Warning: Permanently added '10.128.1.43' (ED25519) to the list of known hosts.
[   41.755756][ T3498] chnl_net:caif_netlink_parms(): no params data found
[   41.798143][ T3498] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.806366][ T3498] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.815131][ T3498] device bridge_slave_0 entered promiscuous mode
[   41.824386][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.832243][ T3498] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.840526][ T3498] device bridge_slave_1 entered promiscuous mode
[   41.861465][ T3498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   41.873317][ T3498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   41.896729][ T3498] team0: Port device team_slave_0 added
[   41.904912][ T3498] team0: Port device team_slave_1 added
[   41.923490][ T3498] batman_adv: batadv0: Adding interface: batadv_slave_0
[   41.930685][ T3498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.957101][ T3498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   41.970245][ T3498] batman_adv: batadv0: Adding interface: batadv_slave_1
[   41.977520][ T3498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.003482][ T3498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.030830][ T3498] device hsr_slave_0 entered promiscuous mode
[   42.037758][ T3498] device hsr_slave_1 entered promiscuous mode
[   42.124492][ T3498] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   42.135262][ T3498] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   42.144510][ T3498] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   42.153557][ T3498] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   42.174151][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.181327][ T3498] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.189314][ T3498] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.196621][ T3498] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.242428][ T3498] 8021q: adding VLAN 0 to HW filter on device bond0
[   42.256273][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.267639][ T1932] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.276486][ T1932] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.285041][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   42.301106][ T3498] 8021q: adding VLAN 0 to HW filter on device team0
[   42.312394][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.321191][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.328264][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.342336][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.351178][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.358297][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.372988][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   42.383974][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   42.398234][ T3498] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   42.410494][ T3498] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   42.423403][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   42.432199][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.441821][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.451214][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   42.466759][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   42.474487][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   42.485239][ T3498] 8021q: adding VLAN 0 to HW filter on device batadv0
[   42.502139][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.520303][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.529274][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   42.537700][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   42.547141][ T3498] device veth0_vlan entered promiscuous mode
[   42.558668][ T3498] device veth1_vlan entered promiscuous mode
[   42.578015][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   42.587386][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   42.595873][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.608637][ T3498] device veth0_macvtap entered promiscuous mode
[   42.618318][ T3498] device veth1_macvtap entered promiscuous mode
[   42.633992][ T3498] batman_adv: batadv0: Interface activated: batadv_slave_0
[   42.642007][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.651781][ T2922] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   42.663762][ T3498] batman_adv: batadv0: Interface activated: batadv_slave_1
[   42.672661][ T1932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.683723][ T3498] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.694061][ T3498] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   42.703591][ T3498] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.712934][ T3498] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.040238][ T2922] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   43.470215][ T2922] usb 1-1: New USB device found, idVendor=047d, idProduct=5002, bcdDevice=b9.5b
[   43.480540][ T2922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   43.500860][ T2922] usb 1-1: config 0 descriptor??
