[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. 2020/08/13 12:58:33 parsed 1 programs 2020/08/13 12:58:34 executed programs: 0 syzkaller login: [ 74.165603][ T28] audit: type=1400 audit(1597323514.949:8): avc: denied { execmem } for pid=6856 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 75.259589][ T6859] IPVS: ftp: loaded support on port[0] = 21 [ 75.378979][ T6866] IPVS: ftp: loaded support on port[0] = 21 [ 75.497944][ T6864] IPVS: ftp: loaded support on port[0] = 21 [ 75.499086][ T6860] IPVS: ftp: loaded support on port[0] = 21 [ 75.511784][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 75.529866][ T6862] IPVS: ftp: loaded support on port[0] = 21 [ 75.918056][ T6859] chnl_net:caif_netlink_parms(): no params data found [ 76.367993][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 76.425883][ T6864] chnl_net:caif_netlink_parms(): no params data found [ 76.435726][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.445298][ T6859] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.454160][ T6859] device bridge_slave_0 entered promiscuous mode [ 76.507948][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.517722][ T6859] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.526987][ T6859] device bridge_slave_1 entered promiscuous mode [ 76.548109][ T6862] chnl_net:caif_netlink_parms(): no params data found [ 76.587518][ T6860] chnl_net:caif_netlink_parms(): no params data found [ 76.618565][ T6866] chnl_net:caif_netlink_parms(): no params data found [ 76.638336][ T6859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.657380][ T6859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.720447][ T6864] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.727994][ T6864] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.736980][ T6864] device bridge_slave_0 entered promiscuous mode [ 76.749901][ T6864] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.757062][ T6864] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.765697][ T6864] device bridge_slave_1 entered promiscuous mode [ 76.799422][ T6859] team0: Port device team_slave_0 added [ 76.818674][ T6859] team0: Port device team_slave_1 added [ 76.870369][ T6862] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.877577][ T6862] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.888412][ T6862] device bridge_slave_0 entered promiscuous mode [ 76.924408][ T6864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.940033][ T6862] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.949458][ T6862] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.958463][ T6862] device bridge_slave_1 entered promiscuous mode [ 76.966003][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.973564][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.982027][ T6867] device bridge_slave_0 entered promiscuous mode [ 76.990436][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.998899][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.024917][ T6859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.042806][ T6864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.075405][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.084315][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.092721][ T6867] device bridge_slave_1 entered promiscuous mode [ 77.100404][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.107991][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.135073][ T6859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.199450][ T6864] team0: Port device team_slave_0 added [ 77.243568][ T6862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.261002][ T6862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.270214][ T6860] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.278136][ T6860] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.290038][ T6860] device bridge_slave_0 entered promiscuous mode [ 77.291387][ T2581] Bluetooth: hci0: command 0x0409 tx timeout [ 77.299012][ T6860] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.309696][ T6860] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.318185][ T6860] device bridge_slave_1 entered promiscuous mode [ 77.332227][ T6864] team0: Port device team_slave_1 added [ 77.339525][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.355322][ T6859] device hsr_slave_0 entered promiscuous mode [ 77.363175][ T6859] device hsr_slave_1 entered promiscuous mode [ 77.380655][ T5] Bluetooth: hci2: command 0x0409 tx timeout [ 77.387016][ T5] Bluetooth: hci3: command 0x0409 tx timeout [ 77.404035][ T6866] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.411735][ T6866] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.419419][ T6866] device bridge_slave_0 entered promiscuous mode [ 77.428679][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.450564][ T5] Bluetooth: hci5: command 0x0409 tx timeout [ 77.456600][ T5] Bluetooth: hci1: command 0x0409 tx timeout [ 77.478664][ T6862] team0: Port device team_slave_0 added [ 77.486643][ T5] Bluetooth: hci4: command 0x0409 tx timeout [ 77.494140][ T6866] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.504762][ T6866] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.513136][ T6866] device bridge_slave_1 entered promiscuous mode [ 77.528112][ T6860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.550704][ T6864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.557678][ T6864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.587765][ T6864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.600952][ T6862] team0: Port device team_slave_1 added [ 77.621589][ T6860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.639065][ T6864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.646308][ T6864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.675923][ T6864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.698744][ T6867] team0: Port device team_slave_0 added [ 77.734917][ T6862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.742103][ T6862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.769113][ T6862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.782770][ T6866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.795894][ T6867] team0: Port device team_slave_1 added [ 77.812957][ T6862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.819917][ T6862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.846850][ T6862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.876932][ T6864] device hsr_slave_0 entered promiscuous mode [ 77.884520][ T6864] device hsr_slave_1 entered promiscuous mode [ 77.891667][ T6864] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.899411][ T6864] Cannot create hsr debugfs directory [ 77.907220][ T6866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.926790][ T6860] team0: Port device team_slave_0 added [ 77.937242][ T6860] team0: Port device team_slave_1 added [ 78.004654][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.011757][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.038623][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.057388][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.064942][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.091433][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.114155][ T6860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.121221][ T6860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.147680][ T6860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.162982][ T6862] device hsr_slave_0 entered promiscuous mode [ 78.177150][ T6862] device hsr_slave_1 entered promiscuous mode [ 78.184265][ T6862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.192188][ T6862] Cannot create hsr debugfs directory [ 78.200927][ T6866] team0: Port device team_slave_0 added [ 78.227736][ T6860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.235100][ T6860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.262836][ T6860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.276171][ T6866] team0: Port device team_slave_1 added [ 78.389289][ T6866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.397406][ T6866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.426793][ T6866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.443268][ T6867] device hsr_slave_0 entered promiscuous mode [ 78.449969][ T6867] device hsr_slave_1 entered promiscuous mode [ 78.456721][ T6867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.464439][ T6867] Cannot create hsr debugfs directory [ 78.496176][ T6860] device hsr_slave_0 entered promiscuous mode [ 78.503298][ T6860] device hsr_slave_1 entered promiscuous mode [ 78.510263][ T6860] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.518305][ T6860] Cannot create hsr debugfs directory [ 78.524948][ T6866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.535401][ T6866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.562818][ T6866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.688091][ T6859] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.731299][ T6866] device hsr_slave_0 entered promiscuous mode [ 78.739144][ T6866] device hsr_slave_1 entered promiscuous mode [ 78.749528][ T6866] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.757601][ T6866] Cannot create hsr debugfs directory [ 78.772685][ T6859] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.793500][ T6859] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.812274][ T6859] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.025853][ T6864] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.059244][ T6864] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.084134][ T6864] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.103639][ T6864] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.184132][ T6862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 79.224463][ T6862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 79.255334][ T6862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 79.287953][ T6859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.298101][ T6862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 79.323567][ T6860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.333194][ T6860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.352902][ T6860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.370538][ T3935] Bluetooth: hci0: command 0x041b tx timeout [ 79.394512][ T6859] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.410124][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.419160][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.432367][ T6860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.451214][ T2581] Bluetooth: hci3: command 0x041b tx timeout [ 79.460984][ T2581] Bluetooth: hci2: command 0x041b tx timeout [ 79.486579][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.501433][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.510215][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.517524][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.529048][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.530432][ T17] Bluetooth: hci4: command 0x041b tx timeout [ 79.538607][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.545058][ T17] Bluetooth: hci1: command 0x041b tx timeout [ 79.557667][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.558374][ T17] Bluetooth: hci5: command 0x041b tx timeout [ 79.564888][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.578836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.588659][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.607554][ T6867] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 79.623468][ T6864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.639946][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.648891][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.658498][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.687541][ T6867] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 79.699053][ T6867] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 