Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts.
syzkaller login: [  295.498141][ T6846] IPVS: ftp: loaded support on port[0] = 21
[  295.593183][ T6846] chnl_net:caif_netlink_parms(): no params data found
[  295.644522][ T6846] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.652043][ T6846] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.661197][ T6846] device bridge_slave_0 entered promiscuous mode
[  295.671095][ T6846] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.678168][ T6846] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.686442][ T6846] device bridge_slave_1 entered promiscuous mode
[  295.706467][ T6846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.717242][ T6846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.740092][ T6846] team0: Port device team_slave_0 added
[  295.748003][ T6846] team0: Port device team_slave_1 added
[  295.766195][ T6846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.773226][ T6846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.801359][ T6846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.814156][ T6846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.821804][ T6846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.848160][ T6846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  295.876158][ T6846] device hsr_slave_0 entered promiscuous mode
[  295.883037][ T6846] device hsr_slave_1 entered promiscuous mode
[  295.980394][ T6846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  295.992274][ T6846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  296.002138][ T6846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  296.011996][ T6846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  296.036998][ T6846] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.044308][ T6846] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.052310][ T6846] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.059470][ T6846] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.106059][ T6846] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.121322][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.131634][ T2366] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.141075][ T2366] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.148793][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  296.162088][ T6846] 8021q: adding VLAN 0 to HW filter on device team0
[  296.174593][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.184086][ T2366] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.191202][ T2366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.211170][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.220483][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.227532][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.235789][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  296.245366][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  296.261053][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  296.270088][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  296.283246][ T6846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  296.295244][ T6846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  296.304622][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  296.323756][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  296.331242][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  296.345396][ T6846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.365902][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  296.385356][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  296.394042][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  296.401912][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  296.414535][ T6846] device veth0_vlan entered promiscuous mode
[  296.425918][ T6846] device veth1_vlan entered promiscuous mode
[  296.447931][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  296.456562][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  296.465767][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  296.476702][ T6846] device veth0_macvtap entered promiscuous mode
[  296.486422][ T6846] device veth1_macvtap entered promiscuous mode
[  296.505002][ T6846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  296.512643][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  296.523129][ T7052] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  296.536619][ T6846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  296.545746][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[  296.557693][ T6846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  296.566849][ T6846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  296.575851][ T6846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  296.586015][ T6846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  296.703641][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  452.391339][ T1170] INFO: task syz-executor460:6846 blocked for more than 143 seconds.
[  452.399509][ T1170]       Not tainted 5.9.0-rc4-syzkaller #0
[  452.406089][ T1170] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.415791][ T1170] task:syz-executor460 state:D stack:23888 pid: 6846 ppid:  6845 flags:0x00004000
[  452.425157][ T1170] Call Trace:
[  452.428643][ T1170]  __schedule+0xea9/0x2230
[  452.433129][ T1170]  ? io_schedule_timeout+0x140/0x140
[  452.438516][ T1170]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  452.444620][ T1170]  schedule+0xd0/0x2a0
[  452.448692][ T1170]  schedule_timeout+0x1d8/0x250
[  452.453577][ T1170]  ? usleep_range+0x170/0x170
[  452.458257][ T1170]  ? mark_held_locks+0x9f/0xe0
[  452.463100][ T1170]  ? _raw_spin_unlock_irq+0x1f/0x80
[  452.468292][ T1170]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  452.474383][ T1170]  ? _raw_spin_unlock_irq+0x1f/0x80
[  452.479579][ T1170]  wait_for_completion+0x163/0x260
[  452.484751][ T1170]  ? wait_for_completion_interruptible+0x2e0/0x2e0
[  452.492010][ T1170]  __flush_work+0x51f/0xab0
[  452.496500][ T1170]  ? queue_delayed_work_on+0x1d0/0x1d0
[  452.502115][ T1170]  ? debug_object_free+0x350/0x350
[  452.507225][ T1170]  ? flush_workqueue_prep_pwqs+0x4f0/0x4f0
[  452.513825][ T1170]  ? mark_held_locks+0x9f/0xe0
[  452.518607][ T1170]  ? __cancel_work_timer+0x5a1/0x6c0
[  452.523944][ T1170]  ? check_preemption_disabled+0x50/0x130
[  452.529664][ T1170]  __cancel_work_timer+0x5bd/0x6c0
[  452.534846][ T1170]  ? try_to_grab_pending.part.0+0x770/0x770
[  452.540736][ T1170]  ? lock_acquire+0x1f3/0xae0
[  452.546403][ T1170]  ? __sock_release+0x86/0x280
[  452.551247][ T1170]  ? lock_release+0x8f0/0x8f0
[  452.555969][ T1170]  tls_sk_proto_close+0x4a7/0xaf0
[  452.560974][ T1170]  ? wait_on_pending_writer+0x3f0/0x3f0
[  452.566627][ T1170]  ? ip_mc_drop_socket+0x16/0x260
[  452.571727][ T1170]  inet_release+0x12e/0x280
[  452.576253][ T1170]  inet6_release+0x4c/0x70
[  452.580653][ T1170]  __sock_release+0xcd/0x280
[  452.585341][ T1170]  sock_close+0x18/0x20
[  452.589574][ T1170]  __fput+0x285/0x920
[  452.593620][ T1170]  ? __sock_release+0x280/0x280
[  452.598466][ T1170]  task_work_run+0xdd/0x190
[  452.603078][ T1170]  exit_to_user_mode_prepare+0x1e1/0x200
[  452.608708][ T1170]  syscall_exit_to_user_mode+0x7e/0x2e0
[  452.614304][ T1170]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  452.620197][ T1170] RIP: 0033:0x403960
[  452.624874][ T1170] Code: Bad RIP value.
