[ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ *** ] A start job is running for OpenBSD …Shell server (1min 24s / 2min 43s) [ *** ] A start job is running for OpenBSD …Shell server (1min 25s / 2min 43s) [ ***] A start job is running for OpenBSD …Shell server (1min 25s / 2min 43s) [ **] A start job is running for OpenBSD …Shell server (1min 26s / 2min 43s) [ *] A start job is running for OpenBSD …Shell server (1min 28s / 2min 57s) [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2020/09/11 07:06:40 fuzzer started 2020/09/11 07:06:40 dialing manager at 10.128.0.26:39603 2020/09/11 07:06:41 syscalls: 3168 2020/09/11 07:06:41 code coverage: enabled 2020/09/11 07:06:41 comparison tracing: enabled 2020/09/11 07:06:41 extra coverage: enabled 2020/09/11 07:06:41 setuid sandbox: enabled 2020/09/11 07:06:41 namespace sandbox: enabled 2020/09/11 07:06:41 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/11 07:06:41 fault injection: enabled 2020/09/11 07:06:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/11 07:06:41 net packet injection: enabled 2020/09/11 07:06:41 net device setup: enabled 2020/09/11 07:06:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/11 07:06:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/11 07:06:41 USB emulation: enabled 2020/09/11 07:06:41 hci packet injection: enabled 07:11:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x7, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x4c}, [@map, @map]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x1000, &(0x7f0000000280)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) syzkaller login: [ 435.998268][ T8499] IPVS: ftp: loaded support on port[0] = 21 [ 436.466064][ T8499] chnl_net:caif_netlink_parms(): no params data found [ 436.590909][ T8499] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.598179][ T8499] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.607913][ T8499] device bridge_slave_0 entered promiscuous mode [ 436.630186][ T8499] bridge0: port 2(bridge_slave_1) entered blocking state [ 436.637447][ T8499] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.646971][ T8499] device bridge_slave_1 entered promiscuous mode [ 436.693798][ T8499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 436.710773][ T8499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 436.756795][ T8499] team0: Port device team_slave_0 added [ 436.770405][ T8499] team0: Port device team_slave_1 added [ 436.811594][ T8499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.818689][ T8499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.845603][ T8499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.861569][ T8499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.868651][ T8499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.895005][ T8499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.955470][ T8499] device hsr_slave_0 entered promiscuous mode [ 436.965561][ T8499] device hsr_slave_1 entered promiscuous mode [ 437.272298][ T8499] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 437.323105][ T8499] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 437.359039][ T8499] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 437.385700][ T8499] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 437.688204][ T8499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 437.726916][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 437.736862][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 437.763775][ T8499] 8021q: adding VLAN 0 to HW filter on device team0 [ 437.789051][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 437.800659][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 437.810229][ T3774] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.817462][ T3774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 437.859337][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 437.868447][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 437.878933][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 437.879856][ T26] Bluetooth: hci0: command 0x0409 tx timeout [ 437.888125][ T3774] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.900643][ T3774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 437.911273][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 437.943975][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 437.965653][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 437.976981][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 438.019501][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 438.030030][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 438.040520][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 438.050946][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 