[ 58.136725] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.136800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.155008] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.176726] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.566161] Bluetooth: hci0: command 0x0406 tx timeout [ 175.571903] Bluetooth: hci4: command 0x0406 tx timeout [ 175.577429] Bluetooth: hci1: command 0x0406 tx timeout [ 175.582843] Bluetooth: hci3: command 0x0406 tx timeout [ 175.588533] Bluetooth: hci5: command 0x0406 tx timeout [ 175.594381] Bluetooth: hci2: command 0x0406 tx timeout [ 470.259094] syz-executor.5 (6200) used greatest stack depth: 23240 bytes left [ 471.251380] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 471.258912] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 471.266723] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 471.274146] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.281947] device bridge_slave_1 left promiscuous mode [ 471.287372] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.318982] device bridge_slave_0 left promiscuous mode [ 471.324440] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.391687] device veth1_macvtap left promiscuous mode [ 471.397118] device veth0_macvtap left promiscuous mode [ 471.403020] device veth1_vlan left promiscuous mode [ 471.408592] device veth0_vlan left promiscuous mode [ 471.502309] device hsr_slave_1 left promiscuous mode [ 471.541501] device hsr_slave_0 left promiscuous mode [ 471.586361] team0 (unregistering): Port device team_slave_1 removed [ 471.595198] team0 (unregistering): Port device team_slave_0 removed [ 471.604178] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 471.650962] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 471.727051] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. [ 473.698955] list_del corruption, ffff8881e04c7640->next is LIST_POISON1 (dead000000000100) [ 473.707693] ------------[ cut here ]------------ [ 473.709035] list_del corruption, ffff8881e0847640->next is LIST_POISON1 (dead000000000100) [ 473.712446] kernel BUG at lib/list_debug.c:47! [ 473.720917] ------------[ cut here ]------------ [ 473.725409] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 473.730131] kernel BUG at lib/list_debug.c:47! [ 473.735504] CPU: 0 PID: 20570 Comm: syz-executor336 Not tainted 4.19.163-syzkaller #0 [ 473.747994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.757334] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 473.763189] Code: 00 fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 20 5d 8b 87 e8 16 af 00 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 c0 5c 8b 87 e8 02 af 00 fe <0f> 0b 48 89 de 48 c7 c7 e0 5d 8b 87 e8 f1 ae 00 fe 0f 0b 48 89 de [ 473.782080] RSP: 0018:ffff8881e04c74d0 EFLAGS: 00010086 [ 473.787428] RAX: 000000000000004e RBX: ffff8881e04c7640 RCX: 0000000000000000 [ 473.794686] RDX: 0000000000000000 RSI: ffffffff878b5a20 RDI: ffffffff8a3e1a60 [ 473.801942] RBP: ffff8881e04c74e8 R08: ffffed103ecc5081 R09: ffffed103ecc5080 [ 473.809184] R10: ffffed103ecc5080 R11: ffff8881f6628407 R12: dead000000000200 [ 473.816440] R13: dead000000000100 R14: ffff8881e9fab480 R15: ffff8881ec6f9280 [ 473.823684] FS: 00007fd27429c700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 [ 473.831881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 473.837736] CR2: 000000002001d06c CR3: 00000001dd711006 CR4: 00000000001606f0 [ 473.844993] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 473.852362] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 473.859618] Call Trace: [ 473.862189] remove_wait_queue+0x30/0x1b0 [ 473.866332] tipc_send_group_bcast+0x33a/0xa10 [ 473.870900] ? tipc_release+0xbd0/0xbd0 [ 473.874856] ? trace_hardirqs_on_caller+0x28/0x180 [ 473.879764] ? do_wait_intr_irq+0x310/0x310 [ 473.884058] ? retint_kernel+0x2d/0x2d [ 473.887929] __tipc_sendmsg+0x44a/0x12f0 [ 473.891977] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 473.896702] ? tipc_sendmcast+0xb10/0xb10 [ 473.900886] ? mark_held_locks+0x130/0x130 [ 473.905098] ? __might_sleep+0x95/0x190 [ 473.909055] ? mark_held_locks+0xc7/0x130 [ 473.913180] ? __local_bh_enable_ip+0x160/0x250 [ 473.917825] ? lock_sock_nested+0xc5/0x100 [ 473.922031] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 