]  ? __check_object_size+0x171/0x437
[   80.691697][ T9543]  netlink_sendmsg+0x882/0xe10
[   80.696439][ T9543]  ? aa_af_perm+0x260/0x260
[   80.700914][ T9543]  ? netlink_unicast+0x740/0x740
[   80.705827][ T9543]  ? netlink_unicast+0x740/0x740
[   80.710740][ T9543]  sock_sendmsg+0xcf/0x120
[   80.715133][ T9543]  ____sys_sendmsg+0x6b9/0x7d0
[   80.719873][ T9543]  ? kernel_sendmsg+0x50/0x50
[   80.724525][ T9543]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   80.730044][ T9543]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   80.736016][ T9543]  ___sys_sendmsg+0x100/0x170
[   80.740668][ T9543]  ? sendmsg_copy_msghdr+0x70/0x70
[   80.745753][ T9543]  ? lock_downgrade+0x7f0/0x7f0
[   80.750585][ T9543]  ? lock_acquire+0x197/0x420
[   80.755248][ T9543]  ? __might_fault+0xef/0x1d0
[   80.759904][ T9543]  ? __might_fault+0x190/0x1d0
[   80.764640][ T9543]  ? _copy_to_user+0x107/0x150
[   80.769383][ T9543]  ? move_addr_to_user+0xb3/0x200
[   80.774383][ T9543]  ? __fget_light+0x1a5/0x270
[   80.779035][ T9543]  __sys_sendmsg+0xec/0x1b0
[   80.783529][ T9543]  ? __sys_sendmsg_sock+0xb0/0xb0
[   80.788540][ T9543]  ? trace_hardirqs_off_caller+0x55/0x230
[   80.794234][ T9543]  ? do_syscall_64+0x21/0x790
[   80.798887][ T9543]  do_syscall_64+0xf6/0x790
[   80.803398][ T9543]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   80.809281][ T9543] RIP: 0033:0x443ac9
[   80.813157][ T9543] Code: 45 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.832858][ T9543] RSP: 002b:00007fff44e94638 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   80.841260][ T9543] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443ac9
[   80.849214][ T9543] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   80.857284][ T9543] RBP: 00007fff44e94640 R08: 0000000000000025 R09: 0000000000000025
[   80.865236][ T9543] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000004
[   80.873205][ T9543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.881173][ T9543] Modules linked in:
[   80.888856][ T9543] ---[ end trace bb4421a2db34bcd8 ]---
[   80.894341][ T9543] RIP: 0010:tcf_action_destroy+0x6a/0x150
[   80.900107][ T9543] Code: 43 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 7b 2f 43 fb 83 fd 20 0f 84 ae 00 00 00 e8 fd 2d 43 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00
[   80.920184][ T9543] RSP: 0018:ffffc90001cf7028 EFLAGS: 00010207
[   80.926281][ T9543] RAX: 000000001fffffff RBX: 00000000ffffffff RCX: 0000000000000000
[   80.934241][ T9543] RDX: 0000000000000000 RSI: ffffffff862f6783 RDI: 00000000ffffffff
[   80.942235][ T9543] RBP: 0000000000000000 R08: ffff8880a11cc480 R09: ffffed1015cc7084
[   80.950228][ T9543] R10: ffffed1015cc7083 R11: ffff8880ae63841b R12: 0000000000000000
[   80.958216][ T9543] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   80.967899][ T9543] FS:  000000000115e880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   80.976868][ T9543] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.983452][ T9543] CR2: 0000000020000280 CR3: 000000009f69f000 CR4: 00000000001406f0
[   80.991674][ T9543] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.999908][ T9543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   81.007911][ T9543] Kernel panic - not syncing: Fatal exception
[   81.015285][ T9543] Kernel Offset: disabled
[   81.019614][ T9543] Rebooting in 86400 seconds..