[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. 2020/05/23 10:10:29 fuzzer started 2020/05/23 10:10:29 dialing manager at 10.128.0.26:38661 2020/05/23 10:10:29 syscalls: 3055 2020/05/23 10:10:29 code coverage: enabled 2020/05/23 10:10:29 comparison tracing: enabled 2020/05/23 10:10:29 extra coverage: enabled 2020/05/23 10:10:29 setuid sandbox: enabled 2020/05/23 10:10:29 namespace sandbox: enabled 2020/05/23 10:10:29 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/23 10:10:29 fault injection: enabled 2020/05/23 10:10:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/23 10:10:29 net packet injection: enabled 2020/05/23 10:10:29 net device setup: enabled 2020/05/23 10:10:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/23 10:10:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/23 10:10:29 USB emulation: enabled 10:12:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x14, r1, 0x72d}, 0x14}}, 0x0) syzkaller login: [ 197.911222][ T6824] IPVS: ftp: loaded support on port[0] = 21 10:12:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmpv6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x2}]}, 0x34}}, 0x0) [ 198.061412][ T6824] chnl_net:caif_netlink_parms(): no params data found [ 198.180300][ T6824] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.192234][ T6824] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.212814][ T6824] device bridge_slave_0 entered promiscuous mode [ 198.233460][ T6824] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.240686][ T6824] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.263122][ T6824] device bridge_slave_1 entered promiscuous mode [ 198.285309][ T6954] IPVS: ftp: loaded support on port[0] = 21 [ 198.327103][ T6824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.355884][ T6824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 10:12:49 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000240)=ANY=[], 0x18) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) [ 198.419705][ T6824] team0: Port device team_slave_0 added [ 198.441380][ T6824] team0: Port device team_slave_1 added [ 198.533008][ T6824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.540021][ T6824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.602381][ T6824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.657432][ T6824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.664929][ T6824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.719057][ T6824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.738731][ T6954] chnl_net:caif_netlink_parms(): no params data found 10:12:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000500)={0x800000000000081, 0x0, [{0x0, 0x0, &(0x7f0000000080)=""/87}, {0x0, 0x0, &(0x7f0000000000)=""/25}, {0x0, 0x0, &(0x7f00000001c0)=""/223}, {0x0, 0x0, &(0x7f00000002c0)=""/156}, {0x0, 0x0, &(0x7f0000000380)=""/146}, {0x0, 0x0, &(0x7f0000000440)=""/143}]}) [ 198.787877][ T7073] IPVS: ftp: loaded support on port[0] = 21 [ 198.838349][ T6824] device hsr_slave_0 entered promiscuous mode [ 198.892380][ T6824] device hsr_slave_1 entered promiscuous mode [ 199.024660][ T7097] IPVS: ftp: loaded support on port[0] = 21 [ 199.147389][ T6954] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.172407][ T6954] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.180670][ T6954] device bridge_slave_0 entered promiscuous mode 10:12:50 executing program 4: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x283) [ 199.205560][ T6954] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.213394][ T6954] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.221663][ T6954] device bridge_slave_1 entered promiscuous mode [ 199.395781][ T6954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.478251][ T6954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.557213][ T7073] chnl_net:caif_netlink_parms(): no params data found 10:12:50 executing program 5: listen(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "eaffffff090000000000000000000000000053"}) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x15, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000001000"}) openat$ppp(0xffffffffffffff9c, 0x0, 0x101000, 0x0) pipe(&(0x7f00000000c0)) syz_emit_ethernet(0x4a, &(0x7f0000000300)=ANY=[@ANYRES32=0x41424344], 0x0) [ 199.627451][ T7241] IPVS: ftp: loaded support on port[0] = 21 [ 199.693624][ T6954] team0: Port device team_slave_0 added [ 199.790365][ T6954] team0: Port device team_slave_1 added [ 199.834611][ T6824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 199.869042][ T6824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 199.915397][ T6824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 199.998935][ T6954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.007284][ T6954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.024358][ T7370] IPVS: ftp: loaded support on port[0] = 21 [ 200.035503][ T6954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.053768][ T7097] chnl_net:caif_netlink_parms(): no params data found [ 200.064651][ T6824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 200.138876][ T6954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.146145][ T6954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.175967][ T6954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.277686][ T7073] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.286252][ T7073] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.295764][ T7073] device bridge_slave_0 entered promiscuous mode [ 200.308302][ T7073] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.316351][ T7073] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.324633][ T7073] device bridge_slave_1 entered promiscuous mode [ 200.386221][ T6954] device hsr_slave_0 entered promiscuous mode [ 200.442601][ T6954] device hsr_slave_1 entered promiscuous mode [ 200.481994][ T6954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.489840][ T6954] Cannot create hsr debugfs directory [ 200.539373][ T7073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.621193][ T7073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.647319][ T7241] chnl_net:caif_netlink_parms(): no params data found [ 200.662983][ T7097] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.670061][ T7097] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.681165][ T7097] device bridge_slave_0 entered promiscuous mode [ 200.690703][ T7097] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.698333][ T7097] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.707883][ T7097] device bridge_slave_1 entered promiscuous mode [ 200.804587][ T7073] team0: Port device team_slave_0 added [ 200.815285][ T7097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.840392][ T7073] team0: Port device team_slave_1 added [ 200.861242][ T7097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.920738][ T7073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.928798][ T7073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.957117][ T7073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.996979][ T7073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.004736][ T7073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.031866][ T7073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.062833][ T7097] team0: Port device team_slave_0 added [ 201.069033][ T7241] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.077034][ T7241] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.085985][ T7241] device bridge_slave_0 entered promiscuous mode [ 201.185580][ T7073] device hsr_slave_0 entered promiscuous mode [ 201.222454][ T7073] device hsr_slave_1 entered promiscuous mode [ 201.272154][ T7073] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.279966][ T7073] Cannot create hsr debugfs directory [ 201.301775][ T7097] team0: Port device team_slave_1 added [ 201.311183][ T7241] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.324791][ T7241] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.333257][ T7241] device bridge_slave_1 entered promiscuous mode [ 201.367678][ T7370] chnl_net:caif_netlink_parms(): no params data found [ 201.471066][ T7097] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.478491][ T7097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.505771][ T7097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.518876][ T7097] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.529156][ T7097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.555746][ T7097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.587822][ T7241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.640739][ T6954] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 201.676203][ T7241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.726619][ T7097] device hsr_slave_0 entered promiscuous mode [ 201.772412][ T7097] device hsr_slave_1 entered promiscuous mode [ 201.811923][ T7097] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.819506][ T7097] Cannot create hsr debugfs directory [ 201.826764][ T6954] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 201.874773][ T6954] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 201.939808][ T6954] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 202.033035][ T6824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.043089][ T7241] team0: Port device team_slave_0 added [ 202.074940][ T7370] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.082353][ T7370] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.091447][ T7370] device bridge_slave_0 entered promiscuous mode [ 202.102644][ T7370] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.109812][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.120498][ T7370] device bridge_slave_1 entered promiscuous mode [ 202.131550][ T7241] team0: Port device team_slave_1 added [ 202.161859][ T7241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.168834][ T7241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.196836][ T7241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.221131][ T6824] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.256120][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.265386][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.274389][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.285704][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.295018][ T2641] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.302745][ T2641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.318170][ T7241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.326515][ T7241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.354528][ T7241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.405867][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.415159][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.424424][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.433813][ T2632] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.440895][ T2632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.461474][ T7370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.495461][ T7370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.562862][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.582288][ T7370] team0: Port device team_slave_0 added [ 202.606838][ T7241] device hsr_slave_0 entered promiscuous mode [ 202.652311][ T7241] device hsr_slave_1 entered promiscuous mode [ 202.691965][ T7241] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.699568][ T7241] Cannot create hsr debugfs directory [ 202.725900][ T7370] team0: Port device team_slave_1 added [ 202.784074][ T7073] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 202.869923][ T7073] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 202.919672][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.931423][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.939939][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.966995][ T7370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.987044][ T7073] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.083833][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.091013][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.120106][ T7370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.139061][ T7073] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.185362][ T7097] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 203.255403][ T7097] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 