Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

2020/08/26 03:07:47 fuzzer started
2020/08/26 03:07:48 dialing manager at 10.128.0.26:46369
2020/08/26 03:07:48 syscalls: 3310
2020/08/26 03:07:48 code coverage: enabled
2020/08/26 03:07:48 comparison tracing: enabled
2020/08/26 03:07:48 extra coverage: enabled
2020/08/26 03:07:48 setuid sandbox: enabled
2020/08/26 03:07:48 namespace sandbox: enabled
2020/08/26 03:07:48 Android sandbox: enabled
2020/08/26 03:07:48 fault injection: enabled
2020/08/26 03:07:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/08/26 03:07:48 net packet injection: enabled
2020/08/26 03:07:48 net device setup: enabled
2020/08/26 03:07:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/08/26 03:07:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/08/26 03:07:48 USB emulation: enabled
2020/08/26 03:07:48 hci packet injection: enabled
03:10:57 executing program 0:

syzkaller login: [  364.029633][   T28] audit: type=1400 audit(1598411457.831:8): avc:  denied  { execmem } for  pid=8498 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  365.539256][ T8499] IPVS: ftp: loaded support on port[0] = 21
[  366.176429][ T8499] chnl_net:caif_netlink_parms(): no params data found
[  366.370509][ T8499] bridge0: port 1(bridge_slave_0) entered blocking state
[  366.377964][ T8499] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.388815][ T8499] device bridge_slave_0 entered promiscuous mode
[  366.403891][ T8499] bridge0: port 2(bridge_slave_1) entered blocking state
[  366.411855][ T8499] bridge0: port 2(bridge_slave_1) entered disabled state
[  366.421651][ T8499] device bridge_slave_1 entered promiscuous mode
[  366.477577][ T8499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  366.495687][ T8499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  366.549216][ T8499] team0: Port device team_slave_0 added
[  366.565315][ T8499] team0: Port device team_slave_1 added
[  366.616839][ T8499] batman_adv: batadv0: Adding interface: batadv_slave_0
[  366.623925][ T8499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  366.650888][ T8499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  366.699822][ T8499] batman_adv: batadv0: Adding interface: batadv_slave_1
[  366.707286][ T8499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  366.733512][ T8499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  366.806959][ T8499] device hsr_slave_0 entered promiscuous mode
[  366.818737][ T8499] device hsr_slave_1 entered promiscuous mode
[  367.186746][ T8499] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  367.208567][ T8499] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  367.229376][ T8499] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  367.251487][ T8499] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  367.474687][ T3227] Bluetooth: hci0: command 0x0409 tx timeout
[  367.610538][ T8499] 8021q: adding VLAN 0 to HW filter on device bond0
[  367.657220][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  367.666617][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  367.691309][ T8499] 8021q: adding VLAN 0 to HW filter on device team0
[  367.720269][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  367.732635][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  367.742361][ T3227] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.749902][ T3227] bridge0: port 1(bridge_slave_0) entered forwarding state
[  367.810780][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  367.820433][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  367.831302][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  367.840907][ T3227] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.848271][ T3227] bridge0: port 2(bridge_slave_1) entered forwarding state
[  367.857471][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  367.868682][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  367.905615][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  367.916978][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  367.933346][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  367.944448][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  367.955425][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  367.987872][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  367.997903][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  368.007889][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  368.017873][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  368.050889][ T8499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  368.116589][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  368.125115][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  368.163714][ T8499] 8021q: adding VLAN 0 to HW filter on device batadv0
[  368.239755][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  368.250850][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  368.322978][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  368.333454][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  368.361331][ T8499] device veth0_vlan entered promiscuous mode
[  368.371360][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  368.380953][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  368.433828][ T8499] device veth1_vlan entered promiscuous mode
[  368.519754][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  368.529939][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  368.539753][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  368.549963][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  368.575522][ T8499] device veth0_macvtap entered promiscuous mode
[  368.598919][ T8499] device veth1_macvtap entered promiscuous mode
[  368.667325][ T8499] batman_adv: batadv0: Interface activated: batadv_slave_0
[  368.675391][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  368.685967][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  368.695951][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  368.707123][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  368.735901][ T8499] batman_adv: batadv0: Interface activated: batadv_slave_1
[  368.759394][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  368.770607][ T4860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
03:11:03 executing program 0:

