Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 2020/09/07 11:28:35 fuzzer started 2020/09/07 11:28:36 dialing manager at 10.128.0.26:37991 2020/09/07 11:28:36 syscalls: 3315 2020/09/07 11:28:36 code coverage: enabled 2020/09/07 11:28:36 comparison tracing: enabled 2020/09/07 11:28:36 extra coverage: enabled 2020/09/07 11:28:36 setuid sandbox: enabled 2020/09/07 11:28:36 namespace sandbox: enabled 2020/09/07 11:28:36 Android sandbox: enabled 2020/09/07 11:28:36 fault injection: enabled 2020/09/07 11:28:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/07 11:28:36 net packet injection: enabled 2020/09/07 11:28:36 net device setup: enabled 2020/09/07 11:28:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/07 11:28:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/07 11:28:36 USB emulation: enabled 2020/09/07 11:28:36 hci packet injection: enabled 11:32:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) kexec_load(0x0, 0x0, 0x0, 0x0) syzkaller login: [ 422.166609][ T28] audit: type=1400 audit(1599478366.380:8): avc: denied { execmem } for pid=8503 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 423.649114][ T8504] IPVS: ftp: loaded support on port[0] = 21 [ 424.150137][ T8504] chnl_net:caif_netlink_parms(): no params data found [ 424.412423][ T8504] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.419946][ T8504] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.431290][ T8504] device bridge_slave_0 entered promiscuous mode [ 424.471180][ T8504] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.478533][ T8504] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.488388][ T8504] device bridge_slave_1 entered promiscuous mode [ 424.542931][ T8504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.561183][ T8504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.621338][ T8504] team0: Port device team_slave_0 added [ 424.642196][ T8504] team0: Port device team_slave_1 added [ 424.691922][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.700361][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.727593][ T8504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.752522][ T8504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.759897][ T8504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.786002][ T8504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.860319][ T8504] device hsr_slave_0 entered promiscuous mode [ 424.872667][ T8504] device hsr_slave_1 entered promiscuous mode [ 425.196081][ T8504] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 425.233706][ T8504] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 425.253262][ T8504] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 425.272368][ T8504] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 425.616865][ T8504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.628389][ T12] Bluetooth: hci0: command 0x0409 tx timeout [ 425.662946][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 425.672692][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 425.701311][ T8504] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.733474][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 425.744818][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 425.754473][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.761773][ T8405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.787780][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 425.797685][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 425.807717][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 425.817279][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.824633][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.861719][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 425.889301][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 425.917433][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 425.928814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 425.969483][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 425.979588][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 425.990281][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 426.001676][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 426.011426][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 426.033019][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 426.043366][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 426.063551][ T8504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 426.136943][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 426.145563][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 426.187170][ T8504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.260064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 426.270873][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 426.339203][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 426.349112][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 426.374173][ T8504] device veth0_vlan entered promiscuous mode [ 426.391970][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 426.401107][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 426.436860][ T8504] device veth1_vlan entered promiscuous mode [ 426.525581][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 426.535680][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 426.545417][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 426.555997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 426.581729][ T8504] device veth0_macvtap entered promiscuous mode [ 426.605819][ T8504] device veth1_macvtap entered promiscuous mode [ 426.672976][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.682506][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 426.692128][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 426.701717][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 