[ 43.978082][ T6259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.001262][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.003052][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.013986][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.026264][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.236676][ T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.820441][ T6461] can: request_module (can-proto-0) failed. [ 44.836432][ T6461] can: request_module (can-proto-0) failed. [ 44.849018][ T6461] can: request_module (can-proto-0) failed. [ 46.073291][ T26] audit: type=1804 audit(1638939780.270:2): pid=6887 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="scp" name="/root/syz-executor" dev="sda1" ino=13859 res=1 errno=0 [ 47.034755][ T10] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.558384][ T10] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.609127][ T10] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.663802][ T10] device hsr_slave_0 left promiscuous mode [ 50.670502][ T10] device hsr_slave_1 left promiscuous mode [ 50.677530][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 50.685707][ T10] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 50.696305][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.703966][ T10] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 50.712406][ T10] device bridge_slave_1 left promiscuous mode [ 50.719521][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.732102][ T10] device bridge_slave_0 left promiscuous mode [ 50.739296][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.754624][ T10] device veth1_macvtap left promiscuous mode [ 50.760857][ T10] device veth0_macvtap left promiscuous mode [ 50.768844][ T10] device veth1_vlan left promiscuous mode [ 50.775028][ T10] device veth0_vlan left promiscuous mode [ 50.890318][ T10] team0 (unregistering): Port device team_slave_1 removed [ 50.907038][ T10] team0 (unregistering): Port device team_slave_0 removed [ 50.918932][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 50.933071][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 50.980454][ T10] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. 2021/12/08 05:03:06 parsed 1 programs 2021/12/08 05:03:06 executed programs: 0 [ 52.258562][ T6949] cgroup: Unknown subsys name 'net' [ 52.275285][ T6949] cgroup: Unknown subsys name 'rlimit' [ 53.783155][ T6962] chnl_net:caif_netlink_parms(): no params data found [ 53.951774][ T6964] chnl_net:caif_netlink_parms(): no params data found [ 54.036004][ T6970] chnl_net:caif_netlink_parms(): no params data found [ 54.181781][ T6971] chnl_net:caif_netlink_parms(): no params data found [ 54.220640][ T6962] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.228192][ T6962] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.239172][ T6962] device bridge_slave_0 entered promiscuous mode [ 54.280926][ T6962] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.288577][ T6962] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.297317][ T6962] device bridge_slave_1 entered promiscuous mode [ 54.319769][ T6973] chnl_net:caif_netlink_parms(): no params data found [ 54.408719][ T6964] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.416368][ T6964] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.425227][ T6964] device bridge_slave_0 entered promiscuous mode [ 54.445609][ T6970] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.453924][ T6970] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.461488][ T6970] device bridge_slave_0 entered promiscuous mode [ 54.480078][ T6962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.489796][ T6964] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.497998][ T6964] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.506390][ T6964] device bridge_slave_1 entered promiscuous mode [ 54.513834][ T6970] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.521155][ T6970] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.530197][ T6970] device bridge_slave_1 entered promiscuous mode [ 54.551915][ T6962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.691550][ T6962] team0: Port device team_slave_0 added [ 54.703819][ T6964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.716011][ T6970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.727620][ T6973] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.741759][ T6973] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.750657][ T6973] device bridge_slave_0 entered promiscuous mode [ 54.771571][ T6962] team0: Port device team_slave_1 added [ 54.779882][ T6964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.793295][ T6970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.803043][ T6971] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.810090][ T6971] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.819206][ T6971] device bridge_slave_0 entered promiscuous mode [ 54.827745][ T6973] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.836338][ T6973] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.844923][ T6973] device bridge_slave_1 entered promiscuous mode [ 54.891848][ T6971] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.901081][ T6971] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.911563][ T6971] device bridge_slave_1 entered promiscuous mode [ 54.948425][ T6964] team0: Port device team_slave_0 added [ 54.980115][ T6970] team0: Port device team_slave_0 added [ 54.987891][ T6962] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.999199][ T6962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.029678][ T6962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.058938][ T6964] team0: Port device team_slave_1 added [ 55.079904][ T6970] team0: Port device team_slave_1 added [ 55.086832][ T6962] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.094447][ T6962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.121716][ T6962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.135608][ T6973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.157559][ T6971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.184567][ T6971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.198338][ T6973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.255893][ T6964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.274122][ T6964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.302690][ T6964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.328101][ T6970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.335401][ T6970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.362089][ T6970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.386520][ T6964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.402433][ T6964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.429681][ T6964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.429892][ T2934] Bluetooth: hci0: command 0x0409 tx timeout [ 55.451784][ T6962] device hsr_slave_0 entered promiscuous mode [ 55.459737][ T6962] device hsr_slave_1 entered promiscuous mode [ 55.471103][ T6970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.478410][ T6970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.505200][ T2934] Bluetooth: hci1: command 0x0409 tx timeout [ 55.510275][ T5] Bluetooth: hci2: command 0x0409 tx timeout [ 55.512733][ T6970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.533595][ T6971] team0: Port device team_slave_0 added [ 55.544256][ T6973] team0: Port device team_slave_0 added [ 55.582033][ T5] Bluetooth: hci4: command 0x0409 tx timeout [ 55.582468][ T2934] Bluetooth: hci3: command 0x0409 tx timeout [ 55.600793][ T6971] team0: Port device team_slave_1 added [ 55.613425][ T6973] team0: Port device team_slave_1 added [ 55.640835][ T6964] device hsr_slave_0 entered promiscuous mode [ 55.656903][ T6964] device hsr_slave_1 entered promiscuous mode [ 55.664489][ T6964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.673411][ T6964] Cannot create hsr debugfs directory [ 55.711677][ T6970] device hsr_slave_0 entered promiscuous mode [ 55.721649][ T6970] device hsr_slave_1 entered promiscuous mode [ 55.729618][ T6970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.738511][ T6970] Cannot create hsr debugfs directory [ 55.757431][ T6973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.765452][ T6973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.793197][ T6973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.811416][ T6973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.819474][ T6973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.846153][ T6973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.871202][ T6971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.878465][ T6971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.905738][ T6971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.969134][ T6971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.976622][ T6971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.004958][ T6971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.076811][ T6973] device hsr_slave_0 entered promiscuous mode [ 56.085064][ T6973] device hsr_slave_1 entered promiscuous mode [ 56.091695][ T6973] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.101260][ T6973] Cannot create hsr debugfs directory [ 56.230707][ T6971] device hsr_slave_0 entered promiscuous mode [ 56.239285][ T6971] device hsr_slave_1 entered promiscuous mode [ 56.247071][ T6971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.255380][ T6971] Cannot create hsr debugfs directory [ 56.472515][ T6962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.519275][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.532854][ T2934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.553324][ T6970] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.576782][ T6962] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.594344][ T6964] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.604965][ T6970] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.623319][ T6970] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.635887][ T6964] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.651484][ T6970] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.674947][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.684387][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.694204][ T1265] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.701576][ T1265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.710472][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.719696][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.729115][ T1265] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.736235][ T1265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.745402][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.754606][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.763809][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.773360][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.782670][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.791375][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.800474][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.809412][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.818325][ T6964] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.841598][ T6962] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.854543][ T6962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.863767][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.871646][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.880447][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.890076][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.899239][ T6964] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.914840][ T6973] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 56.929489][ T6973] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 56.946080][ T6973] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 56.981660][ T6973] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 56.990713][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.004933][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.048859][ T6962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.077428][ T6971] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 57.112183][ T6971] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 57.144866][ T6971] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 57.173943][ T6971] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 57.189373][ T6970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.224696][ T6964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.239019][ T6970] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.260176][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.268372][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.292000][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.300610][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.332366][ T6964] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.350560][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.358896][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.367137][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.376333][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.385732][ T6802] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.392969][ T6802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.400827][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.409932][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.419018][ T6802] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.426232][ T6802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.435546][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.451153][ T6973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.485432][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.494749][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.504989][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.512120][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.520422][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.530004][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.538974][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.546194][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.554509][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.563990][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.573530][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.582483][ T8611] Bluetooth: hci2: command 0x041b tx timeout [ 57.583144][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.588762][ T8611] Bluetooth: hci1: command 0x041b tx timeout [ 57.598659][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.612604][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.621307][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.630741][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.639832][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.648602][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.662586][ T8595] Bluetooth: hci3: command 0x041b tx timeout [ 57.675106][ T6964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.676027][ T2945] Bluetooth: hci0: command 0x041b tx timeout [ 57.692591][ T8595] Bluetooth: hci4: command 0x041b tx timeout [ 57.695850][ T6964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.713633][ T6962] device veth0_vlan entered promiscuous mode [ 57.725914][ T6973] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.734057][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.743766][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.751391][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.760101][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.768415][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.777777][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.786738][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.795838][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.805751][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.815408][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.824525][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.833873][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.842814][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.850957][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.873278][ T6962] device veth1_vlan entered promiscuous mode [ 57.887158][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.896428][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.906072][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.915612][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.925048][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.934299][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.943963][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.954014][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.963161][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.972106][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.979643][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.990914][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.007769][ T6971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.030121][ T6964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.037680][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.047090][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.057146][ T8595] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.064410][ T8595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.072909][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.080321][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.127989][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.136997][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.150577][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.159791][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.171879][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.180528][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.189463][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.198016][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.206526][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.214736][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.227568][ T6971] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.250738][ T6962] device veth0_macvtap entered promiscuous mode [ 58.257971][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.269260][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.278036][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.289637][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.297860][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.309831][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.319180][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.331216][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.339833][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.352209][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.362279][ T6970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.379992][ T6973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.402583][ T6962] device veth1_macvtap entered promiscuous mode [ 58.416174][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.427206][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.436806][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.445884][ T1265] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.453042][ T1265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.462829][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.471422][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.480738][ T1265] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.487855][ T1265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.497984][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.527083][ T6962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.544369][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.553532][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.562768][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.571183][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.580333][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.589430][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.598373][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.608490][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.617001][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.631562][ T6962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.642527][ T6964] device veth0_vlan entered promiscuous mode [ 58.656175][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.682691][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.691394][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.701303][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.709991][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.718964][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.726776][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.749119][ T6964] device veth1_vlan entered promiscuous mode [ 58.785355][ T6973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.798104][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 