[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. 2020/05/24 17:37:35 fuzzer started 2020/05/24 17:37:35 dialing manager at 10.128.0.26:41143 2020/05/24 17:37:35 syscalls: 3055 2020/05/24 17:37:35 code coverage: enabled 2020/05/24 17:37:35 comparison tracing: enabled 2020/05/24 17:37:35 extra coverage: enabled 2020/05/24 17:37:35 setuid sandbox: enabled 2020/05/24 17:37:35 namespace sandbox: enabled 2020/05/24 17:37:35 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/24 17:37:35 fault injection: enabled 2020/05/24 17:37:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/24 17:37:35 net packet injection: enabled 2020/05/24 17:37:35 net device setup: enabled 2020/05/24 17:37:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/24 17:37:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/24 17:37:35 USB emulation: enabled 17:39:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 165.025764][ T7024] IPVS: ftp: loaded support on port[0] = 21 17:39:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 165.174870][ T7024] chnl_net:caif_netlink_parms(): no params data found [ 165.273297][ T7024] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.283201][ T7024] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.293226][ T7024] device bridge_slave_0 entered promiscuous mode [ 165.304120][ T7024] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.311406][ T7024] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.321162][ T7024] device bridge_slave_1 entered promiscuous mode [ 165.353430][ T7024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.367433][ T7024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.421978][ T7162] IPVS: ftp: loaded support on port[0] = 21 [ 165.433575][ T7024] team0: Port device team_slave_0 added [ 165.451074][ T7024] team0: Port device team_slave_1 added 17:39:22 executing program 2: socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000100)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00\x00\x00\x00\x00') perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d42cffff633b27e59aa146175dd295a3f431d7728eded106736d173f0fc7ec6e26560000000049d2e148c6801d2c0945c08ba8c552fc99a74220076538f63acdfe80812db8c58ac31a0a81d750397b13274014ae40b8ae4f2a88d2fbea75e16af8ffffffffffffff0627ec60cbd74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000200000000000000000000f390d71cc6092cddd3b056f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d48ab51469f44a69a446bd63e1e999bbb53a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb39bdbb2768d25f196ab6f2d45421b94d878d0d9c2a5c746b3a687a135308e49ce118c92517ac7bb2994ccc7e054d3f18cb770e4908dd3c5aafaab51144c1e1b86b6291f5e73ff040000000000000000000000000000009a583b79f500f71d85463c57c5bb1f1084e683b591fc2c8b8a38b7ee36afa01aea88fb413e1ee8ebbdf1fa9155bf6409b065a980528827de08737cf643db6de62f253b1304780753de6634bf57fbe09a7eb84cae8e538f0c8868af7850af88bb30abcbfecb4e10d4097a02736f7bc830a34b0beb233e0e40d89147bc67990d3b754ca3b88608f2ea4b1fcd7c5325bc49c0db6a83686a87853e9b969b7b127029041a37a4786119e66ee408f33afc7e86f4fd5f861d2920da975c334bdc4c599cc52ab46ae956b1ded8e4b6beee489915eb3276a167476e89e766c244a08756aff278b128db778269de789dcbb2a4c9e5b2d3bdcec961f108331e1e29ffff5f1e2a8059f5bb59ee66c957ea5743496c1cef20fa4752c1af404d879c2876ab034a12160099f4e9e001a20da57af0493dba75271aecb4c83765cbfe5f2c9ef0c87954764ad3e873fa299ad66bebdfa48292a8cfdc86549cf5896c3a25789ddeb27f3f7bf554a1267410c3446d27045fba74b96bd5c8426fa061ff15b54599a0e350888bfc107aae36f6ca45f0ed2b88ccfe"], 0x3ab) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$USBDEVFS_SETINTERFACE(r1, 0x80085504, &(0x7f0000000080)={0x8, 0xa6}) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000180), &(0x7f00000001c0)=0x8) pipe(&(0x7f0000000200)) mq_timedsend(0xffffffffffffffff, &(0x7f00000003c0)="fabea912508664ae2781778e49912f30919b39a970dc30f6e70e4dc65f21f8da1979bfc44eaefdf2edaa", 0x2a, 0x5, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x100800000000002, 0x88) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='smaps\x00') sendfile(r2, r3, 0x0, 0xa7fff) [ 165.502731][ T7024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.511808][ T7024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.539429][ T7024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.562346][ T7024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.570671][ T7024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.598996][ T7024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.718932][ T7024] device hsr_slave_0 entered promiscuous mode 17:39:22 executing program 3: rt_tgsigqueueinfo(0x0, 0x0, 0x13, &(0x7f0000000100)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r2) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() clone(0x8003400, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) wait4(0x0, 0x0, 0x0, 0x0) getpid() [ 165.775762][ T7024] device hsr_slave_1 entered promiscuous mode [ 165.873084][ T7213] IPVS: ftp: loaded support on port[0] = 21 [ 166.037459][ T7252] IPVS: ftp: loaded support on port[0] = 21 [ 166.093894][ T7162] chnl_net:caif_netlink_parms(): no params data found 17:39:23 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x18, r3, 0x1, 0x0, 0x0, {0x5}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0) [ 166.484082][ T7213] chnl_net:caif_netlink_parms(): no params data found [ 166.499425][ T7162] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.507149][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.516779][ T7162] device bridge_slave_0 entered promiscuous mode [ 166.562235][ T7162] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.570966][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.599139][ T7162] device bridge_slave_1 entered promiscuous mode [ 166.616589][ T7024] netdevsim netdevsim0 netdevsim0: renamed from eth0 17:39:23 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x6) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) [ 166.710912][ T7162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.720159][ T7492] IPVS: ftp: loaded support on port[0] = 21 [ 166.736597][ T7024] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 166.787158][ T7024] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 166.830332][ T7024] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 166.898404][ T7162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.943291][ T7578] IPVS: ftp: loaded support on port[0] = 21 [ 166.958385][ T7162] team0: Port device team_slave_0 added [ 166.964475][ T7252] chnl_net:caif_netlink_parms(): no params data found [ 166.992934][ T7162] team0: Port device team_slave_1 added [ 167.059049][ T7213] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.068241][ T7213] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.078061][ T7213] device bridge_slave_0 entered promiscuous mode [ 167.092826][ T7213] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.100570][ T7213] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.109674][ T7213] device bridge_slave_1 entered promiscuous mode [ 167.128759][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.136255][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.163140][ T7162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.178257][ T7162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.185713][ T7162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.212199][ T7162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.253208][ T7213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.317196][ T7213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.398876][ T7162] device hsr_slave_0 entered promiscuous mode [ 167.445632][ T7162] device hsr_slave_1 entered promiscuous mode [ 167.485295][ T7162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.493601][ T7162] Cannot create hsr debugfs directory [ 167.510691][ T7213] team0: Port device team_slave_0 added [ 167.522619][ T7213] team0: Port device team_slave_1 added [ 167.533266][ T7252] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.541226][ T7252] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.550450][ T7252] device bridge_slave_0 entered promiscuous mode [ 167.562706][ T7252] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.570893][ T7252] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.580057][ T7252] device bridge_slave_1 entered promiscuous mode [ 167.643054][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.655129][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.682138][ T7213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.707673][ T7252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.719744][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.727838][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.755430][ T7213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.813854][ T7252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.871009][ T7213] device hsr_slave_0 entered promiscuous mode [ 167.916419][ T7213] device hsr_slave_1 entered promiscuous mode [ 167.965393][ T7213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.973055][ T7213] Cannot create hsr debugfs directory [ 168.014541][ T7252] team0: Port device team_slave_0 added [ 168.026246][ T7252] team0: Port device team_slave_1 added [ 168.070083][ T7492] chnl_net:caif_netlink_parms(): no params data found [ 168.172340][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.179638][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.211067][ T7252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.224010][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.232040][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.259747][ T7252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.378882][ T7252] device hsr_slave_0 entered promiscuous mode [ 168.415514][ T7252] device hsr_slave_1 entered promiscuous mode [ 168.475314][ T7252] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.482906][ T7252] Cannot create hsr debugfs directory [ 168.488711][ T7578] chnl_net:caif_netlink_parms(): no params data found [ 168.582747][ T7162] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 168.650243][ T7162] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 168.691122][ T7162] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 168.742655][ T7162] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 168.844595][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.852786][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.863341][ T7492] device bridge_slave_0 entered promiscuous mode [ 168.884257][ T7024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.911631][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.919051][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.928933][ T7492] device bridge_slave_1 entered promiscuous mode [ 168.958368][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.970847][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.982870][ T7024] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.036206][ T7492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.049041][ T7492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.060334][ T7578] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.071580][ T7578] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.079944][ T7578] device bridge_slave_0 entered promiscuous mode [ 169.133226][ T7578] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.140705][ T7578] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.149672][ T7578] device bridge_slave_1 entered promiscuous mode [ 169.164089][ T7213] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 169.243588][ T7213] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 169.288979][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.301761][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.312425][ T2574] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.319751][ T2574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.330212][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.339604][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.348241][ T2574] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.355476][ T2574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.363122][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.407763][ T7492] team0: Port device team_slave_0 added [ 169.420924][ T7213] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 169.458946][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.469943][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.488286][ T7578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.501127][ T7578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.513841][ T7492] team0: Port device team_slave_1 added [ 169.534538][ T7213] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 169.589539][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.600879][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.639188][ T7578] team0: Port device team_slave_0 added [ 169.652187][ T7578] team0: Port device team_slave_1 added [ 169.658397][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.675070][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.683941][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.696512][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.705772][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.714277][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.724021][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.739594][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.749403][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.776932][ T7492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.790406][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.798603][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.826736][ T7492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.874013][ T7252] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 169.897773][ T7252] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 169.959291][ T7252] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 170.020842][ T7024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.030397][ T7578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.038910][ T7578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.066610][ T7578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.099424][ T7252] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 170.166703][ T7578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.173673][ T7578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.201820][ T7578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.258182][ T7492] device hsr_slave_0 entered promiscuous mode [ 170.306436][ T7492] device hsr_slave_1 entered promiscuous mode [ 170.345653][ T7492] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.353233][ T7492] Cannot create hsr debugfs directory [ 170.375299][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 170.382758][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 170.458154][ T7578] device hsr_slave_0 entered promiscuous mode [ 170.495457][ T7578] device hsr_slave_1 entered promiscuous mode [ 170.535104][ T7578] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.542681][ T7578] Cannot create hsr debugfs directory [ 170.583043][ T7024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.625245][ T7162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.689681][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 170.702040][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 170.759522][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.770941][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.786273][ T7162] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.846270][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.856497][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.864836][ T2487] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.871960][ T2487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.879926][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 170.888377][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.972928][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.982358][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 170.990709][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 170.998795][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.008064][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.016967][ T3383] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.024057][ T3383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.031854][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.040968][ T7024] device veth0_vlan entered promiscuous mode [ 171.071272][ T7213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.078656][ T7492] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 171.144731][ T7492] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 171.190773][ T7492] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 171.249107][ T7492] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 171.323846][ T7024] device veth1_vlan entered promiscuous mode [ 171.349609][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 171.360870][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.394247][ T7213] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.423155][ T7252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.436359][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 171.444425][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.453334][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.462326][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.472591][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.481617][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.490816][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.515325][ T7162] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 171.526481][ T7162] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.538900][ T7578] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 171.598788][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.606755][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.618464][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.627697][ T3031] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.635039][ T3031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.642974][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.653063][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.662215][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.671321][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.680584][ T3031] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.687700][ T3031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.695536][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.704835][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.713935][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.722908][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.731991][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.741544][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.750182][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.758138][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.767050][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.775577][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.783316][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.796717][ T7578] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 171.864716][ T7252] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.890420][ T7578] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 171.945254][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.953975][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.967134][ T3383] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.974295][ T3383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.986376][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.995279][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.003646][ T3383] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.010768][ T3383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.018681][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.027949][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.052546][ T7578] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 172.101925][ T7024] device veth0_macvtap entered promiscuous mode [ 172.112343][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.121091][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 172.130264][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 172.139798][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.149803][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.158960][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.167839][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.175526][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.183155][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 172.203648][ T7213] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.215591][ T7213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.242809][ T7024] device veth1_macvtap entered promiscuous mode [ 172.252348][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 172.265730][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.274452][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.289193][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.323230][ T7162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.342051][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.353712][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.366711][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.378412][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.387991][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.400629][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.416856][ T7252] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.430243][ T7252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.469552][ T7213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.480266][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.489614][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.499040][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.507864][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.516470][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.550635][ T7024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.580175][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.590389][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.599942][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 172.609098][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 172.618427][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.626695][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.660637][ T7024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.676855][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 172.688703][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 172.705448][ T7252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.743732][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.752864][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.814405][ T7162] device veth0_vlan entered promiscuous mode [ 172.822951][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.836113][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.972423][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.981785][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.999760][ T7492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.025177][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.034014][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.053324][ T8279] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 173.070450][ T7162] device veth1_vlan entered promiscuous mode [ 173.164321][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.181946][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready 17:39:30 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x13, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 173.221385][ T7213] device veth0_vlan entered promiscuous mode [ 173.264577][ T7492] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.295367][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.316638][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.324750][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.341629][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.352066][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 17:39:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$lock(r2, 0x7, &(0x7f0000000140)={0x0, 0x4}) [ 173.364759][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.383445][ T7252] device veth0_vlan