426.712047][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 426.756653][ T8504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.764590][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 426.775039][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 11:32:51 executing program 0: ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x180, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x4, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, r1) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000000)=0x8000, 0x4) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x983a, @rand_addr, 0xffffff91}, 0x1c) sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) [ 427.494558][ C0] hrtimer: interrupt took 53889 ns [ 428.018389][ T8726] Bluetooth: hci0: command 0x041b tx timeout 11:32:52 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000a40)=@gcm_128={{0x303, 0x34}, "b000", "9fae0947fe62577f57241200", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000080)={0x3, 0x5, 0x2}) ioctl$VIDIOC_QBUF(r2, 0xc058565d, &(0x7f0000000140)={0x0, 0x5, 0x10, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "bc4c74c7"}, 0x0, 0x2, @planes=&(0x7f0000000100)={0x0, 0x0, @mem_offset, 0x0, [0x0, 0x7]}, 0x10fefd}) dup2(r1, r2) 11:32:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000a40)=@gcm_128={{0x303, 0x34}, "b000", "9fae0947fe62577f57241200", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000080)={0x3, 0x5, 0x2}) ioctl$VIDIOC_QBUF(r2, 0xc058565d, &(0x7f0000000140)={0x0, 0x5, 0x10, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "bc4c74c7"}, 0x0, 0x2, @planes=&(0x7f0000000100)={0x0, 0x0, @mem_offset, 0x0, [0x0, 0x7]}, 0x10fefd}) dup2(r1, r2) 11:32:53 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040), 0x4) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0xfa04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f00000001c0)) ioctl$TIOCGWINSZ(r1, 0x5413, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) ftruncate(r0, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) creat(&(0x7f0000000240)='./bus\x00', 0x0) [ 430.051549][ T8726] Bluetooth: hci0: command 0x040f tx timeout 11:32:54 executing program 0: syz_open_dev$usbfs(0x0, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='cpuset.memory_spread_slab\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000280)='0', 0x1}, {&(0x7f00000003c0)='7', 0x1}], 0x2) [ 430.335496][ T8753] new mount options do not match the existing superblock, will be ignored [ 430.404948][ T8754] new mount options do not match the existing superblock, will be ignored 11:32:54 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x8000000, 0x0, {0x406, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffff, 0x600, 0x0, 0x0, "0000000000000000000000e1ceeed2468761b20000080000030000373300"}}) ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) read$hidraw(r0, 0x0, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x0, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) perf_event_open$cgroup(0x0, r0, 0x2, 0xffffffffffffffff, 0xa) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x25, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000000c0)=0x9c) r4 = dup3(r3, r2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x17) 11:32:55 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)="e8", 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) shutdown(r0, 0x1) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000180)=ANY=[@ANYBLOB="0100002233e59700", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x18, &(0x7f0000000200)={r2}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000080)={r2, @in={{0x2, 0x4e22, @local}}, 0x4, 0x7a3a, 0x1000, 0x3, 0x3}, &(0x7f0000000140)=0x98) 11:32:55 executing program 0: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r1, 0x89f9, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000c80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x2c, 0x0, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004005}, 0x4008000) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) readv(r2, &(0x7f0000000280)=[{&(0x7f0000000080)=""/210, 0x3}], 0x1) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r2, 0xf505, 0x0) [ 431.716502][ T8774] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 431.787672][ T8774] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 431.796882][ T8774] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 432.110397][ T8726] Bluetooth: hci0: command 0x0419 tx timeout [ 432.273354][ T8775] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 432.290803][ T8775] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 432.298608][ T8775] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 11:32:56 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="680000002c00270d00000000000000f4ff000000", @ANYRES32=r3, @ANYBLOB="0000000000000000f2fe00000a0001006261736963000000380002003400028008000100f98b00002800028010000100000007"], 0x68}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x4924924924926d3, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000380)={0x4, 0x20, 0x1}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f00000000c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xac576bc8}}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f00000000c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xac576bc8}}) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, r5, &(0x7f00000000c0)={0xffffffffffffffff, r7, 0x9}) [ 432.599805][ T8781] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 432.654536][ T8781] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 432.783092][ T8781] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 11:32:57 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$RAW_CHAR_CTRL_SETBIND(0xffffffffffffffff, 0xac00, &(0x7f0000000000)={0x0, 0x7, 0x0}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000280)) 11:32:57 executing program 0: r0 = socket(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000900b8000699030000000500150005008178a8001600400001000200000094060434026efb8000a007a290457f0189b316277ce06bbace6617cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf639cb9dbcdcc6b4c1f215ce3bb9ad809d5e1cace81ed0be0b42affcbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000", 0xd8}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) setresuid(r2, 0x0, 0xee00) [ 433.571246][ T8805] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.0'. 