79.715349][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.725696][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.734852][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.744003][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.752727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.770766][ T6867] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 79.795236][ T6864] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.808616][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.819945][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.828721][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.837538][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.848263][ T6859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.886935][ T6866] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.897441][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.909588][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.918492][ T3935] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.925681][ T3935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.935020][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.956447][ T6866] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.966399][ T6866] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.987175][ T6866] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.003971][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.013411][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.021967][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.030420][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.083839][ T6859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.092889][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.106589][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.115482][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.126632][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.176735][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.188696][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.198975][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.229046][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.239858][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.254257][ T6862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.279827][ T6862] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.312373][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.323176][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.331587][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.340142][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.349154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.358197][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.398580][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.408929][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.418392][ T3935] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.425513][ T3935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.434704][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 80.443435][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.452469][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.461270][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.470569][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.479193][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.488462][ T3935] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.495610][ T3935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.504160][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 80.512867][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.521661][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.542544][ T6864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.562593][ T6859] device veth0_vlan entered promiscuous mode [ 80.578230][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.598438][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.617271][ T6860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.632093][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.647977][ T6859] device veth1_vlan entered promiscuous mode [ 80.659042][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.672457][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.691627][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.728497][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.752387][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.775523][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.784312][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.798702][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.807822][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.830450][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.837942][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.867712][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.888986][ T6860] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.904924][ T6864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.915497][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.923848][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.936632][ T6862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.951668][ T6862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.990723][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.999222][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.008651][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.018105][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.027167][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.034310][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.043681][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.052722][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.061674][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.068851][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.076578][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.085493][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.094118][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.101259][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.109389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 