Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. 2020/09/11 01:46:12 fuzzer started 2020/09/11 01:46:13 dialing manager at 10.128.0.26:39603 2020/09/11 01:46:13 syscalls: 3168 2020/09/11 01:46:13 code coverage: enabled 2020/09/11 01:46:13 comparison tracing: enabled 2020/09/11 01:46:13 extra coverage: enabled 2020/09/11 01:46:13 setuid sandbox: enabled 2020/09/11 01:46:13 namespace sandbox: enabled 2020/09/11 01:46:13 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/11 01:46:13 fault injection: enabled 2020/09/11 01:46:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/11 01:46:13 net packet injection: enabled 2020/09/11 01:46:13 net device setup: enabled 2020/09/11 01:46:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/11 01:46:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/11 01:46:13 USB emulation: enabled 2020/09/11 01:46:13 hci packet injection: enabled 01:50:57 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0) syzkaller login: [ 432.824183][ T8495] IPVS: ftp: loaded support on port[0] = 21 [ 433.227364][ T8495] chnl_net:caif_netlink_parms(): no params data found [ 433.433005][ T8495] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.440269][ T8495] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.450148][ T8495] device bridge_slave_0 entered promiscuous mode [ 433.464161][ T8495] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.472059][ T8495] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.481893][ T8495] device bridge_slave_1 entered promiscuous mode [ 433.531508][ T8495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.549077][ T8495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.593798][ T8495] team0: Port device team_slave_0 added [ 433.607412][ T8495] team0: Port device team_slave_1 added [ 433.649519][ T8495] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.657621][ T8495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.684108][ T8495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.702055][ T8495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.709648][ T8495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.737264][ T8495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 433.798649][ T8495] device hsr_slave_0 entered promiscuous mode [ 433.808916][ T8495] device hsr_slave_1 entered promiscuous mode [ 434.097421][ T8495] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 434.126040][ T8495] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 434.159306][ T8495] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 434.190173][ T8495] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 434.508682][ T8495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 434.541872][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 434.551522][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 434.572988][ T8495] 8021q: adding VLAN 0 to HW filter on device team0 [ 434.595003][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 434.605127][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 434.616346][ T3216] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.624013][ T3216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.694129][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 434.703691][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 434.713805][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 434.723413][ T3216] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.730798][ T3216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.740001][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 434.751236][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 434.764145][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 434.774698][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 434.781895][ T3673] Bluetooth: hci0: command 0x0409 tx timeout [ 434.786140][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 434.800784][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 434.816110][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 434.834417][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 434.845860][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 434.883273][ T8495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 434.898172][ T8495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 434.912225][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 434.922432][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 434.983061][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 434.991310][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 435.025916][ T8495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 435.087195][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 435.097422][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 435.157673][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 435.168458][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 435.192579][ T8495] device veth0_vlan entered promiscuous mode [ 