11:32:57 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x88, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x4, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_sample={0x50, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0xffffffff, 0x0, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x88}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) r4 = creat(&(0x7f0000000340)='./file0\x00', 0x20005b) write$binfmt_elf32(r4, &(0x7f0000000480)=ANY=[@ANYBLOB="7f454c4600800000000000000200080002efcbe21c6107c47e1f93fe13ffcd29247a7dff30b84e9ab76683630d1d8c7170e77664eab84b041dabb637da48f25d8619fd9d0076c622c88c8283bbe22141690a480009a8f91f221dd5761fffbbc9f4c776239ed0fe9e15b3bc473a382efef507c0b4418bc63ade8f558a6a1b960685ed907c2a393d19bca2ad68b17837eb6d2cba04a0043744"], 0x78) ioctl$EVIOCGSW(r4, 0x8040451b, &(0x7f0000000380)=""/221) [ 433.871363][ T8809] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 433.901987][ T8809] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 11:32:58 executing program 1: ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc04c565d, &(0x7f0000000000)={0x6, 0x3, 0x4, 0x70000, 0x7fff, {0x77359400}, {0x3, 0x2, 0x9, 0x90, 0x4e, 0x9, "afcb21c2"}, 0x8001, 0x4, @fd, 0xffff8001, 0x0, 0xffffffffffffffff}) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000080)) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0xc) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0x16, "d6292eaa05f03ab0d9808786674341cdd94f65672f56"}, &(0x7f0000000140)=0x1e) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000180)={r2, 0x400, 0xa, [0x9, 0x7, 0x8, 0x1, 0x9, 0x8001, 0x0, 0x2, 0x101, 0x100]}, &(0x7f00000001c0)=0x1c) ioctl$TCGETX(r1, 0x5432, &(0x7f0000000200)) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8982, &(0x7f0000000240)={0x8, 'bond_slave_0\x00', {'veth0_to_bond\x00'}, 0xf38c}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c09425, &(0x7f0000000280)={"b5e52d119395a14f71c62401aaa9c08b", 0x0, 0x0, {0x7, 0xf1}, {0x8, 0x1000}, 0x8, [0x7, 0x3, 0x3, 0x8, 0x3, 0x5a858ea4, 0x9, 0x0, 0x10bc, 0x3, 0x3, 0x1, 0x10000, 0x6, 0x9, 0x7f]}) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f0000000340)=r3) r4 = openat$audio1(0xffffff9c, &(0x7f0000000380)='/dev/audio1\x00', 0x2, 0x0) ioctl$SNDCTL_DSP_GETFMTS(r4, 0x8004500b, &(0x7f00000003c0)=0x9d50) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000400)) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000440)={r2, 0x5, 0x8001, 0xe4000000, 0x10000, 0x300}, 0x14) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000480)) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='cgroup.stat\x00', 0x0, 0x0) ioctl$BLKDISCARD(r5, 0x1277, &(0x7f0000000500)=0x7f) r6 = openat$ashmem(0xffffff9c, &(0x7f0000000540)='/dev/ashmem\x00', 0x0, 0x0) r7 = dup3(r5, r6, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) sendmmsg$unix(r5, &(0x7f0000000900)=[{&(0x7f0000000580)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000600)="bb7c0fae9027991978b0e655367b08e327f6d40efb182368e6292380242c8a2ae1b1359816c9fe20d7922a0ff2d16edcdeae88aec0b37ae27be6e0da4970", 0x3e}, {&(0x7f0000000640)="6b15b4ee771612380da63a518b58b15e97e66a910beffb770a18f1a698f74c93d1e7bdbd971f41d784fb3e72990379bf37bb87d45024ba392f8c2636cf65daca197b31a05d09b97ae8819bf0d8f43ae95f10b1691a40a8e5d81fb7c49ad043651f36547037db88d5ea709292726b3e52b2d44b3c5bfbcc56d5af8729ab2dc4f2ebe0d39d8e8963bbacf3dafcf0fdbb8836679111b52ebe2fa40e1f869995ecd153ce2b8daeb90e37b1d33ca9eeb867762c37a4fd7d7fa344c199d6ba0f9fc64b52e23c", 0xc3}, {&(0x7f0000000740)="e58578638a86f6453eea150013ec9cb2a202b0cd791076623f3947abba3b0cabb809359ae9a526d633eb6dd2ad884a89a67fe6f868e42fae3da2b4c27bd21b5b2da9bea6588d2cc0ec79cb7c6bbc1bee9124e7493e61a1d6db04d3d6ac65a6a761788ddb6f28a958d2831471cad761c09415d078c337e043b490943dab9a53ece328c3864d1d43d053893ca19c7f857e41e4555ae2bc38a7be13342dcc4fd8d7f062d96c0c8ed1deb9612018b86033b2d02b5e3140", 0xb5}, {&(0x7f0000000800)="5fbc01e47d2e9bfa2d861f6ae6c5bbe26e6a6da263e12add7a3e304fbef0bb63686e7145d0124e8430b5b8bfa3ff8e4fdba29e3d9ec2d5b6c92f64dc165170e906639584e24b36fbea89906a88", 0x4d}], 0x4, &(0x7f00000008c0)=[@rights={{0x20, 0x1, 0x1, [r7, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0xffffffffffffffff}}}], 0x38, 0x4000000}], 0x1, 0xc0004) 11:32:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061107a00000000001e050000000000009500000000000000d33c53eebc03cdca776c9e8aa225b7d595fb231521602b3c5febed4903c2a3093d8930869e8c82d597b5b9b0a6ca9632ba04000000000000046489fc8dba375a41256ad293e0d8f624b2129e49b4c206147324a3ab997dcfa09f4c233d63e78017942842b8edefd193aeb4a1926468a2e67628ae03"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000200)={0x100000, 0x7ce685d2beef60f4, 0x81, 0x0, 0x1f}) write$char_usb(0xffffffffffffffff, &(0x7f0000000100)="8f406719bc1aff60ba108a54d4306886870d40584cb4358b52910249b2d41ae2d83c349cdc9d6e5236cd8342422c33e1ea159f47ad57b18d83605e8db7ce440c1acdb643f9db5bb30e4a55e7334f37f26be00b8230f51eee6e7061973512939b2f7ec8346e8323c61b59d23a56dc6b418572f9210d7845631281c49386cf56e5b8a23239bd4e22c88285f81eb1fd057f1d7fcec84e2c1fec5692674152146e27c03ad66ba1e57d5cbac85b9e03fc95ac2b6d3a317c31d0981dfaa46693e417c53afbb0585516ff7b9e", 0xc9) [ 434.051030][ T28] audit: type=1400 audit(1599478378.270:9): avc: denied { execmem } for pid=8812 