81.118319][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.127035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.136104][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.144647][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.151771][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.190736][ T6859] device veth0_macvtap entered promiscuous mode [ 81.211954][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.220007][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.228979][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 81.237420][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.246765][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.256185][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.265820][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.274665][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.283983][ T2612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.299253][ T6866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.325397][ T6859] device veth1_macvtap entered promiscuous mode [ 81.335032][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 81.346001][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.354511][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.362081][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.369564][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 81.378845][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.387853][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.396791][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.421497][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.432630][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.450244][ T2581] Bluetooth: hci0: command 0x040f tx timeout [ 81.462513][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.472620][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 81.481068][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.489263][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.498999][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.507692][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.516689][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.525516][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.530795][ T2942] Bluetooth: hci2: command 0x040f tx timeout [ 81.534141][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.545934][ T2942] Bluetooth: hci3: command 0x040f tx timeout [ 81.558354][ T6862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.573341][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 81.584299][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.595278][ T6860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.613341][ T6866] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.620399][ T2942] Bluetooth: hci5: command 0x040f tx timeout [ 81.626412][ T2942] Bluetooth: hci1: command 0x040f tx timeout [ 81.642987][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.651292][ T2942] Bluetooth: hci4: command 0x040f tx timeout [ 81.656519][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.667137][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 81.683771][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.693652][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.702591][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.715055][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.743451][ T6864] device veth0_vlan entered promiscuous mode [ 81.750972][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.766468][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.778224][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.787440][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.797853][ T2942] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.804985][ T2942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.813144][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.822114][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.830681][ T2942] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.837756][ T2942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.845719][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.857718][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.874884][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.887839][ T6859] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.900320][ T6859] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.909044][ T6859] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.918287][ T6859] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.969277][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.979599][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.989425][ T2581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.022093][ T6864] device veth1_vlan entered promiscuous mode [ 82.054407][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 82.063224][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.075085][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.084462][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.093646][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.102653][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.111759][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.119177][ T3935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.127350][ T8150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.159634][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.178222][ T6866] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 82.207224][ T6866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.231875][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 