Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. 2020/05/25 07:42:15 fuzzer started 2020/05/25 07:42:16 dialing manager at 10.128.0.26:38825 2020/05/25 07:42:16 syscalls: 3055 2020/05/25 07:42:16 code coverage: enabled 2020/05/25 07:42:16 comparison tracing: enabled 2020/05/25 07:42:16 extra coverage: enabled 2020/05/25 07:42:16 setuid sandbox: enabled 2020/05/25 07:42:16 namespace sandbox: enabled 2020/05/25 07:42:16 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/25 07:42:16 fault injection: enabled 2020/05/25 07:42:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/25 07:42:16 net packet injection: enabled 2020/05/25 07:42:16 net device setup: enabled 2020/05/25 07:42:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/25 07:42:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/25 07:42:16 USB emulation: enabled 07:44:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x8}}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@gettfilter={0x24, 0x2e, 0x63ee8762c75d8929, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) syzkaller login: [ 185.780389][ T6835] IPVS: ftp: loaded support on port[0] = 21 07:44:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) write$binfmt_misc(r0, 0x0, 0x48) r1 = socket(0x11, 0x800000003, 0x0) dup3(r1, r0, 0x0) [ 185.927756][ T6835] chnl_net:caif_netlink_parms(): no params data found [ 186.073608][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.081785][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.091610][ T6835] device bridge_slave_0 entered promiscuous mode [ 186.111952][ T6952] IPVS: ftp: loaded support on port[0] = 21 [ 186.119792][ T6835] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.127019][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.137981][ T6835] device bridge_slave_1 entered promiscuous mode [ 186.169856][ T6835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.185209][ T6835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.216057][ T6835] team0: Port device team_slave_0 added [ 186.226984][ T6835] team0: Port device team_slave_1 added 07:44:24 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)) [ 186.266266][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.273828][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.301249][ T6835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.316197][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.343308][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.393294][ T6835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.507511][ T6835] device hsr_slave_0 entered promiscuous mode 07:44:24 executing program 3: unshare(0x2040400) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x4004556b, 0x0) [ 186.575948][ T6835] device hsr_slave_1 entered promiscuous mode [ 186.695635][ T7021] IPVS: ftp: loaded support on port[0] = 21 [ 186.859553][ T6952] chnl_net:caif_netlink_parms(): no params data found [ 186.871080][ T7064] IPVS: ftp: loaded support on port[0] = 21 07:44:25 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r1, r0, 0x0) [ 187.279799][ T6952] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.294304][ T6952] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.302496][ T6952] device bridge_slave_0 entered promiscuous mode [ 187.330443][ T7021] chnl_net:caif_netlink_parms(): no params data found [ 187.356868][ T6952] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.365990][ T6952] bridge0: port 2(bridge_slave_1) entered disabled state 07:44:25 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f0000000240)=0x0) connect$can_bcm(r0, &(0x7f0000000140), 0x10) io_submit(r1, 0x2, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0300000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f000000000000ffffffff000000", 0x20000238}]) [ 187.375507][ T6952] device bridge_slave_1 entered promiscuous mode [ 187.483654][ T6835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 187.522149][ T7292] IPVS: ftp: loaded support on port[0] = 21 [ 187.562881][ T6835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 187.650001][ T7064] chnl_net:caif_netlink_parms(): no params data found [ 187.670745][ T6952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.684840][ T6952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.708287][ T6835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 187.776468][ T6952] team0: Port device team_slave_0 added [ 187.780431][ T7382] IPVS: ftp: loaded support on port[0] = 21 [ 187.793794][ T6835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 187.824304][ T6952] team0: Port device team_slave_1 added [ 187.890380][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.897757][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.926713][ T6952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.954328][ T7064] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.961578][ T7064] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.971701][ T7064] device bridge_slave_0 entered promiscuous mode [ 187.981512][ T7064] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.989223][ T7064] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.997652][ T7064] device bridge_slave_1 entered promiscuous mode [ 188.006603][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.015342][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.041945][ T6952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.091847][ T7021] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.099818][ T7021] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.108652][ T7021] device bridge_slave_0 entered promiscuous mode [ 188.152199][ T7021] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.159527][ T7021] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.171370][ T7021] device bridge_slave_1 entered promiscuous mode [ 188.190233][ T7064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.202974][ T7064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.259286][ T6952] device hsr_slave_0 entered promiscuous mode [ 188.304393][ T6952] device hsr_slave_1 entered promiscuous mode [ 188.343744][ T6952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 188.351603][ T6952] Cannot create hsr debugfs directory [ 188.399754][ T7021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.428238][ T7064] team0: Port device team_slave_0 added [ 188.436701][ T7064] team0: Port device team_slave_1 added [ 188.453299][ T7021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.510959][ T7064] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.518120][ T7064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.544614][ T7064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.600109][ T7064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.607974][ T7064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.635224][ T7064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.670510][ T7021] team0: Port device team_slave_0 added [ 188.709112][ T7021] team0: Port device team_slave_1 added [ 188.737037][ T7292] chnl_net:caif_netlink_parms(): no params data found [ 188.808192][ T7064] device hsr_slave_0 entered promiscuous mode [ 188.844070][ T7064] device hsr_slave_1 entered promiscuous mode [ 188.884118][ T7064] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 188.891697][ T7064] Cannot create hsr debugfs directory [ 188.958110][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.966118][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.995929][ T7021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.055028][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.062353][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.092452][ T7021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.129868][ T7382] chnl_net:caif_netlink_parms(): no params data found [ 189.217498][ T7021] device hsr_slave_0 entered promiscuous mode [ 189.256786][ T7021] device hsr_slave_1 entered promiscuous mode [ 189.323474][ T7021] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 189.331170][ T7021] Cannot create hsr debugfs directory [ 189.348254][ T6952] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 189.421766][ T6952] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 189.519008][ T6952] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 189.559005][ T6952] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 189.668039][ T7292] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.677118][ T7292] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.687882][ T7292] device bridge_slave_0 entered promiscuous mode [ 189.697294][ T7292] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.704515][ T7292] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.713896][ T7292] device bridge_slave_1 entered promiscuous mode [ 189.789874][ T6835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.861662][ T7292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.876084][ T7292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.912628][ T7292] team0: Port device team_slave_0 added [ 189.930562][ T7292] team0: Port device team_slave_1 added [ 190.006017][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.018491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.027866][ T7064] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 190.096658][ T7064] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 190.159808][ T7382] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.168302][ T7382] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.177715][ T7382] device bridge_slave_0 entered promiscuous mode [ 190.188143][ T6835] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.214029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.222731][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.233072][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.240342][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.249232][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.266788][ T7064] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 190.316157][ T7382] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.323974][ T7382] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.331817][ T7382] device bridge_slave_1 entered promiscuous mode [ 190.340983][ T7292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.349229][ T7292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.376289][ T7292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.390664][ T7292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.399514][ T7292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.428107][ T7292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.453406][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.462051][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.470706][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.477925][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.485791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.495255][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.504136][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.514963][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.524406][ T7021] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 190.585146][ T7064] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.646511][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.654458][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.663015][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.672450][ T7021] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 190.789125][ T7292] device hsr_slave_0 entered promiscuous mode [ 190.833929][ T7292] device hsr_slave_1 entered promiscuous mode [ 190.873491][ T7292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.881064][ T7292] Cannot create hsr debugfs directory [ 190.912132][ T7021] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 190.949127][ T7021] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 191.013217][ T7382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.023226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.031781][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.064998][ T7382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.087658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.096473][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.118580][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.171958][ T7382] team0: Port device team_slave_0 added [ 191.203986][ T7382] team0: Port device team_slave_1 added [ 191.231386][ T7382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.238514][ T7382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.270299][ T7382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.293096][ T6952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.315709][ T7382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.322675][ T7382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.350123][ T7382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.377713][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.388616][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.397141][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.406104][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.420417][ T6835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.437831][ T6952] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.524738][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.538711][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.547558][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.555510][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.567986][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 