forked to background, child pid 3047 no interfaces have a carrier [ 69.116232][ T3048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.165963][ T3048] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 95.133677][ T125] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.120' (ECDSA) to the list of known hosts. 2022/05/17 11:01:30 fuzzer started 2022/05/17 11:01:30 dialing manager at 10.128.0.169:35587 [ 104.333857][ T3475] cgroup: Unknown subsys name 'net' [ 104.456248][ T3475] cgroup: Unknown subsys name 'rlimit' 2022/05/17 11:01:31 syscalls: 3329 2022/05/17 11:01:31 code coverage: enabled 2022/05/17 11:01:31 comparison tracing: enabled 2022/05/17 11:01:31 extra coverage: enabled 2022/05/17 11:01:31 delay kcov mmap: enabled 2022/05/17 11:01:31 setuid sandbox: enabled 2022/05/17 11:01:31 namespace sandbox: enabled 2022/05/17 11:01:31 Android sandbox: /sys/fs/selinux/policy does not exist 2022/05/17 11:01:31 fault injection: enabled 2022/05/17 11:01:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2022/05/17 11:01:31 net packet injection: enabled 2022/05/17 11:01:31 net device setup: enabled 2022/05/17 11:01:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/05/17 11:01:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/05/17 11:01:31 USB emulation: enabled 2022/05/17 11:01:31 hci packet injection: enabled 2022/05/17 11:01:31 wifi device emulation: enabled 2022/05/17 11:01:31 802.15.4 emulation: enabled 2022/05/17 11:01:31 fetching corpus: 0, signal 0/0 (executing program) 2022/05/17 11:01:31 fetching corpus: 0, signal 0/0 (executing program) 2022/05/17 11:01:34 starting 6 fuzzer processes 11:01:34 executing program 0: syz_emit_ethernet(0x32, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @udp={{0x7, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x3, 0x5c}, @timestamp={0x44, 0x4, 0x11, 0x0, 0xf}]}}, {0x0, 0x0, 0x8}}}}}, 0x0) 11:01:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') lseek(r0, 0x80, 0x0) 11:01:34 executing program 2: r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000100)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000e08, 0x6, &(0x7f00000001c0)={0x77359400}) 11:01:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt(r0, 0x0, 0x15, 0x0, 0x0) 11:01:34 executing program 3: r0 = socket$inet_dccp(0x2, 0x6, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000004, 0x13, r1, 0x0) getsockopt$inet_int(r0, 0x0, 0x8, 0x0, &(0x7f00000001c0)) 11:01:34 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000600)={{0x1, 0x1, 0x1f}, './file0\x00'}) [ 108.576900][ T3486] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 108.585086][ T3486] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.593400][ T3486] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.603460][ T3486] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.612180][ T3486] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 108.620006][ T3486] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 108.840243][ T3489] chnl_net:caif_netlink_parms(): no params data found [ 108.903858][ T44] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.911866][ T44] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.920905][ T44] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.933302][ T44] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.942830][ T44] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 108.951744][ T44] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 109.080410][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.087893][ T3489] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.097017][ T3489] device bridge_slave_0 entered promiscuous mode [ 109.117929][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.125824][ T3489] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.135019][ T3489] device bridge_slave_1 entered promiscuous mode [ 109.167334][ T3486] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.175023][ T3486] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 109.185576][ T3486] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 109.194310][ T3499] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 109.204809][ T3499] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.238448][ T3503] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.246565][ T3503] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 109.256508][ T3503] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 109.261283][ T3500] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 109.264408][ T3503] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 109.271800][ T3504] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.279363][ T3503] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 109.288942][ T3504] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 109.300634][ T44] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 109.301583][ T3504] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 109.308623][ T44] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 109.316358][ T3504] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 109.324834][ T44] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 109.329777][ T3504] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.338634][ T44] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 109.352459][ T2820] ===================================================== [ 109.353015][ T3504] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 109.359483][ T2820] BUG: KMSAN: uninit-value in preempt_count_add+0x1b5/0x320 [ 109.373635][ T2820] preempt_count_add+0x1b5/0x320 [ 109.378627][ T2820] sysvec_reschedule_ipi+0x1c/0x110 [ 109.383882][ T2820] asm_sysvec_reschedule_ipi+0x12/0x20 [ 109.389384][ T2820] __msan_metadata_ptr_for_load_4+0x10/0x30 [ 109.395332][ T2820] arch_stack_walk+0x32e/0x3c0 [ 109.400137][ T2820] stack_trace_save+0x117/0x1a0 [ 109.404113][ T3504] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 109.405021][ T2820] kmsan_internal_chain_origin+0xac/0x120 [ 109.414123][ T3504] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 109.417693][ T2820] kmsan_internal_memmove_metadata+0x201/0x350 [ 109.425711][ T3504] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 109.430789][ T2820] __msan_memcpy+0x65/0x90 [ 109.442153][ T2820] sock_read_iter+0x121/0x630 [ 109.446878][ T2820] vfs_read+0xec1/0x17b0 [ 109.451170][ T2820] ksys_read+0x28b/0x510 [ 109.455460][ T2820] __x64_sys_read+0xdb/0x120 [ 109.460097][ T2820] do_syscall_64+0x3d/0x90 [ 109.464553][ T2820] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 109.470487][ T2820] [ 109.472811][ T2820] Local variable nd created at: [ 109.477662][ T2820] filename_lookup+0xc5/0xa50 [ 109.482370][ T2820] vfs_statx+0x1e6/0x8c0 [ 109.486651][ T2820] [ 109.488977][ T2820] CPU: 0 PID: 2820 Comm: syslogd Not tainted 5.18.0-rc4-syzkaller #0 [ 109.497082][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.507163][ T2820] ===================================================== [ 109.514105][ T2820] Disabling lock debugging due to kernel taint [ 109.520268][ T2820] Kernel panic - not syncing: kmsan.panic set ... [ 109.526694][ T2820] CPU: 0 PID: 2820 Comm: syslogd Tainted: G B 5.18.0-rc4-syzkaller #0 [ 109.532195][ T3489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.545205][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.555283][ T2820] Call Trace: [ 109.558576][ T2820] [ 109.561518][ T2820] dump_stack_lvl+0x1ff/0x28e [ 109.566245][ T2820] dump_stack+0x25/0x28 [ 109.570446][ T2820] panic+0x4fe/0xc73 [ 109.574406][ T2820] ? add_taint+0x181/0x210 [ 109.578857][ T2820] ? console_unlock+0x1c00/0x2130 [ 109.583936][ T2820] ? _raw_spin_unlock_irqrestore+0x78/0xb0 [ 109.589781][ T2820] kmsan_report+0x2e6/0x2f0 [ 109.593143][ T3489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.603336][ T2820] ? __msan_warning+0x94/0x110 [ 109.608180][ T2820] ? preempt_count_add+0x1b5/0x320 [ 109.613346][ T2820] ? sysvec_reschedule_ipi+0x1c/0x110 [ 109.618771][ T2820] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 109.624450][ T2820] ? __msan_metadata_ptr_for_load_4+0x10/0x30 [ 109.630586][ T2820] ? arch_stack_walk+0x32e/0x3c0 [ 109.635574][ T2820] ? stack_trace_save+0x117/0x1a0 [ 109.640649][ T2820] ? kmsan_internal_chain_origin+0xac/0x120 [ 109.646600][ T2820] ? kmsan_internal_memmove_metadata+0x201/0x350 [ 109.652994][ T2820] ? __msan_memcpy+0x65/0x90 [ 