syzkaller login: [   83.430619][T11488] sshd (11488) used greatest stack depth: 53464 bytes left
Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts.
2019/11/29 03:31:37 fuzzer started
2019/11/29 03:31:41 dialing manager at 10.128.0.26:39671
2019/11/29 03:31:42 syscalls: 2420
2019/11/29 03:31:42 code coverage: enabled
2019/11/29 03:31:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/11/29 03:31:42 extra coverage: enabled
2019/11/29 03:31:42 setuid sandbox: enabled
2019/11/29 03:31:42 namespace sandbox: enabled
2019/11/29 03:31:42 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/29 03:31:42 fault injection: enabled
2019/11/29 03:31:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/29 03:31:42 net packet injection: enabled
2019/11/29 03:31:42 net device setup: enabled
2019/11/29 03:31:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/29 03:31:42 devlink PCI setup: PCI device 0000:00:10.0 is not available
03:34:36 executing program 0:
perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r0, &(0x7f0000001200)={&(0x7f0000000500)=@nl=@unspec={0x0, 0x0, 0x0, 0x10000120}, 0x80, 0x0}, 0x0)

[  271.586538][T11516] IPVS: ftp: loaded support on port[0] = 21
[  271.735576][T11516] chnl_net:caif_netlink_parms(): no params data found
[  271.792034][T11516] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.799325][T11516] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.807944][T11516] device bridge_slave_0 entered promiscuous mode
[  271.818532][T11516] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.825778][T11516] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.834297][T11516] device bridge_slave_1 entered promiscuous mode
[  271.866821][T11516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  271.879437][T11516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  271.912181][T11516] team0: Port device team_slave_0 added
[  271.921744][T11516] team0: Port device team_slave_1 added
[  272.037394][T11516] device hsr_slave_0 entered promiscuous mode
[  272.293562][T11516] device hsr_slave_1 entered promiscuous mode
[  272.919593][T11516] 8021q: adding VLAN 0 to HW filter on device bond0
[  272.971875][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  272.980745][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  272.995826][T11516] 8021q: adding VLAN 0 to HW filter on device team0
[  273.048957][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  273.059593][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  273.068609][ T3856] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.075813][ T3856] bridge0: port 1(bridge_slave_0) entered forwarding state
[  273.139375][T11516] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  273.150472][T11516] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  273.193324][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  273.202146][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  273.214158][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  273.223195][ T3856] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.230356][ T3856] bridge0: port 2(bridge_slave_1) entered forwarding state
[  273.238889][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  273.248979][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  273.259122][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  273.268799][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  273.278449][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  273.288458][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  273.298235][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  273.307510][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  273.317164][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  273.326243][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  273.413437][T11516] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.596563][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  273.605805][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  273.614601][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  273.622176][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
03:34:38 executing program 0:
shutdown(0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xbf)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000700)={0x0, 0x40000007fff, 0x7ffffffe}, 0x14)
shutdown(r0, 0x2)

03:34:39 executing program 0:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x3c)
socket$kcm(0xa, 0x1, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r0, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000000100)="39000000140081ae00002c000500018701546fabcae5e5741af20f367c355fee27a04f7e0592616675e285af71583c7d06a6580e883795c0c5", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(0x0, 0x0, 0x0, r1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)