191.576951][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.593454][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.686489][ T7382] device hsr_slave_0 entered promiscuous mode [ 191.733879][ T7382] device hsr_slave_1 entered promiscuous mode [ 191.793516][ T7382] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.802740][ T7382] Cannot create hsr debugfs directory [ 191.812729][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.825295][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.834971][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.842090][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.863243][ T7021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.877508][ T7064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.908096][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.920300][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.930678][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.943846][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.956922][ T6835] device veth0_vlan entered promiscuous mode [ 191.981037][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 191.992499][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.028351][ T7064] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.052571][ T6835] device veth1_vlan entered promiscuous mode [ 192.062518][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.070646][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.078932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 192.087930][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.098207][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.107889][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.116373][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.126075][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.135729][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.145395][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.164360][ T7021] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.213922][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 192.222411][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.232506][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.242251][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.249375][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.257734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.266578][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.275638][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.284780][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.293145][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.300288][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.308198][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.317294][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.325956][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.333007][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.340803][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.349382][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.357977][ T7292] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 192.425785][ T7292] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 192.468677][ T7292] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 192.529845][ T6952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.548110][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.556993][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.588508][ T7292] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 192.646584][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.658258][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.667949][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.677155][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.684582][ T3306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.733101][ T6835] device veth0_macvtap entered promiscuous mode [ 192.750289][ T6835] device veth1_macvtap entered promiscuous mode [ 192.767185][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.780274][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.789525][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.798470][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.807402][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.816776][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.826040][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.835428][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 192.844791][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 192.853771][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 192.861831][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.870991][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.879851][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.888655][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.898082][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.906510][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.914941][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 192.948667][ T7064] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.961787][ T7064] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.988390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 192.995951][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.005435][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.014473][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.033235][ T6835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.066001][ T6952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.097235][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.107028][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 193.121873][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.131385][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.140382][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.149557][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.164058][ T6835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.235375][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.245966][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.254344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.263231][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 193.272844][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.280975][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.408195][ T7021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.421866][ T7064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.470423][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 193.494282][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.551877][ T7382] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 