438.060652][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 438.081153][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 438.090385][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 438.108865][ T8499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 438.185257][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 438.193556][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 438.234315][ T8499] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 438.301644][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 438.312371][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 438.385693][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 438.396041][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 438.425892][ T8499] device veth0_vlan entered promiscuous mode [ 438.435982][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 438.445565][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 438.503676][ T8499] device veth1_vlan entered promiscuous mode [ 438.604583][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 438.615054][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 438.657701][ T8499] device veth0_macvtap entered promiscuous mode [ 438.693259][ T8499] device veth1_macvtap entered promiscuous mode [ 438.753501][ T8499] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 438.761812][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 438.771443][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 438.781018][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 438.791178][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 438.847848][ T8499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 438.859118][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 438.869342][ T3774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 07:11:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x15, 0x0, 0x0, 0xfffff000}, {0x6}]}, 0x10) 07:11:33 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x50, 0x0, 0x0, 0xfffff000}, {0x6}]}, 0x10) 07:11:33 executing program 0: syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') 07:11:33 executing program 0: [ 439.948801][ T3223] Bluetooth: hci0: command 0x041b tx timeout 07:11:34 executing program 0: 07:11:34 executing program 0: sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000040)=ANY=[@ANYBLOB="14010400100027"], 0x1}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000002060000000000000000000000000000120003006269746d61703a69702c6d61630000000900020073797a3100000000100007939c20feb8805688be39800c00"], 0x44}}, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc008551b, &(0x7f00000000c0)={0x5, 0x24, [0x7, 0x8, 0xffffffff, 0x4, 0xffff29f8, 0x1, 0x1, 0x4, 0x10001]}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000207000000000000000000000000000028df0780ff0f0000000000001800"], 0x1}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000000)=ANY=[@ANYBLOB="14800000100001000000000000f0ffff000000e937000000"], 0x1}}, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfe, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", "", ""]}, 0x28}}, 0x4) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='E', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) [ 440.457869][ T8735] netlink: 24433 bytes leftover after parsing attributes in process `syz-executor.0'. [ 440.468112][ T8735] device vlan0 entered promiscuous mode 07:11:34 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x46d, 0xc71b, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x3, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4005}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x10, 0xfd}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x7, 0x4, 0x2}}]}}}]}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x22100, 0x0) ioctl$DRM_IOCTL_MODE_GETGAMMA(r1, 0xc02064a4, &(0x7f0000000140)={0x3, 0x1, &(0x7f0000000080)=[0x0], &(0x7f00000000c0), &(0x7f00000000c0)}) syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000001940)={0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="0000cf000000cf"], 0x0}, 0x0) [ 441.038900][ T3223] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 441.419295][ T3223] usb 1-1: config 0 interface 0 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.430916][ T3223] usb 1-1: config 0 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 441.444393][ T3223] usb 1-1: config 0 interface 0 has no altsetting 0 [ 441.451220][ T3223] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.40 [ 441.460493][ T3223] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.532169][ T3223] usb 1-1: config 0 descriptor?? [ 441.799701][ T3223] usb 1-1: string descriptor 0 read error: -71 [ 441.815152][ T3223] usbhid 1-1:0.0: can't add hid