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:32:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) tee(r1, 0xffffffffffffffff, 0x8, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000001480), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fffffff}, 0x3040, 0x0, 0x100001, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x300cce, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa5c6e77d1b698ea8700008100000086dd60c05fa30c30ffffffff00000000000000adec35d80bf2b53300"/62], 0x0) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000000c0)) openat$userio(0xffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a45321, &(0x7f0000000280)={{0x1, 0x9}, 'port0\x00', 0x90, 0x460, 0x3, 0x0, 0x1, 0x400, 0x7, 0x0, 0x3, 0x5}) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) mq_open(0x0, 0x0, 0x82, 0x0) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000740)=""/208, 0xd0, 0x10080, &(0x7f0000000840)=@file={0x1, './file1\x00'}, 0x6e) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1000) ioctl$SNDCTL_TMR_SELECT(r2, 0x40045408) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000340)={0x0, 0x0, [], @bt={0xa5, 0x10000, 0x1, 0xfff, 0x4, 0x5, 0xa, 0x1}}) ioctl$TCGETS(r2, 0x5401, &(0x7f0000000000)) r3 = socket(0x2, 0x1, 0x0) setsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, 0x0, 0x0) sendmsg$AUDIT_USER(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, 0x3ed, 0x200, 0x70bd28, 0x25dfdbfb, "dfe3493e1cbc21612079687a338907a99e45ceb46df2a86243174d0a5397def9cde6d9505e5e15265f0b20702893614f973121c2c595fa8fda0e406979f11c00acbf91", [""]}, 0x54}, 0x1, 0x0, 0x0, 0x44010}, 0x4011) 11:32:59 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket(0x11, 0x800000003, 0x10) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f0000000100)='./bus\x00', 0x1145042, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10) ftruncate(r3, 0x208200) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r2, 0x0, 0x8000fffffffa) [ 435.228910][ T28] audit: type=1800 audit(1599478379.440:10): pid=8825 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15731 res=0 [ 435.504123][ T28] audit: type=1800 audit(1599478379.720:11): pid=8828 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15731 res=0 11:32:59 executing program 0: syz_mount_image$afs(&(0x7f0000000600)='afs\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="e479ac457ebb6e2c00"]) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x20005b) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600800000000000000200080002"], 0x78) r1 = syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x1f, 0x5, &(0x7f00000003c0)=[{&(0x7f0000000140)="626785216adceaa69fca3a801058da32971b39a001baf52ea7067ebb02093b282fc8092d96ca3a0b04382360aef75af4dba88c94b2d567449b353f6348da3b4a558480ba2e6dc9b2e32625b8d86118d88794baf2bb8c06e1645599ecef4899d0a934be2feadf4f6ce5f9719e840ed7f3f7539e29ba8559feab79e649c3bde7ce8196b15bfd7670a5452ed3f8f78b144e09761b4629a6e30737cf2a91aa80e1d70d5417b85fe3befee4fe91a598a7cbe7acdb3ccdeeb4a3cf53b5194ecf9a10a86c4f1cf258bee65d25e6b3d2e88f0a3858ddf330730a6c2754ba3467391d75d7113e5cc9c354d47d74262231b8dbf378c2e7b5dcbfc9ac37", 0xf8, 0x3}, {&(0x7f0000000240)="1cd589b1900ee886bc446b5f3e5c", 0xe, 0x8}, {&(0x7f0000000280)="8b99ac8cc58bd07f17ce1cbb69bfa5f3996a3ce83f01b588e52df7be33bf66698c36058260eee91557b4a49e60d4add9143d5fceae248c11479a5f3f0ba06efb2bad9974cdd6", 0x46, 0x3}, {&(0x7f0000000300)="1a369aa7efa3327cdad8076efde6a6842caa8f313b32fe0271720535", 0x1c, 0x33a2}, {&(0x7f0000000680)="c34b341b1ef0f32989061ae8385e41ab4f5123af4f3011a1d867ffae8718ab97ac4204a7c5169ccee664a83106c260c7aad62d672213bd1a3306821bb91972bb895e4c6cc7144c1669762b01299d0e7b323187571cb234a2f344717b9fd5690aeb95d7348ef593c1a791c1d8d71653393e07573d85cc672a6356bb38549d1d4b38fb96", 0x83}], 0x14000, &(0x7f0000000400)={[{@lazytime='lazytime'}, {@test_dummy_encryption='test_dummy_encryption'}, {@usrquota={'usrquota', 0x3d, 'afs\x00'}}, {@resgid={'resgid', 0x3d, 0xffffffffffffffff}}, {@nodiscard='nodiscard'}, {@nolazytime='nolazytime'}, {@grpjquota={'grpjquota', 0x3d, 'afs\x00'}}, {@whint_mode_fs='whint_mode=fs-based'}, {@acl='acl'}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'afs\x00'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@permit_directio='permit_directio'}, {@dont_hash='dont_hash'}, {@subj_type={'subj_type', 0x3d, '&\x84'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@appraise_type='appraise_type=imasig'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'afs\x00'}}]}) unlinkat(r1, &(0x7f0000000540)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4004240b, &(0x7f0000000080)={0x3, 0x70, 0x40, 0x8, 0x3, 0x60, 0x0, 0x0, 0x25804, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, @perf_config_ext={0x65804a09, 0x20}, 0x800, 0x1c0, 0x3, 0x2, 0x200, 0x100, 0xae}) unshare(0x8040200) [ 435.714125][ T8830] afs: Unknown parameter 'äy¬E~»n' [ 435.735925][ T8830] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 435.744112][ T8830] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 435.795873][ T8830] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 435.803975][ T8830] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 435.871065][ T8830] afs: Unknown parameter 'äy¬E~»n' [ 436.014051][ T8821] IPVS: ftp: loaded support on port[0] = 21 11:33:00 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000a00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYRESHEX], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB='T\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="0000000000000000b37200000b000100666c6f776572000024000200100054800c2002800800010000000000100055"], 0x54}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 436.586625][ T8869] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 436.650729][ T8869] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 436.763962][ T8869] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 436.791111][ T8910] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 11:33:01 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) r0 = creat(&(0x7f0000000180)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469727b69d7f7cc04ff12ba7f3d2e2f6275732c776f726b64697206002f66696c65312c6c6f7765726469"]) chdir(&(0x7f00000001c0)='./bus\x00') write$P9_RREADDIR(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="2a00000029027e8fbfc68b4eeb650000000000000000000000000000000000000007002e2f66696c6530"], 0x2a) chown(&(0x7f0000000300)='./bus/file0\x00', 0x0, 0x0) [ 437.140199][ T8821] chnl_net:caif_netlink_parms(): no params data found [ 437.292081][ T8964] overlayfs: overlapping lowerdir path [ 437.352671][ T8964] overlayfs: unrecognized mount option "upperdir{i×÷Ìÿº=./bus" or missing value [ 437.404749][ T8977] overlayfs: 'file0' not a directory [ 437.443519][ T8821] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.450257][ T8977] overlayfs: unrecognized mount option "upperdir{i×÷Ìÿº=./bus" or missing value [ 437.450855][ T8821] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.470523][ T8821] device bridge_slave_0 entered promiscuous mode [ 437.488533][ T8821] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.495803][ T8821] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.505657][ T8821] device bridge_slave_1 entered promiscuous mode [ 437.568876][ T8821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.589196][ T8821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 11:33:01 executing program 0: setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000040)={0x88, 0x9, [], [@calipso={0x7, 0x30, {0x1, 0xa, 0x9, 0xe03, [0xc7, 0xb5, 0x5, 0x6, 0x10001]}}, @pad1, @enc_lim={0x4, 0x1, 0x2}, @hao={0xc9, 0x10, @ipv4={[], [], @multicast2}}, @enc_lim={0x4, 0x1, 0x80}]}, 0x58) r0 = socket$nl_route(0x10, 0x3, 0x0) fchdir(r0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x4}}}}]}, 0x38}}, 0x0) [ 437.687949][ T8821] team0: Port device team_slave_0 added [ 437.728205][ T8821] team0: Port device team_slave_1 added [ 437.825296][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.832746][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.858928][ T8821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.943721][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.951611][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.977975][ T8821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.978527][ T17] Bluetooth: hci1: command 0x0409 tx timeout [ 438.132849][ T9014] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 438.161524][ T8821] device hsr_slave_0 entered promiscuous mode [ 438.178248][ T8821] device hsr_slave_1 entered promiscuous mode [ 438.187541][ T8821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 438.196189][ T8821] Cannot create hsr debugfs directory 11:33:02 executing program 0: openat$dsp1(0xffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000340)='./file0\x00', 0x20005b) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600800000000000000200080002"], 0x78) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x50, r0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0x101}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={r1, 0x4d}, &(0x7f0000000140)=0x8) syz_init_net_socket$ax25(0x3, 0x5, 0xcd) [ 438.603412][ T8821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 438.654675][ T8821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 438.693295][ T8821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 438.765487][ T8821] netdevsim netdevsim1 netdevsim3: renamed from eth3 11:33:03 executing program 0: syz_usb_connect(0x0, 0x71, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0x63, 0xaf, 0xcf, 0x20, 0x411, 0x97, 0x7b8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x0, 0x0, 0x0, 0xa4, [{{0x9, 0x4, 0xd2, 0x6, 0x0, 0xbd, 0x87, 0x85, 0x40, [@uac_as={[@as_header={0x0, 0x24, 0x1, 0x81, 0x3f, 0x3}, @as_header={0x0, 0x24, 0x1, 0x2, 0x20, 0x1002}, @format_type_i_discrete={0x0, 0x24, 0x2, 0x1, 0x9, 0x3, 0x9, 0x0, "b7ebd760c802e5"}, @as_header={0x0, 0x24, 0x1, 0x6, 0x7}]}, @uac_control={{0xa, 0x24, 0x1, 0xff, 0x5}}]}}, {{0x9, 0x4, 0x57, 0x81, 0x0, 0xda, 0xa, 0xb, 0x2, [@uac_as={[@format_type_ii_discrete={0x0, 0x24, 0x2, 0x2, 0x3, 0x9, 0x40}, @format_type_ii_discrete={0x0, 0x24, 0x2, 0x2, 0x8000, 0x3, 0x1, "c06f2322a6b0e5"}, @as_header={0x4, 0x24, 0x1, 0xd9, 0x6, 0x4}, @format_type_i_continuous={0x0, 0x24, 0x2, 0x1, 0x4, 0x3, 0x1, 0x4, "f5df59"}]}], [{{0x9, 0x5, 0xa, 0x0, 0x10, 0x5c, 0x8, 0x0, [@uac_iso={0x0, 0x25, 0x1, 0x3, 0x0, 0x8}]}}, {{0x9, 0x5, 0xc, 0xc, 0x20, 0x8, 0x3e, 0x6, [@generic={0x0, 0xa, "666c12bfd3aece7f5a982c5f373a4c04389a50f43660d5a986446fe296ab6df08effa9b754b9378d3106009585d7fdd95913e29a3f6b05bdcdb1b12686d22e8e0e55e5b4f50cc80a"}]}}]}}, {{0x9, 0x4, 0x22, 0x40, 0x0, 0x7d, 0x10, 0x65, 0x40, [], [{{0x9, 0x5, 0x1, 0xc, 0x3ff, 0x1, 0x0, 0x5}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x2, 0x30, 0x80}}, {{0x9, 0x5, 0x8, 0x0, 0x8, 0x5c, 0x9, 0x81}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0x0, 0x4, 0xfd, [@generic={0x0, 0xc, "dcbf10d5ab00191d03cdd9fd4a9bcd1a09cc4a"}, @uac_iso={0x0, 0x25, 0x1, 0x3, 0x1, 0x2}]}}, {{0x9, 0x5, 0xd, 0xc, 0x10, 0x40, 0x1, 0xfd}}, {{0x9, 0x5, 0xe, 0x0, 0x60, 0x4, 0x9, 0x4}}, {{0x9, 0x5, 0xc, 0x4, 0x3ff, 0x4e, 0x7, 0x7, [@uac_iso={0x0, 0x25, 0x1, 0x1, 0x3, 0xc4}, @generic={0x0, 0x3, "fe26e810dce9770105477c"}]}}, {{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x1f, 0x6, 0x6}}, {{0x9, 0x5, 0x0, 0xc, 0x20, 0x8, 0x5, 0x0, [@generic={0x0, 0x5, "65cd6c5c5c106d66e3d70a204f1e6ca460f261ae9f6ac89ddec2fbc1f6980b7be02a0bc5e08e9839e085350b4797594123b7aff85e6c1e97eef7ac59f6e91f5f9c411211f7609f1b52ca4e522a98dc3ec2a77ca8918be32c6f1448241656ce7fd76899cf6b10ae7d2f3e7ce75ed7a0071e456262973319d2"}, @generic={0x0, 