Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 60.042890][ T6835] IPVS: ftp: loaded support on port[0] = 21 [ 60.209630][ T125] tipc: TX() has been purged, node left! [ 62.123072][ T6832] can: request_module (can-proto-0) failed. [ 62.138745][ T6832] can: request_module (can-proto-0) failed. [ 62.150650][ T6832] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. 2020/09/21 20:53:36 parsed 1 programs 2020/09/21 20:53:37 executed programs: 0 [ 71.409139][ T6957] IPVS: ftp: loaded support on port[0] = 21 [ 71.781642][ T6965] IPVS: ftp: loaded support on port[0] = 21 [ 71.802178][ T6961] IPVS: ftp: loaded support on port[0] = 21 [ 71.818166][ T6967] IPVS: ftp: loaded support on port[0] = 21 [ 71.819593][ T6966] IPVS: ftp: loaded support on port[0] = 21 [ 71.837558][ T6963] IPVS: ftp: loaded support on port[0] = 21 [ 71.898697][ T6957] chnl_net:caif_netlink_parms(): no params data found [ 72.295604][ T6957] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.303561][ T6957] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.311557][ T6957] device bridge_slave_0 entered promiscuous mode [ 72.322776][ T6957] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.329896][ T6957] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.339346][ T6957] device bridge_slave_1 entered promiscuous mode [ 72.460432][ T6967] chnl_net:caif_netlink_parms(): no params data found [ 72.474724][ T6957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.586758][ T6957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.600742][ T6961] chnl_net:caif_netlink_parms(): no params data found [ 72.713084][ T6963] chnl_net:caif_netlink_parms(): no params data found [ 72.747656][ T6965] chnl_net:caif_netlink_parms(): no params data found [ 72.785393][ T6957] team0: Port device team_slave_0 added [ 72.791809][ T6966] chnl_net:caif_netlink_parms(): no params data found [ 72.836683][ T6957] team0: Port device team_slave_1 added [ 72.992960][ T6957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.000029][ T6957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.028312][ T6957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.065670][ T6967] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.074366][ T6967] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.082394][ T6967] device bridge_slave_0 entered promiscuous mode [ 73.093990][ T6957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.100948][ T6957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.134279][ T6957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.149654][ T6961] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.158301][ T6961] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.167214][ T6961] device bridge_slave_0 entered promiscuous mode [ 73.181928][ T6967] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.189620][ T6967] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.199117][ T6967] device bridge_slave_1 entered promiscuous mode [ 73.226028][ T6963] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.233893][ T6963] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.242000][ T6963] device bridge_slave_0 entered promiscuous mode [ 73.266017][ T6961] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.273908][ T6961] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.281682][ T6961] device bridge_slave_1 entered promiscuous mode [ 73.304528][ T6963] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.317355][ T6963] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.326584][ T6963] device bridge_slave_1 entered promiscuous mode [ 73.341988][ T6965] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.349834][ T6965] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.358739][ T6965] device bridge_slave_0 entered promiscuous mode [ 73.398379][ T6961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.424964][ T6965] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.433214][ T6965] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.440915][ T6965] device bridge_slave_1 entered promiscuous mode [ 73.450583][ T6967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.461217][ T6861] Bluetooth: hci0: command 0x0409 tx timeout [ 73.471509][ T6957] device hsr_slave_0 entered promiscuous mode [ 73.479614][ T6957] device hsr_slave_1 entered promiscuous mode [ 73.488960][ T6961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.525374][ T6963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.536215][ T6967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.556863][ T6966] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.567495][ T6966] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.576380][ T6966] device bridge_slave_0 entered promiscuous mode [ 73.592836][ T6963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.607632][ T17] Bluetooth: hci1: command 0x0409 tx timeout [ 73.612263][ T5] Bluetooth: hci5: command 0x0409 tx timeout [ 73.614499][ T17] Bluetooth: hci3: command 0x0409 tx timeout [ 73.633660][ T17] Bluetooth: hci4: command 0x0409 tx timeout [ 73.651985][ T6965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.668936][ T6965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.679385][ T6966] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.686608][ T5] Bluetooth: hci2: command 0x0409 tx timeout [ 73.693958][ T6966] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.701858][ T6966] device bridge_slave_1 entered promiscuous mode [ 73.754353][ T6961] team0: Port device