193.610539][ T6952] device veth0_vlan entered promiscuous mode [ 193.638277][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 193.651554][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 193.675858][ T7382] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 193.708576][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 193.718699][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 07:44:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r1, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0}}], 0xc6, 0xe000000) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) [ 193.729605][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 193.738622][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.759307][ T7292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.779574][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.804460][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.816087][ T6952] device veth1_vlan entered promiscuous mode [ 193.828673][ T7382] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 193.926736][ T7021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.943310][ C1] hrtimer: interrupt took 48883 ns [ 193.960956][ T7382] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 194.073555][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.081882][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.113701][ T7064] device veth0_vlan entered promiscuous mode [ 194.171764][ T7064] device veth1_vlan entered promiscuous mode [ 194.196050][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.210850][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.226642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.240369][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.252416][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.269276][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.279273][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.317278][ T7292] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.374515][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.390740][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready 07:44:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r1, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0}}], 0xc6, 0xe000000) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) [ 194.433196][ T6952] device veth0_macvtap entered promiscuous mode [ 194.506673][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.521740][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.548022][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.586392][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.609964][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.617493][ T3303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.661953][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.692704][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.729803][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.749594][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.774628][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.781759][ T3303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.797901][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.826397][ T6952] device veth1_macvtap entered promiscuous mode [ 194.847011][ T7021] device veth0_vlan entered promiscuous mode [ 194.889880][ T7064] device veth0_macvtap entered promiscuous mode [ 194.919156][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.928942][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.950890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.959841][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.976718][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.991332][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.012857][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.075117][ T7064] device veth1_macvtap entered promiscuous mode [ 195.093642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.102077][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 07:44:33 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r1, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0}}], 0xc6, 0xe000000) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) [ 195.121478][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.133260][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.164650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.183450][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.192124][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.218905][ T7292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.256423][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.300694][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.360031][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.392226][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.450946][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 195.459244][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.478530][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.491448][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.508756][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.523168][ T7021] device veth1_vlan entered promiscuous mode [ 195.556123][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.577039][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.597171][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.640102][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.669135][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.701800][ T7064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.719629][ T7064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.733278][ T7064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 07:44:34 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='task\x00') getdents64(r0, &(0x7f00000000c0)=""/88, 0x58) getdents64(r0, 0x0, 0xfe42) [ 195.751158][ T7064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.773239][ T7064] batman_adv: batadv0: Interface activated: batadv_slave_0 07:44:34 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/tcp\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x200002c8, 0x4000000005) [ 195.823758][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.832540][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.850638][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.861107][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 07:44:34 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\r\x8b\x8a\xa9\x16\x11g\xdd\xdf\xa1}\x8f\x8b4l\xd5 