0xe, "94c6426dbe283474def747d7daff073db7b7f488fcf48ad490c74b9859dec3ef2934f2284f302f2d1648292b79bc2bb5711b85416b1c4992d07f798745873fd90ab44c0f7c87a49851231dc40c0a58c5b39d5d14ad25858e1e452746f3dc34adde64cde6f047987e9ac080d09dfac555c931ce79898f1c29e4b7752f211c8a0b47c438c2c7930f4c2ac4c40a9abdc7737b7fd738a7731f9c53a01ac62cfb40a5dad37c8b03a7b5b7d15e8bc8a156c7d6e61e124adaf2c5995fcd1ad1ff606aad0b244ee624766879669cf85682d5cf9333cc"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x3ff, 0xb4, 0x5, 0x81, [@generic={0x0, 0x0, "a816db9f59ebd4d5993c8a05647c48ae0092022af0e938ef5459a98a69c72dfd59b8d064"}, @uac_iso={0x0, 0x25, 0x1, 0x2, 0x5, 0x2}]}}, {{0x9, 0x5, 0x2, 0x8, 0x20, 0x5, 0x40, 0x1, [@generic={0x0, 0x2b, "1606917ab30e5c20ee722305e1d3a0f5cd49f13eb964efa4eb3d100f8b5eaa1d1153903df2"}, @uac_iso={0x0, 0x25, 0x1, 0x0, 0x80, 0x3}]}}, {{0x9, 0x5, 0x2, 0x4, 0x3ff, 0x7, 0x7, 0x5, [@uac_iso={0x0, 0x25, 0x1, 0xc0, 0x0, 0x8001}]}}, {{0x9, 0x5, 0x0, 0x0, 0x3ff, 0x4, 0x10, 0x1}}]}}, {{0x9, 0x4, 0x76, 0x2, 0x0, 0xff, 0x2, 0x73, 0x8, [], [{{0x9, 0x5, 0x3, 0x2, 0x20, 0x5, 0x5, 0x7f}}, {{0x9, 0x5, 0xe, 0x3, 0x400, 0x7f, 0x1, 0x1f}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x3, 0x81, 0x1, [@generic={0x0, 0xe, "a912fc15bd747324fe18fd4b8c2ab39ccfae2d121a0a36ea59036201fa8288caaced41d83f3b0658aa5634fbed7960bc99c729f2c1d4c5ce81af87fec901ff38c050d36d4282be543a28e2d2e51e8251478583e905c9501ed81b06f2559ecec189fa9baed96f264f33fff46d57b601785efe3dd410382639ce84dd84616f9ca2828e0230bf634632ffab7ff79f62f32f906de8ca62380df1943ade0791c4f15f4841d1a4a05abdb2d4feacf6759acefeb438d8d00f1b4fcac2305d707094707984b74ab4ab704430b664eceaa0ed58bda905da3c86f6c241c47ba66493d5dce684919a81511d46fe1df22eccb4f2a1e7"}]}}, {{0x9, 0x5, 0x9, 0x2, 0x40, 0x6, 0x4, 0x3f, [@generic={0x0, 0xc, "8dbdd44f137de9ecd2e5c9b5b8014cf7db12ad0c61da423b5156532c1333731a3f32f80b6b5fdfe03c02bf962e4434f4f78e63dcc31f153480c1c142786569fd996337435a6927dd6d7f63a9cf1cc36c744d737b0ea31d4e78868a847995a311a240532235ab54ee67905c97d41954cb87c54ff28a29736f1b9470fafa4da09f55"}, @uac_iso={0x0, 0x25, 0x1, 0x2, 0x0, 0xfff}]}}, {{0x9, 0x5, 0xf, 0x8, 0x400, 0x1, 0xfa, 0x9, [@generic={0x0, 0x6, "5800bf29f76d5e26aca8aa2e073924225d600a4917b1ae32a7dca703a71eb93f032147545a787462ada85774f80995bf10490391ec8b627ebb0ed75b417266736a973200797e49d5877e845dd512051e48fb0e543066d77b50dd47abcd8be04fdce1f119"}]}}, {{0x9, 0x5, 0xa, 0x0, 0x8, 0x7, 0x40, 0x20, [@uac_iso={0x0, 0x25, 0x1, 0x80, 0x81, 0x6}, @uac_iso={0x0, 0x25, 0x1, 0x80, 0x50, 0x42}]}}, {{0x9, 0x5, 0xe, 0x0, 0x8, 0x5, 0x5, 0x5d, [@uac_iso={0x0, 0x25, 0x1, 0x82, 0x3, 0x2}]}}, {{0x9, 0x5, 0x1, 0x4, 0x3ff, 0x2, 0xf8, 0xfc, [@uac_iso={0x0, 0x25, 0x1, 0x82, 0xff, 0x8}, @generic={0x0, 0x3, "25066f4ebf781975355d520e8a556030bfc6a460282a09aefed23a1c6c935c88c29b0e26edd251f77049c6a468190f770479f608bfe14862a942a4a044f4919db74831ae68eb9f6a125dee22d3f0a1a65d22cb3924a5db5a0fd1bc48b839185c45585fec21ce9263931e5c3aabb77fe53fd235d628f3554c90d0c4ec6f3f99efd198d2c83de22c643057d3497e7a368b4b"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x5, 0x1, 0x1, [@uac_iso={0x0, 0x25, 0x1, 0x2, 0x8, 0x85}, @generic={0x0, 0x11, "3d59da78ff30bd4047e342c4333d5f772a33a76111f84ee699e016b015b92aa96ddd25e67ad15d777d46267090c847ee43d86e19d60fb4d4c56695afb464baa2b1dbed953bb6bae69d633d383b"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x40, 0x5, 0x3, 0x40}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0x0, 0x3, 0x1f}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x0, 0x80, 0x3f}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x80, 0x0, 0x9}}, {{0x9, 0x5, 0x4, 0x8, 0x10, 0xfb, 0x40, 0x8c, [@generic={0x0, 0x21, "fddcbc91242ffa1e8445a655702474894e4b6766bb175fe4ef36d63d27d4d6f60aac3e42e0f09faf931437aa25db8ec936dc081dbf8c082b08b12fb2496c7135758c4361b87df2915c02de56f3a61a63eae02fc9363857dd5de271f59cdd5fe2d35948c6dc3110f5dc69bc98c1bb2d597a9492dd1f1aadf5f47669c5ffc49b692d2b7a12207aa9e3321118cc1dbe398943d8d6337d301a37c0feea1c97772a7dfc2279d9726310ca49aa5a52"}]}}]}}]}}]}}, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) [ 439.327162][ T8821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.407277][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 439.416906][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 439.452171][ T8821] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.509146][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 439.519293][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 439.528794][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.536028][ T8405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.552284][ T8725] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 439.588719][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 439.597915][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 439.608438][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 439.617897][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.625241][ T8405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.634261][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 439.723717][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 439.735156][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 439.745804][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 439.756135][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 439.766774][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 439.777197][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 439.786988][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 439.799144][ T8725] usb 1-1: Using ep0 maxpacket: 32 [ 439.815536][ T8821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 439.830784][ T8821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 439.879843][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 439.891015][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 439.900707][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 439.920708][ T8725] usb 1-1: config 