entered promiscuous mode [ 173.422119][ T7213] device veth1_vlan entered promiscuous mode [ 173.447539][ T7578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.466215][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.474158][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.485735][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.493953][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.511621][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.520430][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.532220][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.541617][ T2487] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.548863][ T2487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.557698][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 17:39:30 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @mss, @window, @mss={0x2, 0x919f}, @timestamp, @window], 0x2000019f) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200), 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet(r0, &(0x7f0000000640)="e046385738d0b6e2f17050c3002a9fe3e2f4bbc226e39bf35204d275a8fadde37aab3905bbacaf04d57fb246d660ea69d755b5fa4e9dcdda9919e7cfdd2fd6f2ffd8ca8b450d8b0646e2d9363d42c096c630e57a2bfd2c36cec695821437e9d3554f3eb5c048236b4b4adb7e302a1588fa2daa0101000000000000f38fe3b4bded81207efe8fd987bd3b2cc76b79deb96df13c5456630d4cfb858f6dbcdd4f199a5164ba2fde0014d7f98d9251bbc07bca2b6710308dddc540dfb44b0f9a5f27d73e1c33d091ce5c7f8e57291112231b051a2af634f381203b6b98cb0c0a1291bd094e861061a5a7cd4777d447690e4ce2c07c13e8be18014070681395d0b0c385e39ce7d422637255c6d13229f280b57064ba62d52e7bfe695f75de4854fdef56f93ca9d237175aa0197b0e6850bd4158666d28006da6a35362b29ed6895507ab4064c7fcece12dfb9411b1274080915c0d3a124ae1b77be2d7c8c9c86c4d7a7589d7fc9c922ac84b411d0c219816f587b6fc7d245cff4c5eb64f913598968cfae6f30fb0dc0ee08865739ed8aef27a1d973860531ae8a8c5dd6263e690a5be08e6732a2d526a6455ab9a9fcd36140462021416cc8d43c5b09215d8e4c288a658fc6974edb8e258c738811f523b25c3d94c91b7d080f5466cbe699b2123cac02430e01d4b57c0dc794268f9b172694745678fcc68c569d01e821113d76b090ac0740cd35f82bfc027bfd500904bc62e260dc9d60d1545396141cff61bf720d5aff18c58278cc2778eae68f3ead53a4adae3b68c5344c3a982939d84661a042622fc9414ee873a78548299340d8fdef879802c636400"/611, 0xfffffffffffffd5f, 0x4000f, 0x0, 0x0) [ 173.566621][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.575673][ T2487] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.582753][ T2487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.601242][ T7252] device veth1_vlan entered promiscuous mode [ 173.647488][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.666412][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.674642][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.688124][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.697659][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.707656][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.718673][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.746950][ T7162] device veth0_macvtap entered promiscuous mode [ 173.777205][ T7578] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.786818][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.808530][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.824007][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.840968][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.858876][ T7162] device veth1_macvtap entered promiscuous mode [ 173.906080][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 173.914519][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.923649][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.938485][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.949065][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.958538][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.968836][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.981184][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.990276][ T2487] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.997454][ T2487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.005856][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.014718][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.023689][ T2487] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.030852][ T2487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.041581][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.050599][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.073129][ T7492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.090262][ T7162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 17:39:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102385, 0x18ff1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x102, &(0x7f0000000200)="f7f258480aa422a9b1a7a0916dd82a1d2a83a178e3a56f7200d380249950f32fea06facb1b4c5d4a1b0352c99c0793778a2267b105caae1d487a8b2494c5d37a3d912f45c8845cda0223a22eb6cb5ca768a7a65dc0e1782c845f956da0fb61f6de25bae65100c013b130dda8bddac2c84811993c3d3106000000000000000473543f83cff19186a746f42414dfbbeb2f3b337223829455f3ff396499db42479baf59facdb68c8a5f29f680dc88b521f6fafd412f371a17615bb94d3587476a3196af8fefeddca9a182284642dc2af1821f1f79ae5ebd726bca15364821c664dee5f4f5dad04ef57691425ae5e33dbaef96677337ba2f3692f0ae408bd2839538b69f"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 174.110905][ T7162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.129594][ T7162] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.144564][ T7162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.162453][ T7162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.186155][ T7162] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.203410][ T7213] device veth0_macvtap entered promiscuous mode [ 174.237198][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.247886][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.263539][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.279264][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.288834][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.297871][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.307221][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.320964][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.351071][ T7213] device veth1_macvtap entered promiscuous mode [ 174.385101][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.395634][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.403585][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.414525][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.426681][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.436072][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.444651][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.454681][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.479060][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.489092][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.498588][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.508356][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.521854][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.535182][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.546094][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.556636][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.569592][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.692011][ T7252] device veth0_macvtap entered promiscuous mode [ 174.707479][ T7252] device veth1_macvtap entered promiscuous mode [ 174.725181][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.734023][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.743652][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.754298][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.763880][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 174.771867][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 174.780205][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.789722][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.801614][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.815703][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.826961][ T7213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.837937][ T7213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.850206][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.925458][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.934312][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.951843][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.981142][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.027079][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.061609][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.084874][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.124174][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:39:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r2, @ANYBLOB="0000400000000005280012000c00010076657468"], 0x48}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) [ 175.157684][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.175420][ T8325] kvm: emulating exchange as write [ 175.255854][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 175.266787][ T3383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 175.297685][ T7492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.314142][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 175.341304][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.374590][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 175.401977][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.423940][ T7252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 175.435381][ T7252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.448083][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.456529][ T8329] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 175.495035][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 175.510698][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:39:32 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000000)='security.evm\x00', 0x0, 0x0, 0x0) [ 175.586419][ T8335] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 175.600407][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 175.611825][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 175.683768][ T7578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.729994][ C0] sd 0:0:1:0: [sg0] tag#1846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 175.740489][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB: Test Unit Ready [ 175.747872][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.757515][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.767158][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17:39:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getitimer(0x2, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 175.776816][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.786503][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.796154][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.805798][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.815441][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.825521][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.835140][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.844797][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.854479][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.864235][ C0] sd 0:0:1:0: [sg0] tag#1846 CDB[c0]: 00 00 00 00 00 00 00 00 17:39:32 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) fsetxattr$security_evm(r0, 0x0, 0x0, 0x0, 0x0) [ 175.991517][ C0] sd 0:0:1:0: [sg0] tag#1847 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 176.001984][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB: Test Unit Ready [ 176.008524][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.018197][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.027859][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.037489][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.047119][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.056758][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.066385][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.076043][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.086055][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.095671][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.105320][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.114939][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.124521][ C0] sd 0:0:1:0: [sg0] tag#1847 CDB[c0]: 00 00 00 00 00 00 00 00 [ 176.293258][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 176.308197][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 17:39:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) tkill(0x0, 0x0) unshare(0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @loopback}}) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54020000005d564c90c2", 0x17) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) io_setup(0x0, &(0x7f0000000240)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000040)=0x8002) [ 176.427559][ C1] hrtimer: interrupt took 27819 ns [ 176.508210][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 176.534946][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 176.580739][ T7492] device veth0_vlan entered promiscuous mode [ 176.619261][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 176.632393][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 176.672629][ T7492] device veth1_vlan entered promiscuous mode [ 176.689941][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 176.706761][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 176.732562][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 176.754529][ T7578] device veth0_vlan entered promiscuous mode [ 176.785273][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 176.793397][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 176.803091][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 176.821571][ T7578] device veth1_vlan entered promiscuous mode [ 176.852842][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 176.868091][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 176.877792][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 176.901584][ T7492] device veth0_macvtap entered promiscuous mode [ 176.929713][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 176.939053][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 176.949952][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 176.959468][ T2487] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 176.977768][ T7492] device veth1_macvtap entered promiscuous mode [ 177.007150][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 177.016368][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 177.028218][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 177.043248][ T7578] device veth0_macvtap entered promiscuous mode [ 177.060677][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.071643][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.081879][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.092454][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.102527][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.113968][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.123969][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.135125][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.147508][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.156587][ T7578] device veth1_macvtap entered promiscuous mode [ 177.197810][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 177.209913][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 177.219029][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 177.229676][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.243087][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.261156][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.274071][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.289057][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.299011][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.310015][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.320305][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.330861][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.342290][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.358055][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 