oJ\x02\x7f\x9b\x94a\xac\x01\xdd\xfd\x82k\xd6\xbd\\m\xed\xd0\xff\x84\xd0\xf1\xd4\xa9\x1d\xff\xc3\xe2\xec2\xb1\xf4\x1d\xd07\x05\xf2(\x81\xfb\xc5\x89a\xe1\xc0\xbf1\xdfWrH\t\t\xaf\xb0\v4\xbe\xfe~J\xf1\xb0\t\xd1\x88\b\xbb\xb9\x96\xe7\xf6\x04\x8b\xc2\xe8\xea\xcd\xcf\xb4\x96I\xa4\xdd\xd8\xeaH\x89\x85*\xbb\xe7\x95|\xa7S\x151\xa1\x99U\x15\xff\xcb\x05\xa7\xe5\b4C\xc88\xa4\xceC\'\xfa\xe5\xd8)\xe3\xd7]<\xd6Q\xafbj\x82\xb5~\xe6\xce\vd\x03WK', 0x3) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffe5f) fcntl$addseals(r0, 0x409, 0x0) [ 195.952856][ T7382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.994284][ T7064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.013358][ T7064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.043168][ T7064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.073941][ T7064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.095155][ T7064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.105148][ T7292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.138756][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 196.152896][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 196.210588][ T7021] device veth0_macvtap entered promiscuous mode 07:44:34 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) [ 196.265464][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.285674][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.312592][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.334322][ T2484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.353993][ T7382] 8021q: adding VLAN 0 to HW filter on device team0 07:44:34 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) [ 196.388339][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.449275][ T7021] device veth1_macvtap entered promiscuous mode [ 196.566355][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.578123][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.597284][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.622551][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.629716][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.638106][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.654469][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.663064][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.670271][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.689310][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.751758][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.790152][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.805766][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.822737][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.849257][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.859976][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.897734][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.914057][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.931447][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.948765][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.961482][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.983100][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.005162][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.020291][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.029180][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.039006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.047969][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 197.057482][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 197.070166][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.081706][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.092182][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.102668][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.113178][ T7021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.123757][ T7021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.135715][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.154144][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.162824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.175548][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.184586][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.192921][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.202025][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.216862][ T7382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.352361][ T7292] device veth0_vlan entered promiscuous mode [ 197.367377][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 197.377636][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 197.453563][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 197.461829][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 197.475713][ T7292] device veth1_vlan entered promiscuous mode [ 197.494083][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 197.502531][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.511972][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.537856][ T7382] 8021q: adding VLAN 0 to HW filter on device batadv0 07:44:35 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket(0x15, 0x80005, 0x0) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 07:44:35 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) [ 197.634052][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 197.642484][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 197.657603][ T3306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 197.681654][ T7292] device veth0_macvtap entered promiscuous mode [ 197.713028][ T7292] device veth1_macvtap entered promiscuous mode [ 197.802061][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.823022][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.833094][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.851902][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.880787][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.892501][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.911131][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.922000][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.937839][ T7292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.950050][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 197.958986][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 197.968633][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.977562][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.988220][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 197.997888][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.014441][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.034821][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.047142][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.058056][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.068591][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.079679][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.090243][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.101447][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.113113][ T7292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.127187][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.137471][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.168968][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.177533][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.187354][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.195769][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.247209][ T7382] device veth0_vlan entered promiscuous mode [ 198.350854][ T7382] device veth1_vlan entered promiscuous mode 07:44:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) [ 198.432188][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 198.442955][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 198.480786][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.499297][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.516137][ T7382] device veth0_macvtap entered promiscuous mode [ 198.542117][ T7382] device veth1_macvtap entered promiscuous mode [ 198.631091][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.641791][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.658900][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.670930][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.681403][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.698152][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.708538][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.719091][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.729734][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 198.740213][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.752175][ T7382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.761834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 198.771238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 198.779616][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.788526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.800984][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.812554][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.823046][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.834616][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.845019][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.855538][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.865477][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.876752][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.887315][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 198.897833][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.909345][ T7382] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.920771][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.930158][ T3303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 07:44:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=""/66, 0x42}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x4c010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="8800000010003b4eefc00000001002000000ce13", @ANYRES32=0x0, @ANYBLOB="dd0c32b7000000fc08000a00", @ANYRES32=0x6, @ANYBLOB="600012000c000100697036746e6c00005000020014000300ff"], 0x88}}, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000080)={'macvtap0\x00', {0x2, 0x4e24, @loopback}}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40012}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x36a) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x12000000, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100172,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c80"]) 07:44:37 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:37 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000003280)=[{&(0x7f0000002ec0)="f4c8e9bc50174929e68109ac8f24d96487318bac2e44a7aec6befc3b4bbea3aacc2bc600c8b79f59521f645dcfb4889fcbdfa915338b5144625cf756777d", 0x3e}, {&(0x7f0000002f00)="f39780e0d14d0698d21406430095cd08b2c592cbd7594cc14bcb2455c0da98f35ebffd1db84e4af178848f12e95f7d0fd9e8d325b3e6864b9a42323217131190e978ae4ec346795aa0e5ade6156c99b284de6d3b244466ad4946116eb1d78a61295b431ee5378a657c15145cafb801de8aef7aef235b2cf2", 0x78}, {&(0x7f0000002f80)="1e5b33cace4bc33ac181976e7a58e7a96929f0ae2571c4ff7e18b846e59053f377e1fde900cadea3f6318a85aa77b2cc28299536edd903b7ce47e81e3c8f20c3b9c684226914b760e15b5816ccf5c98bb49d9d5e5292906d1bb4040869564d119aa10f2bbb7e0a790914f4def92265f5bb7d450106b2b4e19e1568b93a4ed32f40c41c3cdbfdc8e64f1dca8c0040dc705f1af3172d17a15ee0a7bb6e23c8ccfaaeb42f4dbe10c8acb30e4eb3305c21a09576b7c5f4890ceccee5440f94c0ff651bc0773d234d31f35136cae0d8901c07b30fa08036f55bad468e0a4f2a0ade140f80720d5a7d226295e834", 0xeb}, {&(0x7f0000003080)="760926c76827f9850a1c57a794d81f3a311665c506c767532d15f82edcc05c0d092d8dda01fbb0dd1d1b9f0001b44c59346fada36647a9ed2024190c242b6288c58a448b1b2cd7fbbd20e6f9bb0e91872b709fa110bef9e7a774223496bb8e68711f3929c865762b620ab4579a5a7fc7b9fc7e6bfb59af6a0811c2a4a3c71afc2ccb9aa3bb0d3c7543560d857db8b9b50cc09bd43c962d5996610cf1d8b39aaadac14436c477f4e48552801d0178ae7e0104fe3459e7e017d4f1762ad0a2ef2c755b1f8819b67f4abcf7f15bbd14722c976c5f382183f0ba8ad5a36e3f962ef91ecf19a460421ccc62647fa37b2c3dd0e693853e1c1974", 0xf7}, {&(0x7f0000003180)="7f9394a3213e102115a44e7bbf2010ee3aef35f580e61cccca01605c85b88228d5a5f28651a3c944ffc44216a0", 0x2d}, {&(0x7f00000031c0)="6cdee57a5c5431071b841a3c19cb875a5c485e73d275a999333c1b157d55333fdb061d84208aa79b882058a2ee48e96296987e61896b66538f7b6cf397b03a65248c4bc515b2667023256f1920cb736a87297bea88576df0a4ad988cbcd81a183a87980b27306b8235ea310a296f311064a8f4101443ba6e9387", 0x7a}], 0x6}}], 0x1, 0x0) 07:44:37 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:37 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000180), 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000240)=0x1, 0x4) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x1) sendto$inet(r0, &(0x7f0000000100)='r', 0x1, 0xc004811, 0x0, 0x0) 07:44:37 executing program 4: r0 = socket(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x0, 0x2}}}, 0x10) bind(r0, 0x0, 0x0) 07:44:37 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={0x750, {0x2, 0x0, @multicast2}, {0x2, 0x0, @dev}, {0x2, 0x0, @local}, 0x6ed699c82dcdd0af, 0x0, 0x2, 0x46a}) 07:44:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) socket$inet6(0xa, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = gettid() sched_setattr(r4, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x3ff, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9c74, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x5}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x800, 0x4000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={@multicast1, @broadcast, @remote}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4044052}, 