03:11:03 executing program 0:

[  369.554865][ T4860] Bluetooth: hci0: command 0x041b tx timeout
03:11:03 executing program 0:

03:11:03 executing program 0:

03:11:03 executing program 0:

03:11:04 executing program 0:
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, &(0x7f0000000040))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x1c}, {0x16}]})

[  370.630016][   T28] audit: type=1326 audit(1598411464.431:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8736 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf7fd6549 code=0x0
03:11:05 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000900)={0x1, [<r1=>0x0]}, &(0x7f0000000940)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x7d, &(0x7f00000000c0)={r1}, &(0x7f0000000100)=0x8)
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}], 0x1c)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRESHEX=r2, @ANYBLOB="59773ab41bc001a166dc28f5d2254b88bec6f0c6b3f615892588ce3d519cfa643c8e667d5a6f856a40b15f21d7467b9251628e72e12bf6d852f2474786e1532aa2d25aae8211b09171680508b37f2cc84b4fa3d7f1fa77bdf5d8c3c08a337bde73b7c439c3a829fb88eec339d7406689e2c501d3df4610f001214ef609e576b04d282ced0e510f65a51d1d43bdf8ece6c2e1d56981764cc2b16f855ef98854f14ef8abcadeca32f1b733fb0ee6e187924d224fb24b921072b8fc4a32f8548705e8b730c82e77861d823ddc8bd472b05b92f6e2ecbafdd692cdd5eb"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="18000000000061152480000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x3b)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, &(0x7f00000000c0)={0x0, {0x4, 0x1}})
recvmmsg(r4, &(0x7f00000026c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00'})
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000300)='bbr\x00', 0x4)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="08000000f7009623137502091fef773258f6ac16a7d40fe3ad28d6c8"], 0x0}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000200)="75b855b16c22c0715a38c010991340718ae4a3af9c5007fc807626a8e3ce2a006e72f201656abb098a60d52da576dc593b9e1084951f81acdc05cd1c9308d58ed332", 0x42, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(0xffffffffffffffff, 0xc01064ac, &(0x7f00000002c0)={r6, 0x9, &(0x7f0000000280)=""/9})

[  371.634638][ T8722] Bluetooth: hci0: command 0x040f tx timeout
[  372.065382][ T8722] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  372.334888][ T8722] usb 1-1: device descriptor read/64, error 18
[  372.725035][ T8722] usb 1-1: device descriptor read/64, error 18
[  372.996060][ T8722] usb 1-1: new high-speed USB device number 3 using dummy_hcd
03:11:07 executing program 1:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1, 0x8, 0x606, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0xe0000000}, @CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8, 0x5, 0x1, 0x0, 0x8932}]}]}, 0x30}}, 0x48001)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101801)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000180))
ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f00000001c0)=@bcast)
ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000200))
ppoll(&(0x7f0000000240)=[{r2, 0x3502}, {r0, 0x100}, {r1, 0x400}], 0x3, &(0x7f0000000280)={0x0, 0x989680}, &(0x7f00000002c0)={[0x3f, 0xd603]}, 0x8)
write$FUSE_DIRENT(r0, &(0x7f0000000300)={0x118, 0xfffffffffffffffe, 0x0, [{0x4, 0x4, 0x3, 0xfffffffa, '%*!'}, {0x0, 0x2, 0x4, 0x2f, ')}}/'}, {0x3, 0x6, 0x3, 0xfffffff9, '((^'}, {0x4, 0x10001, 0x3, 0x0, '\xfc]('}, {0x4, 0x9, 0x1, 0x3ff, '!'}, {0x5, 0xff, 0xa, 0x8, '@!\\,(\xee*#]('}, {0x5, 0x401, 0x1, 0x0, '\xbd'}, {0x5, 0x0, 0x2, 0xeca8, '[\''}]}, 0x118)
ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000440))
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000480)={0x15, 0x4, 0x20})
r3 = openat$vcsa(0xffffff9c, &(0x7f00000004c0)='/dev/vcsa\x00', 0x26000, 0x0)
ioctl$PPPIOCGFLAGS(r3, 0x8004745a, &(0x7f0000000500))
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc01cf509, &(0x7f0000000540)={<r4=>r3, 0x7fffffff, 0x1, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r4, 0x40082102, &(0x7f0000000580))
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f00000005c0))
ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc04c5609, &(0x7f00000051c0)={0x9, 0x1, 0x4, 0x8, 0x1ff, {0x77359400}, {0x3, 0x8, 0x1, 0x0, 0x80, 0x4, "7fb802ac"}, 0x9, 0x4, @userptr=0x189b6dce, 0x6, 0x0, <r5=>r4})
ioctl$BTRFS_IOC_BALANCE_CTL(r5, 0x40049421, 0x3)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)
getsockname$llc(0xffffffffffffffff, &(0x7f0000005280)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000052c0)=0x10)

