[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 69.759546] audit: type=1800 audit(1550373257.829:25): pid=9460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 69.778747] audit: type=1800 audit(1550373257.839:26): pid=9460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 69.798096] audit: type=1800 audit(1550373257.849:27): pid=9460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. 2019/02/17 03:14:31 fuzzer started 2019/02/17 03:14:36 dialing manager at 10.128.0.26:39065 2019/02/17 03:14:36 syscalls: 1 2019/02/17 03:14:36 code coverage: enabled 2019/02/17 03:14:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/02/17 03:14:36 extra coverage: extra coverage is not supported by the kernel 2019/02/17 03:14:36 setuid sandbox: enabled 2019/02/17 03:14:36 namespace sandbox: enabled 2019/02/17 03:14:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/17 03:14:36 fault injection: enabled 2019/02/17 03:14:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/17 03:14:36 net packet injection: enabled 2019/02/17 03:14:36 net device setup: enabled 03:16:38 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) syncfs(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x3f4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x6, &(0x7f0000000480)=[{0x330c8029, 0x5, 0x3, 0x80}, {0x1, 0xcb, 0xfffffffffffffffe, 0x5}, {0x3674, 0x0, 0x5d}, {0xfffffffffffffff9, 0x7fffffff, 0x80000001, 0x5}, {0x8, 0x3c, 0x6454, 0xffffffffffffffbb}, {0xb332000000000, 0x5, 0x40, 0x401}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e26, @local}, 0xd) setxattr$trusted_overlay_opaque(&(0x7f0000000300)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000580)='y\x00', 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f0000000340)=0x4, 0xffffffffffffff2a) clone(0x421020017fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000600)='./bus\x00', 0x141042, 0x0) close(r1) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0xfff, 0x105082) r3 = memfd_create(&(0x7f00000005c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x3) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x80000000005, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x1061f) fcntl$setstatus(r1, 0x4, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x0, 0x5, 0xffff) write(r5, &(0x7f00000001c0), 0x526987c9) read(r4, &(0x7f0000000200)=""/250, 0x1000000d1) sendfile(r2, r3, 0x0, 0x80003) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000000c0)=@generic={0x3, 0xd5, 0x1f}) syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev_mcast\x00') ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000540)={0x5, 0x5, 0x6a, &(0x7f00000003c0)="619fdd421e2e94d7f681e7b9c58fcda3c9ddc21641c97f9d51ce7d1c895d31253c39b07653f7112a5724ea1ee2c2b36293d0913fdb358fb60a6782fe3fba27e17886237f776eb957c5826a1b7206d2022bbc957a4de731a665720cc06b7670978c085273b9476ff9902c"}) openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x101400, 0x0) syzkaller login: [ 210.619545] IPVS: ftp: loaded support on port[0] = 21 [ 210.744875] chnl_net:caif_netlink_parms(): no params data found [ 210.797621] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.804182] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.812003] device bridge_slave_0 entered promiscuous mode [ 210.822007] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.828436] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.836305] device bridge_slave_1 entered promiscuous mode [ 210.864520] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.875518] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.900014] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.908252] team0: Port device team_slave_0 added [ 210.915290] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.923317] team0: Port device team_slave_1 added [ 210.929144] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.937858] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.055884] device hsr_slave_0 entered promiscuous mode [ 211.312397] device hsr_slave_1 entered promiscuous mode [ 211.573065] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.580463] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.605311] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.611841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.618798] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.625311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.691044] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 211.697333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.709401] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.721340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.731981] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.740192] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.750408] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 211.766374] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 211.772545] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.785607] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.793228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.801488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.810346] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.816803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.827844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.835534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.844077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.852122] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.858519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.875775] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.883175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.899163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.906618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.920831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.929076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.937688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.951553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.958668] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.966782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.975341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.989653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 