0x0) clone(0x50000103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="050000000000000061110c0000000000851000000000000095000020c7503443c8e76d0500000000c7b2ca729abf2bb056c8bbb42061ab89f9149a78e452e8773d5da04f9cb0ff9931b808a7fc2eceed82b2b24b6f05cbf593d53aa4551eee7bb893f15620bfa7b011bf137e7c1827143f86ccac8e2bfc6fd42a8e5b"], &(0x7f0000000080)='GPL\x00', 0xffffffff, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x78) 07:44:37 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:37 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) 07:44:37 executing program 5: syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0) 07:44:37 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') [ 199.715069][ T8230] IPVS: ftp: loaded support on port[0] = 21 07:44:38 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r0, r1, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') sendfile(r0, r1, 0x0, 0x800000080004109) 07:44:38 executing program 4: syz_mount_image$vfat(&(0x7f0000000280)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270fff8", 0x186}], 0x0, 0x0) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000340)=""/176, 0x18) 07:44:38 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') sendfile(r1, r2, 0x0, 0x800000080004109) sendfile(r0, r2, &(0x7f00000002c0)=0xff9, 0x4) 07:44:38 executing program 2: unshare(0x2040400) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) r1 = dup(r0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x4, &(0x7f00000002c0)=@abs, 0x6e) write$uinput_user_dev(r1, &(0x7f0000000980)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_ABS_SETUP(r1, 0x401c5504, 0x0) 07:44:38 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000002c0)=0x8, 0x4000000005) 07:44:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x800000080004109) [ 200.033506][ T8059] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 200.071994][ T8271] FAT-fs (loop4): bogus number of FAT sectors 07:44:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x800000080004109) [ 200.079734][ T8273] input: syz0 as /devices/virtual/input/input6 [ 200.091455][ T8271] FAT-fs (loop4): Can't find a valid FAT filesystem [ 200.094325][ T7] tipc: TX() has been purged, node left! 07:44:38 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f00000002c0)=0x8, 0x4000000005) [ 200.161061][ T8273] ================================================================== [ 200.169543][ T8273] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0 [ 200.176778][ T8273] Read of size 8 at addr ffff88809e2a2158 by task syz-executor.2/8273 [ 200.177205][ T8271] FAT-fs (loop4): bogus number of FAT sectors [ 200.184959][ T8273] [ 200.184987][ T8273] CPU: 1 PID: 8273 Comm: syz-executor.2 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0 [ 200.185000][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.185005][ T8273] Call Trace: [ 200.185027][ T8273] dump_stack+0x18f/0x20d [ 200.185043][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 200.185061][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 200.201303][ T8271] FAT-fs (loop4): Can't find a valid FAT filesystem [ 200.203222][ T8273] print_address_description.constprop.0.cold+0xd3/0x413 [ 200.203238][ T8273] ? cdev_device_del+0x69/0x80 [ 200.203251][ T8273] ? evdev_disconnect+0x3d/0xb0 [ 200.203271][ T8273] ? __input_unregister_device+0x1b0/0x430 [ 200.260709][ T8273] ? input_unregister_device+0xb4/0xf0 [ 200.266167][ T8273] ? uinput_destroy_device+0x1e2/0x240 [ 200.271631][ T8273] ? vprintk_func+0x97/0x1a6 [ 200.276206][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 200.281061][ T8273] kasan_report.cold+0x1f/0x37 [ 200.285829][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 200.290836][ T8273] __mutex_lock+0x1033/0x13c0 [ 200.295513][ T8273] ? evdev_cleanup+0x21/0x190 [ 200.300170][ T8273] ? print_usage_bug+0x240/0x240 [ 200.305280][ T8273] ? trace_hardirqs_off+0x50/0x220 [ 200.310396][ T8273] ? mutex_trylock+0x2c0/0x2c0 [ 200.315320][ T8273] ? mark_held_locks+0x9f/0xe0 [ 200.320067][ T8273] ? kfree+0x1eb/0x2b0 [ 200.324122][ T8273] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 200.330195][ T8273] ? kfree_const+0x51/0x60 [ 200.334614][ T8273] ? evdev_cleanup+0x21/0x190 [ 200.339283][ T8273] evdev_cleanup+0x21/0x190 [ 200.343771][ T8273] evdev_disconnect+0x45/0xb0 [ 200.348626][ T8273] __input_unregister_device+0x1b0/0x430 [ 200.354608][ T8273] input_unregister_device+0xb4/0xf0 [ 200.359875][ T8273] uinput_destroy_device+0x1e2/0x240 [ 200.365254][ T8273] ? uinput_destroy_device+0x240/0x240 [ 200.370865][ T8273] uinput_release+0x37/0x50 [ 200.375376][ T8273] __fput+0x33e/0x880 [ 200.379437][ T8273] task_work_run+0xf4/0x1b0 [ 200.384012][ T8273] do_exit+0xb5e/0x2e10 [ 200.388609][ T8273] ? find_held_lock+0x2d/0x110 [ 200.393390][ T8273] ? mm_update_next_owner+0x7a0/0x7a0 [ 200.398933][ T8273] ? lock_downgrade+0x840/0x840 [ 200.403786][ T8273] do_group_exit+0x125/0x340 [ 200.408375][ T8273] get_signal+0x47b/0x2510 [ 200.412772][ T8273] ? futex_exit_release+0x60/0x60 [ 200.418037][ T8273] ? lock_downgrade+0x840/0x840 [ 200.422871][ T8273] do_signal+0x81/0x2240 [ 200.427096][ T8273] ? __might_fault+0x190/0x1d0 [ 200.431847][ T8273] ? _copy_to_user+0x126/0x160 [ 200.436599][ T8273] ? copy_siginfo_to_user32+0xa0/0xa0 [ 200.441957][ T8273] ? __x64_sys_futex+0x380/0x4f0 [ 200.446893][ T8273] ? exit_to_usermode_loop+0x36/0x360 [ 200.452417][ T8273] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 200.458389][ T8273] exit_to_usermode_loop+0x26c/0x360 [ 200.463656][ T8273] do_syscall_64+0x6b1/0x7d0 [ 200.468252][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 200.474122][ T8273] RIP: 0033:0x45ca29 [ 200.477995][ T8273] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.498460][ T8273] RSP: 002b:00007f059f678cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 200.506864][ T8273] RAX: fffffffffffffe00 RBX: 000000000078bf08 RCX: 000000000045ca29 [ 200.514824][ T8273] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078bf08 [ 200.522773][ T8273] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.530723][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 200.538684][ T8273] R13: 00007fff180ed23f R14: 00007f059f6799c0 R15: 000000000078bf0c [ 200.546657][ T8273] [ 200.548984][ T8273] Allocated by task 8273: [ 200.553304][ T8273] save_stack+0x1b/0x40 [ 200.557452][ T8273] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 200.563059][ T8273] kmem_cache_alloc_trace+0x153/0x7d0 [ 200.568426][ T8273] evdev_connect+0x80/0x4d0 [ 200.572914][ T8273] input_attach_handler+0x194/0x200 [ 200.578094][ T8273] input_register_device.cold+0xf5/0x246 [ 200.583982][ T8273] uinput_ioctl_handler.isra.0+0x1210/0x1d80 [ 200.590568][ T8273] ksys_ioctl+0x11a/0x180 [ 200.594879][ T8273] __x64_sys_ioctl+0x6f/0xb0 [ 200.599461][ T8273] do_syscall_64+0xf6/0x7d0 [ 200.603962][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 200.610068][ T8273] [ 200.612375][ T8273] Freed by task 8273: [ 200.617120][ T8273] save_stack+0x1b/0x40 [ 200.621255][ T8273] __kasan_slab_free+0xf7/0x140 [ 200.626259][ T8273] kfree+0x109/0x2b0 [ 200.630135][ T8273] device_release+0x71/0x200 [ 200.634885][ T8273] kobject_put+0x1c8/0x2f0 [ 200.639283][ T8273] cdev_device_del+0x69/0x80 [ 200.643856][ T8273] evdev_disconnect+0x3d/0xb0 [ 200.648512][ T8273] __input_unregister_device+0x1b0/0x430 [ 200.654126][ T8273] input_unregister_device+0xb4/0xf0 [ 200.659481][ T8273] uinput_destroy_device+0x1e2/0x240 [ 200.664761][ T8273] uinput_release+0x37/0x50 [ 200.669245][ T8273] __fput+0x33e/0x880 [ 200.673219][ T8273] task_work_run+0xf4/0x1b0 [ 200.677702][ T8273] do_exit+0xb5e/0x2e10 [ 200.681845][ T8273] do_group_exit+0x125/0x340 [ 200.686432][ T8273] get_signal+0x47b/0x2510 [ 200.690828][ T8273] do_signal+0x81/0x2240 [ 200.695051][ T8273] exit_to_usermode_loop+0x26c/0x360 [ 200.700316][ T8273] do_syscall_64+0x6b1/0x7d0 [ 200.704888][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 200.710841][ T8273] [ 200.713157][ T8273] The buggy address belongs to the object at ffff88809e2a2000 [ 200.713157][ T8273] which belongs to the cache kmalloc-2k of size 2048 [ 200.727191][ T8273] The buggy address is located 344 bytes inside of [ 200.727191][ T8273] 2048-byte region [ffff88809e2a2000, ffff88809e2a2800) [ 200.740721][ T8273] The buggy address belongs to the page: [ 200.746354][ T8273] page:ffffea000278a880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 200.755725][ T8273] flags: 0xfffe0000000200(slab) [ 200.760578][ T8273] raw: 00fffe0000000200 ffffea0002374cc8 ffffea0002832188 ffff8880aa000e00 [ 200.769143][ T8273] raw: 0000000000000000 ffff88809e2a2000 0000000100000001 0000000000000000 [ 200.777719][ T8273] page dumped because: kasan: bad access detected [ 200.784292][ T8273] [ 200.786597][ T8273] Memory state around the buggy address: [ 200.792234][ T8273] ffff88809e2a2000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.800639][ T8273] ffff88809e2a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 07:44:39 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) [ 200.810161][ T8273] >ffff88809e2a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.818210][ T8273] ^ [ 200.826703][ T8273] ffff88809e2a2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.834759][ T8273] ffff88809e2a2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.843055][ T8273] ================================================================== [ 200.851216][ T8273] Disabling lock debugging due to kernel taint [ 200.990739][ T8273] Kernel panic - not syncing: panic_on_warn set ... [ 200.997455][ T8273] CPU: 0 PID: 8273 Comm: syz-executor.2 Tainted: G B 5.7.0-rc6-next-20200522-syzkaller #0 [ 201.008725][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.019102][ T8273] Call Trace: [ 201.022414][ T8273] dump_stack+0x18f/0x20d [ 201.026751][ T8273] ? __mutex_lock+0xf50/0x13c0 [ 201.031498][ T8273] panic+0x2e3/0x75c [ 201.035394][ T8273] ? __warn_printk+0xf3/0xf3 [ 201.039967][ T8273] ? preempt_schedule_common+0x5e/0xc0 [ 201.045440][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 201.050278][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 201.055199][ T8273] ? preempt_schedule_thunk+0x16/0x18 [ 201.060555][ T8273] ? trace_hardirqs_on+0x55/0x230 [ 201.065587][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 201.072610][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 201.077467][ T8273] end_report+0x4d/0x53 [ 201.081606][ T8273] kasan_report.cold+0xd/0x37 [ 201.086363][ T8273] ? __mutex_lock+0x1033/0x13c0 [ 201.091220][ T8273] __mutex_lock+0x1033/0x13c0 [ 201.095888][ T8273] ? evdev_cleanup+0x21/0x190 [ 201.100565][ T8273] ? print_usage_bug+0x240/0x240 [ 201.105492][ T8273] ? trace_hardirqs_off+0x50/0x220 [ 201.110602][ T8273] ? mutex_trylock+0x2c0/0x2c0 [ 201.113676][ T8059] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.115375][ T8273] ? mark_held_locks+0x9f/0xe0 [ 201.115387][ T8273] ? kfree+0x1eb/0x2b0 [ 201.115405][ T8273] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 201.128496][ T8059] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.131088][ T8273] ? kfree_const+0x51/0x60 [ 201.131108][ T8273] ? evdev_cleanup+0x21/0x190 [ 201.147721][ T8059] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 201.150859][ T8273] evdev_cleanup+0x21/0x190 [ 201.150872][ T8273] evdev_disconnect+0x45/0xb0 [ 201.150891][ T8273] __input_unregister_device+0x1b0/0x430 [ 201.157069][ T8059] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 201.159969][ T8273] input_unregister_device+0xb4/0xf0 [ 201.159988][ T8273] uinput_destroy_device+0x1e2/0x240 [ 201.173923][ T8059] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 201.174180][ T8273] ? uinput_destroy_device+0x240/0x240 [ 201.178922][ T8059] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 201.184463][ T8273] uinput_release+0x37/0x50 [ 201.184477][ T8273] __fput+0x33e/0x880 [ 201.184490][ T8273] task_work_run+0xf4/0x1b0 [ 201.184503][ T8273] do_exit+0xb5e/0x2e10 [ 201.184518][ T8273] ? find_held_lock+0x2d/0x110 [ 201.184529][ T8273] ? mm_update_next_owner+0x7a0/0x7a0 [ 201.184541][ T8273] ? lock_downgrade+0x840/0x840 [ 201.184554][ T8273] do_group_exit+0x125/0x340 [ 201.184573][ T8273] get_signal+0x47b/0x2510 [ 201.271211][ T8273] ? futex_exit_release+0x60/0x60 [ 201.276220][ T8273] ? lock_downgrade+0x840/0x840 [ 201.281050][ T8273] do_signal+0x81/0x2240 [ 201.285281][ T8273] ? __might_fault+0x190/0x1d0 [ 201.290036][ T8273] ? _copy_to_user+0x126/0x160 [ 201.294786][ T8273] ? copy_siginfo_to_user32+0xa0/0xa0 [ 201.300145][ T8273] ? __x64_sys_futex+0x380/0x4f0 [ 201.305079][ T8273] ? exit_to_usermode_loop+0x36/0x360 [ 201.310443][ T8273] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 201.316432][ T8273] exit_to_usermode_loop+0x26c/0x360 [ 201.321784][ T8273] do_syscall_64+0x6b1/0x7d0 [ 201.326359][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 201.332224][ T8273] RIP: 0033:0x45ca29 [ 201.336102][ T8273] Code: Bad RIP value. [ 201.340156][ T8273] RSP: 002b:00007f059f678cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 201.348554][ T8273] RAX: fffffffffffffe00 RBX: 000000000078bf08 RCX: 000000000045ca29 [ 201.353694][ T8059] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 201.356507][ T8273] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078bf08 [ 201.356514][ T8273] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.356520][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 201.356527][ T8273] R13: 00007fff180ed23f R14: 00007f059f6799c0 R15: 000000000078bf0c [ 201.366742][ T8273] Kernel Offset: disabled [ 201.402923][ T8273] Rebooting in 86400 seconds..