[  373.265332][ T8722] usb 1-1: device descriptor read/64, error 18
[  373.330590][   T28] audit: type=1400 audit(1598411467.131:10): avc:  denied  { execmem } for  pid=8750 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  373.654689][ T8722] usb 1-1: device descriptor read/64, error 18
[  373.716079][ T4860] Bluetooth: hci0: command 0x0419 tx timeout
[  373.775081][ T8722] usb usb1-port1: attempt power cycle
[  374.494723][ T8722] usb 1-1: new high-speed USB device number 4 using dummy_hcd
03:11:08 executing program 0:
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
symlink(&(0x7f0000000280)='.\x00', &(0x7f0000000240)='./file0\x00')
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0/file0\x00')
getcwd(&(0x7f00000002c0)=""/75, 0x4b)
ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000080)={0xc223, 0x2})

[  374.684936][ T8722] usb 1-1: device descriptor read/8, error -71
[  374.881472][ T8751] IPVS: ftp: loaded support on port[0] = 21
[  374.895514][ T8722] usb 1-1: device descriptor read/8, error -71
03:11:08 executing program 0:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket(0x10, 0x2, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nf_conntrack\x00')
sendfile(r0, r1, 0x0, 0x80000005)
getpid()
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0xe42, 0x8d41)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r2 = gettid()
ioprio_get$pid(0x1, r2)
sched_setscheduler(0x0, 0x0, 0x0)
ioctl$CHAR_RAW_RESETZONE(r1, 0x40101283, 0x0)

[  375.463142][ T8751] chnl_net:caif_netlink_parms(): no params data found
[  375.529893][    C0] hrtimer: interrupt took 53878 ns
[  375.793826][ T8751] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.802064][ T8751] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.812014][ T8751] device bridge_slave_0 entered promiscuous mode
[  375.906717][ T8751] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.914167][ T8751] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.923827][ T8751] device bridge_slave_1 entered promiscuous mode
[  376.083751][ T8751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
03:11:10 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='highspeed\x00', 0xa)
sendto$inet(r0, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x0, @broadcast}, 0x10)

