Warning: Permanently added '[localhost]:61855' (ECDSA) to the list of known hosts. 2020/12/30 18:36:57 fuzzer started 2020/12/30 18:36:57 dialing manager at 10.0.2.10:34101 2020/12/30 18:36:58 syscalls: 3454 2020/12/30 18:36:58 code coverage: enabled 2020/12/30 18:36:58 comparison tracing: enabled 2020/12/30 18:36:58 extra coverage: enabled 2020/12/30 18:36:58 setuid sandbox: enabled 2020/12/30 18:36:58 namespace sandbox: enabled 2020/12/30 18:36:58 Android sandbox: /sys/fs/selinux/policy does not exist 2020/12/30 18:36:58 fault injection: enabled 2020/12/30 18:36:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/12/30 18:36:58 net packet injection: enabled 2020/12/30 18:36:58 net device setup: enabled 2020/12/30 18:36:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/12/30 18:36:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/12/30 18:36:58 USB emulation: enabled 2020/12/30 18:36:58 hci packet injection: enabled 2020/12/30 18:36:58 wifi device emulation: enabled 18:38:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0)=0x9, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r0, &(0x7f0000000380)=' ', 0x1, 0x0, 0x0, 0x0) 18:38:21 executing program 1: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0) 18:38:21 executing program 2: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x2, 0x7) ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) sendto$inet(r2, &(0x7f0000000100)="f6", 0xffffffe7, 0xc000, 0x0, 0x0) 18:38:22 executing program 3: r0 = socket$qrtr(0x2a, 0x2, 0x0) recvmsg$qrtr(r0, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x38, 0x0) syzkaller login: [ 210.453993][ T9528] IPVS: ftp: loaded support on port[0] = 21 [ 210.631227][ T9530] IPVS: ftp: loaded support on port[0] = 21 [ 210.632063][ T9528] chnl_net:caif_netlink_parms(): no params data found [ 210.750982][ T9528] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.769783][ T9528] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.785848][ T9528] device bridge_slave_0 entered promiscuous mode [ 210.804002][ T9528] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.822252][ T9528] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.839819][ T9528] device bridge_slave_1 entered promiscuous mode [ 210.880977][ T9528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.914207][ T9528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.966400][ T9530] chnl_net:caif_netlink_parms(): no params data found [ 211.003083][ T9532] IPVS: ftp: loaded support on port[0] = 21 [ 211.014255][ T9528] team0: Port device team_slave_0 added [ 211.040273][ T9528] team0: Port device team_slave_1 added [ 211.102622][ T9530] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.117741][ T9530] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.135702][ T9530] device bridge_slave_0 entered promiscuous mode [ 211.151106][ T9528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.189119][ T9528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.265693][ T9528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.317523][ T9528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.330027][ T9528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.376679][ T9528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.396150][ T9530] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.408293][ T9530] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.419559][ T9530] device bridge_slave_1 entered promiscuous mode [ 211.461473][ T9530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.474271][ T9533] IPVS: ftp: loaded support on port[0] = 21 [ 211.496277][ T9528] device hsr_slave_0 entered promiscuous mode [ 211.511343][ T9528] device hsr_slave_1 entered promiscuous mode [ 211.539246][ T9530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.610682][ T9530] team0: Port device team_slave_0 added [ 211.628008][ T9530] team0: Port device team_slave_1 added [ 211.676593][ T9530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.688556][ T9530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.729659][ T9530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.754990][ T9530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.768060][ T9530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.831301][ T9530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.902879][ T9532] chnl_net:caif_netlink_parms(): no params data found [ 211.960046][ T9530] device hsr_slave_0 entered promiscuous mode [ 211.974143][ T9530] device hsr_slave_1 entered promiscuous mode [ 211.994746][ T9530] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 212.022409][ T9530] Cannot create hsr debugfs directory [ 212.157337][ T9532] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.177777][ T9532] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.258821][ T9532] device bridge_slave_0 entered promiscuous mode [ 212.293357][ T9533] chnl_net:caif_netlink_parms(): no params data found [ 212.316148][ T9532] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.334747][ T9532] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.346323][ T9532] device bridge_slave_1 entered promiscuous mode [ 212.407170][ T9532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.422363][ T1725] Bluetooth: hci0: command 0x0409 tx timeout [ 212.431034][ T9532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.529905][ T9532] team0: Port device team_slave_0 added [ 212.545937][ T9532] team0: Port device team_slave_1 added [ 212.577488][ T9528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.644876][ T9533] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.669295][ T18] Bluetooth: hci1: command 0x0409 tx timeout [ 212.679294][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.710884][ T9533] device bridge_slave_0 entered promiscuous mode [ 212.724197][ T9528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.743565][ T9532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.757805][ T9532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.810133][ T9532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.832094][ T9532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.846526][ T9532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.901475][ T9532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.919966][ T9533] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.940329][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.967210][ T9533] device bridge_slave_1 entered promiscuous mode [ 212.969698][ T18] Bluetooth: hci2: command 0x0409 tx timeout [ 212.994218][ T9528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 213.053792][ T9528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 213.088764][ T9533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.118227][ T9532] device hsr_slave_0 entered promiscuous mode [ 213.131431][ T9532] device hsr_slave_1 entered promiscuous mode [ 213.145336][ T9532] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.157919][ T9532] Cannot create hsr debugfs directory [ 213.192412][ T9533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.289683][ T18] Bluetooth: hci3: command 0x0409 tx timeout [ 213.307529][ T9533] team0: Port device team_slave_0 added [ 213.319569][ T9530] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 213.335142][ T9530] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 213.356366][ T9533] team0: Port device team_slave_1 added [ 213.377751][ T9530] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 213.411836][ T9530] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 213.427340][ T9533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.443902][ T9533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.497244][ T9533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.537377][ T9533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.551049][ T9533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.590726][ T9533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.632968][ T9533] device hsr_slave_0 entered promiscuous mode [ 213.641584][ T9533] device hsr_slave_1 entered promiscuous mode [ 213.650980][ T9533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.662102][ T9533] Cannot create hsr debugfs directory [ 213.696590][ T9532] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.717312][ T9532] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.736280][ T9532] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 213.756506][ T9532] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 213.844942][ T9528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.890964][ T9533] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.910095][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.923819][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.936939][ T9528] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.951044][ T9533] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.963051][ T9533] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.981684][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.993267][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.008210][ T3082] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.018396][ T3082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.031627][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.043193][ T9533] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 214.072340][ T9530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.086774][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.101993][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.114586][ T3082] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.125237][ T3082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.136738][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.148733][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.173383][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.194509][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.219998][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.237513][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.255397][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.274851][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.290018][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.306446][ T9530] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.322707][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.340012][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.363015][ T9532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.382194][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.397662][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.415725][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.428527][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.442944][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.458633][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.474836][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.489440][ T28] Bluetooth: hci0: command 0x041b tx timeout [ 214.503210][ T9528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.547792][ T9532] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.581996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.610885][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.628851][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.639459][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.652188][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.667090][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.684281][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.698836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.729294][ T9559] Bluetooth: hci1: command 0x041b tx timeout [ 214.742611][ T9528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.766069][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.785815][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.806069][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.822587][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.839877][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.856525][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.872159][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.887553][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.905974][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.927842][ T9530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.946461][ T9530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.968361][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.983591][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 