03:34:39 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000480)={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, {}, 0x0, {0x2, 0x0, @remote}, 'team_slave_1\x00'})
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x1, 0x0)
write(r0, &(0x7f0000000740)="39c9ee86c2930823da4e94285a399828af36b14c0ef70adc64da651f8a4730afb5ed18ccd7abdc77dcbdc31969a6439fd6ae35f7517d2049a18d9f5911310f98095eb09050a9eadb4cf4291c4265ce34a5e9ad52000075f907cbd7b1edaf1393e6425f28b7ac9106a473ca7382fe97144ac89f2d499f7adeba27e8e7be67c56672a18710771da48685e3cce9cf34000000000000", 0x1586bdc6)
socket$inet_udp(0x2, 0x2, 0x0)

03:34:40 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(0x0)
socket$nl_route(0x10, 0x3, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9, 0x80000000000000, 0x0, 0x4}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0xfffffffc, 0x2, 0x0, 0xfffffffff7fffffb}, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000180)={'\b\x00', 0x1}, 0x0, 0x0, r5)
keyctl$instantiate(0xc, r5, 0x0, 0x0, 0xfffffffffffffff8)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x0)
sendmsg$netlink(r8, &(0x7f0000000240)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbff, 0x405410}, 0xc, &(0x7f0000000140)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="5ec21c367d52e3137839be9bfb0a31624b9dc4cfeac94946277de913d624053fe9d538b530726ab2f1c0cf0ce921218b21f61105d70d39eb663d14e0f5111a67a6518304014bad5538346309ce11ae00000000000021213ba3a76f5b163255914cc8e699de2464b887542cb73f21a516ea04ccc7743c21d22803dbe6d32f9ec005ee2121bd51d49374a86a51b7dff0f8dea25f1bbba84b99d13e73dc5b0199de6ecfc94b21cd7cda246820899705007ffcbc0191f4504412c2c0a361c1bc913d88c6101ae6f51ee3ea44712f41e663423c75d76bf8035ff89608a94962c5b24686efec577d38bbb7"], 0x1}], 0x1}, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f00000001c0)=0x1)
bind$inet(r6, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x1018000}, 0xc)

[  275.838694][T11566] IPVS: ftp: loaded support on port[0] = 21
[  276.131958][T11566] chnl_net:caif_netlink_parms(): no params data found
[  276.214357][T11566] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.221593][T11566] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.230198][T11566] device bridge_slave_0 entered promiscuous mode
[  276.273641][T11566] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.280806][T11566] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.289492][T11566] device bridge_slave_1 entered promiscuous mode
[  276.346863][T11566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  276.359649][T11566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  276.406161][T11566] team0: Port device team_slave_0 added
[  276.416192][T11566] team0: Port device team_slave_1 added
[  276.509059][T11566] device hsr_slave_0 entered promiscuous mode
[  276.563583][T11566] device hsr_slave_1 entered promiscuous mode
[  276.603104][T11566] debugfs: Directory 'hsr0' with parent '/' already present!
[  276.855900][T11566] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.863164][T11566] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.870871][T11566] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.878141][T11566] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.153944][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.193499][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.281553][T11566] 8021q: adding VLAN 0 to HW filter on device bond0
[  277.337062][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  277.345773][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  277.359714][T11566] 8021q: adding VLAN 0 to HW filter on device team0
[  277.414299][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  277.424117][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  277.433186][ T3856] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.440345][ T3856] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.448861][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  277.458411][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  277.467534][ T3856] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.474807][ T3856] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.605953][T11566] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  277.616505][T11566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  277.704821][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  277.715041][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  277.724823][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  277.734570][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  277.743959][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  277.753724][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  277.763257][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  277.772292][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  277.781811][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  277.790922][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  277.839804][T11566] 8021q: adding VLAN 0 to HW filter on device batadv0