[  376.153430][ T8751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.302063][ T8751] team0: Port device team_slave_0 added
[  376.332516][ T8751] team0: Port device team_slave_1 added
[  376.436527][ T8751] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.443615][ T8751] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.469944][ T8751] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.500917][ T8751] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.508142][ T8751] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.534413][ T8751] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.612869][ T8751] device hsr_slave_0 entered promiscuous mode
[  376.622733][ T8751] device hsr_slave_1 entered promiscuous mode
[  376.646373][ T8751] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  376.654107][ T8751] Cannot create hsr debugfs directory
03:11:10 executing program 0:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x4e21, 0x0, @mcast2}}}, 0xd8)
r0 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x227, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f00000005c0)="a5c721feb7c07c0974e600d3baca9cacbdde774c155e1a985d0f802430daa8a7d457c8730cf2a29e28a74bda12deae651c82c78ea855e1525a570c96925acf63fc05548e37b70ea97a582d05bccec83c69841ca4e8e30a7e54d69b8edc7fe709aacf46b4f4f79aa082a86937ff18494508306e5c44511a8823aef31c7c2854f5aca0c37ff291ce88e63298092108cd0a8cbd10020e1a4fcd45f989eaad352b7a121bc0f8cceeedeb7936aca9eb71edaedc8ad12df902c63e29a3614ed2c27a131ecf605efa40204de8c241d59fbba3d52fa7aecf231f2a6563c2d3fcc7d71422c4427c0ce4bf44b2bc919f9cc109073b412e12baa7ffc0546e43692545e1e8dfc8433b8b6855b622519ff9e8839790c8807eb9dea9111c276ee1807a3debf1720167879788d30bc8d6600b667d758cfc04235a97979c852b366d356e0fc9973e5c0266bc6d8eb9c4ae2dc64e17be1a5dfa", 0x151, 0xfffffffffffffffd)
openat$vicodec0(0xffffff9c, &(0x7f0000000100)='/dev/video36\x00', 0x2, 0x0)
r3 = openat$dlm_plock(0xffffff9c, &(0x7f0000000300)='/dev/dlm_plock\x00', 0x6000, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f00000002c0)={0xfffffffe, 0x33363248, 0x0, @stepwise={0x7c, 0x6, 0x9, 0x0, 0x3, 0x6}})
r4 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)="cd", 0x1, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, r1, r2}, 0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={'xxhash64-generic\x00'}})
r5 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x0, r4)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r5, r5}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={'xcbc(anubis-generic)\x00'}})
ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608)

[  376.834590][ T3227] Bluetooth: hci1: command 0x0409 tx timeout
[  377.253536][ T8751] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  377.323860][ T8751] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  377.389046][ T8751] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  377.429165][ T8751] netdevsim netdevsim1 netdevsim3: renamed from eth3
03:11:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40801}, 0x4000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={&(0x7f00000000c0), 0x0, 0x80000, 0x0, <r3=>0xffffffffffffffff})
read$qrtrtun(r3, &(0x7f0000000240)=""/245, 0xf5)
r4 = openat$dlm_monitor(0xffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x2000c2, 0x0)
setsockopt$inet6_MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f0000000380)={{0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, [], 0xd}, 0x5}, {0xa, 0x4e22, 0xffffeb0a, @private2, 0x8000}, 0x0, [0x4, 0x7, 0x1, 0x8, 0x4, 0xd1b7, 0x2, 0x5]}, 0x5c)
r5 = socket(0x18, 0x0, 0x0)
close(r5)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000300)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r8}, 0x18)
connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r8, 0x4}, 0x18)
sendmmsg$alg(r5, &(0x7f00000000c0), 0x4924924924924d8, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x60, 0x10, 0x581, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0x3}, @IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x60}}, 0x0)