215.001073][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.017176][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.034733][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.049691][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.059976][ T18] Bluetooth: hci2: command 0x041b tx timeout [ 215.067411][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.100805][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.117390][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.130777][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.146950][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.170827][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.214392][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.230906][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 215.249650][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 215.267441][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 215.280395][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 215.307824][ T9532] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 215.325899][ T9532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 215.356511][ T9530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.371133][ T18] Bluetooth: hci3: command 0x041b tx timeout [ 215.385127][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.402056][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.416736][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.432847][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.447675][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 215.463272][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.481652][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.500192][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 215.516247][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 215.529659][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 215.556232][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 215.576055][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 215.597604][ T9533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.631188][ T9528] device veth0_vlan entered promiscuous mode [ 215.782921][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.800639][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.820485][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.837776][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.887791][ T9533] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.911955][ T9530] device veth0_vlan entered promiscuous mode [ 215.925975][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.945912][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.961835][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.980304][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.997780][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.013114][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.032136][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.047905][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.068219][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.087080][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.105011][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.121573][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.139867][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 216.158143][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 216.174554][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.203788][ T9528] device veth1_vlan entered promiscuous mode [ 216.224040][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 216.249613][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 216.274507][ T9530] device veth1_vlan entered promiscuous mode [ 216.334320][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.365268][ T9532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.403420][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.424134][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.443323][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.463636][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 216.493289][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.507372][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.523384][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.538318][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.558778][ T9530] device veth0_macvtap entered promiscuous mode [ 216.569230][ T9561] Bluetooth: hci0: command 0x040f tx timeout [ 216.583815][ T9528] device veth0_macvtap entered promiscuous mode [ 216.603787][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 216.619854][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 216.642369][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 216.661560][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.681555][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.711997][ T9530] device veth1_macvtap entered promiscuous mode [ 216.733652][ T9528] device veth1_macvtap entered promiscuous mode [ 216.765376][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 216.783281][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 216.799927][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 216.809224][ T1725] Bluetooth: hci1: command 0x040f tx timeout [ 216.815786][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 216.846768][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.863687][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 216.879417][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 216.898689][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 216.915685][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 216.931334][ T9532] device veth0_vlan entered promiscuous mode [ 216.957448][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.973262][ T9561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.992090][ T9533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.013847][ T9528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.027776][ T9530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 217.052048][ T9530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.074922][ T9530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.091469][ T9532] device veth1_vlan entered promiscuous mode [ 