435.203121][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 435.212741][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 435.242956][ T8495] device veth1_vlan entered promiscuous mode [ 435.254189][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 435.334330][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 435.344525][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 435.366152][ T8495] device veth0_macvtap entered promiscuous mode [ 435.387186][ T8495] device veth1_macvtap entered promiscuous mode [ 435.454092][ T8495] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.462129][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 435.472148][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 435.482869][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 435.493131][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 435.519833][ T8495] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.533113][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 435.543340][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 01:51:02 executing program 0: keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', 0x0, 0x0, 0x0, 0x0) keyctl$link(0x8, 0x0, r0) perf_event_open(&(0x7f00000010c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) dup(0xffffffffffffffff) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) setsockopt$inet_int(r1, 0x0, 0xca, &(0x7f0000000000), 0x10) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xcb, &(0x7f0000000000)=0x10001, 0x10) add_key$user(&(0x7f0000000280)='user\x00', 0x0, &(0x7f0000000000)="03", 0x1, 0xfffffffffffffffd) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x4ffe2, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x200008d4) 01:51:02 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SNAPSHOT_FREE(r0, 0x3305) 01:51:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x3adf) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 01:51:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000005c0)=ANY=[], 0x30) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xa808) [ 436.851753][ T8709] Bluetooth: hci0: command 0x041b tx timeout 01:51:03 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x2, 0x0, &(0x7f0000000300)) 01:51:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="03"]) [ 437.620897][ T8709] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 438.180998][ T8709] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 438.190463][ T8709] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.198505][ T8709] usb 1-1: Product: syz [ 438.202993][ T8709] usb 1-1: Manufacturer: syz [ 438.207800][ T8709] usb 1-1: SerialNumber: syz [ 438.262365][ T8709] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 438.933905][ T3673] Bluetooth: hci0: command 0x040f tx timeout [ 438.970813][ T5] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 439.402287][ T8743] usb 1-1: USB disconnect, device number 2 01:51:06 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001740)=ANY=[@ANYBLOB="12010000fbb930102404009d490b000000010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000840)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000880)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f0000000000)=0x80000000, 0x4) syz_usb_control_io(r0, 0x0, 0x0) [ 440.052244][ T5] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 440.059490][ T5] ath9k_htc: Failed to initialize the device [ 440.070941][ T8743] usb 1-1: ath9k_htc: USB layer deinitialized 01:51:06 executing program 1: fchownat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0xee00, 0x800) r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x2, 0x400) fstat(r0, &(0x7f0000000080)) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f0000000100)={0x9, {{0xa, 0x4e22, 0x8, @private0, 0xe6}}, {{0xa, 0x4e23, 0xda16, @ipv4={[], [], @multicast2}, 0x2}}}, 0x108) r1 = socket$can_j1939(0x1d, 0x2, 0x7) getsockname(r1, &(0x7f0000000240)=@vsock, &(0x7f00000002c0)=0x80) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000300)={0xfffff801, 0x2, @value=0x7}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000340)={0x0, 0x6, 0x6, 0x8, 0x400, 0x7}, &(0x7f0000000380)=0x14) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000003c0)={r2, @in6={{0xa, 0x4e24, 0xfffffffa, @mcast2, 0x4}}}, &(0x7f0000000480)=0x84) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x60, 0x1401, 0x20, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x44000) ioctl$USBDEVFS_SETCONFIGURATION(0xffffffffffffffff, 0x80045505, &(0x7f0000000600)=0x7f) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000640)=0x5) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000ac0)={&(0x7f00000006c0)={0x3cc, 0x20, 0x300, 0x70bd2a, 0x25dfdbfb, {0xe}, [@generic="dd30eb89f8bbe8cbd93206f05ea0a780d20ded4ff0dcb4e002d19eef61fc9a4d2c697986075a9c3569453f188ce4b5aa30d3ca908b346766c58fe835", @generic="9c324ea9f7668e4083c22326ed4a3ad433abd8a33213b3405bbd45bc972781063e278ffd5362e3e5fa3af0235aee", @nested={0x1df, 