203.330712][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.340968][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.371304][ T7097] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 203.450806][ T7097] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 203.510320][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.519897][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.529542][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.587990][ T7370] device hsr_slave_0 entered promiscuous mode [ 203.642160][ T7370] device hsr_slave_1 entered promiscuous mode [ 203.681877][ T7370] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.689494][ T7370] Cannot create hsr debugfs directory [ 203.735159][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.746869][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.798783][ T6824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.811024][ T6824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.844930][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.854770][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.908002][ T6954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.956935][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.971432][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 204.021867][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.029786][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.046710][ T6824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.094317][ T6954] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.136693][ T7073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.160949][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.173031][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.189777][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.197026][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.214111][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.237019][ T7241] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 204.305962][ T7241] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 204.365738][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.375319][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.385675][ T2641] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.392979][ T2641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.426270][ T7241] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 204.463938][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.472675][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.484123][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.493747][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.511197][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.522536][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.548878][ T7241] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 204.603661][ T7370] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 204.659803][ T7073] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.666811][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.675597][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.684152][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.707009][ T6824] device veth0_vlan entered promiscuous mode [ 204.714879][ T7370] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 204.755899][ T7370] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 204.810815][ T7097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.821491][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.833604][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.845068][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.859598][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.871128][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.879356][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.904059][ T7370] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 204.963285][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.972532][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.981112][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.991732][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.000910][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.008078][ T3311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.016573][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.026734][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.035805][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.045129][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.055135][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.062737][ T3311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.070693][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.079548][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.091378][ T6954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.120536][ T7097] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.133779][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.146382][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.158128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.171085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.180042][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.187404][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.196552][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.237252][ T6824] device veth1_vlan entered promiscuous mode [ 205.253377][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 205.262552][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.281817][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.290527][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.304473][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.312237][ T3310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.320398][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.331813][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.355934][ T6954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.379146][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 205.388955][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.399397][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 