[  452.628944][ T1170] RSP: 002b:00007ffc4cb17de8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  452.643016][ T1170] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000403960
[  452.650992][ T1170] RDX: 00000000000000d8 RSI: 00000000200005c0 RDI: 0000000000000004
[  452.658992][ T1170] RBP: 00007ffc4cb17df0 R08: 0000000000000000 R09: 00000000000000d8
[  452.667003][ T1170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc4cb17e00
[  452.675699][ T1170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  452.684099][ T1170] 
[  452.684099][ T1170] Showing all locks held in the system:
[  452.691882][ T1170] 1 lock held by khungtaskd/1170:
[  452.696902][ T1170]  #0: ffffffff89bd6a40 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  452.706754][ T1170] 3 locks held by kworker/0:2/2366:
[  452.712195][ T1170]  #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670
[  452.722585][ T1170]  #1: ffffc9000862fda8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670
[  452.736192][ T1170]  #2: ffff888088eeacd8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190
[  452.745808][ T1170] 1 lock held by syz-executor460/6846:
[  452.751301][ T1170]  #0: ffff88808cc43210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  452.761891][ T1170] 
[  452.764208][ T1170] =============================================
[  452.764208][ T1170] 
[  452.772663][ T1170] NMI backtrace for cpu 0
[  452.777004][ T1170] CPU: 0 PID: 1170 Comm: khungtaskd Not tainted 5.9.0-rc4-syzkaller #0
[  452.785215][ T1170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.795243][ T1170] Call Trace:
[  452.798598][ T1170]  dump_stack+0x198/0x1fd
[  452.802964][ T1170]  nmi_cpu_backtrace.cold+0x70/0xb1
[  452.808176][ T1170]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  452.813811][ T1170]  nmi_trigger_cpumask_backtrace+0x1b3/0x223
[  452.819834][ T1170]  watchdog+0xd7d/0x1000
[  452.824060][ T1170]  ? reset_hung_task_detector+0x30/0x30
[  452.829678][ T1170]  kthread+0x3b5/0x4a0
[  452.833723][ T1170]  ? __kthread_bind_mask+0xc0/0xc0
[  452.838867][ T1170]  ret_from_fork+0x1f/0x30
[  452.843371][ T1170] Sending NMI from CPU 0 to CPUs 1:
[  452.849383][    C1] NMI backtrace for cpu 1
[  452.849390][    C1] CPU: 1 PID: 3899 Comm: systemd-journal Not tainted 5.9.0-rc4-syzkaller #0
[  452.849396][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.849400][    C1] RIP: 0010:__kasan_check_read+0x4/0x10
[  452.849411][    C1] Code: f2 08 00 48 8b 73 58 89 c2 48 c7 c7 f8 f9 6b 89 f7 da e8 ee 81 a9 ff e9 a1 f5 ff ff cc cc cc cc cc cc cc cc cc cc 48 8b 0c 24 <89> f6 31 d2 e9 a3 2a 00 00 0f 1f 00 48 8b 0c 24 89 f6 ba 01 00 00
[  452.849415][    C1] RSP: 0018:ffffc90005327838 EFLAGS: 00000246
[  452.849423][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a6eae
[  452.849428][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ab26b88
[  452.849433][    C1] RBP: ffffffff89bd6a40 R08: 0000000000000000 R09: 0000000000000000
[  452.849438][    C1] R10: 000000000007201e R11: 0000000000000001 R12: 0000000000000002
[  452.849443][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[  452.849449][    C1] FS:  00007fb69bcfa8c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  452.849453][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  452.849458][    C1] CR2: 00007fb6990a3000 CR3: 0000000093b25000 CR4: 00000000001506e0
[  452.849464][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.849469][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.849471][    C1] Call Trace:
[  452.849474][    C1]  lock_acquire+0xbe/0xae0
[  452.849478][    C1]  ? lock_release+0x8f0/0x8f0
[  452.849481][    C1]  ? arch_stack_walk+0x5e/0xf0
[  452.849485][    C1]  ? unwind_next_frame+0xe3b/0x1f90
[  452.849489][    C1]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  452.849492][    C1]  is_bpf_text_address+0x36/0x160
[  452.849496][    C1]  ? __bpf_address_lookup+0x290/0x290