177.367490][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 177.383345][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.397354][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.410638][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.423086][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.437097][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.449956][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.461243][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.472814][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.482709][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.493608][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.507720][ T7578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.534907][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 177.543654][ T3031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.559830][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.571016][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.581474][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.592690][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.602575][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.613089][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.624302][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.637741][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.647660][ T7578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.658181][ T7578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.669693][ T7578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.741892][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 177.752113][ T3032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:39:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000fa3fff)='\t', 0x1, 0x0, 0x0, 0x0) 17:39:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) getitimer(0x2, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:39:36 executing program 2: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) 17:39:36 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x48}}, 0x0) 17:39:36 executing program 4: r0 = add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000940)='big_key\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000a00)="46ac5128da090e4899c34a28efeb85968ead969e21e33725a7edc030260cdb3ca79964a6e93ce51185f005b7dac052cb797af438c32c29b736fb12c63dd0e504445044a1ae9c10fd8171232ed7dcb08e9acaf4c569c4c1805c47994118fc35ff7f03407dc7093fa7d3132d276a10768b2711cd1c6ecd3545692431856b6e0651412ff7b73711097f061a1b67f6c3d7605eab3b675b6c061e6ef32b7ea8847b6f84da1334d35322b94447bfaca74b152eb64cfa54cb63126c2cc662e7898e6459ed40c4566403f303d341c9c34c6049d9f8e1c2a9483f003c20e66886d0e1629f498668c202f183de294d03da07c9f5feb65bc196554a79a2f255828c1f1cf9a09654f9df849443e8d290debcc78efbdca391a348b33f18ef618011273faa1f095298dd71db08a90e177a1e9a0c771deca3b51670a26850b89d4439574328c19d9e91766dd52169e0ad5011e4acc005861b3b3146d67445e6f6c75ce4af9d8db6963887d79113613267c5bc42fb0aca828590fb291ce8836d3cd391d364efdbb7015d8ec643d83b623380c21c6ebbf774498c94e60838a45d4692bfe73aaea2bbcecb6dcec20e5aa48a950428e2372009212f2f6be608cdec5ff84108f3f3d2e42c99a6d4cd4577ec9f39a51533efe71d494ccadb66eddd4cc0e56b33eefb0ada68ae36c905a977d9042a63299d2130f4e85357b0078c31bc45b00f5ccd879a6735d85882bfddbc6f2cff4a2b976b29e5a8adc74893c748b297a660ba0f64ad8a6ac6fcf180b6a4357ad6733cb75035cd58631142bd720cf52bcd1438647cbe1058e32d33c38f1327bef3f6b1c815ab4f2d47366473ae37c65a2d1df88823dd4c326d640c50e5bddfa976f04cd034331b632cd7a8bbc838081f28f6e24ed646721cea36e56501f9085e428a6c94b7ba5431f59651f36c8f715e4547ffed53c03cc58d2d4382193625cf69c197c4eb3c3c86c291d693837ab7eb23d61d2518379f0c61acf67425afa1ff8d1fac196a7ef9f6f9b514a2028ae010d1bf10833940294c400401ec706ce366dc4c62f6c55c6985a31592360cc7e6cc30a90cae1891b4cffb882b0329457503055db6a8e3b651b3302c24e6d149e8368ee6d3bafbc417256d042b4b87cb1bf46169ad1a593da66b2c6f453180f2c51be35c431e1af07e54c1251334415135422fa81b015a7a746c1979827e3d32057d408016cdc2b641a42626bbf8b7970a5638e9e48783ff80ded5b5184b69d41e60ba9e2ff7ef3e85b4419db2b064d64f833dc2035a6cc3ea28335ad94eb5ba974d9799ce94565559e6a7636b725c4c3dc1702af3c0f3d9dc77f6d404b7c8ff2cec1b4e703451a1d2750d9a22e9f4b5e27da765d228f09bbd30088ac9dff793ec759161849cf4217f5684bff8eddd65be61d3ed2dcc7bae8ab5e1260c3a90cdb37626c4871098802b34f271d8a091b0517bd1588b43cf21b2e3fe676e34d115a56d450d50a97ac7e2ea5904f9695dbde822dba41ac3a1190d63ef486a1829d38b005f9458a82533a555a2f674eea95af7ef7f0cf9654e0ed8d2ab722ca065fd97e6518b76a39cc1b04dc49c395f3aad5e05c76c1881f6a85fee6c6fba8340692eb0b7f3f948350e6947dac635cfef9e4ff4d3f756802cbd97e8c5845b25bc5a021d9875277f197d1bce55661e6961dd788a444962e33fa582a01d0bd61aaa22a76adf68b3169d3f0b49", 0x1001, r0) 17:39:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="6653070000053c27bc3376003639405c576cd12f0000001500ae47a825d86800278dcff47d010000805acf4f8f364602437bb2e9b66ff1246c93e5c0289644e334432479aed75d492b41dbcee00a06dc9d8eb9adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf89b394807474b3c3156630d3c563ad9c4372975e40a7a1b5005084f485b5188167968e78cc40d2ce2a61821d9b918ff28101373eb3e27a55809a1b4fd25fad93a3895811c01d087796fb714628b0bbe6998867033d2f3f11f144655a602008097e47b222bf1e1b7f5601ca2b07a0cc4cd4f6640b705a4d4824243b31496ee097fc1e22888093f79204b44be9dcb63acab680eb9c18d5b7b593208248b34", 0x107}], 0x4, 0x1) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xee01}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae9c, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 17:39:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10) unshare(0x0) unshare(0x200) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) io_submit(0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x8002) 17:39:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0) 17:39:36 executing program 2: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) 17:39:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000fa3fff)='\t', 0x1, 0x0, 0x0, 0x0) 17:39:36 executing program 4: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) 17:39:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0) unshare(0x200) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x40840) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)) 17:39:36 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000105804135000000000000909022400010000000009040000490300000009210000000122dc0109058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="0010b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0)='/dev/usb/hiddev#\x00', 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, 0x0) 17:39:36 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) 17:39:36 executing program 2: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) 17:39:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0) unshare(0x200) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x40840) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)) 17:39:37 executing program 4: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) [ 180.365701][ T2574] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 180.604822][ T2574] usb 4-1: Using ep0 maxpacket: 16 [ 180.651679][ T2574] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 180.735083][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 180.746875][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.759381][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.770042][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 180.855066][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 180.866807][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.877905][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.887928][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 180.974926][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 180.990627][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.001921][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.015741][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.104861][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 181.116020][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.127803][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.137796][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.224971][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 