team_slave_0 added [ 73.793167][ T6967] team0: Port device team_slave_0 added [ 73.807248][ T6965] team0: Port device team_slave_0 added [ 73.819192][ T6961] team0: Port device team_slave_1 added [ 73.828511][ T6966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.846135][ T6966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.859529][ T6963] team0: Port device team_slave_0 added [ 73.871274][ T6963] team0: Port device team_slave_1 added [ 73.879298][ T6965] team0: Port device team_slave_1 added [ 73.887329][ T6967] team0: Port device team_slave_1 added [ 73.967305][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.975423][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.003364][ T6965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.027252][ T6966] team0: Port device team_slave_0 added [ 74.039040][ T6966] team0: Port device team_slave_1 added [ 74.054796][ T6963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.061774][ T6963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.089839][ T6963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.103225][ T6961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.110186][ T6961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.137762][ T6961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.150397][ T6967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.157659][ T6967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.192131][ T6967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.193513][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.211178][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.238128][ T6965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.271210][ T6963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.278338][ T6963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.304593][ T6963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.316691][ T6961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.327801][ T6961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.355029][ T6961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.367580][ T6967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.374966][ T6967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.401639][ T6967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.446722][ T6966] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.456593][ T6966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.482880][ T6966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.536602][ T6966] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.545424][ T6966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.571722][ T6966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.590896][ T6965] device hsr_slave_0 entered promiscuous mode [ 74.599068][ T6965] device hsr_slave_1 entered promiscuous mode [ 74.607148][ T6965] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.615225][ T6965] Cannot create hsr debugfs directory [ 74.635504][ T6963] device hsr_slave_0 entered promiscuous mode [ 74.646984][ T6963] device hsr_slave_1 entered promiscuous mode [ 74.653833][ T6963] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.661489][ T6963] Cannot create hsr debugfs directory [ 74.704145][ T6961] device hsr_slave_0 entered promiscuous mode [ 74.713453][ T6961] device hsr_slave_1 entered promiscuous mode [ 74.722661][ T6961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.730290][ T6961] Cannot create hsr debugfs directory [ 74.739758][ T6967] device hsr_slave_0 entered promiscuous mode [ 74.749224][ T6967] device hsr_slave_1 entered promiscuous mode [ 74.756381][ T6967] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.765443][ T6967] Cannot create hsr debugfs directory [ 74.850723][ T6966] device hsr_slave_0 entered promiscuous mode [ 74.863073][ T6966] device hsr_slave_1 entered promiscuous mode [ 74.869774][ T6966] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.878738][ T6966] Cannot create hsr debugfs directory [ 74.940538][ T6957] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.007169][ T6957] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.020190][ T6957] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.082397][ T6957] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.382972][ T6965] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.406968][ T6965] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 75.435591][ T6965] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 75.448671][ T6965] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 75.499327][ T6963] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.527046][ T6861] Bluetooth: hci0: command 0x041b tx timeout [ 75.536904][ T6963] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.546972][ T6963] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.567960][ T6963] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.666786][ T6966] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.677945][ T6966] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.692478][ T5] Bluetooth: hci4: command 0x041b tx timeout [ 75.697902][ T6957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.706714][ T5] Bluetooth: hci3: command 0x041b tx timeout [ 75.722680][ T5] Bluetooth: hci5: command 0x041b tx timeout [ 75.725111][ T6966] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.732488][ T5] Bluetooth: hci1: command 0x041b tx timeout [ 75.748833][ T6966] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.770428][ T5] Bluetooth: hci2: command 0x041b tx timeout [ 75.792746][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.801730][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.826850][ T6967] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.867937][ T6957] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.887411][ T6967] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.900154][ T6967] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.942703][ T2467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.953561][ T2467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.963541][ T2467] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.970829][ T2467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.979554][ T2467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.989415][ T2467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.999036][ T2467] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.006211][ T2467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.019122][ T6967] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.053447][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.068306][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.077026][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.130371][ T6961] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 76.161078][ T6965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.173513][ T6961] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 76.192180][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.201149][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.217354][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.228008][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.240128][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.274816][ T6961] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 76.290963][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.299395][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.308938][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.317709][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.327147][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.336382][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.366583][ T6957] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.385432][ T6965] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.398648][ T6961] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 76.420035][ T6963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.442509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.454677][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.463900][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.470956][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.478721][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.487920][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.497812][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.504961][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.514578][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.534358][ T6963] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.557053][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.570922][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.604185][ T6966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.615385][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.629087][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.638542][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.645695][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.658907][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.701401][ T6957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.715631][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.728893][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.741358][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.750617][ T2629] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.757766][ T2629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.767241][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.776488][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.784683][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.792650][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.801252][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.841119][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.867448][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.911245][ T6966] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.962142][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.969999][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.981015][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.991509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.000592][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.009587][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.017618][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.025828][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.034824][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.044602][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.084833][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.093515][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.106642][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.116492][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.130204][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.139906][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.183811][ T6967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.192845][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.204541][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.213957][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.224816][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.234013][ T6861] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.241088][ T6861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.249714][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.262034][ T6963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.291518][ T6957] device veth0_vlan entered promiscuous mode [ 77.301192][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.315809][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.325856][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.335695][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.344940][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.352083][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.359722][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.370335][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.404775][ T6961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.414203][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.423802][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.453236][ T6965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.479224][ T6967] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.490947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.502222][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.510810][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.520298][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.529826][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.538227][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.546552][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.554768][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.569330][ T6957] device veth1_vlan entered promiscuous mode [ 77.586975][ T6961] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.602616][ T2629] Bluetooth: hci0: command 0x040f tx timeout [ 77.613226][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.621368][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.631194][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.639213][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.647285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.656664][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.666863][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.675899][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.685246][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.692377][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.700189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.709197][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.749828][ T6963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.762508][ T8263] Bluetooth: hci1: command 0x040f tx timeout [ 77.768574][ T8263] Bluetooth: hci5: command 0x040f tx timeout [ 77.781830][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.789970][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.803360][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.815405][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.824023][ T6861] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.831073][ T6861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.839735][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.849932][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.859303][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.868827][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.878548][ T6861] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.885976][ T6861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.894029][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.903174][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.911780][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.920610][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.933446][ T6966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.942020][ T6861] Bluetooth: hci3: command 0x040f tx timeout [ 77.948079][ T6861] Bluetooth: hci4: command 0x040f tx timeout [ 77.955449][ T2629] Bluetooth: hci2: command 0x040f tx timeout [ 77.965462][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.974681][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.982984][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.990597][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.000145][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.014916][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.026110][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.037020][ T2629] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.044164][ T2629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.057816][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.083827][ T6957] device veth0_macvtap entered promiscuous mode [ 78.113902][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.125130][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.134453][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.145897][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.155667][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.197953][ T6967] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.214085][ T6967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.237834][ T6965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.249675][ T6957] device veth1_macvtap entered promiscuous mode [ 78.259330][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.270026][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.279409][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.288979][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.298533][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.310084][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.318774][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.328574][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.338636][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.347990][ T6861] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.367482][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.381183][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.462726][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.471222][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.480514][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.491084][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.500974][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.508689][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.517159][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.525789][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.537981][ T6966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.563862][ T6957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.577625][ T6957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.585205][ T6963] device veth0_vlan entered promiscuous mode [ 78.602946][ T6961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.611426][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.620132][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.633537][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.641018][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.655781][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.666771][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.676162][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.685115][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.715677][ T6957] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.733683][ T6957] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.747779][ T6957] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.758805][ T6957] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.792174][ T6967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.833551][ T6963] device veth1_vlan entered promiscuous mode [ 78.847723][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.857025][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.870986][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.880217][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.893961][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.955251][ T6961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.994066][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.003150][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.011066][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.037785][ T6965] device veth0_vlan entered promiscuous mode [ 79.089637][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.106254][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.127243][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.145511][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.170555][ T6966] device veth0_vlan entered promiscuous mode [ 79.209861][ T6965] device veth1_vlan entered promiscuous mode [ 79.227304][ T6963] device veth0_macvtap entered promiscuous mode [ 79.243751][ T8274] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 79.255611][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.266631][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.285085][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.299199][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.308143][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.319327][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.332159][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.341234][ T8259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.359480][ T6966] device veth1_vlan entered promiscuous mode [ 79.396352][ T6963] device veth1_macvtap entered promiscuous mode [ 79.408733][ T8274] ================================================================== [ 79.417261][ T8274] BUG: KASAN: use-after-free in tcf_action_destroy+0x188/0x1b0 [ 79.424799][ T8274] Read of size 8 at addr ffff88808de4f000 by task syz-executor.3/8274 [ 79.432951][ T8274] [ 79.435440][ T8274] CPU: 0 PID: 8274 Comm: syz-executor.3 Not tainted 5.9.0-rc3-syzkaller #0 [ 79.444393][ T8274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.454456][ T8274] Call Trace: [ 79.457817][ T8274] dump_stack+0x198/0x1fd [ 79.463120][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.468326][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.473617][ T8274] print_address_description.constprop.0.cold+0xae/0x497 [ 79.480623][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.485816][ T8274] ? lockdep_hardirqs_off+0x96/0xd0 [ 79.491184][ T8274] ? vprintk_func+0x97/0x1a6 [ 79.496541][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.501728][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.506946][ T8274] kasan_report.cold+0x1f/0x37 [ 