0x3a, 0x0, 0x1, [@typed={0x8, 0x5f, 0x0, 0x0, @ipv4=@private=0xa010100}, @typed={0x8, 0x2e, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="43dba45da5edb3dbb7d887a37ac6f753df47952b00e7e885954f1fa315b3d04867f28a12abbf9d74ca60733178a61bded29c202e029b48ed886f52a92c74082d6c1a3eb1a5fc2c43e0c849f893b3cf42b91ca3487e50a0fdc0c53e577f1632403265fffc36c0a409e3", @generic="9e2483cf44cb31a19dea45de90f956be5c134c55d429d80174784d25aa4603df7f98d72eee3b1f7a0bfda346a4bec7231707170b27be7f2b2aec8e4e6ee22b25ad9883c5177c5e4eb89bcaa7ec8f99aa85118127adc55317bc986ef8016153716e21040bbc5e3ac0e6d97b6fc022e38c9a1be40d2164fb95065c69399439d8bfcdd59148ea03b0e398d1275cc6b603f67ea29fbd0b94d694f2478f4f9a0cd1db54f7f1fdc1ad68100e1b957dad65256a71d731343c32125502c3d14d6cafecc41b648818ff4ff0d639baf7bae0", @generic="54fada98b557d63b5006c78812b98e8d8024169a50096129b46434ab6e0e014791efbe097ebb037dd82d15bdab71b9bd9b72d1588a00653095712df8f9bc214283b645ddcd8837f3fe7128bbe353ea22a84f19ae2d4808d1395d0e1ad97cca76121a7057e44a6883dcf747bd7e92eba7c32791e082ee86c7e5140a98287d910f6bcb4fed11f95a9b2ce886549f", @typed={0x8, 0x2e, 0x0, 0x0, @ipv4=@private=0xa010101}]}, @generic="4f5201761abf19f5df5afc9a0619a5c5d927f9c4c8a13f855dbdc6649d314d16e77a1fc355f687b9a1c88d0846680a3fcbebc1634d4c2d9999b3892442b4a7389e18e8df904a20a562fa8b22a15ae42682bbc2cd395ab68f134f73bd3caf11ddadf45097c65914b84dd86080196c9606219dc5a8dfebd1add48e5a75f46706176840ec83f5b27b0d89439d5114e60364c1b3ab0ccb14ce706cbb384a141211ef33e6f7586cee9ae89f951779edb6398e475fb12a35fd1796b07d86c86cfaaece65a1eee323755e2ae25c29738793e7d37df40883bdea6abef568c34582ebbc888a1eee36fa4b3034ef9a94b943", @typed={0xc, 0x41, 0x0, 0x0, @u64=0x20}, @nested={0x10, 0x23, 0x0, 0x1, [@typed={0xc, 0x65, 0x0, 0x0, @u64=0x401}]}, @typed={0x8, 0x63, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="ff7c983ac875525b5d25a2aec3ed23b6bfbb4e9ea570e75e039a80b30dd80bc31de53b89701cf01d3660418fbb4ffca6f9288c215c3a766e2047e2050aba069bbdd7b7580ae3f456ad5fdd957137d27abb3fc99fd14f08de057621ac"]}, 0x3cc}, 0x1, 0x0, 0x0, 0x80}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000b40)={@remote, @dev={[], 0x44}, @val={@val={0x9100, 0x1}, {0x8100, 0x5, 0x1}}, {@arp={0x806, @generic={0x5, 0xf7, 0x6, 0x6, 0x1, @dev={[], 0x27}, "812eb58217aa", @empty, "cc681cf0369969ae2daa"}}}}, &(0x7f0000000b80)={0x0, 0x4, [0x4, 0x603, 0xda7, 0xee2]}) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x90, 0x1405, 0x100, 0x70bd27, 0x25dfdbfd, "", [{{0x8, 0x1, 0x2}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x2}}, {{0x8}, {0x8, 0x3, 0x4}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x2}}, {{0x8}, {0x8, 0x3, 0x1}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x3}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4880}, 0x20c1) r3 = syz_open_dev$mouse(&(0x7f0000000d40)='/dev/input/mouse#\x00', 0x5, 0x210803) sendmsg$AUDIT_USER(r3, &(0x7f0000000ec0)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x9c, 0x3ed, 0x800, 0x70bd26, 0x25dfdbfc, "d1b57f68bcc39d5ce66a8181c975c332a1fc1fb1184125534e545061fe666f06ecbd87a91f2b84c492a416bdc4d52a0f79bbb141f5396d8782029ceeb67b8a44daf6f37eed1054955705f12313a0889b820590f669b9fd578a891f27d2f38353dd3c41a0bce4b0167f30cd037b3d214ae9030b9950180e123ac3c49914eef20d96531024190e9ec76f", ["", "", "", "", ""]}, 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x44080) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000f00)='/dev/vcsa\x00', 0x123000, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000f40)=@usbdevfs_connect={0x7}) write$RDMA_USER_CM_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000f80)={0xa, 0x4}, 0xc) [ 440.624625][ T8743] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 440.881019][ T8743] usb 1-1: Using ep0 maxpacket: 16 [ 441.001889][ T8743] usb 1-1: New USB device found, idVendor=0424, idProduct=9d00, bcdDevice= b.49 [ 441.011513][ T8743] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.021718][ T3673] Bluetooth: hci0: command 0x0419 tx timeout [ 441.036069][ T8743] usb 1-1: config 0 descriptor?? [ 441.849443][ T8772] IPVS: ftp: loaded support on port[0] = 21 [ 442.314383][ T8772] chnl_net:caif_netlink_parms(): no params data found [ 442.447551][ T8772] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.455421][ T8772] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.466165][ T8772] device bridge_slave_0 entered promiscuous mode [ 442.481684][ T8772] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.489043][ T8772] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.499255][ T8772] device bridge_slave_1 entered promiscuous mode [ 442.549435][ T8772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 442.566575][ T8772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.616717][ T8772] team0: Port device team_slave_0 added [ 442.633342][ T8772] team0: Port device team_slave_1 added [ 442.677002][ T8772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.684836][ T8772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.711489][ T8772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 442.728186][ T8772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.735946][ T8772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.762537][ T8772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.820619][ T8743] smscufx: Failed to read register index 0x0000700c [ 442.827306][ T8743] smscufx: ufx_reg_clear_and_set_bits error reading 0x700c [ 442.827327][ T8743] smscufx: error clearing PLL1 bypass in 0x700C [ 442.834882][ T8743] smscufx: error -32 configuring system clock [ 442.842426][ T8743] smscufx: probe of 1-1:0.0 failed with error -32 [ 442.879440][ T8772] device hsr_slave_0 entered promiscuous mode [ 442.894728][ T8772] device hsr_slave_1 entered promiscuous mode [ 442.904098][ T8772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 442.912043][ T8772] Cannot create hsr debugfs directory [ 443.197999][ T8772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 443.217830][ T8772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 443.237016][ T8772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 443.254978][ T8772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 443.567346][ T8772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.606069][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 443.615560][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 443.638059][ T8772] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.665822][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 443.676279][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 443.686890][ T8743] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.694355][ T8743] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.762457][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 443.772181][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 443.782215][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 443.791746][ T8743] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.798968][ T8743] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.808173][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 443.819253][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 443.830419][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 443.841146][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 01:51:10 executing program 0: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000376f39082ce1fe093d8f00000001890212000101000000090400000008035000684c86fdd53b720c1552edf9b83818f9f8639e87eaf48dcc7a8c12a24c"], 0x0) pause() [ 443.913787][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 443.923648][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 443.934405][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 443.945383][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 443.955456][ T8743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 444.013484][ T8772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 444.018411][ T8743] Bluetooth: hci1: command 0x0409 tx timeout [ 444.027116][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 444.039735][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 444.049501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 444.063039][ T8743] usb 1-1: USB disconnect, device number 3 [ 444.187136][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 444.195129][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 444.241342][ T8772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.396123][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 444.406413][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 444.452050][ T8743] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 444.477320][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 444.488050][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 444.518372][ T8772] device veth0_vlan entered promiscuous mode [ 444.527797][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 444.537137][ T8708] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 444.576038][ T8772] device veth1_vlan entered promiscuous mode [ 444.663602][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 444.674581][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 444.684334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 444.694426][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 444.721220][ T8772] device veth0_macvtap entered promiscuous mode [ 444.736094][ T8743] usb 1-1: Using ep0 maxpacket: 8 [ 444.754127][ T8772] device veth1_macvtap entered promiscuous mode [ 444.819597][ T8772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 444.831473][ T8772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.845317][ T8772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 444.856150][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 444.866292][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 444.875886][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 444.886247][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 