205.407280][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 205.415936][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.441054][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.455775][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.506191][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.516183][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.525383][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.535422][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 205.544481][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.578978][ T6824] device veth0_macvtap entered promiscuous mode [ 205.599428][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.607705][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.619592][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.629832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.639436][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.649085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.658675][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.668761][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 205.677964][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 205.710432][ T6824] device veth1_macvtap entered promiscuous mode [ 205.720429][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.734026][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.743151][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.752532][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.802395][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 205.810808][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 205.825766][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.836391][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.851299][ T6954] device veth0_vlan entered promiscuous mode [ 205.862472][ T7097] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.883039][ T6824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.902523][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 205.911112][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 205.919775][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.929231][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.975092][ T6824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.989768][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 206.000775][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 206.039085][ T6954] device veth1_vlan entered promiscuous mode [ 206.050945][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 206.064176][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 206.074899][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 206.089529][ T7370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.101308][ T7241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.129704][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 206.140944][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 206.154216][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 206.180121][ T7073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.200503][ T7370] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.210229][ T7097] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.271295][ T7241] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.278935][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.288076][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.297491][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.306577][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.400789][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 206.413964][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 206.426065][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.436450][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.447881][ T2641] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.455123][ T2641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.463433][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.472552][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.480976][ T2641] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.488228][ T2641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.496819][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.505920][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.516404][ T2641] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.523855][ T2641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.623996][ T6954] device veth0_macvtap entered promiscuous mode [ 206.640080][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 206.658870][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.675700][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.686912][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.699066][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 10:12:57 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) stat(0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000100)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@uid={'uid'}}]}) [ 206.729071][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 206.743687][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 206.816957][ T6954] device veth1_macvtap entered promiscuous mode [ 206.835943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 206.845259][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 206.855265][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.864423][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.873447][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.880593][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.889650][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.899657][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.908592][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.917937][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.018223][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.035874][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.051928][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.060992][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.077407][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 10:12:57 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 