[  278.093873][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  278.103998][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  278.112523][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  278.120203][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
03:34:43 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(0x0)
socket$nl_route(0x10, 0x3, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9, 0x80000000000000, 0x0, 0x4}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0xfffffffc, 0x2, 0x0, 0xfffffffff7fffffb}, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000180)={'\b\x00', 0x1}, 0x0, 0x0, r5)
keyctl$instantiate(0xc, r5, 0x0, 0x0, 0xfffffffffffffff8)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x0)
sendmsg$netlink(r8, &(0x7f0000000240)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbff, 0x405410}, 0xc, &(0x7f0000000140)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="5ec21c367d52e3137839be9bfb0a31624b9dc4cfeac94946277de913d624053fe9d538b530726ab2f1c0cf0ce921218b21f61105d70d39eb663d14e0f5111a67a6518304014bad5538346309ce11ae00000000000021213ba3a76f5b163255914cc8e699de2464b887542cb73f21a516ea04ccc7743c21d22803dbe6d32f9ec005ee2121bd51d49374a86a51b7dff0f8dea25f1bbba84b99d13e73dc5b0199de6ecfc94b21cd7cda246820899705007ffcbc0191f4504412c2c0a361c1bc913d88c6101ae6f51ee3ea44712f41e663423c75d76bf8035ff89608a94962c5b24686efec577d38bbb7"], 0x1}], 0x1}, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f00000001c0)=0x1)
bind$inet(r6, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x1018000}, 0xc)

[  278.777084][T11610] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
03:34:43 executing program 1:
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f00000004c0))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x894c, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x894c, 0x0)
socket$kcm(0xa, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x894c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r0, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000000100)="39000000140081ae00002c000500018701546fabcae5e5741af20f367c355fee27a04f7e0592616675e285af71583c7d06a6580e883795c0c5", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2)

03:34:44 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000240)=0xffffffff, 0x4)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = accept(r1, 0x0, 0x0)
recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000780), 0xffffffffffffffe6, 0x0, 0x0, 0x0)
r3 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x1, 0x480000)
ioctl$RTC_IRQP_SET(r3, 0x4008700c, 0x1890)
chmod(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x145)

03:34:45 executing program 1:
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@mcast1, @in=@dev}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000000140)=0xe8)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000006c0)={0x0, 0x0, [], @bt={0x9, 0x0, 0x5, 0x0, 0x1000, 0x80008000000000, 0x10, 0x2}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000100)={0x6, {0x8000, 0x2, 0xffff8dc2, 0x3931800}, {0x7, 0x400, 0x5, 0xc00}, {0xfc, 0x6}})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2)
r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000580)={0x9a, [0x824, 0xeba, 0x2]}, 0x9)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000580)=ANY=[@ANYBLOB])
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}})
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x618a44, 0x0)
ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f0000000780))
ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f0000000340)=""/255)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='loginuid\x00')
write$vnet(r4, 0x0, 0x0)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000440)=0xffffff42)
unshare(0x40000000)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000300)={0x0, 0x3, 0x2, 0x1})
sendfile(r5, r4, &(0x7f0000000000), 0x20000000000000)

[  280.083129][    C0] hrtimer: interrupt took 31212 ns
03:34:45 executing program 1:
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x80000000000003, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x11, r1, 0xac1f3000)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r2 = getpid()
rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f00000000c0))
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x54e, @mcast2, 0x1}, 0x1c)
ptrace(0x10, r2)
ptrace$cont(0x9, r2, 0x0, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x4}, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x1}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000000)=""/143, &(0x7f00000000c0)=0x8f)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r5 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0)