82.242631][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.259108][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.276489][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.285812][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.299896][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.316601][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 2020/08/13 12:58:43 executed programs: 6 [ 82.326186][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.359861][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.442329][ T6860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.450570][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.487802][ T6862] device veth0_vlan entered promiscuous mode [ 82.505989][ T6864] device veth0_macvtap entered promiscuous mode [ 82.521741][ T6864] device veth1_macvtap entered promiscuous mode [ 82.556279][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.610310][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.618473][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.682696][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.701254][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.731187][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.739822][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.762553][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.771407][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.779337][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 82.798134][ T6862] device veth1_vlan entered promiscuous mode [ 82.823010][ T6866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.898612][ T6864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 82.924417][ T6864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.944144][ T6864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.996265][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.008191][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.024117][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.045187][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.074791][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.105218][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.130967][ T6864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 83.149851][ T6864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.171108][ T6864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.186083][ T6862] device veth0_macvtap entered promiscuous mode [ 83.250490][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.280445][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.286765][ T8194] ================================================================== [ 83.298891][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.300454][ T8194] BUG: KASAN: use-after-free in path_init+0x116b/0x13c0 [ 83.300465][ T8194] Read of size 8 at addr ffff8880944e29c0 by task syz-executor.3/8194 [ 83.300468][ T8194] [ 83.300483][ T8194] CPU: 0 PID: 8194 Comm: syz-executor.3 Not tainted 5.8.0-syzkaller #0 [ 83.300491][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.300496][ T8194] Call Trace: [ 83.300512][ T8194] dump_stack+0x18f/0x20d [ 83.300525][ T8194] ? path_init+0x116b/0x13c0 [ 83.300542][ T8194] ? path_init+0x116b/0x13c0 [ 83.309187][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.315330][ T8194] print_address_description.constprop.0.cold+0xae/0x497 [ 83.315356][ T8194] ? vprintk_func+0x97/0x1a6 [ 83.315370][ T8194] ? path_init+0x116b/0x13c0 [ 83.315382][ T8194] ? path_init+0x116b/0x13c0 [ 83.315395][ T8194] kasan_report.cold+0x1f/0x37 [ 83.315410][ T8194] ? path_init+0x116b/0x13c0 [ 83.315425][ T8194] path_init+0x116b/0x13c0 [ 83.315438][ T8194] ? __kasan_slab_free+0xd8/0x120 [ 83.315450][ T8194] ? kmem_cache_free.part.0+0x67/0x1f0 [ 83.315461][ T8194] ? putname+0xe1/0x120 [ 83.315473][ T8194] ? do_rmdir+0x145/0x440 [ 83.315487][ T8194] ? do_syscall_64+0x2d/0x70 [ 83.315504][ T8194] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.315526][ T8194] path_parentat+0x22/0x1b0 [ 83.315543][ T8194] filename_parentat+0x188/0x560 [ 83.315559][ T8194] ? getname+0xd0/0xd0 [ 83.315580][ T8194] ? lockdep_hardirqs_off+0x89/0xc0 [ 83.315599][ T8194] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 83.315612][ T8194] ? lockdep_hardirqs_off+0x89/0xc0 [ 83.315631][ T8194] ? check_preemption_disabled+0x50/0x130 [ 83.329775][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.334288][ T8194] ? putname+0xe1/0x120 [ 83.334305][ T8194] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 83.334317][ T8194] ? putname+0xe1/0x120 [ 83.334330][ T8194] ? kmem_cache_free.part.0+0x1c4/0x1f0 [ 83.334352][ T8194] do_rmdir+0xa8/0x440 [ 83.334369][ T8194] ? __ia32_sys_mkdir+0x80/0x80 [ 83.334389][ T8194] ? strncpy_from_user+0x2bf/0x3e0 [ 83.352229][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.352271][ T8194] ? trace_hardirqs_on+0x5f/0x220 [ 83.360806][ T6864] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.361411][ T8194] do_syscall_64+0x2d/0x70 [ 83.369287][ T6864] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.376287][ T8194] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.376298][ T8194] RIP: 0033:0x45d189 [ 83.376313][ T8194] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.376320][ T8194] RSP: 002b:00007f5916a2ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 83.376333][ T8194] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045d189 [ 83.376345][ T8194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 83.376354][ T8194] RBP: 000000000118d010 R08: 0000000000000000 R09: 0000000000000000 [ 83.376362][ T8194] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 83.376371][ T8194] R13: 00007fffb0587daf R14: 00007f5916a2f9c0 R15: 000000000118cfec [ 83.376388][ T8194] [ 83.376395][ T8194] Allocated by task 8194: [ 83.376409][ T8194] kasan_save_stack+0x1b/0x40 [ 83.376427][ T8194] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 83.388900][ T6864] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.390120][ T8194] kmem_cache_alloc+0x138/0x3a0 [ 83.390134][ T8194] getname_flags.part.0+0x50/0x4f0 [ 83.390146][ T8194] __x64_sys_rmdir+0xb1/0x100 [ 83.390158][ T8194] do_syscall_64+0x2d/0x70 [ 83.390173][ T8194] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.390177][ T8194] [ 83.390183][ T8194] Freed by task 8194: [ 83.390194][ T8194] kasan_save_stack+0x1b/0x40 [ 83.390211][ T8194] kasan_set_track+0x1c/0x30 [ 83.394995][ T6864] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.399518][ T8194] kasan_set_free_info+0x1b/0x30 [ 83.399530][ T8194] __kasan_slab_free+0xd8/0x120 [ 83.399547][ T8194] kmem_cache_free.part.0+0x67/0x1f0 [ 83.530437][ T2581] Bluetooth: hci0: command 0x0419 tx timeout [ 83.531790][ T8194] putname+0xe1/0x120 [ 83.531802][ T8194] do_rmdir+0x145/0x440 [ 83.531821][ T8194] do_syscall_64+0x2d/0x70 [ 83.610261][ T2581] Bluetooth: hci3: command 0x0419 tx timeout [ 83.614753][ T8194] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.614757][ T8194] [ 83.614774][ T8194] The buggy address belongs to the object at ffff8880944e29c0 [ 83.614774][ T8194] which belongs to the cache names_cache of size 4096 [ 83.644592][ T2581] Bluetooth: hci2: command 0x0419 tx timeout [ 83.648466][ T8194] The buggy address is located 0 bytes inside of [ 83.648466][ T8194] 4096-byte region [ffff8880944e29c0, ffff8880944e39c0) [ 83.648471][ T8194] The buggy address belongs to the page: [ 83.648485][ T8194] page:00000000576152cc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x944e2 [ 83.648499][ T8194] head:00000000576152cc order:1 compound_mapcount:0 [ 83.695590][ T2581] Bluetooth: hci4: command 0x0419 tx timeout [ 83.697522][ T8194] flags: 0xfffe0000010200(slab|head) [ 83.697547][ T8194] raw: 00fffe0000010200 ffffea00029a0488 ffffea00027c8988 ffff8880aa241900 [ 83.820598][ T8194] raw: 0000000000000000 ffff8880944e29c0 0000000100000001 0000000000000000 [ 83.829166][ T8194] page dumped because: kasan: bad access detected [ 83.835553][ T8194] [ 83.837857][ T8194] Memory state around the buggy address: [ 83.843467][ T8194] ffff8880944e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.851521][ T8194] ffff8880944e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.859583][ T8194] >ffff8880944e2980: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 83.867640][ T8194] ^ [ 83.873775][ T8194] ffff8880944e2a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.882001][ T8194] ffff8880944e2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.890053][ T8194] ================================================================== [ 83.898264][ T8194] Disabling lock debugging due to kernel taint [ 83.911253][ T8150] Bluetooth: hci1: command 0x0419 tx timeout [ 83.913047][ T6862] device veth1_macvtap entered promiscuous mode [ 83.917273][ T8150] Bluetooth: hci5: command 0x0419 tx timeout [ 83.931967][ T8194] Kernel panic - not syncing: panic_on_warn set ... [ 83.938574][ T8194] CPU: 0 PID: 8194 Comm: syz-executor.3 Tainted: G B 5.8.0-syzkaller #0 [ 83.939315][ T6860] device veth0_vlan entered promiscuous mode [ 83.948194][ T8194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.948198][ T8194] Call Trace: [ 83.948217][ T8194] dump_stack+0x18f/0x20d [ 83.948230][ T8194] ? path_init+0x1160/0x13c0 [ 83.948248][ T8194] panic+0x2e3/0x75c [ 83.969179][ T6860] device veth1_vlan entered promiscuous mode [ 83.971833][ T8194] ? __warn_printk+0xf3/0xf3 [ 83.971848][ T8194] ? preempt_schedule_common+0x59/0xc0 [ 83.971865][ T8194] ? path_init+0x116b/0x13c0 [ 84.000860][ T8194] ? preempt_schedule_thunk+0x16/0x18 [ 84.002941][ T6860] device veth0_macvtap entered promiscuous mode [ 84.006230][ T8194] ? trace_hardirqs_on+0x55/0x220 [ 84.006248][ T8194] ? path_init+0x116b/0x13c0 [ 84.019270][ T6860] device veth1_macvtap entered promiscuous mode [ 84.022044][ T8194] ? path_init+0x116b/0x13c0 [ 84.022058][ T8194] end_report+0x4d/0x53 [ 84.022071][ T8194] kasan_report.cold+0xd/0x37 [ 84.022082][ T8194] ? path_init+0x116b/0x13c0 [ 84.022097][ T8194] path_init+0x116b/0x13c0 [ 84.045677][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 84.046240][ T8194] ? __kasan_slab_free+0xd8/0x120 [ 84.046257][ T8194] ? kmem_cache_free.part.0+0x67/0x1f0 [ 84.052718][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.061118][ T8194] ? putname+0xe1/0x120 [ 84.061129][ T8194] ? do_rmdir+0x145/0x440 [ 84.061141][ T8194] ? do_syscall_64+0x2d/0x70 [ 84.061154][ T8194] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 84.061171][ T8194] path_parentat+0x22/0x1b0 [ 84.068737][ T6860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 84.071618][ T8194] filename_parentat+0x188/0x560 [ 84.071631][ T8194] ? getname+0xd0/0xd0 [ 84.071647][ T8194] ? lockdep_hardirqs_off+0x89/0xc0 [ 84.071662][ T8194] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 84.071675][ T8194] ? lockdep_hardirqs_off+0x89/0xc0 [ 84.071688][ T8194] ? check_preemption_disabled+0x50/0x130 [ 84.071699][ T8194] ? putname+0xe1/0x120 [ 84.071718][ T8194] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 84.086131][ T6860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.090019][ T8194] ? putname+0xe1/0x120 [ 84.090032][ T8194] ? kmem_cache_free.part.0+0x1c4/0x1f0 [ 84.090045][ T8194] do_rmdir+0xa8/0x440 [ 84.090058][ T8194] ? __ia32_sys_mkdir+0x80/0x80 [ 84.090073][ T8194] ? strncpy_from_user+0x2bf/0x3e0 [ 84.090087][ T8194] ? trace_hardirqs_on+0x5f/0x220 [ 84.090101][ T8194] do_syscall_64+0x2d/0x70 [ 84.090117][ T8194] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 84.090127][ T8194] RIP: 0033:0x45d189 [ 84.090140][ T8194] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.090148][ T8194] RSP: 002b:00007f5916a2ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 84.090160][ T8194] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045d189 [ 84.090168][ T8194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 84.090175][ T8194] RBP: 000000000118d010 R08: 0000000000000000 R09: 0000000000000000 [ 84.090182][ T8194] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 84.090189][ T8194] R13: 00007fffb0587daf R14: 00007f5916a2f9c0 R15: 000000000118cfec [ 84.090886][ T8194] Kernel Offset: disabled [ 84.285558][ T8194] Rebooting in 86400 seconds..