[  377.808946][ T8995] =====================================================
[  377.816044][ T8995] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90
[  377.823562][ T8995] CPU: 0 PID: 8995 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  377.832155][ T8995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.842227][ T8995] Call Trace:
[  377.845624][ T8995]  dump_stack+0x21c/0x280
[  377.849995][ T8995]  kmsan_report+0xf7/0x1e0
[  377.854448][ T8995]  kmsan_internal_check_memory+0x238/0x3d0
[  377.860280][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  377.865509][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  377.868193][ T8998] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  377.870756][ T8995]  kmsan_copy_to_user+0x81/0x90
[  377.870856][ T8995]  _copy_to_user+0x18e/0x260
[  377.870987][ T8995]  move_addr_to_user+0x3de/0x670
[  377.894586][ T8995]  __sys_getsockname+0x407/0x5e0
[  377.899637][ T8995]  ? put_old_timespec32+0x231/0x2d0
[  377.904877][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  377.910099][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  377.915325][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  377.920557][ T8995]  __se_sys_getsockname+0x91/0xb0
[  377.925651][ T8995]  __ia32_sys_getsockname+0x4a/0x70
[  377.930937][ T8995]  __do_fast_syscall_32+0x2af/0x480
[  377.936250][ T8995]  do_fast_syscall_32+0x6b/0xd0
[  377.941132][ T8995]  do_SYSENTER_32+0x73/0x90
[  377.945718][ T8995]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  377.952070][ T8995] RIP: 0023:0xf7fd6549
[  377.956150][ T8995] Code: Bad RIP value.
[  377.960229][ T8995] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f
[  377.968663][ T8995] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000100
[  377.976658][ T8995] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000
[  377.984647][ T8995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  377.992639][ T8995] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  377.995386][ T9003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  378.000676][ T8995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.018119][ T8995] 
[  378.020459][ T8995] Local variable ----address@__sys_getsockname created at:
[  378.027677][ T8995]  __sys_getsockname+0x91/0x5e0
[  378.032548][ T8995]  __sys_getsockname+0x91/0x5e0
[  378.037398][ T8995] 
[  378.039735][ T8995] Bytes 2-3 of 20 are uninitialized
[  378.044936][ T8995] Memory access of size 20 starts at ffff888053453d50
[  378.051700][ T8995] Data copied to user address 0000000020000100
[  378.057859][ T8995] =====================================================
[  378.064808][ T8995] Disabling lock debugging due to kernel taint
[  378.070967][ T8995] Kernel panic - not syncing: panic_on_warn set ...
[  378.077590][ T8995] CPU: 0 PID: 8995 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  378.087598][ T8995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  378.097686][ T8995] Call Trace:
[  378.101009][ T8995]  dump_stack+0x21c/0x280
[  378.105450][ T8995]  panic+0x4d7/0xef7
[  378.109395][ T8995]  ? add_taint+0x17c/0x210
[  378.113843][ T8995]  kmsan_report+0x1df/0x1e0
[  378.118383][ T8995]  kmsan_internal_check_memory+0x238/0x3d0
[  378.125083][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  378.130305][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  378.135536][ T8995]  kmsan_copy_to_user+0x81/0x90
[  378.140410][ T8995]  _copy_to_user+0x18e/0x260
[  378.145041][ T8995]  move_addr_to_user+0x3de/0x670
[  378.150192][ T8995]  __sys_getsockname+0x407/0x5e0
[  378.155167][ T8995]  ? put_old_timespec32+0x231/0x2d0
[  378.160471][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  378.165697][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  378.170921][ T8995]  ? kmsan_get_metadata+0x116/0x180
[  378.176153][ T8995]  __se_sys_getsockname+0x91/0xb0
[  378.181212][ T8995]  __ia32_sys_getsockname+0x4a/0x70
[  378.186443][ T8995]  __do_fast_syscall_32+0x2af/0x480
[  378.191678][ T8995]  do_fast_syscall_32+0x6b/0xd0
[  378.196557][ T8995]  do_SYSENTER_32+0x73/0x90
[  378.201108][ T8995]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  378.207448][ T8995] RIP: 0023:0xf7fd6549
[  378.211524][ T8995] Code: Bad RIP value.
[  378.215607][ T8995] RSP: 002b:00000000f55d00cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f
[  378.224064][ T8995] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000100
[  378.232066][ T8995] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000
[  378.240060][ T8995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  378.248084][ T8995] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  378.256079][ T8995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.265232][ T8995] Kernel Offset: disabled
[  378.269564][ T8995] Rebooting in 86400 seconds..