Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. 2020/04/01 12:10:32 fuzzer started 2020/04/01 12:10:40 dialing manager at 10.128.0.26:45123 2020/04/01 12:10:40 syscalls: 2946 2020/04/01 12:10:40 code coverage: enabled 2020/04/01 12:10:40 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/04/01 12:10:40 extra coverage: enabled 2020/04/01 12:10:40 setuid sandbox: enabled 2020/04/01 12:10:40 namespace sandbox: enabled 2020/04/01 12:10:40 Android sandbox: enabled 2020/04/01 12:10:40 fault injection: enabled 2020/04/01 12:10:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/04/01 12:10:40 net packet injection: enabled 2020/04/01 12:10:40 net device setup: enabled 2020/04/01 12:10:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/04/01 12:10:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 12:12:40 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x2, 0x3, 0x228, 0xd8, 0x0, 0xd8, 0x0, 0x0, 0x190, 0x190, 0x190, 0x190, 0x190, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00'}}, {{@ip={@multicast1, @loopback, 0x0, 0x0, 'batadv0\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288) syzkaller login: [ 220.966641][ T32] audit: type=1400 audit(1585743160.584:8): avc: denied { execmem } for pid=8846 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 221.359079][ T8847] IPVS: ftp: loaded support on port[0] = 21 [ 221.598411][ T8847] chnl_net:caif_netlink_parms(): no params data found [ 221.785038][ T8959] modprobe (8959) used greatest stack depth: 3504 bytes left [ 221.865228][ T8847] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.873230][ T8847] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.882577][ T8847] device bridge_slave_0 entered promiscuous mode [ 221.897576][ T8847] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.905226][ T8847] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.914978][ T8847] device bridge_slave_1 entered promiscuous mode [ 221.971753][ T8847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.987742][ T8847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 222.041591][ T8847] team0: Port device team_slave_0 added [ 222.054153][ T8847] team0: Port device team_slave_1 added [ 222.097063][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.104305][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.131534][ T8847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.149340][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.156571][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.182676][ T8847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.405746][ T8847] device hsr_slave_0 entered promiscuous mode [ 222.660195][ T8847] device hsr_slave_1 entered promiscuous mode [ 223.081458][ T8847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 223.199274][ T8847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 223.327268][ T8847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 223.587258][ T8847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 224.007750][ T8847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.034287][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.044113][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.062141][ T8847] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.080558][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.090407][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.099773][ T2313] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.106978][ T2313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.125744][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.136275][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.147943][ T2313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.157338][ T2313] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.164658][ T2313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.181572][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.209793][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.221058][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.231299][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.274351][ T8847] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.285276][ T8847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.303189][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 224.313552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.324073][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.334213][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.343829][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.354051][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.363551][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.383372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.423404][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.431305][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.453569][ T8847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.497605][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.508088][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.553909][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 224.563553][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 224.584268][ T8847] device veth0_vlan entered promiscuous mode [ 224.602050][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 224.611429][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 224.626343][ T8847] device veth1_vlan entered promiscuous mode [ 224.685158][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 224.694626][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 224.704288][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.714327][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.732523][ T8847] device veth0_macvtap entered promiscuous mode [ 224.749710][ T8847] device veth1_macvtap entered promiscuous mode [ 224.792078][ T8847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.802823][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 224.812308][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 224.821798][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 224.831877][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 224.864537][ T8847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.873659][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 224.883981][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 12:12:45 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x30, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x30}}, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="5500000018007f7d00fe01b2a4a280930a600000fca84302910000003900090020000c0003", 