write$binfmt_script(r5, 0x0, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000100)={0x0, 0x6}, 0x8)
r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x80400, 0x0)
ioctl$BLKSECTGET(r6, 0x1267, &(0x7f0000000200))
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000027000)={0x1})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000002c0)={0x7fffffff})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
unshare(0x40000000)

[  280.307489][T11627] QAT: Invalid ioctl
[  280.324213][T11627] IPVS: ftp: loaded support on port[0] = 21
[  280.489451][T11628] QAT: Invalid ioctl
[  280.513131][T11628] IPVS: ftp: loaded support on port[0] = 21
03:34:45 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x800400, 0x0)
pipe(&(0x7f00000000c0)={<r5=>0xffffffffffffffff})
close(r5)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={<r7=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r6, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r7, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}}}}, 0x90)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000000)={0x7, 0x8, 0xfa00, {r7}}, 0x10)
write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r7, 0x3ff}}, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r12}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r12}]]}}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r12}, [@IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x28}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@ipv4_newaddr={0x848cd99c21d9a1f4, 0x14, 0x9fd5c6c36910c9b7, 0x70bd2b, 0x25dfdbfc, {0x2, 0x27b86168318220fa, 0x100, 0xff, r12}, [@IFA_FLAGS={0x0, 0x8, 0x1}]}, 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\b\x00'/20, @ANYRES32=r8, @ANYBLOB="8102000000000000"], 0x20}}, 0x0)
sendto$packet(r0, &(0x7f0000000200)="7bb72bf8d9d4b69e3c2451910806", 0xe, 0x0, &(0x7f00000000c0)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="158cd1027037"}, 0x14)
timerfd_create(0x9, 0x180800)
ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f0000000380))

[  280.836422][    C1] =====================================================
[  280.843431][    C1] BUG: KMSAN: uninit-value in br_nf_forward_arp+0xe61/0x1230
[  280.850801][    C1] CPU: 1 PID: 11631 Comm: syz-executor.1 Not tainted 5.4.0-rc8-syzkaller #0
[  280.859463][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  280.869510][    C1] Call Trace:
[  280.872791][    C1]  <IRQ>
[  280.875649][    C1]  dump_stack+0x1c9/0x220
[  280.879985][    C1]  kmsan_report+0x128/0x220
[  280.884498][    C1]  __msan_warning+0x64/0xc0
[  280.889007][    C1]  br_nf_forward_arp+0xe61/0x1230
[  280.894053][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  280.899956][    C1]  ? br_nf_forward_ip+0x1f60/0x1f60
[  280.905153][    C1]  nf_hook_slow+0x18b/0x3f0
[  280.909667][    C1]  __br_forward+0x78f/0xe30
[  280.914183][    C1]  ? br_dev_queue_push_xmit+0x8b0/0x8b0
[  280.919726][    C1]  br_flood+0xef0/0xfe0
[  280.923908][    C1]  br_handle_frame_finish+0x1a77/0x1c20
[  280.929464][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  280.935364][    C1]  br_handle_frame+0xfb6/0x1eb0
[  280.940214][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  280.945858][    C1]  ? brport_get_ownership+0xf0/0xf0
[  280.951051][    C1]  ? packet_sock_destruct+0x1e0/0x1e0
[  280.956424][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  280.961462][    C1]  __netif_receive_skb_core+0x20b9/0x51a0
[  280.967184][    C1]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  280.973345][    C1]  ? kmsan_get_metadata+0x30/0x350
[  280.978469][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  280.983507][    C1]  ? kmsan_get_shadow_origin_ptr+0x1e8/0x4d0
[  280.989505][    C1]  process_backlog+0x610/0x13c0
[  280.994393][    C1]  ? rps_trigger_softirq+0x2e0/0x2e0
[  280.999676][    C1]  net_rx_action+0x7a6/0x1aa0
[  281.004369][    C1]  ? net_tx_action+0xc40/0xc40
[  281.009139][    C1]  __do_softirq+0x4a1/0x83a
[  281.013668][    C1]  do_softirq_own_stack+0x49/0x80
[  281.018681][    C1]  </IRQ>
[  281.021621][    C1]  __local_bh_enable_ip+0x184/0x1d0
[  281.026821][    C1]  local_bh_enable+0x36/0x40
[  281.031408][    C1]  __dev_queue_xmit+0x38e8/0x4200
[  281.036460][    C1]  dev_queue_xmit+0x4b/0x60
[  281.040968][    C1]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  281.046254][    C1]  packet_sendmsg+0x8234/0x9100
[  281.051109][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.057187][    C1]  ? aa_label_sk_perm+0x6d6/0x940
[  281.062217][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.068287][    C1]  ? kmsan_get_metadata+0x51/0x350