[   43.544103][ T2922] gspca_main: se401-2.14.0 probing 047d:5002
[   43.900059][ T2922] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[   44.089971][ T2922] usb 1-1: device descriptor read/64, error -32
[   44.360061][ T2922] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[   44.550023][ T2922] usb 1-1: device descriptor read/64, error -32
[   44.819992][ T2922] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[   44.910115][ T2922] usb 1-1: Using ep0 maxpacket: 16
[   45.350156][ T2922] usb 1-1: device descriptor read/all, error 1
[   45.509944][ T2922] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[   45.640080][ T2922] usb 1-1: device descriptor read/8, error -71
[   45.770852][ T2922] gspca_se401: read req failed req 0x06 error -19
[   45.780562][ T2922] usb 1-1: USB disconnect, device number 2
[   45.781273][ T3503] ==================================================================
[   45.795668][ T3503] BUG: KASAN: slab-out-of-bounds in read_descriptors+0x2b4/0x320
[   45.803691][ T3503] Read of size 2 at addr ffff888013feaaaa by task udevd/3503
[   45.811220][ T3503] 
[   45.813559][ T3503] CPU: 1 PID: 3503 Comm: udevd Not tainted 5.15.120-syzkaller #0
[   45.821586][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   45.832223][ T3503] Call Trace:
[   45.835740][ T3503]  <TASK>
[   45.839765][ T3503]  dump_stack_lvl+0x1e3/0x2cb
[   45.844730][ T3503]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   45.851785][ T3503]  ? _printk+0xd1/0x111
[   45.855990][ T3503]  ? __wake_up_klogd+0xcc/0x100
[   45.861035][ T3503]  ? panic+0x84d/0x84d
[   45.865100][ T3503]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   45.870968][ T3503]  print_address_description+0x63/0x3b0
[   45.876555][ T3503]  ? read_descriptors+0x2b4/0x320
[   45.881955][ T3503]  kasan_report+0x16b/0x1c0
[   45.886459][ T3503]  ? read_descriptors+0x2b4/0x320
[   45.891568][ T3503]  read_descriptors+0x2b4/0x320
[   45.897133][ T3503]  ? sysfs_kf_bin_open+0xd0/0xd0
[   45.902459][ T3503]  kernfs_fop_read_iter+0x37a/0x570
[   45.908366][ T3503]  vfs_read+0xa9f/0xe10
[   45.913081][ T3503]  ? kernel_read+0x1f0/0x1f0
[   45.918533][ T3503]  ? read_lock_is_recursive+0x10/0x10
[   45.924095][ T3503]  ? __fdget_pos+0x272/0x300
[   45.929062][ T3503]  ksys_read+0x1a2/0x2c0
[   45.933591][ T3503]  ? print_irqtrace_events+0x210/0x210
[   45.940051][ T3503]  ? vfs_write+0xe50/0xe50
[   45.944878][ T3503]  ? syscall_enter_from_user_mode+0x2e/0x230
[   45.951126][ T3503]  ? lockdep_hardirqs_on+0x94/0x130
[   45.956921][ T3503]  ? syscall_enter_from_user_mode+0x2e/0x230
[   45.963345][ T3503]  do_syscall_64+0x3d/0xb0
[   45.967902][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   45.974055][ T3503] RIP: 0033:0x7fee6d93bb6a
[   45.978487][ T3503] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83
[   45.998955][ T3503] RSP: 002b:00007ffc8c3ccb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.007462][ T3503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fee6d93bb6a
[   46.015602][ T3503] RDX: 0000000000010011 RSI: 00007ffc8c3ccb37 RDI: 0000000000000008
[   46.023785][ T3503] RBP: 0000000000000008 R08: 0000000000000003 R09: 58d6d0a0572cd16d
[   46.032197][ T3503] R10: 0000000000000000 R11: 0000000000000246 R12: 000055562e0a7810
[   46.040618][ T3503] R13: 00007ffc8c3dd218 R14: 00007ffc8c3dd868 R15: 00007ffc8c3ccb37
[   46.049123][ T3503]  </TASK>
[   46.052137][ T3503] 
[   46.054456][ T3503] Allocated by task 2922:
[   46.059573][ T3503]  ____kasan_kmalloc+0xba/0xf0
[   46.064444][ T3503]  __kmalloc+0x168/0x300
[   46.068680][ T3503]  usb_get_configuration+0x105/0x4d60
[   46.074301][ T3503]  usb_new_device+0x146/0x18d0
[   46.079150][ T3503]  hub_event+0x2dd8/0x56d0
[   46.083549][ T3503]  process_one_work+0x8a1/0x10c0
[   46.088653][ T3503]  worker_thread+0xaca/0x1280
[   46.093442][ T3503]  kthread+0x3f6/0x4f0
[   46.097563][ T3503]  ret_from_fork+0x1f/0x30
[   46.105404][ T3503] 
[   46.107928][ T3503] The buggy address belongs to the object at ffff888013fea800
[   46.107928][ T3503]  which belongs to the cache kmalloc-1k of size 1024
[   46.123471][ T3503] The buggy address is located 682 bytes inside of
[   46.123471][ T3503]  1024-byte region [ffff888013fea800, ffff888013feac00)
[   46.137297][ T3503] The buggy address belongs to the page:
[   46.143105][ T3503] page:ffffea00004ffa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13fe8
[   46.154479][ T3503] head:ffffea00004ffa00 order:3 compound_mapcount:0 compound_pincount:0
[   46.163736][ T3503] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   46.172284][ T3503] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   46.181440][ T3503] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   46.190672][ T3503] page dumped because: kasan: bad access detected
[   46.198037][ T3503] page_owner tracks the page as allocated
[   46.204053][ T3503] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1067, ts 43260451872, free_ts 42729221637
[   46.224137][ T3503]  get_page_from_freelist+0x322a/0x33c0