109.657642][ T2820] ? sock_read_iter+0x121/0x630 [ 109.662565][ T2820] ? vfs_read+0xec1/0x17b0 [ 109.667030][ T2820] ? ksys_read+0x28b/0x510 [ 109.671496][ T2820] ? __x64_sys_read+0xdb/0x120 [ 109.676314][ T2820] ? do_syscall_64+0x3d/0x90 [ 109.680942][ T2820] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 109.687051][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.692901][ T2820] ? stack_trace_save+0x117/0x1a0 [ 109.697973][ T2820] ? update_stack_state+0x883/0xa60 [ 109.703225][ T2820] ? kmsan_get_metadata+0x33/0x220 [ 109.708373][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.714215][ T2820] ? __msan_memcpy+0x65/0x90 [ 109.718858][ T2820] ? update_stack_state+0x883/0xa60 [ 109.724114][ T2820] ? kmsan_get_metadata+0x33/0x220 [ 109.729263][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.735109][ T2820] __msan_warning+0x94/0x110 [ 109.739753][ T2820] preempt_count_add+0x1b5/0x320 [ 109.744748][ T2820] sysvec_reschedule_ipi+0x1c/0x110 [ 109.750000][ T2820] asm_sysvec_reschedule_ipi+0x12/0x20 [ 109.755503][ T2820] RIP: 0010:__msan_metadata_ptr_for_load_4+0x10/0x30 [ 109.762239][ T2820] Code: f0 ff 75 f0 9d 48 83 c4 10 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 83 ec 10 9c 8f 45 e8 0f 01 ca <48> 8b 5d e8 be 04 00 00 00 31 d2 e8 40 20 00 00 48 89 5d f0 ff 75 [ 109.781886][ T2820] RSP: 0018:ffff88810d9b7748 EFLAGS: 00000286 [ 109.787991][ T2820] RAX: 00000000825e0b01 RBX: 0000000000000001 RCX: 0000000000542c93 [ 109.795986][ T2820] RDX: ffff88810d5b77e8 RSI: 0000000005440930 RDI: ffff88810d9b77a8 [ 109.803988][ T2820] RBP: ffff88810d9b7760 R08: 0000000000000000 R09: ffff88810d9b8001 [ 109.811986][ T2820] R10: ffff88810d9b7b00 R11: 0000000000000000 R12: ffff88810d9b77a8 [ 109.819990][ T2820] R13: 0000000000000000 R14: ffff88810b6c8b40 R15: ffffffff825dfc61 [ 109.828032][ T2820] ? kmsan_internal_memmove_metadata+0x201/0x350 [ 109.834442][ T2820] arch_stack_walk+0x32e/0x3c0 [ 109.839254][ T2820] ? stack_trace_save+0x1a0/0x1a0 [ 109.844323][ T2820] ? __msan_memcpy+0x65/0x90 [ 109.848944][ T2820] stack_trace_save+0x117/0x1a0 [ 109.853822][ T2820] kmsan_internal_chain_origin+0xac/0x120 [ 109.859572][ T2820] ? kmsan_internal_chain_origin+0xac/0x120 [ 109.865491][ T2820] ? kmsan_internal_memmove_metadata+0x201/0x350 [ 109.871855][ T2820] ? kmsan_get_metadata+0x33/0x220 [ 109.876980][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.882809][ T2820] ? kmsan_get_metadata+0x33/0x220 [ 109.887957][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.893782][ T2820] ? __rcu_read_unlock+0x82/0xf0 [ 109.898744][ T2820] ? sock_read_iter+0xd6/0x630 [ 109.903537][ T2820] ? filter_irq_stacks+0xb5/0x230 [ 109.908620][ T2820] kmsan_internal_memmove_metadata+0x201/0x350 [ 109.914813][ T2820] __msan_memcpy+0x65/0x90 [ 109.919259][ T2820] sock_read_iter+0x121/0x630 [ 109.923968][ T2820] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 109.929791][ T2820] ? kernel_sock_ip_overhead+0x3b0/0x3b0 [ 109.935448][ T2820] ? kernel_sock_ip_overhead+0x3b0/0x3b0 [ 109.941122][ T2820] vfs_read+0xec1/0x17b0 [ 109.945407][ T2820] ksys_read+0x28b/0x510 [ 109.949697][ T2820] __x64_sys_read+0xdb/0x120 [ 109.954318][ T2820] do_syscall_64+0x3d/0x90 [ 109.958752][ T2820] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 109.964584][ T2820] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 109.970494][ T2820] RIP: 0033:0x7faab8f438fe [ 109.974911][ T2820] Code: c0 e9 e6 fe ff ff 50 48 8d 3d 0e c7 09 00 e8 c9 cf 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28 [ 109.994534][ T2820] RSP: 002b:00007fffc1cf2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 110.002963][ T2820] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007faab8f438fe [ 110.010961][ T2820] RDX: 00000000000000ff RSI: 000055cd4aabc950 RDI: 0000000000000000 [ 110.018936][ T2820] RBP: 000055cd4aabc910 R08: 00007faab8fd3040 R09: 00007faab8fd30c0 [ 110.026914][ T2820] R10: 00007faab8fd2fc0 R11: 0000000000000246 R12: 000055cd4aabc9b8 [ 110.034893][ T2820] R13: 000055cd4aabc950 R14: 0000000000000000 R15: 0000000000000000 [ 110.042883][ T2820] [ 110.046079][ T2820] Kernel Offset: disabled [ 110.050401][ T2820] Rebooting in 86400 seconds..