[  281.073404][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  281.079042][    C1]  ? metadata_is_contiguous+0x270/0x270
[  281.084591][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.090656][    C1]  ? aa_sk_perm+0x730/0xaf0
[  281.095198][    C1]  ? compat_packet_setsockopt+0x360/0x360
[  281.100923][    C1]  __sys_sendto+0xc44/0xc70
[  281.105457][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.111362][    C1]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  281.117433][    C1]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  281.123159][    C1]  __se_sys_sendto+0x107/0x130
[  281.127937][    C1]  __x64_sys_sendto+0x6e/0x90
[  281.132610][    C1]  do_syscall_64+0xb6/0x160
[  281.137120][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  281.143011][    C1] RIP: 0033:0x45a679
[  281.146905][    C1] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  281.166681][    C1] RSP: 002b:00007f0a3c9e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  281.175091][    C1] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045a679
[  281.183056][    C1] RDX: 000000000000000e RSI: 0000000020000200 RDI: 0000000000000003
[  281.191026][    C1] RBP: 000000000075bf20 R08: 00000000200000c0 R09: 0000000000000014
[  281.199115][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a3c9e66d4
[  281.207082][    C1] R13: 00000000004c8ec1 R14: 00000000004dfe28 R15: 00000000ffffffff
[  281.215066][    C1] 
[  281.217391][    C1] Uninit was created at:
[  281.221645][    C1]  kmsan_internal_poison_shadow+0x5c/0x110
[  281.227451][    C1]  kmsan_slab_alloc+0x97/0x100
[  281.232211][    C1]  __kmalloc_node_track_caller+0xe27/0x11a0
[  281.238102][    C1]  __alloc_skb+0x306/0xa10
[  281.242513][    C1]  alloc_skb_with_frags+0x18c/0xa80
[  281.247711][    C1]  sock_alloc_send_pskb+0xafd/0x10a0
[  281.252993][    C1]  packet_sendmsg+0x63a6/0x9100
[  281.257841][    C1]  __sys_sendto+0xc44/0xc70
[  281.262339][    C1]  __se_sys_sendto+0x107/0x130
[  281.267099][    C1]  __x64_sys_sendto+0x6e/0x90
[  281.271769][    C1]  do_syscall_64+0xb6/0x160
[  281.276274][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  281.282150][    C1] =====================================================
[  281.289070][    C1] Disabling lock debugging due to kernel taint
[  281.295212][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  281.301802][    C1] CPU: 1 PID: 11631 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc8-syzkaller #0
[  281.311848][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.321893][    C1] Call Trace:
[  281.325170][    C1]  <IRQ>
[  281.328028][    C1]  dump_stack+0x1c9/0x220
[  281.332368][    C1]  panic+0x3c9/0xc1e
[  281.336291][    C1]  kmsan_report+0x215/0x220
[  281.340799][    C1]  __msan_warning+0x64/0xc0
[  281.345306][    C1]  br_nf_forward_arp+0xe61/0x1230
[  281.350349][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.356245][    C1]  ? br_nf_forward_ip+0x1f60/0x1f60
[  281.361444][    C1]  nf_hook_slow+0x18b/0x3f0
[  281.365967][    C1]  __br_forward+0x78f/0xe30
[  281.370485][    C1]  ? br_dev_queue_push_xmit+0x8b0/0x8b0
[  281.376034][    C1]  br_flood+0xef0/0xfe0
[  281.380215][    C1]  br_handle_frame_finish+0x1a77/0x1c20
[  281.385771][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.391662][    C1]  br_handle_frame+0xfb6/0x1eb0
[  281.396516][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  281.402170][    C1]  ? brport_get_ownership+0xf0/0xf0
[  281.407371][    C1]  ? packet_sock_destruct+0x1e0/0x1e0
[  281.412741][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  281.417765][    C1]  __netif_receive_skb_core+0x20b9/0x51a0
[  281.423491][    C1]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  281.429641][    C1]  ? kmsan_get_metadata+0x30/0x350
[  281.434756][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  281.439793][    C1]  ? kmsan_get_shadow_origin_ptr+0x1e8/0x4d0
[  281.445784][    C1]  process_backlog+0x610/0x13c0
[  281.450654][    C1]  ? rps_trigger_softirq+0x2e0/0x2e0
[  281.455937][    C1]  net_rx_action+0x7a6/0x1aa0
[  281.460643][    C1]  ? net_tx_action+0xc40/0xc40
[  281.465410][    C1]  __do_softirq+0x4a1/0x83a
[  281.469922][    C1]  do_softirq_own_stack+0x49/0x80
[  281.474938][    C1]  </IRQ>
[  281.477877][    C1]  __local_bh_enable_ip+0x184/0x1d0
[  281.483083][    C1]  local_bh_enable+0x36/0x40
03:34:46 executing program 2:
r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={<r1=>0x0, 0x8, 0x10, 0x8000, 0xeff}, &(0x7f0000000080)=0x18)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000000c0)={r1, 0x63, "f01367105890966a7094527600772927091d02f05aed7e06ec44e8eb3b4f4f03d3f29688f9c65957ab034fb5646f3fea10a44b6757d0d66dc675f252268550cde8383776924da45b1ac040784d39d1c5980ee9394547657782dc65b9a94fe2aceab71b"}, &(0x7f0000000140)=0x6b)
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x166201, 0x0)