0x25}], 0x1}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) [ 225.825802][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.842260][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.860220][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.881562][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.896821][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.913529][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.928771][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.944935][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.965838][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 [ 225.980516][ T9076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9076 comm=syz-executor.0 12:12:45 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4003000000000000, 0x40, &(0x7f0000001340)=ANY=[@ANYBLOB="7261770000004d00005400000000000000000000000000000000000000000000010000000300000020040000d00200000000000000000000d0020000d002000088030000880300008803000088030000880300000300000000000000000000002800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac00000000000000a002d00200000000000000000000000000000000000000003002627066000000000000000000000000000000000000000000000000000001000003000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300053455400000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b8000000000000000000000000000000000000000000480049444c4554494d45520000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff"], 0x1) 12:12:46 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) [ 226.820361][ C0] hrtimer: interrupt took 80122 ns [ 226.837675][ T9082] IPVS: ftp: loaded support on port[0] = 21 [ 227.534262][ T9082] chnl_net:caif_netlink_parms(): no params data found [ 227.743541][ T9082] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.750976][ T9082] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.760629][ T9082] device bridge_slave_0 entered promiscuous mode [ 227.786987][ T9082] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.794523][ T9082] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.803864][ T9082] device bridge_slave_1 entered promiscuous mode [ 227.870047][ T9082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.886741][ T9082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.945313][ T9082] team0: Port device team_slave_0 added [ 227.958929][ T9082] team0: Port device team_slave_1 added [ 228.005194][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.012603][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.038900][ T9082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.059485][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.066572][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.093645][ T9082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 12:12:47 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) [ 228.176165][ T9082] device hsr_slave_0 entered promiscuous mode [ 228.204095][ T9082] device hsr_slave_1 entered promiscuous mode [ 228.230065][ T9082] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.237710][ T9082] Cannot create hsr debugfs directory [ 228.908539][ T9082] netdevsim netdevsim1 netdevsim0: renamed from eth0 12:12:48 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x4000)=nil, 0x4000, 0x0, 0x110, r0, 0xf824b000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0xc7, 0x1, 0x0, 0x0, 0x296, 0x48a69, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4000e72, 0x0, @perf_bp={&(0x7f0000000080)}, 0x4, 0x0, 0x4, 0x5, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x4, r0, 0x2) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0xff, 0x0, 0x0, 0xfd, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000080}, 0x2, 0x0, 0x0, 0x6, 0x0, 0x4360}, 0x0, 0x4, r1, 0x0) dup(0xffffffffffffffff) mkdir(&(0x7f0000000040)='./file1\x00', 0x100) setxattr$system_posix_acl(0x0, &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {}, [], {}, [{}, {}, {}, {}, {}]}, 0x4c, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) r2 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x10008002) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000000)=0x7fffffff) write(r2, &(0x7f0000000140)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b16", 0x2a) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x410a00, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)={0x90, r4, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc01}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200080}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x800, @loopback, 0xc}}, {0x20, 0x2, @in6={0xa, 0x0, 0xe792, @empty, 0x7}}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x1}, 0x40052) io_setup(0x83, &(0x7f00000003c0)) [ 229.105195][ T9082] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 229.167916][ T9082] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 229.250335][ T9082] netdevsim netdevsim1 netdevsim3: renamed from eth3 12:12:49 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x10}, 0x10}}, 0x0) [ 229.595357][ T9302] ===================================================== [ 229.600614][ T9082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.602379][ T9302] BUG: KMSAN: uninit-value in string+0x522/0x690 [ 229.615405][ T9302] CPU: 1 PID: 9302 Comm: syz-executor.0 Not tainted 5.6.0-rc7-syzkaller #0 [ 229.623997][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.634065][ T9302] Call Trace: [ 229.637389][ T9302] dump_stack+0x1c9/0x220 [ 229.641748][ T9302] kmsan_report+0xf7/0x1e0 [ 229.646195][ T9302] __msan_warning+0x58/0xa0 [ 229.650712][ T9302] string+0x522/0x690 [ 229.654723][ T9302] vsnprintf+0x207d/0x31b0 [ 229.656930][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.659177][ T9302] audit_log_vformat+0x583/0xcd0 [ 229.659217][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.659234][ T9302] audit_log_format+0x220/0x260 [ 229.659290][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.667880][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.671427][ T9302] audit_receive+0x18a4/0x6d50 [ 229.671463][ T9302] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 229.671479][ T9302] ? netlink_deliver_tap+0xdba/0xea0 [ 229.671515][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 229.671547][ T9302] netlink_unicast+0xf9e/0x1100 [ 229.671569][ T9302] ? audit_net_exit+0xd0/0xd0 [ 229.671597][ T9302] netlink_sendmsg+0x1246/0x14d0 [ 229.671635][ T9302] ? netlink_getsockopt+0x1440/0x1440 [ 229.671674][ T9302] ____sys_sendmsg+0x12b6/0x1350 [ 229.708009][ T9082] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.711525][ T9302] __sys_sendmsg+0x451/0x5f0 [ 229.711565][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 229.711585][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 229.711605][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.711624][ T9302] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 229.711641][ T9302] ? prepare_exit_to_usermode+0x1ca/0x520 [ 229.711657][ T9302] ? kmsan_get_metadata+0x4f/0x180 [ 229.711695][ T9302] ? kmsan_get_metadata+0x4f/0x180 [ 229.741483][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.741612][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.749695][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.752786][ T9302] __ia32_compat_sys_sendmsg+0xed/0x130 [ 229.758871][ T9293] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.763145][ T9302] ? compat_mc_getsockopt+0x19a0/0x19a0 [ 229.763163][ T9302] do_fast_syscall_32+0x3c7/0x6e0 [ 229.763196][ T9302] entry_SYSENTER_compat+0x68/0x77 [ 229.763208][ T9302] RIP: 0023:0xf7f48d99 [ 229.763222][ T9302] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 229.763252][ T9302] RSP: 002b:00000000f5d430cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 229.769231][ T9293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.775112][ T9302] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000340 [ 229.860989][ T9082] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 229.864988][ T9302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.874149][ T9082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.880576][ T9302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 229.880584][ T9302] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 229.880592][ T9302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.880616][ T9302] [ 229.880620][ T9302] Uninit was created at: [ 229.880641][ T9302] kmsan_internal_poison_shadow+0x66/0xd0 [ 229.880654][ T9302] kmsan_slab_alloc+0x8a/0xe0 [ 229.880668][ T9302] __kmalloc_node_track_caller+0xb40/0x1200 [ 229.880684][ T9302] __alloc_skb+0x2fd/0xac0 [ 229.880695][ T9302] netlink_sendmsg+0x7d3/0x14d0 [ 229.880707][ T9302] ____sys_sendmsg+0x12b6/0x1350 [ 229.880718][ T9302] __sys_sendmsg+0x451/0x5f0 [ 229.880731][ T9302] __ia32_compat_sys_sendmsg+0xed/0x130 [ 229.880771][ T9302] do_fast_syscall_32+0x3c7/0x6e0 [ 229.900990][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.907062][ T9302] entry_SYSENTER_compat+0x68/0x77 [ 229.918999][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.925364][ T9302] ===================================================== [ 229.925368][ T9302] Disabling lock debugging due to kernel taint [ 229.925377][ T9302] Kernel panic - not syncing: panic_on_warn set ... [ 229.925396][ T9302] CPU: 1 PID: 9302 Comm: syz-executor.0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 229.925403][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.925408][ T9302] Call Trace: [ 229.925432][ T9302] dump_stack+0x1c9/0x220 [ 229.925455][ T9302] panic+0x3d5/0xc3e [ 229.925524][ T9302] kmsan_report+0x1df/0x1e0 [ 229.935222][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.941479][ T9302] __msan_warning+0x58/0xa0 [ 229.941497][ T9302] string+0x522/0x690 [ 229.941531][ T9302] vsnprintf+0x207d/0x31b0 [ 229.941583][ T9302] audit_log_vformat+0x583/0xcd0 [ 229.944956][ T9293] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.948153][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.954057][ T9293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.958545][ T9302] audit_log_format+0x220/0x260 [ 229.965997][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.968845][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 229.976173][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.978620][ T9302] audit_receive+0x18a4/0x6d50 [ 229.985547][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.988749][ T9302] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 229.995702][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.001106][ T9302] ? netlink_deliver_tap+0xdba/0xea0 [ 230.001142][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 230.001164][ T9302] netlink_unicast+0xf9e/0x1100 [ 230.001186][ T9302] ? audit_net_exit+0xd0/0xd0 [ 230.001223][ T9302] netlink_sendmsg+0x1246/0x14d0 [ 230.008217][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.014394][ T9302] ? netlink_getsockopt+0x1440/0x1440 [ 230.014411][ T9302] ____sys_sendmsg+0x12b6/0x1350 [ 230.014451][ T9302] __sys_sendmsg+0x451/0x5f0 [ 230.014503][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 230.023348][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.027577][ T9302] ? kmsan_get_metadata+0x11d/0x180 [ 230.036145][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.044103][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 230.044123][ T9302] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 230.044139][ T9302] ? prepare_exit_to_usermode+0x1ca/0x520 [ 230.044156][ T9302] ? kmsan_get_metadata+0x4f/0x180 [ 230.044174][ T9302] ? kmsan_get_metadata+0x4f/0x180 [ 230.044215][ T9302] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 230.055694][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.057549][ T9302] __ia32_compat_sys_sendmsg+0xed/0x130 [ 230.063828][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.065758][ T9302] ? compat_mc_getsockopt+0x19a0/0x19a0 [ 230.071631][ T9293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.078239][ T9302] do_fast_syscall_32+0x3c7/0x6e0 [ 230.177327][ T9082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.179536][ T9302] entry_SYSENTER_compat+0x68/0x77 [ 230.179548][ T9302] RIP: 0023:0xf7f48d99 [ 230.179563][ T9302] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 230.179571][ T9302] RSP: 002b:00000000f5d430cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 230.179585][ T9302] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000340 [ 230.179592][ T9302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 230.179599][ T9302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 230.179607][ T9302] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 230.179615][ T9302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 230.181193][ T9302] Kernel Offset: 0x4000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 230.413921][ T9302] Rebooting in 86400 seconds..