217.107885][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 217.122700][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.140995][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.163218][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.197294][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.234278][ T9528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.251947][ T18] Bluetooth: hci2: command 0x040f tx timeout [ 217.255449][ T9530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.287833][ T9530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.314998][ T9530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.336946][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.354205][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 217.373936][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.393633][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 217.426973][ T9530] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.450160][ T9530] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.450531][ T18] Bluetooth: hci3: command 0x040f tx timeout [ 217.471451][ T9530] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.508615][ T9530] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.537210][ T9528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.555690][ T9528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.573090][ T9528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.588154][ T9528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.633248][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 217.645564][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 217.680313][ T9533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.730892][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 217.747472][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 217.787562][ T2974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.802349][ T2974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.805782][ T9532] device veth0_macvtap entered promiscuous mode [ 217.837219][ T9532] device veth1_macvtap entered promiscuous mode [ 217.837569][ T2974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.864830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 217.866894][ T2974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.886407][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 217.909858][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 217.928319][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 217.964218][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 217.981086][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 218.017859][ T2974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.020221][ T9549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.024451][ T9532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 218.024467][ T9532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.024475][ T9532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 218.024484][ T9532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.026020][ T9532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.029910][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 218.030374][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 218.035789][ T2974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.045951][ T9533] device veth0_vlan entered promiscuous mode [ 218.052918][ T9533] device veth1_vlan entered promiscuous mode [ 218.054248][ T9549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.072153][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.216249][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 218.227942][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 218.249525][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 218.264164][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 218.277511][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 218.291405][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 218.304017][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 218.315634][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 218.327485][ T1725] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 218.338323][ T9532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 218.358731][ T9532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.377488][ T9532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 218.397031][ T9532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.421147][ T9532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.444031][ T9533] device veth0_macvtap entered promiscuous mode [ 218.473369][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 218.491248][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 218.513243][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 218.543397][ T9532] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.570148][ T9532] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.593126][ T9532] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.612020][ T9532] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.638249][ T9530] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 218.639485][ T9533] device veth1_macvtap entered promiscuous mode [ 218.669486][ T9559] Bluetooth: hci0: command 0x0419 tx timeout [ 218.689706][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 218.712239][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.733147][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 218.757022][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.781492][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 218.802550][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.829841][ T9533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.854188][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 218.874718][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 218.889480][ T9559] Bluetooth: hci1: command 0x0419 tx timeout [ 218.899910][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 218.934044][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.954330][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 218.976189][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.995556][ T9533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 219.019767][ T9533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.044224][ T9533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.072773][ T9559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.086129][ T9559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 219.104279][ T9533] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.117496][ T9533] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.132003][ T9533] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.146676][ T9533] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.272319][ T9563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.285112][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.299653][ T18] Bluetooth: hci2: command 0x0419 tx timeout [ 219.304725][ T9563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.333113][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.349736][ T9542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.365023][ T9542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.382556][ T9560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 219.420142][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 18:38:31 executing program 1: unshare(0x24020580) [ 219.432310][ T9560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.443893][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 18:38:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0)=0x9, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r0, &(0x7f0000000380)=' ', 0x1, 0x0, 0x0, 0x0) [ 219.470315][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 219.487702][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 18:38:31 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) connect$unix(r0, &(0x7f0000000080)=@abs, 0x8) [ 219.540360][ T18] Bluetooth: hci3: command 0x0419 tx timeout 18:38:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x7f, 0x0, 0x0, @remote, @broadcast}}}}) 18:38:32 executing program 1: r0 = socket(0x2, 0x80002, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private1, @private2}}) 18:38:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x891e, &(0x7f00000000c0)={'vlan1\x00'}) [ 219.850749][ T9603] ------------[ cut here ]------------ [ 219.858159][ T9603] WARNING: CPU: 3 PID: 9603 at mm/page_counter.c:57 page_counter_cancel+0x56/0x70 [ 219.873962][ T9603] Modules linked in: [ 219.881263][ T9603] CPU: 3 PID: 9603 Comm: syz-executor.2 Not tainted 5.11.0-rc1-syzkaller #0 [ 219.891822][ T9603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 219.909127][ T9603] RIP: 0010:page_counter_cancel+0x56/0x70 [ 219.918289][ T9603] Code: 89 ef 48 89 c3 48 89 c6 e8 37 fd ff ff 31 ff 48 89 de e8 2d 85 b8 ff 48 85 db 78 09 5b 5d 41 5c e9 2f 7d b8 ff e8 2a 7d b8 ff <0f> 0b 5b 5d 41 5c e9 1f 7d b8 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 [ 219.944553][ T9603] RSP: 0018:ffffc90002b9f788 EFLAGS: 00010012 [ 219.952766][ T9603] RAX: 000000000000458b RBX: ffffffffffffffb1 RCX: ffffc900ca906000 [ 219.962597][ T9603] RDX: 0000000000040000 RSI: ffffffff81b9f766 RDI: 0000000000000003 [ 219.969093][ T9603] RBP: ffff8880092ea120 R08: 0000000000000000 R09: ffff88804023417f [ 219.982021][ T9603] R10: ffffffff81b9f753 R11: 0000000000000000 R12: 000000000000010f [ 219.989554][ T9603] R13: 0000000000000200 R14: ffff8880092ea000 R15: 0000000000000003 [ 220.002182][ T9603] FS: 0000000000000000(0000) GS:ffff88802cd00000(0063) knlGS:00000000f553cb40 [ 220.026909][ T9603] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 220.047901][ T9603] CR2: 0000000020008000 CR3: 0000000073dfe000 CR4: 0000000000350ee0 [ 220.069574][ T9603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 220.089882][ T9603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 220.101622][ T9603] Call Trace: [ 220.106474][ T9603] page_counter_uncharge+0x2e/0x60 [ 220.113606][ T9603] drain_stock+0xc9/0x2c0 [ 220.119241][ T9603] refill_stock+0x132/0x270 [ 220.127978][ T9603] __sk_mem_reduce_allocated+0x24d/0x550 [ 220.137793][ T9603] dfrag_clear+0x45e/0x540 [ 220.146131][ T9603] __mptcp_clean_una+0x146/0xc60 [ 220.153090][ T9603] ? mptcp_push_pending+0x1740/0x1740 [ 220.159270][ T9603] mptcp_release_cb+0x2d4/0x330 [ 220.165218][ T9603] ? mptcp_push_pending+0x1740/0x1740 [ 220.172244][ T9603] release_sock+0xb4/0x1b0 [ 220.178078][ T9603] sk_stream_wait_memory+0x608/0xed0 [ 220.182176][ T9603] ? sk_stream_wait_connect+0x6a0/0x6a0 [ 220.189170][ T9603] ? __init_waitqueue_head+0x110/0x110 [ 220.199062][ T9603] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 220.203008][ T9603] ? copy_page_from_iter+0x5f2/0x870 [ 220.213919][ T9603] mptcp_sendmsg+0xd87/0x27b0 [ 220.219730][ T9603] ? mptcp_release_cb+0x330/0x330 [ 220.226876][ T9603] ? aa_sk_perm+0x316/0xaa0 [ 220.234035][ T9603] ? aa_af_perm+0x230/0x230 [ 220.239527][ T9603] ? __fget_files+0x288/0x3d0 [ 220.247629][ T9603] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 220.251808][ T9603] inet_sendmsg+0x99/0xe0 [ 220.251808][ T9603] ? inet_send_prepare+0x4d0/0x4d0 [ 220.262142][ T9603] sock_sendmsg+0xcf/0x120 [ 220.269109][ T9603] __sys_sendto+0x21c/0x320 [ 220.282181][ T9603] ? __ia32_sys_getpeername+0xb0/0xb0 [ 220.289103][ T9603] ? _copy_to_user+0xdc/0x150 [ 220.289103][ T9603] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 220.302141][ T9603] ? put_old_timespec32+0x101/0x1f0 [ 220.310130][ T9603] ? get_old_timespec32+0x1f0/0x1f0 [ 220.310130][ T9603] ? __ia32_sys_futex_time32+0x32a/0x530 [ 220.331832][ T9603] __ia32_sys_sendto+0xdb/0x1b0 [ 220.339270][ T9603] ? lockdep_hardirqs_on+0x79/0x100 [ 220.349264][ T9603] __do_fast_syscall_32+0x56/0x80 [ 220.351165][ T9603] do_fast_syscall_32+0x2f/0x70 [ 220.362386][ T9603] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 220.372997][ T9603] RIP: 0023:0xf7f63549 [ 220.380270][ T9603] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 220.409672][ T9603] RSP: 002b:00000000f553c0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 220.420229][ T9603] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000100 [ 220.439250][ T9603] RDX: 00000000ffffffe7 RSI: 000000000000c000 RDI: 0000000000000000 [ 220.462264][ T9603] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 220.477531][ T9603] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 220.499180][ T9603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 220.519275][ T9603] Kernel panic - not syncing: panic_on_warn