connect$vsock_dgram(r2, &(0x7f00000001c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r3 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x0, 0x200)
ioctl$TUNGETIFF(r3, 0x800454d2, &(0x7f0000000240))
r4 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x240)
write$P9_RRENAME(r4, &(0x7f00000002c0)={0x7, 0x15, 0x1}, 0x7)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000300)=0xf1, 0x8)
fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000340)='nomand\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000380)={<r5=>0x0, @in={{0x2, 0x4e24, @multicast1}}, 0x9, 0x7, 0xffff7fff, 0x4, 0x20}, &(0x7f0000000440)=0x98)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000480)={r5, 0xa399, 0x0, 0x4, 0x8001, 0x1}, &(0x7f00000004c0)=0x14)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x400000, 0x0)
ioctl$VIDIOC_S_MODULATOR(r6, 0x40445637, &(0x7f0000000540)={0xb7be, "f6f068aee3c195684d807a4bfa12100093080663b65fadfbdf776b474fc02c21", 0x853589e945bfcb74, 0x871, 0x2, 0x8, 0x1})
r7 = add_key(&(0x7f00000005c0)='blacklist\x00', &(0x7f0000000600)={'syz', 0x1}, &(0x7f0000000640)="c685840be19f13acaec59d20245deb243b2172c02a46e98e1866ca2a92027f14ca89d32973c364dcb1f9e76a004e834c3e291376f35144295fb2896652fc6a31476c86c37f1f9b39485c3029c81c7fdcf93f000ece82af072ffa9601aee0c6bfa1c60620782c9c94816eec175e7a6d2c61ba99de34e573d0f514eb2bb88106d46bae9130f43830e77df84970ef22388ca4d0a60a2b06282c252aff87759847aea1bc45553fe25ef1a210ae8b3e698963636a96b6f2508ee4cca5a589d369769c5240b4ada4e8e703cfbf3c522bd2be14ccc1fb893a27", 0xd6, 0xfffffffffffffffb)
keyctl$set_timeout(0xf, r7, 0xeb0)
r8 = syz_open_dev$sndpcmc(&(0x7f0000000740)='/dev/snd/pcmC#D#c\x00', 0x9, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r8, 0xc0106426, &(0x7f00000007c0)={0x3, &(0x7f0000000780)=[{}, {}, {}]})
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840)='TIPC\x00')
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0xa000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, r9, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x12, 0x7f, @l2={'ib', 0x3a, 'teql0\x00'}}}}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x850}, 0x806)
r10 = open(&(0x7f0000000940)='./file0\x00', 0x80000, 0x32)
ioctl$BINDER_SET_MAX_THREADS(r10, 0x40046205, &(0x7f0000000980)=0x7)
r11 = syz_open_dev$midi(&(0x7f00000009c0)='/dev/midi#\x00', 0x3, 0x204001)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000a00)={<r12=>r5, 0x80000000}, &(0x7f0000000a40)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r11, 0x84, 0x1f, &(0x7f0000000a80)={r12, @in={{0x2, 0x4e23, @rand_addr=0x7}}, 0x0, 0x8}, &(0x7f0000000b40)=0x90)
r13 = syz_open_dev$swradio(&(0x7f0000000b80)='/dev/swradio#\x00', 0x0, 0x2)
ioctl$TIOCSCTTY(r13, 0x540e, 0x0)
ioctl$RTC_WKALM_RD(r13, 0x80287010, &(0x7f0000000bc0))

[  281.487673][    C1]  __dev_queue_xmit+0x38e8/0x4200
[  281.492721][    C1]  dev_queue_xmit+0x4b/0x60
[  281.497222][    C1]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  281.502504][    C1]  packet_sendmsg+0x8234/0x9100
[  281.507360][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.513427][    C1]  ? aa_label_sk_perm+0x6d6/0x940
[  281.518457][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.524526][    C1]  ? kmsan_get_metadata+0x51/0x350
[  281.529644][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  281.535269][    C1]  ? metadata_is_contiguous+0x270/0x270
[  281.540805][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  281.546860][    C1]  ? aa_sk_perm+0x730/0xaf0
[  281.551382][    C1]  ? compat_packet_setsockopt+0x360/0x360
[  281.557088][    C1]  __sys_sendto+0xc44/0xc70
[  281.561602][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.567491][    C1]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  281.573552][    C1]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  281.579269][    C1]  __se_sys_sendto+0x107/0x130
[  281.584032][    C1]  __x64_sys_sendto+0x6e/0x90
[  281.588703][    C1]  do_syscall_64+0xb6/0x160
[  281.593205][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  281.599090][    C1] RIP: 0033:0x45a679
[  281.602987][    C1] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  281.622585][    C1] RSP: 002b:00007f0a3c9e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  281.630982][    C1] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045a679
[  281.638934][    C1] RDX: 000000000000000e RSI: 0000000020000200 RDI: 0000000000000003
[  281.646891][    C1] RBP: 000000000075bf20 R08: 00000000200000c0 R09: 0000000000000014
[  281.654845][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a3c9e66d4
[  281.662813][    C1] R13: 00000000004c8ec1 R14: 00000000004dfe28 R15: 00000000ffffffff
[  281.671398][    C1] ------------[ cut here ]------------
[  281.676834][    C1] kernel BUG at mm/kmsan/kmsan.c:468!