181.236043][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.248674][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.259190][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.344800][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 181.356067][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.367239][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.377208][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.464842][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 181.479398][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.490514][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.504157][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.594843][ T2574] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 181.605951][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.618012][ T2574] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.629338][ T2574] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 181.643108][ T2574] usb 4-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 181.652796][ T2574] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.664360][ T2574] usb 4-1: config 0 descriptor?? [ 182.158197][ T2574] input: HID 0458:5013 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5013.0001/input/input5 [ 182.178426][ T2574] input: HID 0458:5013 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5013.0001/input/input6 [ 182.285111][ T2574] kye 0003:0458:5013.0001: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.3-1/input0 [ 182.356308][ T2574] usb 4-1: USB disconnect, device number 2 [ 182.392472][ T2574] ================================================================== [ 182.400773][ T2574] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0 [ 182.407983][ T2574] Read of size 8 at addr ffff8880a707d150 by task kworker/1:16/2574 [ 182.415950][ T2574] [ 182.418263][ T2574] CPU: 1 PID: 2574 Comm: kworker/1:16 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0 [ 182.428033][ T2574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.438076][ T2574] Workqueue: usb_hub_wq hub_event [ 182.443080][ T2574] Call Trace: [ 182.446369][ T2574] dump_stack+0x18f/0x20d [ 182.450808][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 182.455656][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 182.460487][ T2574] print_address_description.constprop.0.cold+0xd3/0x413 [ 182.467498][ T2574] ? mousedev_destroy+0x20/0xa0 [ 182.472336][ T2574] ? __input_unregister_device+0x1b0/0x430 [ 182.478114][ T2574] ? input_unregister_device+0xb4/0xf0 [ 182.483546][ T2574] ? hidinput_disconnect+0x15e/0x3d0 [ 182.488803][ T2574] ? hid_disconnect+0x13f/0x1a0 [ 182.493632][ T2574] ? vprintk_func+0x97/0x1a6 [ 182.498229][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 182.503084][ T2574] kasan_report.cold+0x1f/0x37 [ 182.507840][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 182.512672][ T2574] __mutex_lock+0x1033/0x13c0 [ 182.517335][ T2574] ? print_usage_bug+0x240/0x240 [ 182.522268][ T2574] ? mousedev_cleanup+0x21/0x180 [ 182.527201][ T2574] ? trace_hardirqs_off+0x50/0x220 [ 182.532290][ T2574] ? mutex_trylock+0x2c0/0x2c0 [ 182.537041][ T2574] ? mark_held_locks+0x9f/0xe0 [ 182.541794][ T2574] ? kfree+0x1eb/0x2b0 [ 182.545850][ T2574] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 182.551807][ T2574] ? kfree_const+0x51/0x60 [ 182.556206][ T2574] ? dev_attr_show+0x90/0x90 [ 182.560793][ T2574] ? mousedev_cleanup+0x21/0x180 [ 182.565728][ T2574] mousedev_cleanup+0x21/0x180 [ 182.570479][ T2574] mousedev_destroy+0x28/0xa0 [ 182.575141][ T2574] __input_unregister_device+0x1b0/0x430 [ 182.580852][ T2574] input_unregister_device+0xb4/0xf0 [ 182.586142][ T2574] hidinput_disconnect+0x15e/0x3d0 [ 182.591319][ T2574] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 182.596855][ T2574] hid_disconnect+0x13f/0x1a0 [ 182.601510][ T2574] hid_device_remove+0x186/0x240 [ 182.606426][ T2574] ? hid_compare_device_paths+0xc0/0xc0 [ 182.611957][ T2574] device_release_driver_internal+0x231/0x500 [ 182.618012][ T2574] bus_remove_device+0x2dc/0x4a0 [ 182.622940][ T2574] device_del+0x481/0xd30 [ 182.627258][ T2574] ? device_link_add_missing_supplier_links+0x370/0x370 [ 182.634183][ T2574] ? mark_held_locks+0x9f/0xe0 [ 182.638931][ T2574] ? _raw_spin_unlock_irq+0x1f/0x80 [ 182.644108][ T2574] hid_destroy_device+0xe1/0x150 [ 182.649033][ T2574] usbhid_disconnect+0x9f/0xe0 [ 182.653787][ T2574] usb_unbind_interface+0x1bd/0x8a0 [ 182.658969][ T2574] ? __pm_runtime_idle+0xd1/0x320 [ 182.663982][ T2574] ? usb_autoresume_device+0x60/0x60 [ 182.669244][ T2574] device_release_driver_internal+0x432/0x500 [ 182.675300][ T2574] bus_remove_device+0x2dc/0x4a0 [ 182.680226][ T2574] device_del+0x481/0xd30 [ 182.684566][ T2574] ? device_link_add_missing_supplier_links+0x370/0x370 [ 182.691488][ T2574] ? usb_remove_ep_devs+0x3e/0x80 [ 182.696516][ T2574] ? remove_intf_ep_devs+0x13f/0x1d0 [ 182.701782][ T2574] usb_disable_device+0x211/0x690 [ 182.707672][ T2574] usb_disconnect+0x284/0x8d0 [ 182.712331][ T2574] hub_event+0x17ca/0x38f0 [ 182.716756][ T2574] ? hub_port_debounce+0x260/0x260 [ 182.721940][ T2574] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 182.727825][ T2574] ? debug_smp_processor_id+0x2f/0x185 [ 182.733263][ T2574] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 182.738827][ T2574] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 182.744801][ T2574] process_one_work+0x965/0x16a0 [ 182.750075][ T2574] ? lock_release+0x800/0x800 [ 182.754733][ T2574] ? pwq_dec_nr_in_flight+0x310/0x310 [ 182.760087][ T2574] ? rwlock_bug.part.0+0x90/0x90 [ 182.765023][ T2574] worker_thread+0x7ab/0xe20 [ 182.769684][ T2574] ? process_one_work+0x16a0/0x16a0 [ 182.775055][ T2574] kthread+0x3b5/0x4a0 [ 182.779110][ T2574] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 182.784831][ T2574] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 182.790532][ T2574] ret_from_fork+0x24/0x30 [ 182.795030][ T2574] [ 182.797418][ T2574] Allocated by task 2574: [ 182.801915][ T2574] save_stack+0x1b/0x40 [ 182.806132][ T2574] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 182.811762][ T2574] kmem_cache_alloc_trace+0x153/0x7d0 [ 182.817134][ T2574] mousedev_create+0x90/0xa20 [ 182.821972][ T2574] mousedev_connect+0x20/0x280 [ 182.826735][ T2574] input_attach_handler+0x194/0x200 [ 182.831919][ T2574] input_register_device.cold+0xf5/0x246 [ 182.837530][ T2574] hidinput_connect+0x4f8f/0xdb30 [ 182.842528][ T2574] hid_connect+0x96b/0xbc0 [ 182.846937][ T2574] hid_hw_start+0xa2/0x130 [ 182.851413][ T2574] kye_probe+0x44/0x536 [ 182.855571][ T2574] hid_device_probe+0x2be/0x3f0 [ 182.860431][ T2574] really_probe+0x281/0x6d0 [ 182.864943][ T2574] driver_probe_device+0xfe/0x1d0 [ 182.870042][ T2574] __device_attach_driver+0x1c2/0x220 [ 182.875406][ T2574] bus_for_each_drv+0x162/0x1e0 [ 182.880238][ T2574] __device_attach+0x21a/0x360 [ 182.885008][ T2574] bus_probe_device+0x1e4/0x290 [ 182.889833][ T2574] device_add+0xaf1/0x1900 [ 182.894233][ T2574] hid_add_device+0x33c/0x9a0 [ 182.898902][ T2574] usbhid_probe+0xac8/0xff0 [ 182.903396][ T2574] usb_probe_interface+0x305/0x7a0 [ 182.908491][ T2574] really_probe+0x281/0x6d0 [ 182.912980][ T2574] driver_probe_device+0xfe/0x1d0 [ 182.917982][ T2574] __device_attach_driver+0x1c2/0x220 [ 182.923416][ T2574] bus_for_each_drv+0x162/0x1e0 [ 182.928239][ T2574] __device_attach+0x21a/0x360 [ 182.932989][ T2574] bus_probe_device+0x1e4/0x290 [ 182.937822][ T2574] device_add+0xaf1/0x1900 [ 182.942213][ T2574] usb_set_configuration+0xec5/0x1740 [ 182.947559][ T2574] usb_generic_driver_probe+0x9d/0xe0 [ 182.952919][ T2574] usb_probe_device+0xc6/0x1f0 [ 182.957657][ T2574] really_probe+0x281/0x6d0 [ 182.962139][ T2574] driver_probe_device+0xfe/0x1d0 [ 182.967175][ T2574] __device_attach_driver+0x1c2/0x220 [ 182.972531][ T2574] bus_for_each_drv+0x162/0x1e0 [ 182.977355][ T2574] __device_attach+0x21a/0x360 [ 182.982092][ T2574] bus_probe_device+0x1e4/0x290 [ 182.987038][ T2574] device_add+0xaf1/0x1900 [ 182.991525][ T2574] usb_new_device.cold+0x753/0x103d [ 182.996703][ T2574] hub_event+0x1eca/0x38f0 [ 183.001101][ T2574] process_one_work+0x965/0x16a0 [ 183.006013][ T2574] worker_thread+0x96/0xe20 [ 183.010490][ T2574] kthread+0x3b5/0x4a0 [ 183.014536][ T2574] ret_from_fork+0x24/0x30 [ 183.018927][ T2574] [ 183.021316][ T2574] Freed by task 2574: [ 183.025275][ T2574] save_stack+0x1b/0x40 [ 183.029404][ T2574] __kasan_slab_free+0xf7/0x140 [ 183.034228][ T2574] kfree+0x109/0x2b0 [ 183.038133][ T2574] device_release+0x71/0x200 [ 183.042697][ T2574] kobject_put+0x1c8/0x2f0 [ 183.047093][ T2574] cdev_device_del+0x69/0x80 [ 183.051666][ T2574] mousedev_destroy+0x20/0xa0 [ 183.056318][ T2574] __input_unregister_device+0x1b0/0x430 [ 183.061934][ T2574] input_unregister_device+0xb4/0xf0 [ 183.067278][ T2574] hidinput_disconnect+0x15e/0x3d0 [ 183.072371][ T2574] hid_disconnect+0x13f/0x1a0 [ 183.077197][ T2574] hid_device_remove+0x186/0x240 [ 183.082116][ T2574] device_release_driver_internal+0x231/0x500 [ 183.088161][ T2574] bus_remove_device+0x2dc/0x4a0 [ 183.093114][ T2574] device_del+0x481/0xd30 [ 183.097422][ T2574] hid_destroy_device+0xe1/0x150 [ 183.102343][ T2574] usbhid_disconnect+0x9f/0xe0 [ 183.107081][ T2574] usb_unbind_interface+0x1bd/0x8a0 [ 183.112274][ T2574] device_release_driver_internal+0x432/0x500 [ 183.118319][ T2574] bus_remove_device+0x2dc/0x4a0 [ 183.124208][ T2574] device_del+0x481/0xd30 [ 183.128662][ T2574] usb_disable_device+0x211/0x690 [ 183.133879][ T2574] usb_disconnect+0x284/0x8d0 [ 183.138534][ T2574] hub_event+0x17ca/0x38f0 [ 183.142944][ T2574] process_one_work+0x965/0x16a0 [ 183.147870][ T2574] worker_thread+0x7ab/0xe20 [ 183.152456][ T2574] kthread+0x3b5/0x4a0 [ 183.156515][ T2574] ret_from_fork+0x24/0x30 [ 183.160910][ T2574] [ 183.163224][ T2574] The buggy address belongs to the object at ffff8880a707d000 [ 183.163224][ T2574] which belongs to the cache kmalloc-2k of size 2048 [ 183.177616][ T2574] The buggy address is located 336 bytes inside of [ 183.177616][ T2574] 2048-byte region [ffff8880a707d000, ffff8880a707d800) [ 183.191052][ T2574] The buggy address belongs to the page: [ 183.196683][ T2574] page:ffffea00029c1f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 183.205780][ T2574] flags: 0xfffe0000000200(slab) [ 183.210760][ T2574] raw: 00fffe0000000200 ffffea0002439fc8 ffffea00024a9c08 ffff8880aa000e00 [ 183.219348][ T2574] raw: 0000000000000000 ffff8880a707d000 0000000100000001 0000000000000000 [ 183.227921][ T2574] page dumped because: kasan: bad access detected [ 183.234344][ T2574] [ 183.236661][ T2574] Memory state around the buggy address: [ 183.242362][ T2574] ffff8880a707d000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.250411][ T2574] ffff8880a707d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 17:39:40 executing program 5: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x926, 0x3333, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000001c0)='/dev/input/event#\x00', 0x5e, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000280)={0x7, 0x0, 0x8001, 0x0, "cd671dd290fd22c66b3216dbbf960692057be0da8dc6e8b45e70f064044b3b61"}) 17:39:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0) unshare(0x200) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x40840) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)) 17:39:40 executing program 2: dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x98c9a) 17:39:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0) unshare(0x200) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x40840) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)) 17:39:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0) unshare(0x200) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, 0x0, 0x40840) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)) [ 183.258644][ T2574] >ffff8880a707d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.266763][ T2574] ^ [ 183.273519][ T2574] ffff8880a707d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.281805][ T2574] ffff8880a707d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.289861][ T2574] ================================================================== [ 183.297917][ T2574] Disabling lock debugging due to kernel taint [ 183.367071][ T2574] Kernel panic - not syncing: panic_on_warn set ... [ 183.373723][ T2574] CPU: 1 PID: 2574 Comm: kworker/1:16 Tainted: G B 5.7.0-rc6-next-20200522-syzkaller #0 [ 183.384738][ T2574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.394806][ T2574] Workqueue: usb_hub_wq hub_event [ 183.399914][ T2574] Call Trace: [ 183.403208][ T2574] dump_stack+0x18f/0x20d [ 183.407577][ T2574] ? __mutex_lock+0xf50/0x13c0 [ 183.412342][ T2574] panic+0x2e3/0x75c [ 183.416282][ T2574] ? __warn_printk+0xf3/0xf3 [ 183.420978][ T2574] ? preempt_schedule_common+0x5e/0xc0 [ 183.426436][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 183.431288][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 183.436228][ T2574] ? preempt_schedule_thunk+0x16/0x18 [ 183.441597][ T2574] ? trace_hardirqs_on+0x55/0x230 [ 183.446625][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 183.451476][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 183.456328][ T2574] end_report+0x4d/0x53 [ 183.460484][ T2574] kasan_report.cold+0xd/0x37 [ 183.465157][ T2574] ? __mutex_lock+0x1033/0x13c0 [ 183.470008][ T2574] __mutex_lock+0x1033/0x13c0 [ 183.474688][ T2574] ? print_usage_bug+0x240/0x240 [ 183.479623][ T2574] ? mousedev_cleanup+0x21/0x180 [ 183.484599][ T2574] ? trace_hardirqs_off+0x50/0x220 [ 183.489907][ T2574] ? mutex_trylock+0x2c0/0x2c0 [ 183.494691][ T2574] ? mark_held_locks+0x9f/0xe0 [ 183.499455][ T2574] ? kfree+0x1eb/0x2b0 [ 183.503529][ T2574] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 183.509515][ T2574] ? kfree_const+0x51/0x60 [ 183.514017][ T2574] ? dev_attr_show+0x90/0x90 [ 183.518606][ T2574] ? mousedev_cleanup+0x21/0x180 [ 183.523557][ T2574] mousedev_cleanup+0x21/0x180 [ 183.528325][ T2574] mousedev_destroy+0x28/0xa0 [ 183.533005][ T2574] __input_unregister_device+0x1b0/0x430 [ 183.538636][ T2574] input_unregister_device+0xb4/0xf0 [ 183.543924][ T2574] hidinput_disconnect+0x15e/0x3d0 [ 183.549036][ T2574] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 183.554578][ T2574] hid_disconnect+0x13f/0x1a0 [ 183.559343][ T2574] hid_device_remove+0x186/0x240 [ 183.564280][ T2574] ? hid_compare_device_paths+0xc0/0xc0 [ 183.569831][ T2574] device_release_driver_internal+0x231/0x500 [ 183.575893][ T2574] bus_remove_device+0x2dc/0x4a0 [ 183.580831][ T2574] device_del+0x481/0xd30 [ 183.585165][ T2574] ? device_link_add_missing_supplier_links+0x370/0x370 [ 183.592099][ T2574] ? mark_held_locks+0x9f/0xe0 [ 183.596860][ T2574] ? _raw_spin_unlock_irq+0x1f/0x80 [ 183.602077][ T2574] hid_destroy_device+0xe1/0x150 [ 183.607013][ T2574] usbhid_disconnect+0x9f/0xe0 [ 183.611782][ T2574] usb_unbind_interface+0x1bd/0x8a0 [ 183.617055][ T2574] ? __pm_runtime_idle+0xd1/0x320 [ 183.622069][ T2574] ? usb_autoresume_device+0x60/0x60 [ 183.627334][ T2574] device_release_driver_internal+0x432/0x500 [ 183.633379][ T2574] bus_remove_device+0x2dc/0x4a0 [ 183.638382][ T2574] device_del+0x481/0xd30 [ 183.642690][ T2574] ? device_link_add_missing_supplier_links+0x370/0x370 [ 183.650772][ T2574] ? usb_remove_ep_devs+0x3e/0x80 [ 183.655774][ T2574] ? remove_intf_ep_devs+0x13f/0x1d0 [ 183.661037][ T2574] usb_disable_device+0x211/0x690 [ 183.666039][ T2574] usb_disconnect+0x284/0x8d0 [ 183.670704][ T2574] hub_event+0x17ca/0x38f0 [ 183.675105][ T2574] ? hub_port_debounce+0x260/0x260 [ 183.680452][ T2574] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 183.686334][ T2574] ? debug_smp_processor_id+0x2f/0x185 [ 183.691802][ T2574] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 183.697333][ T2574] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 183.703290][ T2574] process_one_work+0x965/0x16a0 [ 183.708211][ T2574] ? lock_release+0x800/0x800 [ 183.712864][ T2574] ? pwq_dec_nr_in_flight+0x310/0x310 [ 183.718219][ T2574] ? rwlock_bug.part.0+0x90/0x90 [ 183.723135][ T2574] worker_thread+0x7ab/0xe20 [ 183.727703][ T2574] ? process_one_work+0x16a0/0x16a0 [ 183.732878][ T2574] kthread+0x3b5/0x4a0 [ 183.736921][ T2574] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 183.742641][ T2574] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 183.748336][ T2574] ret_from_fork+0x24/0x30 [ 183.754875][ T2574] Kernel Offset: disabled [ 183.759187][ T2574] Rebooting in 86400 seconds..