device: -22 [ 441.822283][ T3223] usbhid: probe of 1-1:0.0 failed with error -22 [ 441.884466][ T3223] usb 1-1: USB disconnect, device number 2 [ 442.029191][ T8716] Bluetooth: hci0: command 0x040f tx timeout [ 442.758775][ T8716] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 443.120246][ T8716] usb 1-1: config 0 interface 0 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.131669][ T8716] usb 1-1: config 0 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 443.145098][ T8716] usb 1-1: config 0 interface 0 has no altsetting 0 [ 443.152565][ T8716] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.40 [ 443.161859][ T8716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.245651][ T8716] usb 1-1: config 0 descriptor?? 07:11:37 executing program 1: r0 = syz_open_dev$vcsu(&(0x7f0000000000)='/dev/vcsu#\x00', 0x8, 0x103000) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x3, 0x3, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x7ab3}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffb, 0x7fff}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x80}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0xf1}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000200)={0x10200, 0x2, 0x3000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) tgkill(r2, 0x0, 0x2c) r3 = signalfd4(r0, &(0x7f0000002280)={[0x16]}, 0x8, 0x800) ioctl$HIDIOCINITREPORT(r3, 0x4805, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000002400)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002300)={0x90, 0x2, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x3f}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x80000001}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x3}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x81}, @IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xc}]}, 0x90}, 0x1, 0x0, 0x0, 0x4044}, 0x20000000) ioctl$NBD_SET_SIZE(r3, 0xab02, 0x197) read$FUSE(r3, &(0x7f0000002440)={0x2020, 0x0, 0x0}, 0x2020) newfstatat(0xffffffffffffff9c, &(0x7f0000004480)='./file0\x00', &(0x7f00000044c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400) write$FUSE_ENTRY(r3, &(0x7f0000004540)={0x90, 0xffffffffffffffda, r4, {0x3, 0x3, 0x6, 0x19, 0x2, 0x9, {0x4, 0x4, 0x73c, 0x7ff, 0xf46c, 0x7ff, 0x5, 0x9, 0x491c, 0xc000, 0x3, r1, r5, 0x9bbe, 0x1}}}, 0x90) sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f00000046c0)={&(0x7f0000004600)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000004680)={&(0x7f0000004640)={0x34, 0x3, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x3}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x101}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x8000000000000003, 0x1}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000801) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r0, 0xf505, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000004700)={r0, 0x94f4, 0x80000000, r0}) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000004940)='/proc/partitions\x00', 0x0, 0x0) sendmsg$BATADV_CMD_GET_VLAN(r6, &(0x7f0000004a80)={&(0x7f0000004980)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000004a40)={&(0x7f00000049c0)={0x54, 0x0, 0x41c, 0x70bd26, 0x5, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3d2a}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7f}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10001}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xb0d}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040040}, 0x20000080) clock_gettime(0x0, &(0x7f0000004ac0)={0x0, 0x0}) write$input_event(r0, &(0x7f0000004b00)={{r7, r8/1000+10000}, 0x5, 0x1, 0x236}, 0x18) [ 443.520275][ T8716] usb 1-1: string descriptor 0 read error: -71 [ 443.534982][ T8716] usbhid 1-1:0.0: can't add hid device: -22 [ 443.541552][ T8716] usbhid: probe of 1-1:0.0 failed with error -22 [ 443.635424][ T8716] usb 1-1: USB disconnect, device number 3 07:11:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$caif_stream(0x25, 0x1, 0x5) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000000000)=0xe8) setsockopt$sock_void(r1, 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7}], 0x1c) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006272696467650000180002800a0014000180c2000002000006000900000000000d9e7b2e2f71bebbdad2a65ae1eef587022933384697cbbfe5a24ea897d2982e5a20fbf6940c1a10acbe7a4800e3e75a7e9bc2bcee489a144e0ae718711c5a6fdbe0cffd36dd06a28e9b2c1f0ce8c39247d15c55c84c23a09fb2839d36d2f4f747dd2275c236026a16e789dccec704367a71de86683bc79d88ac5405e2428f75837250f881f27752ea37e748bbc557563e20cf2baf2044a8d1ff44ef3bf5a8deb1af557686969ebede36c533e4840167e119857b2e4a452396d3a802c9e5d012713c8964dbd3f72e5b70250efdbc0fad3bb03164"], 0x48}}, 0x0) [ 444.109573][ T8716] Bluetooth: hci0: command 0x0419 