473.926582] ? __local_bh_enable_ip+0x160/0x250 [ 473.931227] ? trace_hardirqs_on+0x28/0x190 [ 473.935523] ? lock_sock_nested+0x82/0x100 [ 473.939739] ? lock_sock_nested+0x82/0x100 [ 473.943967] ? __local_bh_enable_ip+0x160/0x250 [ 473.948611] tipc_sendmsg+0x4b/0x70 [ 473.952220] ? __tipc_sendmsg+0x12f0/0x12f0 [ 473.956522] sock_sendmsg+0xac/0xf0 [ 473.960124] ___sys_sendmsg+0x28e/0x950 [ 473.964070] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 473.968801] ? mark_held_locks+0x130/0x130 [ 473.973023] ? lock_downgrade+0x860/0x860 [ 473.977153] ? kasan_check_read+0x11/0x20 [ 473.981272] ? __fget+0x2a2/0x400 [ 473.984705] ? __might_fault+0xf1/0x1b0 [ 473.988649] ? lock_downgrade+0x860/0x860 [ 473.992779] __sys_sendmmsg+0x160/0x370 [ 473.996724] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 474.001028] ? tipc_setsockopt+0x52f/0x870 [ 474.005239] ? fput+0x18/0x120 [ 474.008415] ? do_futex+0x1930/0x1930 [ 474.012197] ? kernel_accept+0x300/0x300 [ 474.016924] ? __sys_socket+0x115/0x1d0 [ 474.020871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.025622] ? do_syscall_64+0x21/0x4e0 [ 474.029581] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.034923] __x64_sys_sendmmsg+0x98/0x100 [ 474.039131] do_syscall_64+0xd0/0x4e0 [ 474.042901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.048078] RIP: 0033:0x446a09 [ 474.051242] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 474.070123] RSP: 002b:00007fd27429bdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 474.077808] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446a09 [ 474.085054] RDX: 08000000000000b0 RSI: 0000000020000a40 RDI: 0000000000000004 [ 474.092304] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 474.099556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 474.106806] R13: 00007fffb76d6f9f R14: 00007fd27429c9c0 R15: 000000000000002d [ 474.114055] Modules linked in: [ 474.117230] ---[ end trace ec3d8d1cca7a2f42 ]--- [ 474.117264] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 474.122054] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 474.127392] CPU: 1 PID: 20562 Comm: syz-executor336 Tainted: G D 4.19.163-syzkaller #0 [ 474.133260] Code: 00 fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 20 5d 8b 87 e8 16 af 00 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 c0 5c 8b 87 e8 02 af 00 fe <0f> 0b 48 89 de 48 c7 c7 e0 5d 8b 87 e8 f1 ae 00 fe 0f 0b 48 89 de [ 474.142673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.161550] RSP: 0018:ffff8881e04c74d0 EFLAGS: 00010086 [ 474.170884] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 474.176213] RAX: 000000000000004e RBX: ffff8881e04c7640 RCX: 0000000000000000 [ 474.182070] Code: 00 fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 20 5d 8b 87 e8 16 af 00 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 c0 5c 8b 87 e8 02 af 00 fe <0f> 0b 48 89 de 48 c7 c7 e0 5d 8b 87 e8 f1 ae 00 fe 0f 0b 48 89 de [ 474.190180] RDX: 0000000000000000 RSI: ffffffff878b5a20 RDI: ffffffff8a3e1a60 [ 474.209066] RSP: 0018:ffff8881e08474d0 EFLAGS: 00010086 [ 474.216309] RBP: ffff8881e04c74e8 R08: ffffed103ecc5081 R09: ffffed103ecc5080 [ 474.216312] R10: ffffed103ecc5080 R11: ffff8881f6628407 R12: dead000000000200 [ 474.221649] RAX: 000000000000004e RBX: ffff8881e0847640 RCX: 0000000000000000 [ 474.228892] R13: dead000000000100 R14: ffff8881e9fab480 R15: ffff8881ec6f9280 [ 474.236135] RDX: 0000000000000000 RSI: ffffffff878b5a20 RDI: ffffffff8a3e1a60 [ 474.243407] FS: 00007fd27429c700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 [ 474.250651] RBP: ffff8881e08474e8 R08: ffffed103ece5081 R09: ffffed103ece5080 [ 474.257901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 474.266102] R10: ffffed103ece5080 R11: ffff8881f6728407 R12: dead000000000200 [ 474.273445] CR2: 000000002001d06c CR3: 00000001dd711006 CR4: 00000000001606f0 [ 474.279301] R13: dead000000000100 R14: ffff8881cea86f00 R15: ffff8881d2057240 [ 474.286547] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 474.293789] FS: 00007fd27429c700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 [ 474.301032] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 474.301036] Kernel panic - not syncing: Fatal exception [ 474.308316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 474.334983] CR2: 00000000004ccc50 CR3: 00000001d6b7d006 