207.118320][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.142533][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.185369][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 207.211842][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 207.220292][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 207.243053][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.262876][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.292497][ T7073] device veth0_vlan entered promiscuous mode [ 207.342735][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 207.350890][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 207.366812][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.377790][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.387108][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.396352][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.405665][ T3311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.424591][ T6954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 207.439663][ T6954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.455984][ T6954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 207.479581][ T7097] device veth0_vlan entered promiscuous mode [ 207.486667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 207.495994][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 207.505191][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 207.515303][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 207.524796][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 207.534806][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.546446][ T6954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 207.563539][ T6954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.575738][ T6954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 207.593199][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 207.601752][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 207.610066][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 207.619587][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 207.629114][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 207.636943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 207.663827][ T7073] device veth1_vlan entered promiscuous mode [ 207.685029][ T7241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.697052][ T7097] device veth1_vlan entered promiscuous mode [ 207.846971][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 207.856456][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 207.955904][ T7370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.985938][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready 10:12:58 executing program 1: socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000ac0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') lseek(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) 10:12:58 executing program 0: ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000100)={0x3, 'vxcan1\x00', {0xffffffff}}) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010580413500000000000010902240001000000000904000049030000000921b3e0db7222dc0109058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="04000c000107100229968100f913f779d4f89d896246db63e41bf114701e378dfcebbd44"]}) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0003b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 208.033722][ T2627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 208.068209][ T7073] device veth0_macvtap entered promiscuous mode [ 208.106078][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 208.127269][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 208.152986][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 208.170767][ T7073] device veth1_macvtap entered promiscuous mode [ 208.218578][ T7097] device veth0_macvtap entered promiscuous mode [ 208.242400][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 208.253364][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 208.263421][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 208.272622][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 208.317872][ T7097] device veth1_macvtap entered promiscuous mode [ 208.366662][ T7241] device veth0_vlan entered promiscuous mode [ 208.395253][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 208.409173][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 208.432620][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 208.446991][ T7073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 208.458179][ T2627] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 208.470814][ T7073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.490608][ T7073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 208.509696][ T7073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.549901][ T7073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 208.579949][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 208.592275][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.603787][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 208.623230][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.634176][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 208.645779][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.658732][ T7097] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 208.667071][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 208.676330][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 208.685506][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 208.696726][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 208.706669][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 208.715755][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 208.724206][ T2627] usb 1-1: Using ep0 maxpacket: 16 [ 208.735123][ T7073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 208.747759][ T7073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.759151][ T7073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 208.772353][ T7073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.785226][ T7073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 208.802484][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 