79.511720][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 79.516929][ T8274] tcf_action_destroy+0x188/0x1b0 [ 79.521950][ T8274] tcf_action_init+0x285/0x380 [ 79.526730][ T8274] ? tcf_action_init_1+0xc60/0xc60 [ 79.531865][ T8274] tcf_action_add+0xd9/0x360 [ 79.536460][ T8274] ? tca_action_gd+0xda0/0xda0 [ 79.541238][ T8274] ? bpf_lsm_capable+0x5/0x10 [ 79.546787][ T8274] ? __nla_parse+0x3d/0x4a [ 79.551204][ T8274] tc_ctl_action+0x33a/0x439 [ 79.555912][ T8274] ? tcf_action_add+0x360/0x360 [ 79.560841][ T8274] ? lock_is_held_type+0xbb/0xf0 [ 79.565790][ T8274] ? tcf_action_add+0x360/0x360 [ 79.570704][ T8274] rtnetlink_rcv_msg+0x44e/0xad0 [ 79.575674][ T8274] ? rtnetlink_put_metrics+0x510/0x510 [ 79.581123][ T8274] ? lock_acquire+0x1f3/0xae0 [ 79.585808][ T8274] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 79.591706][ T8274] netlink_rcv_skb+0x15a/0x430 [ 79.596457][ T8274] ? rtnetlink_put_metrics+0x510/0x510 [ 79.602030][ T8274] ? netlink_ack+0xa10/0xa10 [ 79.606645][ T8274] netlink_unicast+0x533/0x7d0 [ 79.611418][ T8274] ? netlink_attachskb+0x810/0x810 [ 79.616559][ T8274] ? __phys_addr_symbol+0x2c/0x70 [ 79.621590][ T8274] ? __check_object_size+0x171/0x3e4 [ 79.626882][ T8274] netlink_sendmsg+0x856/0xd90 [ 79.631650][ T8274] ? netlink_unicast+0x7d0/0x7d0 [ 79.636602][ T8274] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 79.642935][ T8274] ? netlink_unicast+0x7d0/0x7d0 [ 79.647860][ T8274] sock_sendmsg+0xcf/0x120 [ 79.652269][ T8274] ____sys_sendmsg+0x6e8/0x810 [ 79.657046][ T8274] ? kernel_sendmsg+0x50/0x50 [ 79.661720][ T8274] ? do_recvmmsg+0x6d0/0x6d0 [ 79.666346][ T8274] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 79.672342][ T8274] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 79.678329][ T8274] ? __lock_acquire+0xb5e/0x5570 [ 79.682084][ T8259] Bluetooth: hci0: command 0x0419 tx timeout [ 79.683283][ T8274] ___sys_sendmsg+0xf3/0x170 [ 79.693837][ T8274] ? sendmsg_copy_msghdr+0x160/0x160 [ 79.699128][ T8274] ? __fget_files+0x272/0x400 [ 79.708503][ T8274] ? lock_downgrade+0x830/0x830 [ 79.714320][ T8274] ? find_held_lock+0x2d/0x110 [ 79.719101][ T8274] ? __fget_files+0x294/0x400 [ 79.724784][ T8274] ? __fget_light+0xea/0x280 [ 79.729375][ T8274] __sys_sendmsg+0xe5/0x1b0 [ 79.733862][ T8274] ? __sys_sendmsg_sock+0xb0/0xb0 [ 79.738948][ T8274] ? syscall_enter_from_user_mode+0x20/0x290 [ 79.744927][ T8274] ? lockdep_hardirqs_on+0x53/0x100 [ 79.750833][ T8274] do_syscall_64+0x2d/0x70 [ 79.755246][ T8274] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 79.761122][ T8274] RIP: 0033:0x45d5f9 [ 79.765124][ T8274] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.784735][ T8274] RSP: 002b:00007f5b32255c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.793344][ T8274] RAX: ffffffffffffffda RBX: 000000000002cf40 RCX: 000000000045d5f9 [ 79.801317][ T8274] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003 [ 79.809275][ T8274] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 79.817230][ T8274] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 79.825189][ T8274] R13: 00007ffdb0cb1bef R14: 00007f5b322569c0 R15: 000000000118cf4c [ 79.833184][ T8274] [ 79.835491][ T8274] Allocated by task 8274: [ 79.840776][ T8274] kasan_save_stack+0x1b/0x40 [ 79.842494][ T8259] Bluetooth: hci5: command 0x0419 tx timeout [ 79.845451][ T8274] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 79.845466][ T8274] __kmalloc+0x1b0/0x310 [ 79.859347][ T8259] Bluetooth: hci1: command 0x0419 tx timeout [ 79.861295][ T8274] tcf_idr_create+0x5b/0x7b0 [ 79.861312][ T8274] tcf_connmark_init+0x535/0x910 [ 79.876778][ T8274] tcf_action_init_1+0x78e/0xc60 [ 79.881730][ T8274] tcf_action_init+0x249/0x380 [ 79.886501][ T8274] tcf_action_add+0xd9/0x360 [ 79.891106][ T8274] tc_ctl_action+0x33a/0x439 [ 79.895690][ T8274] rtnetlink_rcv_msg+0x44e/0xad0 [ 79.900620][ T8274] netlink_rcv_skb+0x15a/0x430 [ 79.905361][ T8274] netlink_unicast+0x533/0x7d0 [ 79.910282][ T8274] netlink_sendmsg+0x856/0xd90 [ 79.915024][ T8274] sock_sendmsg+0xcf/0x120 [ 79.919429][ T8274] ____sys_sendmsg+0x6e8/0x810 [ 79.924191][ T8274] ___sys_sendmsg+0xf3/0x170 [ 79.928794][ T8274] __sys_sendmsg+0xe5/0x1b0 [ 79.933283][ T8274] do_syscall_64+0x2d/0x70 [ 79.937686][ T8274] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 79.943556][ T8274] [ 79.945872][ T8274] Freed by task 8277: [ 79.949844][ T8274] kasan_save_stack+0x1b/0x40 [ 79.955593][ T8274] kasan_set_track+0x1c/0x30 [ 79.960167][ T8274] kasan_set_free_info+0x1b/0x30 [ 79.965090][ T8274] __kasan_slab_free+0xd8/0x120 [ 79.969944][ T8274] kfree+0x10e/0x2b0 [ 79.973839][ T8274] tcf_generic_walker+0x959/0xb60 [ 79.978861][ T8274] tca_action_flush+0x42b/0x920 [ 79.983710][ T8274] tca_action_gd+0x8ac/0xda0 [ 79.988302][ T8274] tc_ctl_action+0x280/0x439 [ 79.993004][ T8274] rtnetlink_rcv_msg+0x44e/0xad0 [ 79.998024][ T8274] netlink_rcv_skb+0x15a/0x430 [ 80.002057][ T8259] Bluetooth: hci4: command 0x0419 tx timeout [ 80.002791][ T8274] netlink_unicast+0x533/0x7d0 [ 80.002807][ T8274] netlink_sendmsg+0x856/0xd90 [ 80.018306][ T8274] sock_sendmsg+0xcf/0x120 [ 80.021925][ T8259] Bluetooth: hci3: command 0x0419 tx timeout [ 80.022734][ T8274] ____sys_sendmsg+0x6e8/0x810 [ 80.033445][ T8274] ___sys_sendmsg+0xf3/0x170 [ 80.038023][ T8274] __sys_sendmsg+0xe5/0x1b0 [ 80.042516][ T8274] do_syscall_64+0x2d/0x70 [ 80.046921][ T8274] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.052789][ T8274] [ 80.055113][ T8274] The buggy address belongs to the object at