CR4: 00000000001606e0 [ 474.342237] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 474.349482] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 474.356729] Call Trace: [ 474.359297] remove_wait_queue+0x30/0x1b0 [ 474.363430] tipc_send_group_bcast+0x33a/0xa10 [ 474.367993] ? tipc_release+0xbd0/0xbd0 [ 474.371946] ? do_wait_intr_irq+0x310/0x310 [ 474.376247] ? __lock_acquire+0x764/0x47c0 [ 474.380458] ? _raw_spin_unlock_irq+0x27/0x90 [ 474.384928] ? finish_task_switch+0x14a/0x720 [ 474.389400] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 474.393958] ? _raw_spin_unlock_irq+0x27/0x90 [ 474.398431] __tipc_sendmsg+0x44a/0x12f0 [ 474.402468] ? tipc_sendmcast+0xb10/0xb10 [ 474.406590] ? mark_held_locks+0x130/0x130 [ 474.410805] ? __might_sleep+0x95/0x190 [ 474.414755] ? mark_held_locks+0xc7/0x130 [ 474.418879] ? __local_bh_enable_ip+0x160/0x250 [ 474.424046] ? lock_sock_nested+0xc5/0x100 [ 474.428267] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 474.432822] ? __local_bh_enable_ip+0x160/0x250 [ 474.437465] ? trace_hardirqs_on+0x28/0x190 [ 474.441760] ? lock_sock_nested+0x82/0x100 [ 474.445981] ? lock_sock_nested+0x82/0x100 [ 474.450190] ? __local_bh_enable_ip+0x160/0x250 [ 474.454837] tipc_sendmsg+0x4b/0x70 [ 474.458439] ? __tipc_sendmsg+0x12f0/0x12f0 [ 474.462735] sock_sendmsg+0xac/0xf0 [ 474.466339] ___sys_sendmsg+0x28e/0x950 [ 474.470291] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 474.475024] ? __fget+0x285/0x400 [ 474.478457] ? lock_downgrade+0x860/0x860 [ 474.482584] ? kasan_check_read+0x11/0x20 [ 474.486711] ? __fget+0x2a2/0x400 [ 474.490142] ? do_dup2+0x3f0/0x3f0 [ 474.493660] ? exit_robust_list+0x1d0/0x1d0 [ 474.497957] ? __fget_light+0x174/0x1e0 [ 474.501909] ? _raw_spin_unlock_bh+0x30/0x40 [ 474.506295] ? __fdget+0xe/0x10 [ 474.509549] ? sockfd_lookup_light+0x1c/0x160 [ 474.514476] __sys_sendmmsg+0x160/0x370 [ 474.518431] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 474.522740] ? tipc_setsockopt+0x52f/0x870 [ 474.526956] ? fput+0x18/0x120 [ 474.530126] ? do_futex+0x1930/0x1930 [ 474.533900] ? kernel_accept+0x300/0x300 [ 474.537937] ? __sys_socket+0x115/0x1d0 [ 474.541888] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.546627] ? do_syscall_64+0x21/0x4e0 [ 474.550589] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.555931] __x64_sys_sendmmsg+0x98/0x100 [ 474.560143] do_syscall_64+0xd0/0x4e0 [ 474.563921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.569087] RIP: 0033:0x446a09 [ 474.572264] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 474.591150] RSP: 002b:00007fd27429bdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 474.598845] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446a09 [ 474.606102] RDX: 08000000000000b0 RSI: 0000000020000a40 RDI: 0000000000000004 [ 474.613371] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 474.620616] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 474.627865] R13: 00007fffb76d6f9f R14: 00007fd27429c9c0 R15: 000000000000002d [ 474.635117] Modules linked in: [ 474.638290] ---[ end trace ec3d8d1cca7a2f43 ]--- [ 474.643028] RIP: 0010:__list_del_entry_valid.cold.1+0x26/0x58 [ 474.648897] Code: 00 fe 0f 0b 4c 89 e2 48 89 de 48 c7 c7 20 5d 8b 87 e8 16 af 00 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 c0 5c 8b 87 e8 02 af 00 fe <0f> 0b 48 89 de 48 c7 c7 e0 5d 8b 87 e8 f1 ae 00 fe 0f 0b 48 89 de [ 474.668208] RSP: 0018:ffff8881e04c74d0 EFLAGS: 00010086 [ 474.673549] RAX: 000000000000004e RBX: ffff8881e04c7640 RCX: 0000000000000000 [ 474.680796] RDX: 0000000000000000 RSI: ffffffff878b5a20 RDI: ffffffff8a3e1a60 [ 474.688059] RBP: ffff8881e04c74e8 R08: ffffed103ecc5081 R09: ffffed103ecc5080 [ 474.695316] R10: ffffed103ecc5080 R11: ffff8881f6628407 R12: dead000000000200 [ 474.702576] R13: dead000000000100 R14: ffff8881e9fab480 R15: ffff8881ec6f9280 [ 474.709824] FS: 00007fd27429c700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 [ 474.718029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 474.723974] CR2: 00000000004ccc50 CR3: 00000001d6b7d006 CR4: 00000000001606e0 [ 474.731222] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 474.738480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 475.435399] Shutting down cpus with NMI [ 475.440286] Kernel Offset: disabled [ 475.443901] Rebooting in 86400 seconds..