[   46.230018][ T3503]  __alloc_pages+0x272/0x700
[   46.235123][ T3503]  new_slab+0xbb/0x4b0
[   46.239459][ T3503]  ___slab_alloc+0x6f6/0xe10
[   46.244628][ T3503]  __kmalloc+0x1c9/0x300
[   46.250439][ T3503]  ___neigh_create+0x622/0x21d0
[   46.255789][ T3503]  ip6_finish_output2+0x11a6/0x14f0
[   46.261270][ T3503]  ndisc_send_skb+0xae0/0x13c0
[   46.266169][ T3503]  ndisc_send_ns+0x64d/0x830
[   46.271851][ T3503]  addrconf_dad_work+0xb35/0x1720
[   46.277691][ T3503]  process_one_work+0x8a1/0x10c0
[   46.283302][ T3503]  worker_thread+0xaca/0x1280
[   46.288914][ T3503]  kthread+0x3f6/0x4f0
[   46.293290][ T3503]  ret_from_fork+0x1f/0x30
[   46.298501][ T3503] page last free stack trace:
[   46.303809][ T3503]  free_unref_page_prepare+0xc34/0xcf0
[   46.310384][ T3503]  free_unref_page+0x95/0x2d0
[   46.315488][ T3503]  __unfreeze_partials+0x1b7/0x210
[   46.321435][ T3503]  put_cpu_partial+0x132/0x1a0
[   46.326612][ T3503]  ___cache_free+0xe3/0x100
[   46.331393][ T3503]  qlist_free_all+0x36/0x90
[   46.335987][ T3503]  kasan_quarantine_reduce+0x162/0x180
[   46.341530][ T3503]  __kasan_slab_alloc+0x2f/0xc0
[   46.346689][ T3503]  slab_post_alloc_hook+0x53/0x380
[   46.351927][ T3503]  kmem_cache_alloc_node+0x121/0x2c0
[   46.357574][ T3503]  __alloc_skb+0xdd/0x590
[   46.362929][ T3503]  netlink_sendmsg+0x6f8/0xd60
[   46.368028][ T3503]  __sys_sendto+0x564/0x720
[   46.373305][ T3503]  __x64_sys_sendto+0xda/0xf0
[   46.378115][ T3503]  do_syscall_64+0x3d/0xb0
[   46.382547][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   46.389317][ T3503] 
[   46.391723][ T3503] Memory state around the buggy address:
[   46.397642][ T3503]  ffff888013fea980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.406141][ T3503]  ffff888013feaa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.414430][ T3503] >ffff888013feaa80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   46.423017][ T3503]                                   ^
[   46.428493][ T3503]  ffff888013feab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.436662][ T3503]  ffff888013feab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.444903][ T3503] ==================================================================
[   46.453190][ T3503] Disabling lock debugging due to kernel taint
[   46.462295][ T3503] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   46.469719][ T3503] CPU: 1 PID: 3503 Comm: udevd Tainted: G    B             5.15.120-syzkaller #0
[   46.479690][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   46.489924][ T3503] Call Trace:
[   46.493208][ T3503]  <TASK>
[   46.496221][ T3503]  dump_stack_lvl+0x1e3/0x2cb
[   46.500973][ T3503]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   46.506863][ T3503]  ? panic+0x84d/0x84d
[   46.511106][ T3503]  ? rcu_is_watching+0x11/0xa0
[   46.516291][ T3503]  ? preempt_schedule_common+0xa6/0xd0
[   46.521973][ T3503]  panic+0x318/0x84d
[   46.526001][ T3503]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   46.532171][ T3503]  ? check_panic_on_warn+0x1d/0xa0
[   46.537356][ T3503]  ? fb_is_primary_device+0xcc/0xcc
[   46.542578][ T3503]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   46.549016][ T3503]  ? _raw_spin_unlock+0x40/0x40
[   46.554226][ T3503]  check_panic_on_warn+0x7e/0xa0
[   46.560089][ T3503]  ? read_descriptors+0x2b4/0x320
[   46.565423][ T3503]  end_report+0x6d/0xf0
[   46.570123][ T3503]  kasan_report+0x18e/0x1c0
[   46.574858][ T3503]  ? read_descriptors+0x2b4/0x320
[   46.580121][ T3503]  read_descriptors+0x2b4/0x320
[   46.586046][ T3503]  ? sysfs_kf_bin_open+0xd0/0xd0
[   46.591157][ T3503]  kernfs_fop_read_iter+0x37a/0x570
[   46.596508][ T3503]  vfs_read+0xa9f/0xe10
[   46.600846][ T3503]  ? kernel_read+0x1f0/0x1f0
[   46.605714][ T3503]  ? read_lock_is_recursive+0x10/0x10
[   46.611401][ T3503]  ? __fdget_pos+0x272/0x300
[   46.616507][ T3503]  ksys_read+0x1a2/0x2c0
[   46.621330][ T3503]  ? print_irqtrace_events+0x210/0x210
[   46.627331][ T3503]  ? vfs_write+0xe50/0xe50
[   46.631744][ T3503]  ? syscall_enter_from_user_mode+0x2e/0x230
[   46.638236][ T3503]  ? lockdep_hardirqs_on+0x94/0x130
[   46.644213][ T3503]  ? syscall_enter_from_user_mode+0x2e/0x230
[   46.650340][ T3503]  do_syscall_64+0x3d/0xb0
[   46.655456][ T3503]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   46.662376][ T3503] RIP: 0033:0x7fee6d93bb6a
[   46.667166][ T3503] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83
[   46.689020][ T3503] RSP: 002b:00007ffc8c3ccb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   46.699649][ T3503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fee6d93bb6a
[   46.708771][ T3503] RDX: 0000000000010011 RSI: 00007ffc8c3ccb37 RDI: 0000000000000008
[   46.717018][ T3503] RBP: 0000000000000008 R08: 0000000000000003 R09: 58d6d0a0572cd16d
[   46.725354][ T3503] R10: 0000000000000000 R11: 0000000000000246 R12: 000055562e0a7810
[   46.733473][ T3503] R13: 00007ffc8c3dd218 R14: 00007ffc8c3dd868 R15: 00007ffc8c3ccb37
[   46.741654][ T3503]  </TASK>
[   46.744893][ T3503] Kernel Offset: disabled
[   46.749467][ T3503] Rebooting in 86400 seconds..