58.806949][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.815858][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.824926][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.834471][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.843102][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.851410][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.860136][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.868930][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.878617][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.887742][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.896337][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.907440][ T6971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.919921][ T6970] device veth0_vlan entered promiscuous mode [ 58.972830][ T6970] device veth1_vlan entered promiscuous mode [ 58.992649][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.007015][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.028286][ T6964] device veth0_macvtap entered promiscuous mode [ 59.069948][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.088450][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.100923][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.110522][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.126025][ T6971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.146394][ T6964] device veth1_macvtap entered promiscuous mode [ 59.170016][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.184793][ T8595] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.215477][ T6970] device veth0_macvtap entered promiscuous mode [ 59.223395][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.239727][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.248567][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.269481][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.290017][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.301478][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.315774][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.326049][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.353337][ T6970] device veth1_macvtap entered promiscuous mode [ 59.371310][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.387154][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.402771][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.413464][ T6973] device veth0_vlan entered promiscuous mode [ 59.423845][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 59.435703][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.448387][ T6964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.463621][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.472363][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.479980][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.490845][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.506054][ T6970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 59.524045][ T6970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.535066][ T6970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 59.546249][ T6970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.558682][ T6970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.570785][ T6964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 59.581769][ T6964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.593841][ T6964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.603217][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.611008][ T8625] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.611285][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.622827][ T8625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.638134][ T8625] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.647135][ T8625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.657032][ T8625] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 59.666577][ T8625] Bluetooth: hci1: command 0x040f tx timeout [ 59.668511][ T6973] device veth1_vlan entered promiscuous mode [ 59.673846][ T8625] Bluetooth: hci2: command 0x040f tx timeout [ 59.692960][ T6970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 59.703980][ T6970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.714699][ T6970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 59.726212][ T6970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.737780][ T6970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.749404][ T6964] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.758967][ T25] Bluetooth: hci4: command 0x040f tx timeout [ 59.764265][ T6964] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.770308][ T25] Bluetooth: hci0: command 0x040f tx timeout [ 59.778276][ T6964] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.784538][ T25] Bluetooth: hci3: command 0x040f tx timeout [ 59.795499][ T6964] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.821690][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.829723][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.842693][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.851291][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.864570][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.874209][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.887396][ T6970] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.899079][ T6970] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.908434][ T6970] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.917856][ T6970] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.949130][ T6971] device veth0_vlan entered promiscuous mode [ 59.962094][ T1053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.970700][ T1053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.997813][ T8650] ================================================================== [ 60.002780][ T1053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.006168][ T8650] BUG: KASAN: use-after-free in io_submit_one+0x54f/0x17d0 [ 60.021143][ T8650] Write of size 4 at addr ffff88807aa8c0c8 by task syz-executor.0/8650 [ 60.022305][ T1053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.030357][ T8650] [ 60.030365][ T8650] CPU: 1 PID: 8650 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 60.049207][ T8650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.059345][ T8650] Call Trace: [ 60.060840][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.062626][ T8650] dump_stack_lvl+0x57/0x7d [ 60.062642][ T8650] print_address_description.constprop.0.cold+0x6c/0x309 [ 60.062652][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.062660][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.062666][ T8650] kasan_report.cold+0x83/0xdf [ 60.062675][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.062684][ T8650] kasan_check_range+0x13d/0x180 [ 60.062693][ T8650] io_submit_one+0x54f/0x17d0 [ 60.062709][ T8650] ? __do_compat_sys_io_pgetevents_time64+0x330/0x330 [ 60.062721][ T8650] ? __might_fault+0xb5/0x160 [ 60.062745][ T8650] __x64_sys_io_submit+0x148/0x290 [ 60.062756][ T8650] ? __ia32_sys_io_destroy+0x1b0/0x1b0 [ 60.062772][ T8650] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 60.062782][ T8650] ? syscall_enter_from_user_mode+0x21/0x70 [ 60.062796][ T8650] do_syscall_64+0x35/0xb0 [ 60.062803][ T8650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.062813][ T8650] RIP: 0033:0x7f437c98caf9 [ 60.062823][ T8650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 60.062831][ T8650] RSP: 002b:00007f437c102188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 60.062841][ T8650] RAX: ffffffffffffffda RBX: 00007f437ca9ff60 RCX: 00007f437c98caf9 [ 60.062846][ T8650] RDX: 0000000020000800 RSI: 0000000000000002 RDI: 00007f437ca83000 [ 60.062851][ T8650] RBP: 00007f437c9e6ff7 R08: 0000000000000000 R09: 0000000000000000 [ 60.062856][ T8650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.062860][ T8650] R13: 00007ffd9ec405af R14: 00007f437c102300 R15: 0000000000022000 [ 60.062880][ T8650] [ 60.062884][ T8650] Allocated by task 8650: [ 60.062889][ T8650] kasan_save_stack+0x1b/0x40 [ 60.062897][ T8650] __kasan_slab_alloc+0x83/0xb0 [ 60.062903][ T8650] kmem_cache_alloc+0x209/0x390 [ 60.062910][ T8650] io_submit_one+0xbf/0x17d0 [ 60.062916][ T8650] __x64_sys_io_submit+0x148/0x290 [ 60.062922][ T8650] do_syscall_64+0x35/0xb0 [ 60.062927][ T8650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.062933][ T8650] [ 60.062936][ T8650] Freed by task 8650: [ 60.062940][ T8650] kasan_save_stack+0x1b/0x40 [ 60.062946][ T8650] kasan_set_track+0x1c/0x30 [ 60.071405][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.074871][ T8650] kasan_set_free_info+0x20/0x30 [ 60.074884][ T8650] __kasan_slab_free+0xff/0x130 [ 60.074889][ T8650] slab_free_freelist_hook+0x81/0x190 [ 60.074895][ T8650] kmem_cache_free+0x8a/0x5b0 [ 60.074901][ T8650] aio_read+0x284/0x3c0 [ 60.074907][ T8650] io_submit_one+0xb84/0x17d0 [ 60.074913][ T8650] __x64_sys_io_submit+0x148/0x290 [ 60.074918][ T8650] do_syscall_64+0x35/0xb0 [ 60.074924][ T8650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.074931][ T8650] [ 60.074934][ T8650] The buggy address belongs to the object at ffff88807aa8c000 [ 60.074934][ T8650] which belongs to the cache aio_kiocb of size 216 [ 60.074939][ T8650] The buggy address is located 200 bytes inside of [ 60.074939][ T8650] 216-byte region [ffff88807aa8c000, ffff88807aa8c0d8) [ 60.074945][ T8650] The buggy address belongs to the page: [ 60.074950][ T8650] page:ffffea0001eaa300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7aa8c [ 60.074956][ T8650] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 60.074967][ T8650] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881411af500 [ 60.074973][ T8650] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 60.074977][ T8650] page dumped because: kasan: bad access detected [ 60.074981][ T8650] page_owner tracks the page as allocated [ 60.074984][ T8650] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 8650, ts 59997502456, free_ts 45298393216 [ 60.074994][ T8650] get_page_from_freelist+0xa6f/0x2f50 [ 60.075002][ T8650] __alloc_pages+0x1b2/0x500 [ 60.075008][ T8650] new_slab+0x319/0x490 [ 60.075014][ T8650] ___slab_alloc+0x923/0xfe0 [ 60.075021][ T8650] __slab_alloc.constprop.0+0x4d/0xa0 [ 60.075033][ T8650] kmem_cache_alloc+0x365/0x390 [ 60.075040][ T8650] io_submit_one+0xbf/0x17d0 [ 60.075046][ T8650] __x64_sys_io_submit+0x148/0x290 [ 60.075053][ T8650] do_syscall_64+0x35/0xb0 [ 60.075058][ T8650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.075066][ T8650] page last free stack trace: [ 60.075069][ T8650] free_pcp_prepare+0x2c5/0x780 [ 60.075075][ T8650] free_unref_page+0x19/0x690 [ 60.075081][ T8650] kasan_depopulate_vmalloc_pte+0x5c/0x70 [ 60.075088][ T8650] __apply_to_page_range+0x4f8/0xbb0 [ 60.075097][ T8650] kasan_release_vmalloc+0xa7/0xc0 [ 60.075103][ T8650] __purge_vmap_area_lazy+0x701/0x2330 [ 60.075111][ T8650] _vm_unmap_aliases.part.0+0x30a/0x3e0 [ 60.075118][ T8650] change_page_attr_set_clr+0x19b/0x3b0 [ 60.075127][ T8650] set_memory_ro+0x6e/0xa0 [ 60.075133][ T8650] bpf_int_jit_compile+0xcac/0x1000 [ 60.075141][ T8650] bpf_prog_select_runtime+0x372/0x710 [ 60.547097][ T8650] bpf_migrate_filter+0x266/0x2f0 [ 60.552205][ T8650] bpf_prog_create_from_user+0x3b8/0x5c0 [ 60.558166][ T8650] do_seccomp+0x2b1/0x2270 [ 60.562558][ T8650] __do_sys_prctl+0x659/0xc50 [ 60.567316][ T8650] do_syscall_64+0x35/0xb0 [ 60.571805][ T8650] [ 60.574106][ T8650] Memory state around the buggy address: [ 60.579864][ T8650] ffff88807aa8bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.588027][ T8650] ffff88807aa8c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.596084][ T8650] >ffff88807aa8c080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 60.604119][ T8650] ^ [ 60.610515][ T8650] ffff88807aa8c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.618750][ T8650] ffff88807aa8c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.626885][ T8650] ================================================================== [ 60.635107][ T8650] Disabling lock debugging due to kernel taint [ 60.646168][ T8650] Kernel panic - not syncing: panic_on_warn set ... [ 60.653286][ T8650] CPU: 1 PID: 8650 Comm: syz-executor.0 Tainted: G B 5.15.0-rc6-syzkaller #0 [ 60.663421][ T8650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.673449][ T8650] Call Trace: [ 60.676705][ T8650] dump_stack_lvl+0x57/0x7d [ 60.682137][ T8650] panic+0x214/0x49f [ 60.686009][ T8650] ? __warn_printk+0xee/0xee [ 60.690568][ T8650] ? preempt_schedule_common+0x59/0xc0 [ 60.696080][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.700899][ T8650] ? preempt_schedule_thunk+0x16/0x18 [ 60.706241][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.711070][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.715982][ T8650] end_report.cold+0x63/0x6f [ 60.720649][ T8650] kasan_report.cold+0x71/0xdf [ 60.725379][ T8650] ? io_submit_one+0x54f/0x17d0 [ 60.730200][ T8650] kasan_check_range+0x13d/0x180 [ 60.735126][ T8650] io_submit_one+0x54f/0x17d0 [ 60.739859][ T8650] ? __do_compat_sys_io_pgetevents_time64+0x330/0x330 [ 60.746850][ T8650] ? __might_fault+0xb5/0x160 [ 60.751593][ T8650] __x64_sys_io_submit+0x148/0x290 [ 60.756671][ T8650] ? __ia32_sys_io_destroy+0x1b0/0x1b0 [ 60.762123][ T8650] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 60.768078][ T8650] ? syscall_enter_from_user_mode+0x21/0x70 [ 60.774124][ T8650] do_syscall_64+0x35/0xb0 [ 60.778524][ T8650] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 60.784387][ T8650] RIP: 0033:0x7f437c98caf9 [ 60.788797][ T8650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 60.809341][ T8650] RSP: 002b:00007f437c102188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 60.817742][ T8650] RAX: ffffffffffffffda RBX: 00007f437ca9ff60 RCX: 00007f437c98caf9 [ 60.825771][ T8650] RDX: 0000000020000800 RSI: 0000000000000002 RDI: 00007f437ca83000 [ 60.833713][ T8650] RBP: 00007f437c9e6ff7 R08: 0000000000000000 R09: 0000000000000000 [ 60.841654][ T8650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.849684][ T8650] R13: 00007ffd9ec405af R14: 00007f437c102300 R15: 0000000000022000 [ 60.857991][ T8650] Kernel Offset: disabled [ 60.862312][ T8650] Rebooting in 86400 seconds..