0 has an invalid interface number: 210 but max is 0 [ 439.929224][ T8725] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.939607][ T8725] usb 1-1: config 0 has no interface number 0 [ 439.945704][ T8821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.945854][ T8725] usb 1-1: config 0 interface 210 has no altsetting 0 [ 439.961198][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 439.969225][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 440.031139][ T8405] Bluetooth: hci1: command 0x041b tx timeout [ 440.095606][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 440.105760][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 440.159988][ T8725] usb 1-1: New USB device found, idVendor=0411, idProduct=0097, bcdDevice=7b.8c [ 440.169598][ T8725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.177668][ T8725] usb 1-1: Product: syz [ 440.182062][ T8725] usb 1-1: Manufacturer: syz [ 440.186735][ T8725] usb 1-1: SerialNumber: syz [ 440.234957][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 440.244623][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 440.268842][ T8821] device veth0_vlan entered promiscuous mode [ 440.280196][ T8725] usb 1-1: config 0 descriptor?? [ 440.310480][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 440.320090][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 440.355942][ T8821] device veth1_vlan entered promiscuous mode [ 440.453590][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 440.463662][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 440.473367][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 440.483380][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 440.506736][ T8821] device veth0_macvtap entered promiscuous mode [ 440.592805][ T8821] device veth1_macvtap entered promiscuous mode [ 440.704638][ T8821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 440.715863][ T8821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.730198][ T8821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 440.741137][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 440.751294][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 440.760805][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 440.770966][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 440.807759][ T8821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 440.818378][ T8821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.833864][ T8821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 440.842088][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 440.852315][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 441.518998][ T8725] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 441.759040][ T8725] usb 1-1: Using ep0 maxpacket: 32 11:33:06 executing program 1: syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010020000604000001020d5cb74bf778044733f3d06afdb6f94d31a932323fb07d769123a282e21aaa1be2ebe13f47c87ac6d93c98e165fc493c2ec505ff08982b13b0d65c8a2e3e8454b8e3d6866a6023df70cf719d79988027d1d4f36010f707259842810d7e4d0ecc077fd7c71da6db60d97c97605c8a3936f823312c7e668dfd8e671f56591d44135d930f8d8e2a0c4e87b4f0609cfa6fb05fc6ee44957bba4ae2006b650e1c347e2def16491d739892d1b5778ecc"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$vcsa(0xffffff9c, &(0x7f0000000480)='/dev/vcsa\x00', 0x20001, 0x0) dup2(r1, r0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000000c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xac576bc8, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0xfc}, {}, {}, {}, {}, {0x0, 0x0, 0x8}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x99}]}}) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40449426, &(0x7f0000000080)={{r2}, 0x2, &(0x7f0000000040)=[0x4, 0x0], 0x7, 0x0, [0x10000, 0x2, 0x2, 0x6]}) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd0, &(0x7f0000000300), &(0x7f0000000340)=0x4) [ 442.110897][ T3396] Bluetooth: hci1: command 0x040f tx timeout [ 442.138653][ T8725] usb 1-1: failed to restore interface 210 altsetting 6 (error=-71) [ 442.149684][ T8725] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x09 failed for offset 0x0000 with error -19 [ 442.161664][ T8725] ===================================================== [ 442.168735][ T8725] BUG: KMSAN: uninit-value in rt2500usb_bbp_read+0x19f/0x7e0 [ 442.176144][ T8725] CPU: 0 PID: 8725 Comm: kworker/0:0 Not tainted 5.8.0-rc5-syzkaller #0 [ 442.184472][ T8725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.194578][ T8725] Workqueue: usb_hub_wq hub_event [ 442.199657][ T8725] Call Trace: [ 442.203016][ T8725] dump_stack+0x21c/0x280 [ 442.207429][ T8725] kmsan_report+0xf7/0x1e0 [ 442.211873][ T8725] __msan_warning+0x58/0xa0 [ 442.216400][ T8725] rt2500usb_bbp_read+0x19f/0x7e0 [ 442.221454][ T8725] rt2500usb_probe_hw+0x48f/0x2710 [ 442.226601][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.232436][ T8725] ? rt2500usb_queue_init+0x200/0x200 [ 442.237827][ T8725] rt2x00lib_probe_dev+0xc58/0x3620 [ 442.243043][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.248868][ T8725] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 442.255040][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.260260][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.265488][ T8725] rt2x00usb_probe+0x80a/0xfb0 [ 442.270298][ T8725] rt2500usb_probe+0x50/0x60 [ 442.274909][ T8725] ? rt2800_brightness_set+0x1090/0x1090 [ 442.280612][ T8725] usb_probe_interface+0xece/0x1550 [ 442.285851][ T8725] ? usb_register_driver+0x900/0x900 [ 442.291217][ T8725] really_probe+0xf20/0x20b0 [ 442.295839][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.301065][ T8725] driver_probe_device+0x293/0x390 [ 442.306202][ T8725] __device_attach_driver+0x63f/0x830 [ 442.311607][ T8725] bus_for_each_drv+0x2ca/0x3f0 [ 442.316476][ T8725] ? coredump_store+0xf0/0xf0 [ 442.321209][ T8725] __device_attach+0x4e2/0x7f0 [ 442.326012][ T8725] device_initial_probe+0x4a/0x60 [ 442.331054][ T8725] bus_probe_device+0x177/0x3d0 [ 442.335928][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.341750][ T8725] device_add+0x3b0e/0x40d0 [ 442.346317][ T8725] usb_set_configuration+0x380f/0x3f10 [ 442.351814][ T8725] ? usb_set_configuration+0xb41/0x3f10 [ 442.357417][ T8725] usb_generic_driver_probe+0x138/0x300 [ 442.362986][ T8725] ? usb_choose_configuration+0xe70/0xe70 [ 442.368722][ T8725] usb_probe_device+0x311/0x490 [ 442.373601][ T8725] ? usb_register_device_driver+0x540/0x540 [ 442.379509][ T8725] really_probe+0xf20/0x20b0 [ 442.384125][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.389344][ T8725] driver_probe_device+0x293/0x390 [ 442.394480][ T8725] __device_attach_driver+0x63f/0x830 [ 442.399890][ T8725] bus_for_each_drv+0x2ca/0x3f0 [ 442.404759][ T8725] ? coredump_store+0xf0/0xf0 [ 442.409469][ T8725] __device_attach+0x4e2/0x7f0 [ 442.414271][ T8725] device_initial_probe+0x4a/0x60 [ 442.419312][ T8725] bus_probe_device+0x177/0x3d0 [ 442.424184][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.430008][ T8725] device_add+0x3b0e/0x40d0 [ 442.434565][ T8725] usb_new_device+0x1bd4/0x2a30 [ 442.439460][ T8725] hub_event+0x5e7b/0x8a70 [ 442.443974][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.449190][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.455008][ T8725] ? led_work+0x7c0/0x7c0 [ 442.459470][ T8725] process_one_work+0x1688/0x2140 [ 442.464546][ T8725] worker_thread+0x10bc/0x2730 [ 442.469333][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.474550][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.479803][ T8725] kthread+0x551/0x590 [ 442.483909][ T8725] ? process_one_work+0x2140/0x2140 [ 442.489131][ T8725] ? kthread_blkcg+0x110/0x110 [ 442.493941][ T8725] ret_from_fork+0x1f/0x30 [ 442.498394][ T8725] [ 442.500725][ T8725] Local variable ----reg.i.i@rt2500usb_bbp_read created at: [ 442.508020][ T8725] rt2500usb_bbp_read+0x98/0x7e0 [ 442.512967][ T8725] rt2500usb_bbp_read+0x98/0x7e0 [ 442.517899][ T8725] ===================================================== [ 442.524831][ T8725] Disabling lock debugging due to kernel taint [ 442.530986][ T8725] Kernel panic - not syncing: panic_on_warn set ... [ 442.537592][ T8725] CPU: 0 PID: 8725 Comm: kworker/0:0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 442.547305][ T8725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.557387][ T8725] Workqueue: usb_hub_wq hub_event [ 442.562437][ T8725] Call Trace: [ 442.565747][ T8725] dump_stack+0x21c/0x280 [ 442.570162][ T8725] panic+0x4d7/0xef7 [ 442.574100][ T8725] ? add_taint+0x17c/0x210 [ 442.578544][ T8725] kmsan_report+0x1df/0x1e0 [ 442.583072][ T8725] __msan_warning+0x58/0xa0 [ 442.587596][ T8725] rt2500usb_bbp_read+0x19f/0x7e0 [ 442.592650][ T8725] rt2500usb_probe_hw+0x48f/0x2710 [ 442.597775][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.603611][ T8725] ? rt2500usb_queue_init+0x200/0x200 [ 442.608998][ T8725] rt2x00lib_probe_dev+0xc58/0x3620 [ 442.614210][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.620046][ T8725] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 442.626222][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.631437][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.636669][ T8725] rt2x00usb_probe+0x80a/0xfb0 [ 442.641468][ T8725] rt2500usb_probe+0x50/0x60 [ 442.646073][ T8725] ? rt2800_brightness_set+0x1090/0x1090 [ 442.651723][ T8725] usb_probe_interface+0xece/0x1550 [ 442.656987][ T8725] ? usb_register_driver+0x900/0x900 [ 442.662292][ T8725] really_probe+0xf20/0x20b0 [ 442.666913][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.672137][ T8725] driver_probe_device+0x293/0x390 [ 442.677273][ T8725] __device_attach_driver+0x63f/0x830 [ 442.682696][ T8725] bus_for_each_drv+0x2ca/0x3f0 [ 442.687563][ T8725] ? coredump_store+0xf0/0xf0 [ 442.692272][ T8725] __device_attach+0x4e2/0x7f0 [ 442.697069][ T8725] device_initial_probe+0x4a/0x60 [ 442.702115][ T8725] bus_probe_device+0x177/0x3d0 [ 442.706985][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.712926][ T8725] device_add+0x3b0e/0x40d0 [ 442.717479][ T8725] usb_set_configuration+0x380f/0x3f10 [ 442.722964][ T8725] ? usb_set_configuration+0xb41/0x3f10 [ 442.728571][ T8725] usb_generic_driver_probe+0x138/0x300 [ 442.734132][ T8725] ? usb_choose_configuration+0xe70/0xe70 [ 442.739867][ T8725] usb_probe_device+0x311/0x490 [ 442.744744][ T8725] ? usb_register_device_driver+0x540/0x540 [ 442.750655][ T8725] really_probe+0xf20/0x20b0 [ 442.755267][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.760488][ T8725] driver_probe_device+0x293/0x390 [ 442.765624][ T8725] __device_attach_driver+0x63f/0x830 [ 442.771028][ T8725] bus_for_each_drv+0x2ca/0x3f0 [ 442.775891][ T8725] ? coredump_store+0xf0/0xf0 [ 442.780598][ T8725] __device_attach+0x4e2/0x7f0 [ 442.785396][ T8725] device_initial_probe+0x4a/0x60 [ 442.790442][ T8725] bus_probe_device+0x177/0x3d0 [ 442.795311][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.801134][ T8725] device_add+0x3b0e/0x40d0 [ 442.805688][ T8725] usb_new_device+0x1bd4/0x2a30 [ 442.810581][ T8725] hub_event+0x5e7b/0x8a70 [ 442.815073][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.820305][ T8725] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 442.826123][ T8725] ? led_work+0x7c0/0x7c0 [ 442.830467][ T8725] process_one_work+0x1688/0x2140 [ 442.835537][ T8725] worker_thread+0x10bc/0x2730 [ 442.840332][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.845547][ T8725] ? kmsan_get_metadata+0x116/0x180 [ 442.850784][ T8725] kthread+0x551/0x590 [ 442.854880][ T8725] ? process_one_work+0x2140/0x2140 [ 442.860097][ T8725] ? kthread_blkcg+0x110/0x110 [ 442.864879][ T8725] ret_from_fork+0x1f/0x30 [ 442.870449][ T8725] Kernel Offset: disabled [ 442.874791][ T8725] Rebooting in 86400 seconds..