208.814490][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.825381][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 208.836011][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.841954][ T2627] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 208.846682][ T7097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 208.859228][ T2627] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.880292][ T2627] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.880380][ T7097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.895360][ T2627] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 208.916489][ T7097] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 208.918933][ T2627] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 208.934762][ T2627] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 10:12:59 executing program 1: r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}, 0x1c, 0x0}}], 0x1, 0x4004894) [ 208.946072][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 208.962703][ T2627] usb 1-1: config 0 descriptor?? [ 208.972582][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 208.991010][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 209.000720][ T2632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 209.032731][ T7241] device veth1_vlan entered promiscuous mode [ 209.066161][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 10:12:59 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4005}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="000000000000020200"/20, @ANYRES32], 0x28}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000160001"], 0x18}}, 0x0) [ 209.083585][ T2641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 10:13:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xf) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="18000000170001"], 0x18}}, 0x0) [ 209.237919][ T7370] device veth0_vlan entered promiscuous mode [ 209.297940][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 209.322825][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready 10:13:00 executing program 1: mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="c18ff20000000000e1ff67"], 0x1c}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0) sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000000), 0xc, 0x0}, 0x0) mount(&(0x7f0000000140)=@nullb='/dev/nullb0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='udf\x00', 0x0, 0x0) [ 209.440133][ T8143] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.444311][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 209.448357][ T8143] UDF-fs: Scanning with blocksize 512 failed [ 209.471191][ T2627] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input5 [ 209.476984][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 209.492264][ T8143] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.492274][ T8143] UDF-fs: Scanning with blocksize 1024 failed [ 209.492558][ T8143] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.492565][ T8143] UDF-fs: Scanning with blocksize 2048 failed [ 209.494615][ T8143] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.542474][ T2627] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input6 [ 209.557987][ T8143] UDF-fs: Scanning with blocksize 4096 failed [ 209.590491][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 209.622346][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 209.637992][ T7241] device veth0_macvtap entered promiscuous mode [ 209.656250][ T8153] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.661209][ T2627] kye 0003:0458:5013.0001: input,hiddev96,hidraw0: USB HID ve0.b3 Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0 [ 209.687283][ T8142] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 209.733525][ T8153] UDF-fs: Scanning with blocksize 512 failed [ 209.741865][ T8151] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 209.756847][ T7370] device veth1_vlan entered promiscuous mode [ 209.771598][ T8153] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.779098][ T8153] UDF-fs: Scanning with blocksize 1024 failed [ 209.784968][ T2627] usb 1-1: USB disconnect, device number 2 [ 209.822841][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 209.831429][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 209.845442][ T7241] device veth1_macvtap entered promiscuous mode [ 209.882326][ T8153] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.890093][ T8153] UDF-fs: Scanning with blocksize 2048 failed [ 209.895225][ T2627] ================================================================== [ 209.904397][ T2627] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0 [ 209.911611][ T2627] Read of size 8 at addr ffff88809d8ab150 by task kworker/1:14/2627 [ 209.919605][ T2627] [ 209.921946][ T2627] CPU: 1 PID: 2627 Comm: kworker/1:14 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0 [ 209.923405][ T8153] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 209.931573][ T2627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.931593][ T2627] Workqueue: usb_hub_wq hub_event [ 209.931601][ T2627] Call Trace: [ 209.931622][ T2627] dump_stack+0x18f/0x20d [ 209.931641][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 209.939107][ T8153] UDF-fs: Scanning with blocksize 4096 failed [ 209.949182][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 209.949203][ T2627] print_address_description.constprop.0.cold+0xd3/0x413 [ 209.949218][ T2627] ? mousedev_destroy+0x20/0xa0 [ 209.949232][ T2627] ? __input_unregister_device+0x1b0/0x430 [ 209.949246][ T2627] ? input_unregister_device+0xb4/0xf0 [ 209.949261][ T2627] ? hidinput_disconnect+0x15e/0x3d0 [ 209.949272][ T2627] ? hid_disconnect+0x13f/0x1a0 [ 209.949287][ T2627] ? vprintk_func+0x97/0x1a6 [ 209.949304][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.020966][ T2627] kasan_report.cold+0x1f/0x37 [ 210.025759][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.030633][ T2627] __mutex_lock+0x1033/0x13c0 [ 210.035333][ T2627] ? print_usage_bug+0x240/0x240 [ 210.040299][ T2627] ? mousedev_cleanup+0x21/0x180 [ 210.045267][ T2627] ? trace_hardirqs_off+0x50/0x220 [ 210.050678][ T2627] ? mutex_trylock+0x2c0/0x2c0 [ 210.055470][ T2627] ? mark_held_locks+0x9f/0xe0 [ 210.060262][ T2627] ? kfree+0x1eb/0x2b0 [ 210.064352][ T2627] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 210.070367][ T2627] ? kfree_const+0x51/0x60 [ 210.074905][ T2627] ? dev_attr_show+0x90/0x90 [ 210.079537][ T2627] ? mousedev_cleanup+0x21/0x180 [ 210.084497][ T2627] mousedev_cleanup+0x21/0x180 [ 210.089281][ T2627] mousedev_destroy+0x28/0xa0 [ 210.094071][ T2627] __input_unregister_device+0x1b0/0x430 [ 210.099841][ T2627] input_unregister_device+0xb4/0xf0 [ 210.105152][ T2627] hidinput_disconnect+0x15e/0x3d0 [ 210.110538][ T2627] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 210.116093][ T2627] hid_disconnect+0x13f/0x1a0 [ 210.120782][ T2627] hid_device_remove+0x186/0x240 [ 210.125721][ T2627] ? hid_compare_device_paths+0xc0/0xc0 [ 210.131271][ T2627] device_release_driver_internal+0x231/0x500 [ 210.137369][ T2627] bus_remove_device+0x2dc/0x4a0 [ 210.142308][ T2627] device_del+0x481/0xd30 [ 210.146754][ T2627] ? device_link_add_missing_supplier_links+0x370/0x370 [ 210.153924][ T2627] ? mark_held_locks+0x9f/0xe0 [ 210.158907][ T2627] ? _raw_spin_unlock_irq+0x1f/0x80 [ 210.164276][ T2627] hid_destroy_device+0xe1/0x150 [ 210.169219][ T2627] usbhid_disconnect+0x9f/0xe0 [ 210.174134][ T2627] usb_unbind_interface+0x1bd/0x8a0 [ 210.179363][ T2627] ? __pm_runtime_idle+0xd1/0x320 [ 210.184407][ T2627] ? usb_autoresume_device+0x60/0x60 [ 210.190061][ T2627] device_release_driver_internal+0x432/0x500 [ 210.196307][ T2627] bus_remove_device+0x2dc/0x4a0 [ 210.201459][ T2627] device_del+0x481/0xd30 [ 210.205863][ T2627] ? device_link_add_missing_supplier_links+0x370/0x370 [ 210.212822][ T2627] ? usb_remove_ep_devs+0x3e/0x80 [ 210.217886][ T2627] ? remove_intf_ep_devs+0x13f/0x1d0 [ 210.224485][ T2627] usb_disable_device+0x211/0x690 [ 210.229522][ T2627] usb_disconnect+0x284/0x8d0 [ 210.234216][ T2627] hub_event+0x17ca/0x38f0 [ 210.238750][ T2627] ? hub_port_debounce+0x260/0x260 [ 210.243860][ T2627] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 210.249743][ T2627] ? debug_smp_processor_id+0x2f/0x185 [ 210.255287][ T2627] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 210.260920][ T2627] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 210.266995][ T2627] process_one_work+0x965/0x16a0 [ 210.271929][ T2627] ? lock_release+0x800/0x800 [ 210.276627][ T2627] ? pwq_dec_nr_in_flight+0x310/0x310 [ 210.282093][ T2627] ? rwlock_bug.part.0+0x90/0x90 [ 210.287073][ T2627] worker_thread+0x7ab/0xe20 [ 210.291679][ T2627] ? process_one_work+0x16a0/0x16a0 [ 210.296871][ T2627] kthread+0x3b5/0x4a0 [ 210.301107][ T2627] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 210.306819][ T2627] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 210.312566][ T2627] ret_from_fork+0x24/0x30 [ 210.317097][ T2627] [ 210.319437][ T2627] Allocated by task 2627: [ 210.323786][ T2627] save_stack+0x1b/0x40 [ 210.327944][ T2627] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 210.333578][ T2627] kmem_cache_alloc_trace+0x153/0x7d0 [ 210.339665][ T2627] mousedev_create+0x90/0xa20 [ 210.344344][ T2627] mousedev_connect+0x20/0x280 [ 210.349093][ T2627] input_attach_handler+0x194/0x200 [ 210.354273][ T2627] input_register_device.cold+0xf5/0x246 [ 210.360029][ T2627] hidinput_connect+0x4f8f/0xdb30 [ 210.365054][ T2627] hid_connect+0x96b/0xbc0 [ 210.369524][ T2627] hid_hw_start+0xa2/0x130 [ 210.373957][ T2627] kye_probe+0x44/0x536 [ 210.378119][ T2627] hid_device_probe+0x2be/0x3f0 [ 210.383077][ T2627] really_probe+0x281/0x6d0 [ 210.387737][ T2627] driver_probe_device+0xfe/0x1d0 [ 210.392774][ T2627] __device_attach_driver+0x1c2/0x220 [ 210.398139][ T2627] bus_for_each_drv+0x162/0x1e0 [ 210.402982][ T2627] __device_attach+0x21a/0x360 [ 210.407737][ T2627] bus_probe_device+0x1e4/0x290 [ 210.412780][ T2627] device_add+0xaf1/0x1900 [ 210.417202][ T2627] hid_add_device+0x33c/0x9a0 [ 210.422064][ T2627] usbhid_probe+0xac8/0xff0 [ 210.426565][ T2627] usb_probe_interface+0x305/0x7a0 [ 210.431688][ T2627] really_probe+0x281/0x6d0 [ 210.436656][ T2627] driver_probe_device+0xfe/0x1d0 [ 210.442020][ T2627] __device_attach_driver+0x1c2/0x220 [ 210.447419][ T2627] bus_for_each_drv+0x162/0x1e0 [ 210.452388][ T2627] __device_attach+0x21a/0x360 [ 210.457182][ T2627] bus_probe_device+0x1e4/0x290 [ 210.462031][ T2627] device_add+0xaf1/0x1900 [ 210.466611][ T2627] usb_set_configuration+0xec5/0x1740 [ 210.471984][ T2627] usb_generic_driver_probe+0x9d/0xe0 [ 210.477377][ T2627] usb_probe_device+0xc6/0x1f0 [ 210.482145][ T2627] really_probe+0x281/0x6d0 [ 210.486659][ T2627] driver_probe_device+0xfe/0x1d0 [ 210.491692][ T2627] __device_attach_driver+0x1c2/0x220 [ 210.497434][ T2627] bus_for_each_drv+0x162/0x1e0 [ 210.502541][ T2627] __device_attach+0x21a/0x360 [ 210.507307][ T2627] bus_probe_device+0x1e4/0x290 [ 210.512168][ T2627] device_add+0xaf1/0x1900 [ 210.516579][ T2627] usb_new_device.cold+0x753/0x103d [ 210.522489][ T2627] hub_event+0x1eca/0x38f0 [ 210.526912][ T2627] process_one_work+0x965/0x16a0 [ 210.531871][ T2627] worker_thread+0x96/0xe20 [ 210.536361][ T2627] kthread+0x3b5/0x4a0 [ 210.540539][ T2627] ret_from_fork+0x24/0x30 [ 210.544939][ T2627] [ 210.547390][ T2627] Freed by task 2627: [ 210.551366][ T2627] save_stack+0x1b/0x40 [ 210.555507][ T2627] __kasan_slab_free+0xf7/0x140 [ 210.560527][ T2627] kfree+0x109/0x2b0 [ 210.564429][ T2627] device_release+0x71/0x200 [ 210.569143][ T2627] kobject_put+0x1c8/0x2f0 [ 210.573983][ T2627] cdev_device_del+0x69/0x80 [ 210.578595][ T2627] mousedev_destroy+0x20/0xa0 [ 210.583355][ T2627] __input_unregister_device+0x1b0/0x430 [ 210.588990][ T2627] input_unregister_device+0xb4/0xf0 [ 210.594258][ T2627] hidinput_disconnect+0x15e/0x3d0 [ 210.599347][ T2627] hid_disconnect+0x13f/0x1a0 [ 210.604012][ T2627] hid_device_remove+0x186/0x240 [ 210.608951][ T2627] device_release_driver_internal+0x231/0x500 [ 210.615385][ T2627] bus_remove_device+0x2dc/0x4a0 [ 210.620340][ T2627] device_del+0x481/0xd30 [ 210.624676][ T2627] hid_destroy_device+0xe1/0x150 [ 210.629629][ T2627] usbhid_disconnect+0x9f/0xe0 [ 210.634549][ T2627] usb_unbind_interface+0x1bd/0x8a0 [ 210.639748][ T2627] device_release_driver_internal+0x432/0x500 [ 210.646396][ T2627] bus_remove_device+0x2dc/0x4a0 [ 