ffff88808de4f000 [ 80.055113][ T8274] which belongs to the cache kmalloc-512 of size 512 [ 80.069150][ T8274] The buggy address is located 0 bytes inside of [ 80.069150][ T8274] 512-byte region [ffff88808de4f000, ffff88808de4f200) [ 80.083013][ T8274] The buggy address belongs to the page: [ 80.088642][ T8274] page:000000006d998f28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8de4f [ 80.098771][ T8274] flags: 0xfffe0000000200(slab) [ 80.103612][ T8274] raw: 00fffe0000000200 ffffea00028435c8 ffffea000277b648 ffff8880aa040600 [ 80.112198][ T8274] raw: 0000000000000000 ffff88808de4f000 0000000100000004 0000000000000000 [ 80.120764][ T8274] page dumped because: kasan: bad access detected [ 80.127149][ T8274] [ 80.129566][ T8274] Memory state around the buggy address: [ 80.135185][ T8274] ffff88808de4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.143269][ T8274] ffff88808de4ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.151324][ T8274] >ffff88808de4f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.159371][ T8274] ^ [ 80.163434][ T8274] ffff88808de4f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.171490][ T8274] ffff88808de4f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.179553][ T8274] ================================================================== [ 80.187588][ T8274] Disabling lock debugging due to kernel taint [ 80.202952][ T2629] Bluetooth: hci2: command 0x0419 tx timeout [ 80.210478][ T8274] Kernel panic - not syncing: panic_on_warn set ... [ 80.217095][ T8274] CPU: 0 PID: 8274 Comm: syz-executor.3 Tainted: G B 5.9.0-rc3-syzkaller #0 [ 80.227041][ T8274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.237073][ T8274] Call Trace: [ 80.240365][ T8274] dump_stack+0x198/0x1fd [ 80.244692][ T8274] ? tcf_action_destroy+0x90/0x1b0 [ 80.249812][ T8274] panic+0x347/0x7c0 [ 80.253706][ T8274] ? __warn_printk+0xf3/0xf3 [ 80.258282][ T8274] ? preempt_schedule_common+0x59/0xc0 [ 80.263721][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 80.268913][ T8274] ? preempt_schedule_thunk+0x16/0x18 [ 80.274347][ T8274] ? trace_hardirqs_on+0x55/0x220 [ 80.279350][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 80.284531][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 80.289732][ T8274] end_report+0x4d/0x53 [ 80.293865][ T8274] kasan_report.cold+0xd/0x37 [ 80.298518][ T8274] ? tcf_action_destroy+0x188/0x1b0 [ 80.303698][ T8274] tcf_action_destroy+0x188/0x1b0 [ 80.308706][ T8274] tcf_action_init+0x285/0x380 [ 80.314243][ T8274] ? tcf_action_init_1+0xc60/0xc60 [ 80.319350][ T8274] tcf_action_add+0xd9/0x360 [ 80.323924][ T8274] ? tca_action_gd+0xda0/0xda0 [ 80.328679][ T8274] ? bpf_lsm_capable+0x5/0x10 [ 80.333343][ T8274] ? __nla_parse+0x3d/0x4a [ 80.337766][ T8274] tc_ctl_action+0x33a/0x439 [ 80.342334][ T8274] ? tcf_action_add+0x360/0x360 [ 80.347162][ T8274] ? lock_is_held_type+0xbb/0xf0 [ 80.352082][ T8274] ? tcf_action_add+0x360/0x360 [ 80.361716][ T8274] rtnetlink_rcv_msg+0x44e/0xad0 [ 80.366639][ T8274] ? rtnetlink_put_metrics+0x510/0x510 [ 80.372088][ T8274] ? lock_acquire+0x1f3/0xae0 [ 80.376753][ T8274] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 80.382033][ T8274] netlink_rcv_skb+0x15a/0x430 [ 80.386773][ T8274] ? rtnetlink_put_metrics+0x510/0x510 [ 80.393172][ T8274] ? netlink_ack+0xa10/0xa10 [ 80.397770][ T8274] netlink_unicast+0x533/0x7d0 [ 80.402518][ T8274] ? netlink_attachskb+0x810/0x810 [ 80.407607][ T8274] ? __phys_addr_symbol+0x2c/0x70 [ 80.412623][ T8274] ? __check_object_size+0x171/0x3e4 [ 80.417892][ T8274] netlink_sendmsg+0x856/0xd90 [ 80.422650][ T8274] ? netlink_unicast+0x7d0/0x7d0 [ 80.427570][ T8274] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 80.432835][ T8274] ? netlink_unicast+0x7d0/0x7d0 [ 80.437754][ T8274] sock_sendmsg+0xcf/0x120 [ 80.442155][ T8274] ____sys_sendmsg+0x6e8/0x810 [ 80.447897][ T8274] ? kernel_sendmsg+0x50/0x50 [ 80.452562][ T8274] ? do_recvmmsg+0x6d0/0x6d0 [ 80.457200][ T8274] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 80.463307][ T8274] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 80.469264][ T8274] ? __lock_acquire+0xb5e/0x5570 [ 80.474202][ T8274] ___sys_sendmsg+0xf3/0x170 [ 80.478776][ T8274] ? sendmsg_copy_msghdr+0x160/0x160 [ 80.484042][ T8274] ? __fget_files+0x272/0x400 [ 80.488701][ T8274] ? lock_downgrade+0x830/0x830 [ 80.493531][ T8274] ? find_held_lock+0x2d/0x110 [ 80.498294][ T8274] ? __fget_files+0x294/0x400 [ 80.502948][ T8274] ? __fget_light+0xea/0x280 [ 80.507611][ T8274] __sys_sendmsg+0xe5/0x1b0 [ 80.512123][ T8274] ? __sys_sendmsg_sock+0xb0/0xb0 [ 80.517139][ T8274] ? syscall_enter_from_user_mode+0x20/0x290 [ 80.523100][ T8274] ? lockdep_hardirqs_on+0x53/0x100 [ 80.529283][ T8274] do_syscall_64+0x2d/0x70 [ 80.533691][ T8274] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.539622][ T8274] RIP: 0033:0x45d5f9 [ 80.543506][ T8274] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.563114][ T8274] RSP: 002b:00007f5b32255c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.571518][ T8274] RAX: ffffffffffffffda RBX: 000000000002cf40 RCX: 000000000045d5f9 [ 80.579490][ T8274] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003 [ 80.587456][ T8274] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 80.595469][ T8274] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 80.603421][ T8274] R13: 00007ffdb0cb1bef R14: 00007f5b322569c0 R15: 000000000118cf4c [ 80.612068][ T8274] Kernel Offset: disabled [ 80.616388][ T8274] Rebooting in 86400 seconds..