[  452.849500][    C1]  kernel_text_address+0xbd/0xf0
[  452.849503][    C1]  __kernel_text_address+0x9/0x30
[  452.849507][    C1]  unwind_get_return_address+0x51/0x90
[  452.849511][    C1]  ? profile_setup.cold+0xc1/0xc1
[  452.849514][    C1]  arch_stack_walk+0x97/0xf0
[  452.849517][    C1]  stack_trace_save+0x8c/0xc0
[  452.849521][    C1]  ? stack_trace_consume_entry+0x160/0x160
[  452.849524][    C1]  kasan_save_stack+0x1b/0x40
[  452.849528][    C1]  ? kasan_save_stack+0x1b/0x40
[  452.849532][    C1]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[  452.849535][    C1]  ? kmem_cache_alloc+0x13a/0x3a0
[  452.849539][    C1]  ? getname_flags.part.0+0x50/0x4f0
[  452.849542][    C1]  ? getname+0x8e/0xd0
[  452.849545][    C1]  ? do_sys_openat2+0xf5/0x420
[  452.849549][    C1]  ? __x64_sys_open+0x119/0x1c0
[  452.849552][    C1]  ? do_syscall_64+0x2d/0x70
[  452.849556][    C1]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  452.849559][    C1]  ? lock_acquire+0x1f3/0xae0
[  452.849563][    C1]  ? cache_grow_end+0x46/0x170
[  452.849566][    C1]  ? lock_is_held_type+0xbb/0xf0
[  452.849570][    C1]  ? find_held_lock+0x2d/0x110
[  452.849573][    C1]  ? cache_alloc_refill+0x2fd/0x340
[  452.849577][    C1]  ? lock_downgrade+0x830/0x830
[  452.849581][    C1]  ? do_raw_spin_unlock+0x171/0x230
[  452.849584][    C1]  ? kasan_unpoison_shadow+0x33/0x40
[  452.849588][    C1]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[  452.849591][    C1]  kmem_cache_alloc+0x13a/0x3a0
[  452.849594][    C1]  getname_flags.part.0+0x50/0x4f0
[  452.849597][    C1]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  452.849600][    C1]  getname+0x8e/0xd0
[  452.849603][    C1]  do_sys_openat2+0xf5/0x420
[  452.849606][    C1]  ? seccomp_notify_ioctl+0xd90/0xd90
[  452.849609][    C1]  ? strncpy_from_user+0x2bf/0x3e0
[  452.849612][    C1]  ? build_open_flags+0x650/0x650
[  452.849616][    C1]  ? getname_flags.part.0+0x1dd/0x4f0
[  452.849619][    C1]  __x64_sys_open+0x119/0x1c0
[  452.849621][    C1]  ? do_sys_open+0x140/0x140
[  452.849625][    C1]  ? lock_is_held_type+0xbb/0xf0
[  452.849628][    C1]  ? __secure_computing+0x104/0x360
[  452.849631][    C1]  do_syscall_64+0x2d/0x70
[  452.849634][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  452.849637][    C1] RIP: 0033:0x7fb69b28a840
[  452.849648][    C1] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[  452.849652][    C1] RSP: 002b:00007ffdee50f1d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  452.849659][    C1] RAX: ffffffffffffffda RBX: 00007ffdee50f4e0 RCX: 00007fb69b28a840
[  452.849664][    C1] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055aa13a88ea0
[  452.849668][    C1] RBP: 000000000000000d R08: 000000000000c0ff R09: 00000000ffffffff
[  452.849673][    C1] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
[  452.849678][    C1] R13: 000055aa13a7d040 R14: 00007ffdee50f4a0 R15: 000055aa13a88ef0
[  452.851175][ T1170] Kernel panic - not syncing: hung_task: blocked tasks
[  453.308932][ T1170] CPU: 0 PID: 1170 Comm: khungtaskd Not tainted 5.9.0-rc4-syzkaller #0
[  453.317231][ T1170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  453.327263][ T1170] Call Trace:
[  453.330613][ T1170]  dump_stack+0x198/0x1fd
[  453.334972][ T1170]  panic+0x347/0x7c0
[  453.338851][ T1170]  ? __warn_printk+0xf3/0xf3
[  453.343425][ T1170]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  453.349036][ T1170]  ? preempt_schedule_thunk+0x16/0x18
[  453.354388][ T1170]  ? watchdog.cold+0x5/0x16b
[  453.358954][ T1170]  ? watchdog+0xa82/0x1000
[  453.363351][ T1170]  watchdog.cold+0x16/0x16b
[  453.367837][ T1170]  ? reset_hung_task_detector+0x30/0x30
[  453.373362][ T1170]  kthread+0x3b5/0x4a0
[  453.377435][ T1170]  ? __kthread_bind_mask+0xc0/0xc0
[  453.382526][ T1170]  ret_from_fork+0x1f/0x30
[  453.388351][ T1170] Kernel Offset: disabled
[  453.392676][ T1170] Rebooting in 86400 seconds..