[  281.682187][    C1] invalid opcode: 0000 [#1] SMP
[  281.687011][    C1] CPU: 1 PID: 11631 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc8-syzkaller #0
[  281.697038][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.707091][    C1] RIP: 0010:kmsan_internal_check_memory+0x41d/0x440
[  281.713651][    C1] Code: c0 e8 c4 a8 72 ff 0f 0b 0f 0b 65 8b 35 30 0c bc 6f 48 c7 c7 d4 05 61 9d 31 c0 e8 ab a8 72 ff 0f 0b 0f 0b e8 45 67 4e ff 0f 0b <0f> 0b 65 8b 35 0e 0c bc 6f 48 c7 c7 d4 05 61 9d 31 c0 e8 89 a8 72
[  281.733227][    C1] RSP: 0018:ffffac3d80ed0250 EFLAGS: 00010046
[  281.739265][    C1] RAX: 0000000000000002 RBX: 0000000007e100ea RCX: 0000000007e100ea
[  281.747212][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffac3d80ed032c
[  281.755158][    C1] RBP: ffffac3d80ed02f8 R08: 0000000000000000 R09: ffff88f26fd41950
[  281.763189][    C1] R10: 00000000ffffffff R11: ffffffff944796d0 R12: 0000000000000000
[  281.771133][    C1] R13: 0000000007e100ea R14: 0000000000000002 R15: 0000000000000001
[  281.779083][    C1] FS:  00007f0a3c9e6700(0000) GS:ffff88f26fd00000(0000) knlGS:0000000000000000
[  281.787983][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  281.794575][    C1] CR2: 0000001b2e923000 CR3: 000000010856c000 CR4: 00000000001406e0
[  281.802521][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  281.810467][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  281.818409][    C1] Call Trace:
[  281.821668][    C1]  <IRQ>
[  281.825467][    C1]  kmsan_check_memory+0xd/0x10
[  281.830207][    C1]  iowrite8+0x99/0x2e0
[  281.834254][    C1]  ? pvpanic_mmio_remove+0x60/0x60
[  281.839382][    C1]  pvpanic_panic_notify+0x46/0x70
[  281.844384][    C1]  atomic_notifier_call_chain+0x13d/0x240
[  281.850100][    C1]  panic+0x45a/0xc1e
[  281.853990][    C1]  kmsan_report+0x215/0x220
[  281.858492][    C1]  __msan_warning+0x64/0xc0
[  281.862979][    C1]  br_nf_forward_arp+0xe61/0x1230
[  281.868000][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.873876][    C1]  ? br_nf_forward_ip+0x1f60/0x1f60
[  281.879052][    C1]  nf_hook_slow+0x18b/0x3f0
[  281.883597][    C1]  __br_forward+0x78f/0xe30
[  281.888138][    C1]  ? br_dev_queue_push_xmit+0x8b0/0x8b0
[  281.893671][    C1]  br_flood+0xef0/0xfe0
[  281.897821][    C1]  br_handle_frame_finish+0x1a77/0x1c20
[  281.903358][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  281.909241][    C1]  br_handle_frame+0xfb6/0x1eb0
[  281.914125][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  281.919751][    C1]  ? brport_get_ownership+0xf0/0xf0
[  281.924927][    C1]  ? packet_sock_destruct+0x1e0/0x1e0
[  281.930288][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  281.935302][    C1]  __netif_receive_skb_core+0x20b9/0x51a0
[  281.941005][    C1]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  281.947196][    C1]  ? kmsan_get_metadata+0x30/0x350
[  281.952420][    C1]  ? br_pass_frame_up+0x9e0/0x9e0
[  281.957440][    C1]  ? kmsan_get_shadow_origin_ptr+0x1e8/0x4d0
[  281.963413][    C1]  process_backlog+0x610/0x13c0
[  281.968267][    C1]  ? rps_trigger_softirq+0x2e0/0x2e0
[  281.973539][    C1]  net_rx_action+0x7a6/0x1aa0
[  281.978205][    C1]  ? net_tx_action+0xc40/0xc40
[  281.982945][    C1]  __do_softirq+0x4a1/0x83a
[  281.987444][    C1]  do_softirq_own_stack+0x49/0x80
[  281.992446][    C1]  </IRQ>
[  281.995370][    C1]  __local_bh_enable_ip+0x184/0x1d0