210.651421][ T2627] device_del+0x481/0xd30 [ 210.655746][ T2627] usb_disable_device+0x211/0x690 [ 210.661031][ T2627] usb_disconnect+0x284/0x8d0 [ 210.665717][ T2627] hub_event+0x17ca/0x38f0 [ 210.670242][ T2627] process_one_work+0x965/0x16a0 [ 210.675307][ T2627] worker_thread+0x7ab/0xe20 [ 210.679991][ T2627] kthread+0x3b5/0x4a0 [ 210.684255][ T2627] ret_from_fork+0x24/0x30 [ 210.689702][ T2627] [ 210.692032][ T2627] The buggy address belongs to the object at ffff88809d8ab000 [ 210.692032][ T2627] which belongs to the cache kmalloc-2k of size 2048 [ 210.706272][ T2627] The buggy address is located 336 bytes inside of [ 210.706272][ T2627] 2048-byte region [ffff88809d8ab000, ffff88809d8ab800) [ 210.719657][ T2627] The buggy address belongs to the page: [ 210.725289][ T2627] page:ffffea0002762ac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 210.734394][ T2627] flags: 0xfffe0000000200(slab) [ 210.739246][ T2627] raw: 00fffe0000000200 ffffea00027554c8 ffffea00026a48c8 ffff8880aa000e00 [ 210.747922][ T2627] raw: 0000000000000000 ffff88809d8ab000 0000000100000001 0000000000000000 [ 210.756483][ T2627] page dumped because: kasan: bad access detected [ 210.762872][ T2627] [ 210.765193][ T2627] Memory state around the buggy address: [ 210.770808][ T2627] ffff88809d8ab000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.778852][ T2627] ffff88809d8ab080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.786895][ T2627] >ffff88809d8ab100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.794951][ T2627] ^ [ 210.801773][ T2627] ffff88809d8ab180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.810035][ T2627] ffff88809d8ab200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 210.818081][ T2627] ================================================================== [ 210.826213][ T2627] Disabling lock debugging due to kernel taint [ 210.851197][ T2627] Kernel panic - not syncing: panic_on_warn set ... [ 210.857842][ T2627] CPU: 1 PID: 2627 Comm: kworker/1:14 Tainted: G B 5.7.0-rc6-next-20200522-syzkaller #0 [ 210.869358][ T2627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.879627][ T2627] Workqueue: usb_hub_wq hub_event [ 210.884658][ T2627] Call Trace: [ 210.887960][ T2627] dump_stack+0x18f/0x20d [ 210.892299][ T2627] ? __mutex_lock+0xf50/0x13c0 [ 210.897073][ T2627] panic+0x2e3/0x75c [ 210.900987][ T2627] ? __warn_printk+0xf3/0xf3 [ 210.905591][ T2627] ? preempt_schedule_common+0x5e/0xc0 [ 210.911055][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.915919][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.920779][ T2627] ? preempt_schedule_thunk+0x16/0x18 [ 210.926165][ T2627] ? trace_hardirqs_on+0x55/0x230 [ 210.931204][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.936068][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.940965][ T2627] end_report+0x4d/0x53 [ 210.945163][ T2627] kasan_report.cold+0xd/0x37 [ 210.949880][ T2627] ? __mutex_lock+0x1033/0x13c0 [ 210.954737][ T2627] __mutex_lock+0x1033/0x13c0 [ 210.959429][ T2627] ? print_usage_bug+0x240/0x240 [ 210.964374][ T2627] ? mousedev_cleanup+0x21/0x180 [ 210.969325][ T2627] ? trace_hardirqs_off+0x50/0x220 [ 210.974465][ T2627] ? mutex_trylock+0x2c0/0x2c0 [ 210.979246][ T2627] ? mark_held_locks+0x9f/0xe0 [ 210.984138][ T2627] ? kfree+0x1eb/0x2b0 [ 210.988222][ T2627] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 210.994568][ T2627] ? kfree_const+0x51/0x60 [ 210.999003][ T2627] ? dev_attr_show+0x90/0x90 [ 211.003668][ T2627] ? mousedev_cleanup+0x21/0x180 [ 211.008852][ T2627] mousedev_cleanup+0x21/0x180 [ 211.013734][ T2627] mousedev_destroy+0x28/0xa0 [ 211.018551][ T2627] __input_unregister_device+0x1b0/0x430 [ 211.024344][ T2627] input_unregister_device+0xb4/0xf0 [ 211.029646][ T2627] hidinput_disconnect+0x15e/0x3d0 [ 211.034788][ T2627] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 211.040352][ T2627] hid_disconnect+0x13f/0x1a0 [ 211.045215][ T2627] hid_device_remove+0x186/0x240 [ 211.050334][ T2627] ? hid_compare_device_paths+0xc0/0xc0 [ 211.055912][ T2627] device_release_driver_internal+0x231/0x500 [ 211.062091][ T2627] bus_remove_device+0x2dc/0x4a0 [ 211.067046][ T2627] device_del+0x481/0xd30 [ 211.071396][ T2627] ? device_link_add_missing_supplier_links+0x370/0x370 [ 211.078347][ T2627] ? mark_held_locks+0x9f/0xe0 [ 211.083132][ T2627] ? _raw_spin_unlock_irq+0x1f/0x80 [ 211.088502][ T2627] hid_destroy_device+0xe1/0x150 [ 211.093461][ T2627] usbhid_disconnect+0x9f/0xe0 [ 211.098359][ T2627] usb_unbind_interface+0x1bd/0x8a0 [ 211.103801][ T2627] ? __pm_runtime_idle+0xd1/0x320 [ 211.108828][ T2627] ? usb_autoresume_device+0x60/0x60 [ 211.114791][ T2627] device_release_driver_internal+0x432/0x500 [ 211.120979][ T2627] bus_remove_device+0x2dc/0x4a0 [ 211.125958][ T2627] device_del+0x481/0xd30 [ 211.130402][ T2627] ? device_link_add_missing_supplier_links+0x370/0x370 [ 211.137377][ T2627] ? usb_remove_ep_devs+0x3e/0x80 [ 211.143728][ T2627] ? remove_intf_ep_devs+0x13f/0x1d0 [ 211.149160][ T2627] usb_disable_device+0x211/0x690 [ 211.154204][ T2627] usb_disconnect+0x284/0x8d0 [ 211.158898][ T2627] hub_event+0x17ca/0x38f0 [ 211.163335][ T2627] ? hub_port_debounce+0x260/0x260 [ 211.168692][ T2627] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 211.174892][ T2627] ? debug_smp_processor_id+0x2f/0x185 [ 211.181044][ T2627] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 211.186956][ T2627] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 211.188749][ T7370] device veth0_macvtap entered promiscuous mode [ 211.193140][ T2627] process_one_work+0x965/0x16a0 [ 211.193159][ T2627] ? lock_release+0x800/0x800 [ 211.193171][ T2627] ? pwq_dec_nr_in_flight+0x310/0x310 [ 211.193185][ T2627] ? rwlock_bug.part.0+0x90/0x90 [ 211.193208][ T2627] worker_thread+0x7ab/0xe20 [ 211.225421][ T2627] ? process_one_work+0x16a0/0x16a0 [ 211.230925][ T2627] kthread+0x3b5/0x4a0 [ 211.235915][ T2627] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 211.241645][ T2627] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 211.245339][ T7370] device veth1_macvtap entered promiscuous mode [ 211.247437][ T2627] ret_from_fork+0x24/0x30 [ 211.255222][ T2627] Kernel Offset: disabled [ 211.264036][ T2627] Rebooting in 86400 seconds..