tx timeout 07:11:38 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000900002003041cc304000000000109022400010000a0000904000001"], 0x0) r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x0, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x29, 0x1c, {0xf, 0x29, 0x1, 0x0, 0x3, 0x0, "c09893e1", "00eac917"}}, 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x76) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, &(0x7f0000000100)={0x20, 0xe}, 0x0, 0x0, 0x0, 0x0}) [ 444.529137][ T8716] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 444.769338][ T8716] usb 1-1: Using ep0 maxpacket: 16 [ 444.910043][ T8716] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 444.923134][ T8716] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 444.932610][ T8716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.985839][ T8716] usb 1-1: config 0 descriptor?? [ 445.036494][ T8716] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 445.232890][ T8716] usb 1-1: USB disconnect, device number 4 [ 445.314583][ T8798] IPVS: ftp: loaded support on port[0] = 21 [ 445.869095][ T8716] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 445.915955][ T8798] chnl_net:caif_netlink_parms(): no params data found [ 446.070613][ T8798] bridge0: port 1(bridge_slave_0) entered blocking state [ 446.077966][ T8798] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.087697][ T8798] device bridge_slave_0 entered promiscuous mode [ 446.114123][ T8798] bridge0: port 2(bridge_slave_1) entered blocking state [ 446.122634][ T8798] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.132857][ T8798] device bridge_slave_1 entered promiscuous mode [ 446.139290][ T8716] usb 1-1: Using ep0 maxpacket: 32 [ 446.196859][ T8798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 446.218225][ T8798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 446.272422][ T8798] team0: Port device team_slave_0 added [ 446.273529][ T8716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 446.289914][ T8716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 446.291221][ T8798] team0: Port device team_slave_1 added [ 446.299984][ T8716] usb 1-1: New USB device found, idVendor=0403, idProduct=c31c, bcdDevice= 0.04 [ 446.314723][ T8716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.370372][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 446.377483][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 446.380763][ T8716] usb 1-1: config 0 descriptor?? [ 446.404186][ T8798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 446.448009][ T8798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 446.455358][ T8798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 446.480366][ T8716] hub 1-1:0.0: USB hub found [ 446.483302][ T8798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 446.556052][ T8798] device hsr_slave_0 entered promiscuous mode [ 446.569831][ T8798] device hsr_slave_1 entered promiscuous mode [ 446.587690][ T8798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 446.596522][ T8798] Cannot create hsr debugfs directory [ 446.662699][ T8783] udc-core: couldn't find an available UDC or it's busy [ 446.670032][ T8783] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 446.820230][ T8716] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 446.836669][ T8716] usbhid 1-1:0.0: can't add hid device: -22 [ 446.843085][ T8716] usbhid: probe of 1-1:0.0 failed with error -22 [ 446.952236][ T8716] usb 1-1: USB disconnect, device number 5 [ 447.057680][ T8798] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 447.071216][ T3223] Bluetooth: hci1: command 0x0409 tx timeout [ 447.077802][ T8798] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 447.106238][ T8798] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 447.144655][ T8798] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 447.510872][ T8798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.547215][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 447.557270][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 447.580882][ T8798] 8021q: adding VLAN 0 to HW filter on device team0 [ 447.592595][ T8716] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 447.606508][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 447.616901][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 447.626483][ T8713] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.633895][ T8713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 447.692597][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 447.702155][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 447.712225][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 447.722162][ T8713] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.729555][ T8713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 447.738744][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 447.749900][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 447.760917][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 447.771549][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 447.804656][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 447.814494][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 447.825417][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 447.845045][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 447.855758][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 447.869764][ T8716] usb 1-1: Using ep0 maxpacket: 16 [ 447.881728][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 447.891715][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 447.915911][ T8798] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 448.011494][ T8716] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 448.024528][ T8716] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 448.033857][ T8716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.050566][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 448.058529][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 448.091133][ T8798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 448.103993][ T8716] usb 1-1: config 0 descriptor?? [ 448.157171][ T8716] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 448.225382][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 448.236270][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 448.329502][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 448.339630][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 448.380556][ T8798] device veth0_vlan entered promiscuous mode [ 448.400666][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 448.410179][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 07:11:42 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = memfd_create(&(0x7f0000000500)='\\\x9c\xe4r\xc9e\xcb\xa1\xfbo/\x06\x00\xb6!\x8dU\x16\x1a\x00\x00\x00\x00\xd5\x95j\xa3sH\x93\x17\xaa\x9d\xe3\\\xb5\x12\x8bIB\x95\x1aZ\xc4g\xe3\xee\xc6\xb7,Q\x05\x00qU\x81\x1d\x0fB\xedcmy\x17{\xe6\xf9\xf5\xfd\x0f\t\x862\x90)#%\xf9Z\xed\xbd\x11Pk\xe0\x11?W+\x9b\x8a\x1b\x92\xea-\xda\xdd\x96\x14\x7f\xc6\xb4\x9c\xe6I\"\xd2\xe2.\xe6\x83I%\xa8\xd1\xe3\xa1I;\x1e]\x8c\xde\xe1\xef\xe1TX?\xb7\xfc#\xf4\xfc\x9a4\xbck$\xef\xb0\xea\x0e\xfd\xe8M\xf1\np\x18G\x01L62\xc54\xbf\xd6\x1c\x10&5\x1c\x94\xdc\xc3\x96\xd6`\t\x98hO\xe2\xd1O\b\x97,\x02\x00\xcc\x8cG5\x92f\xcb^\x13\x8c\xcc\n\xcfB\x82\xb0|\r\x88k(\x13\x7fp\xd4\x17\xd5\xe2\x00\x14\x82\xdf\xd3\x9b\x9c\x89\xbc\xb6\a\xd4t\x03\xad\x8c\x05:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf5\xff\xff\xff\xff\xff\xd9\x9c9\xbe$qD+\xbfH\x01\x8c\x95\x1b\x03\x00q\xady\x92\xe4n\x82\xe3I|H\xab\xf7\x95\xdc\x94\xa5\x8ag\xea]e\xd4>C\xf9\x00\x8e\xc6l02\xfbN-\xd8b\xed\xe3\x16\xc7\xbe\xb5}B\xf8\xd4?\xea\xb5r\xeb\x15\x8d`\xca\xa5\xa2\xb2\x19/\xc4\xc6\x80\x93$\xd1R)o\v\xc7d\xfb\xd4I\xf4\xd5\x16\xa4R\xc7\"\xfb\xff\x7f\xfc\xce\xa9\xfd(\xdc\x9c\x01o\x0e\x9e\xc2\x14\x1f\x86\x99\xda\x8b9\x01Tx_\x9f\xb4\xf2\xb3@\xf2\x93\xe5.XkF(\x8b\x1fyl\x9b_\xc4\xae!\x93\x12NT\xbb^\x88_(#M9\xf8\x1a\x8f\x1d\x12\xfft\x12\xce\xfa\xf2u\x8aX&i!\x03?`>\\\xcd\x8e\x8a\x8b\xd9\xd6<\xe1\x13\xa6\x7f\xa3\xff\a|z\xd4\x14\xb4\x00\x00', 0x0) write(r1, &(0x7f00000003c0)='i', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, &(0x7f0000000100)) [ 448.443182][ T8798] device veth1_vlan entered promiscuous mode [ 448.452273][ T8713] usb 1-1: USB disconnect, device number 6 [ 448.561991][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 448.604273][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 448.613860][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 448.625094][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.646844][ T8798] device veth0_macvtap entered promiscuous mode [ 448.727561][ T8798] device veth1_macvtap entered promiscuous mode 07:11:42 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x6, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1}) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0505611, &(0x7f0000000080)={0x0, 0x9, 0x0, "c74e81e844be6e8ab500000000000000020900", 0x3077230}) [ 448.808571][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 448.819218][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.832869][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 448.851028][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 448.860879][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 448.870332][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 448.880205][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 448.918720][ T8798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 448.930683][ T8798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.944387][ T8798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 448.959060][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 448.969233][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 449.111732][ T9045] ===================================================== [ 449.118839][ T9045] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 449.126321][ T9045] CPU: 0 PID: 9045 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 449.134915][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 449.144982][ T9045] Call Trace: [ 449.148380][ T9045] dump_stack+0x21c/0x280 [ 449.152742][ T9045] kmsan_report+0xf7/0x1e0 [ 449.157322][ T9045] kmsan_internal_check_memory+0x238/0x3d0 [ 449.163253][ T9045] ? should_fail+0x72/0x9e0 [ 449.167788][ T9045] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 449.173977][ T9045] kmsan_copy_to_user+0x81/0x90 [ 449.178917][ T9045] _copy_to_user+0x1d2/0x2b0 [ 449.183750][ T9045] video_usercopy+0x24a9/0x3140 [ 449.188671][ T9045] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 449.194950][ T9045] ? do_vfs_ioctl+0x1248/0x37d0 [ 449.199835][ T9045] video_ioctl2+0x9f/0xb0 [ 449.204205][ T9045] ? video_usercopy+0x3140/0x3140 [ 449.209254][ T9045] v4l2_ioctl+0x255/0x290 [ 449.213614][ T9045] ? v4l2_poll+0x440/0x440 [ 449.218062][ T9045] __se_sys_ioctl+0x319/0x4d0 [ 449.222781][ T9045] __x64_sys_ioctl+0x4a/0x70 [ 449.227484][ T9045] do_syscall_64+0xad/0x160 [ 449.232088][ T9045] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 449.237998][ T9045] RIP: 0033:0x45d5b9 [ 449.241898][ T9045] Code: Bad RIP value. [ 449.245978][ T9045] RSP: 002b:00007f76144a0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 449.254485][ T9045] RAX: ffffffffffffffda RBX: 000000000001bac0 RCX: 000000000045d5b9 [ 449.262475][ T9045] RDX: 0000000020000080 RSI: 00000000c0505611 RDI: 0000000000000003 [ 449.270472][ T9045] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 449.278462][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 449.291690][ T9045] R13: 000000000169fb6f R14: 00007f76144a19c0 R15: 000000000118cf4c [ 449.300595][ T9045] [ 449.302945][ T9045] Local variable ----vb32.i@video_usercopy created at: [ 449.310626][ T9045] video_usercopy+0x20d7/0x3140 [ 449.315509][ T9045] video_usercopy+0x20d7/0x3140 [ 449.320448][ T9045] [ 449.322794][ T9045] Bytes 52-55 of 80 are uninitialized [ 449.328221][ T9045] Memory access of size 80 starts at ffff888031983ce0 [ 449.335650][ T9045] Data copied to user address 0000000020000080 [ 449.341815][ T9045] ===================================================== [ 449.348773][ T9045] Disabling lock debugging due to kernel taint [ 449.354982][ T9045] Kernel panic - not syncing: panic_on_warn set ... [ 449.361604][ T9045] CPU: 0 PID: 9045 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 449.371583][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 449.381638][ T9045] Call Trace: [ 449.384944][ T9045] dump_stack+0x21c/0x280 [ 449.389380][ T9045] panic+0x4d7/0xef7 [ 449.393660][ T9045] ? add_taint+0x17c/0x210 [ 449.398112][ T9045] kmsan_report+0x1df/0x1e0 [ 449.402625][ T9045] kmsan_internal_check_memory+0x238/0x3d0 [ 449.408439][ T9045] ? should_fail+0x72/0x9e0 [ 449.412946][ T9045] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 449.419109][ T9045] kmsan_copy_to_user+0x81/0x90 [ 449.424050][ T9045] _copy_to_user+0x1d2/0x2b0 [ 449.428755][ T9045] video_usercopy+0x24a9/0x3140 [ 449.433663][ T9045] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 449.439910][ T9045] ? do_vfs_ioctl+0x1248/0x37d0 [ 449.444771][ T9045] video_ioctl2+0x9f/0xb0 [ 449.449286][ T9045] ? video_usercopy+0x3140/0x3140 [ 449.454592][ T9045] v4l2_ioctl+0x255/0x290 [ 449.458955][ T9045] ? v4l2_poll+0x440/0x440 [ 449.463406][ T9045] __se_sys_ioctl+0x319/0x4d0 [ 449.468107][ T9045] __x64_sys_ioctl+0x4a/0x70 [ 449.472708][ T9045] do_syscall_64+0xad/0x160 [ 449.477218][ T9045] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 449.483109][ T9045] RIP: 0033:0x45d5b9 [ 449.487006][ T9045] Code: Bad RIP value. [ 449.491070][ T9045] RSP: 002b:00007f76144a0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 449.499484][ T9045] RAX: ffffffffffffffda RBX: 000000000001bac0 RCX: 000000000045d5b9 [ 449.507473][ T9045] RDX: 0000000020000080 RSI: 00000000c0505611 RDI: 0000000000000003 [ 449.515447][ T9045] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 449.523505][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 449.531566][ T9045] R13: 000000000169fb6f R14: 00007f76144a19c0 R15: 000000000118cf4c [ 449.541201][ T9045] Kernel Offset: disabled [ 449.545542][ T9045] Rebooting in 86400 seconds..