[  282.000545][    C1]  local_bh_enable+0x36/0x40
[  282.005110][    C1]  __dev_queue_xmit+0x38e8/0x4200
[  282.010227][    C1]  dev_queue_xmit+0x4b/0x60
[  282.014708][    C1]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  282.019969][    C1]  packet_sendmsg+0x8234/0x9100
[  282.024797][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  282.030883][    C1]  ? aa_label_sk_perm+0x6d6/0x940
[  282.035892][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  282.041954][    C1]  ? kmsan_get_metadata+0x51/0x350
[  282.047062][    C1]  ? kmsan_internal_set_origin+0x6a/0xb0
[  282.052678][    C1]  ? metadata_is_contiguous+0x270/0x270
[  282.058202][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  282.064286][    C1]  ? aa_sk_perm+0x730/0xaf0
[  282.068821][    C1]  ? compat_packet_setsockopt+0x360/0x360
[  282.074516][    C1]  __sys_sendto+0xc44/0xc70
[  282.079050][    C1]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  282.084968][    C1]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  282.091018][    C1]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  282.096720][    C1]  __se_sys_sendto+0x107/0x130
[  282.101475][    C1]  __x64_sys_sendto+0x6e/0x90
[  282.106131][    C1]  do_syscall_64+0xb6/0x160
[  282.110622][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  282.116493][    C1] RIP: 0033:0x45a679
[  282.120366][    C1] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  282.139977][    C1] RSP: 002b:00007f0a3c9e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  282.148360][    C1] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045a679
[  282.156304][    C1] RDX: 000000000000000e RSI: 0000000020000200 RDI: 0000000000000003
[  282.164253][    C1] RBP: 000000000075bf20 R08: 00000000200000c0 R09: 0000000000000014
[  282.172198][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a3c9e66d4
[  282.180153][    C1] R13: 00000000004c8ec1 R14: 00000000004dfe28 R15: 00000000ffffffff
[  282.188105][    C1] Modules linked in:
[  282.191985][    C1] ---[ end trace f641109d61fb1fa8 ]---
[  282.197422][    C1] RIP: 0010:kmsan_internal_check_memory+0x41d/0x440
[  282.203987][    C1] Code: c0 e8 c4 a8 72 ff 0f 0b 0f 0b 65 8b 35 30 0c bc 6f 48 c7 c7 d4 05 61 9d 31 c0 e8 ab a8 72 ff 0f 0b 0f 0b e8 45 67 4e ff 0f 0b <0f> 0b 65 8b 35 0e 0c bc 6f 48 c7 c7 d4 05 61 9d 31 c0 e8 89 a8 72
[  282.223573][    C1] RSP: 0018:ffffac3d80ed0250 EFLAGS: 00010046
[  282.229620][    C1] RAX: 0000000000000002 RBX: 0000000007e100ea RCX: 0000000007e100ea
[  282.237578][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffac3d80ed032c
[  282.245522][    C1] RBP: ffffac3d80ed02f8 R08: 0000000000000000 R09: ffff88f26fd41950
[  282.253468][    C1] R10: 00000000ffffffff R11: ffffffff944796d0 R12: 0000000000000000
[  282.261415][    C1] R13: 0000000007e100ea R14: 0000000000000002 R15: 0000000000000001
[  282.269363][    C1] FS:  00007f0a3c9e6700(0000) GS:ffff88f26fd00000(0000) knlGS:0000000000000000
[  282.278273][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  282.284829][    C1] CR2: 0000001b2e923000 CR3: 000000010856c000 CR4: 00000000001406e0
[  282.292776][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  282.300720][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  282.308667][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  282.316590][    C1] Kernel Offset: 0xe400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  282.328143][    C1] Rebooting in 86400 seconds..