set ... [ 220.530948][ T9603] CPU: 3 PID: 9603 Comm: syz-executor.2 Not tainted 5.11.0-rc1-syzkaller #0 [ 220.545680][ T9603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 220.565155][ T9603] Call Trace: [ 220.568721][ T9603] dump_stack+0x107/0x163 [ 220.577563][ T9603] panic+0x306/0x73d [ 220.583627][ T9603] ? __warn_printk+0xf3/0xf3 [ 220.588367][ T9603] ? __warn.cold+0x1a/0x44 [ 220.600387][ T9603] ? page_counter_cancel+0x56/0x70 [ 220.608958][ T9603] __warn.cold+0x35/0x44 [ 220.616329][ T9603] ? page_counter_cancel+0x56/0x70 [ 220.624773][ T9603] report_bug+0x1bd/0x210 [ 220.628324][ T9603] handle_bug+0x3c/0x60 [ 220.636940][ T9603] exc_invalid_op+0x14/0x40 [ 220.644158][ T9603] asm_exc_invalid_op+0x12/0x20 [ 220.648900][ T9603] RIP: 0010:page_counter_cancel+0x56/0x70 [ 220.660824][ T9603] Code: 89 ef 48 89 c3 48 89 c6 e8 37 fd ff ff 31 ff 48 89 de e8 2d 85 b8 ff 48 85 db 78 09 5b 5d 41 5c e9 2f 7d b8 ff e8 2a 7d b8 ff <0f> 0b 5b 5d 41 5c e9 1f 7d b8 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 [ 220.697932][ T9603] RSP: 0018:ffffc90002b9f788 EFLAGS: 00010012 [ 220.714059][ T9603] RAX: 000000000000458b RBX: ffffffffffffffb1 RCX: ffffc900ca906000 [ 220.738852][ T9603] RDX: 0000000000040000 RSI: ffffffff81b9f766 RDI: 0000000000000003 [ 220.758574][ T9603] RBP: ffff8880092ea120 R08: 0000000000000000 R09: ffff88804023417f [ 220.785482][ T9603] R10: ffffffff81b9f753 R11: 0000000000000000 R12: 000000000000010f [ 220.797914][ T9603] R13: 0000000000000200 R14: ffff8880092ea000 R15: 0000000000000003 [ 220.813153][ T9603] ? page_counter_cancel+0x43/0x70 [ 220.817922][ T9603] ? page_counter_cancel+0x56/0x70 [ 220.833008][ T9603] ? page_counter_cancel+0x56/0x70 [ 220.841502][ T9603] page_counter_uncharge+0x2e/0x60 [ 220.848593][ T9603] drain_stock+0xc9/0x2c0 [ 220.855890][ T9603] refill_stock+0x132/0x270 [ 220.866166][ T9603] __sk_mem_reduce_allocated+0x24d/0x550 [ 220.877084][ T9603] dfrag_clear+0x45e/0x540 [ 220.885424][ T9603] __mptcp_clean_una+0x146/0xc60 [ 220.894196][ T9603] ? mptcp_push_pending+0x1740/0x1740 [ 220.908086][ T9603] mptcp_release_cb+0x2d4/0x330 [ 220.920924][ T9603] ? mptcp_push_pending+0x1740/0x1740 [ 220.933522][ T9603] release_sock+0xb4/0x1b0 [ 220.943728][ T9603] sk_stream_wait_memory+0x608/0xed0 [ 220.953504][ T9603] ? sk_stream_wait_connect+0x6a0/0x6a0 [ 220.963143][ T9603] ? __init_waitqueue_head+0x110/0x110 [ 220.977676][ T9603] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 220.988616][ T9603] ? copy_page_from_iter+0x5f2/0x870 [ 220.998045][ T9603] mptcp_sendmsg+0xd87/0x27b0 [ 221.006592][ T9603] ? mptcp_release_cb+0x330/0x330 [ 221.015159][ T9603] ? aa_sk_perm+0x316/0xaa0 [ 221.022459][ T9603] ? aa_af_perm+0x230/0x230 [ 221.032347][ T9603] ? __fget_files+0x288/0x3d0 [ 221.042607][ T9603] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 221.057239][ T9603] inet_sendmsg+0x99/0xe0 [ 221.066660][ T9603] ? inet_send_prepare+0x4d0/0x4d0 [ 221.076255][ T9603] sock_sendmsg+0xcf/0x120 [ 221.087815][ T9603] __sys_sendto+0x21c/0x320 [ 221.095215][ T9603] ? __ia32_sys_getpeername+0xb0/0xb0 [ 221.104870][ T9603] ? _copy_to_user+0xdc/0x150 [ 221.108396][ T9603] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 221.125881][ T9603] ? put_old_timespec32+0x101/0x1f0 [ 221.136560][ T9603] ? get_old_timespec32+0x1f0/0x1f0 [ 221.144821][ T9603] ? __ia32_sys_futex_time32+0x32a/0x530 [ 221.154695][ T9603] __ia32_sys_sendto+0xdb/0x1b0 [ 221.161882][ T9603] ? lockdep_hardirqs_on+0x79/0x100 [ 221.170486][ T9603] __do_fast_syscall_32+0x56/0x80 [ 221.178825][ T9603] do_fast_syscall_32+0x2f/0x70 [ 221.187275][ T9603] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 221.198027][ T9603] RIP: 0023:0xf7f63549 [ 221.204199][ T9603] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 221.237331][ T9603] RSP: 002b:00000000f553c0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 221.255928][ T9603] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000100 [ 221.271864][ T9603] RDX: 00000000ffffffe7 RSI: 000000000000c000 RDI: 0000000000000000 [ 221.284187][ T9603] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 221.299607][ T9603] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 221.314863][ T9603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 221.327997][ T9603] Kernel Offset: disabled [ 221.327997][ T9603] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:38:33 Registers: info registers vcpu 0 RAX=00000000000b3291 RBX=ffffffff8b0bc000 RCX=ffffffff88eb7b30 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff1617800 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =ffff88802ca35bab R10=ffffed1005946b75 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cef4e48 R15=0000000000000000 RIP=ffffffff88edcbee RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000001662c68 CR3=0000000076fda000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000094f01 RBX=ffff88801084a300 RCX=ffffffff88eb7b30 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed1002109460 RSP=ffffc900003ffdf8 R8 =0000000000000001 R9 =ffff88802cb35bab R10=ffffed1005966b75 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8cef4e48 R15=0000000000000000 RIP=ffffffff88edcbee RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f024168c000 CR3=0000000073dfe000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=00000000000b4b83 RBX=ffff88801084c600 RCX=ffffffff88eb7b30 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed10021098c0 RSP=ffffc9000040fdf8 R8 =0000000000000001 R9 =ffff88802cc35bab R10=ffffed1005986b75 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=ffffffff8cef4e48 R15=0000000000000000 RIP=ffffffff88edcbee RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f024168c000 CR3=0000000073dfe000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84148d7c RDI=ffffffff8fb0ed80 RBP=ffffffff8fb0ed40 RSP=ffffc90002b9f100 R8 =0000000000000000 R9 =000000000000000a R10=ffffffff8414a30d R11=000000000000000a R12=0000000000000020 R13=fffffbfff1f61dfb R14=fffffbfff1f61db2 R15=dffffc0000000000 RIP=ffffffff84148dd0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cd00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020008000 CR3=0000000073dfe000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffff0000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000