444.909941][ T8772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 444.921290][ T8772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.935052][ T8772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 444.942927][ T8743] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 137 [ 444.951829][ T8743] usb 1-1: can't read configurations, error -22 [ 444.966203][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 444.976387][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 445.149768][ T8743] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 445.470712][ T8743] usb 1-1: Using ep0 maxpacket: 8 [ 445.489081][ T8999] ===================================================== [ 445.496460][ T8999] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 445.503960][ T8999] CPU: 1 PID: 8999 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 445.512576][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.523275][ T8999] Call Trace: [ 445.526592][ T8999] dump_stack+0x21c/0x280 [ 445.530947][ T8999] kmsan_report+0xf7/0x1e0 [ 445.535382][ T8999] kmsan_internal_check_memory+0x238/0x3d0 [ 445.541197][ T8999] ? should_fail+0x72/0x9e0 [ 445.545736][ T8999] kmsan_copy_to_user+0x81/0x90 [ 445.550682][ T8999] _copy_to_user+0x1d2/0x2b0 [ 445.555279][ T8999] move_addr_to_user+0x45e/0x710 [ 445.560241][ T8999] __sys_getsockname+0x407/0x5e0 [ 445.565187][ T8999] ? kmsan_get_metadata+0x116/0x180 [ 445.570496][ T8999] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 445.576300][ T8999] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 445.582460][ T8999] ? __prepare_exit_to_usermode+0x16c/0x560 [ 445.588359][ T8999] __se_sys_getsockname+0x91/0xb0 [ 445.593580][ T8999] __x64_sys_getsockname+0x4a/0x70 [ 445.598865][ T8999] do_syscall_64+0xad/0x160 [ 445.603453][ T8999] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.609348][ T8999] RIP: 0033:0x45d5b9 [ 445.613240][ T8999] Code: Bad RIP value. [ 445.617295][ T8999] RSP: 002b:00007f9bd47edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000033 [ 445.625699][ T8999] RAX: ffffffffffffffda RBX: 0000000000004700 RCX: 000000000045d5b9 [ 445.633667][ T8999] RDX: 00000000200002c0 RSI: 0000000020000240 RDI: 0000000000000004 [ 445.641639][ T8999] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 445.649630][ T8999] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 445.657600][ T8999] R13: 000000000169fb6f R14: 00007f9bd47ee9c0 R15: 000000000118cf4c [ 445.665575][ T8999] [ 445.667910][ T8999] Local variable ----address@__sys_getsockname created at: [ 445.675366][ T8999] __sys_getsockname+0x91/0x5e0 [ 445.680378][ T8999] __sys_getsockname+0x91/0x5e0 [ 445.686252][ T8999] [ 445.688574][ T8999] Bytes 2-3 of 24 are uninitialized [ 445.693774][ T8999] Memory access of size 24 starts at ffff888031967de8 [ 445.700517][ T8999] Data copied to user address 0000000020000240 [ 445.706651][ T8999] ===================================================== [ 445.713680][ T8999] Disabling lock debugging due to kernel taint [ 445.720878][ T8999] Kernel panic - not syncing: panic_on_warn set ... [ 445.727463][ T8999] CPU: 1 PID: 8999 Comm: syz-executor.1 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 445.737420][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.747824][ T8999] Call Trace: [ 445.751205][ T8999] dump_stack+0x21c/0x280 [ 445.755533][ T8999] panic+0x4d7/0xef7 [ 445.759432][ T8999] ? add_taint+0x17c/0x210 [ 445.763955][ T8999] kmsan_report+0x1df/0x1e0 [ 445.768556][ T8999] kmsan_internal_check_memory+0x238/0x3d0 [ 445.774368][ T8999] ? should_fail+0x72/0x9e0 [ 445.779010][ T8999] kmsan_copy_to_user+0x81/0x90 [ 445.783867][ T8999] _copy_to_user+0x1d2/0x2b0 [ 445.788651][ T8999] move_addr_to_user+0x45e/0x710 [ 445.793690][ T8999] __sys_getsockname+0x407/0x5e0 [ 445.798733][ T8999] ? kmsan_get_metadata+0x116/0x180 [ 445.803939][ T8999] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 445.811235][ T8999] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 445.817380][ T8999] ? __prepare_exit_to_usermode+0x16c/0x560 [ 445.823740][ T8999] __se_sys_getsockname+0x91/0xb0 [ 445.828865][ T8999] __x64_sys_getsockname+0x4a/0x70 [ 445.833971][ T8999] do_syscall_64+0xad/0x160 [ 445.838584][ T8999] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 445.844648][ T8999] RIP: 0033:0x45d5b9 [ 445.848533][ T8999] Code: Bad RIP value. [ 445.852692][ T8999] RSP: 002b:00007f9bd47edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000033 [ 445.861104][ T8999] RAX: ffffffffffffffda RBX: 0000000000004700 RCX: 000000000045d5b9 [ 445.869106][ T8999] RDX: 00000000200002c0 RSI: 0000000020000240 RDI: 0000000000000004 [ 445.877079][ T8999] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 445.885044][ T8999] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 445.893033][ T8999] R13: 000000000169fb6f R14: 00007f9bd47ee9c0 R15: 000000000118cf4c [ 445.903041][ T8999] Kernel Offset: disabled [ 445.907378][ T8999] Rebooting in 86400 seconds..