212.002654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 212.012497] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 212.022250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.033665] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 212.040671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.049079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.057506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.065763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.089030] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 212.096029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.112886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.222960] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) 03:16:40 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) syncfs(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x3f4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x6, &(0x7f0000000480)=[{0x330c8029, 0x5, 0x3, 0x80}, {0x1, 0xcb, 0xfffffffffffffffe, 0x5}, {0x3674, 0x0, 0x5d}, {0xfffffffffffffff9, 0x7fffffff, 0x80000001, 0x5}, {0x8, 0x3c, 0x6454, 0xffffffffffffffbb}, {0xb332000000000, 0x5, 0x40, 0x401}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e26, @local}, 0xd) setxattr$trusted_overlay_opaque(&(0x7f0000000300)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000580)='y\x00', 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f0000000340)=0x4, 0xffffffffffffff2a) clone(0x421020017fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000600)='./bus\x00', 0x141042, 0x0) close(r1) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0xfff, 0x105082) r3 = memfd_create(&(0x7f00000005c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x3) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x80000000005, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x1061f) fcntl$setstatus(r1, 0x4, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x0, 0x5, 0xffff) write(r5, &(0x7f00000001c0), 0x526987c9) read(r4, &(0x7f0000000200)=""/250, 0x1000000d1) sendfile(r2, r3, 0x0, 0x80003) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000000c0)=@generic={0x3, 0xd5, 0x1f}) syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev_mcast\x00') ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000540)={0x5, 0x5, 0x6a, &(0x7f00000003c0)="619fdd421e2e94d7f681e7b9c58fcda3c9ddc21641c97f9d51ce7d1c895d31253c39b07653f7112a5724ea1ee2c2b36293d0913fdb358fb60a6782fe3fba27e17886237f776eb957c5826a1b7206d2022bbc957a4de731a665720cc06b7670978c085273b9476ff9902c"}) openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x101400, 0x0) 03:16:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0, 0x2812, r1, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$tun(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="c005", @ANYRES32], 0x2) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 03:16:41 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) syncfs(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x3f4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x6, &(0x7f0000000480)=[{0x330c8029, 0x5, 0x3, 0x80}, {0x1, 0xcb, 0xfffffffffffffffe, 0x5}, {0x3674, 0x0, 0x5d}, {0xfffffffffffffff9, 0x7fffffff, 0x80000001, 0x5}, {0x8, 0x3c, 0x6454, 0xffffffffffffffbb}, {0xb332000000000, 0x5, 0x40, 0x401}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e26, @local}, 0xd) setxattr$trusted_overlay_opaque(&(0x7f0000000300)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000580)='y\x00', 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f0000000340)=0x4, 0xffffffffffffff2a) clone(0x421020017fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000600)='./bus\x00', 0x141042, 0x0) close(r1) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0xfff, 0x105082) r3 = memfd_create(&(0x7f00000005c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x3) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x80000000005, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x1061f) fcntl$setstatus(r1, 0x4, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x0, 0x5, 0xffff) write(r5, &(0x7f00000001c0), 0x526987c9) read(r4, &(0x7f0000000200)=""/250, 0x1000000d1) sendfile(r2, r3, 0x0, 0x80003) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000000c0)=@generic={0x3, 0xd5, 0x1f}) syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev_mcast\x00') ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000540)={0x5, 0x5, 0x6a, &(0x7f00000003c0)="619fdd421e2e94d7f681e7b9c58fcda3c9ddc21641c97f9d51ce7d1c895d31253c39b07653f7112a5724ea1ee2c2b36293d0913fdb358fb60a6782fe3fba27e17886237f776eb957c5826a1b7206d2022bbc957a4de731a665720cc06b7670978c085273b9476ff9902c"}) openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x101400, 0x0) [ 213.541016] IPVS: ftp: loaded support on port[0] = 21 [ 213.669130] chnl_net:caif_netlink_parms(): no params data found [ 213.731323] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.738025] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.746149] device bridge_slave_0 entered promiscuous mode [ 213.756830] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.763403] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.771334] device bridge_slave_1 entered promiscuous mode [ 213.801971] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 213.813140] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 213.840012] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.848184] team0: Port device team_slave_0 added [ 213.856132] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 213.864261] team0: Port device team_slave_1 added [ 213.870385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.879967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.956201] device hsr_slave_0 entered promiscuous mode 03:16:42 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) syncfs(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x3f4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x6, &(0x7f0000000480)=[{0x330c8029, 0x5, 0x3, 0x80}, {0x1, 0xcb, 0xfffffffffffffffe, 0x5}, {0x3674, 0x0, 0x5d}, {0xfffffffffffffff9, 0x7fffffff, 0x80000001, 0x5}, {0x8, 0x3c, 0x6454, 0xffffffffffffffbb}, {0xb332000000000, 0x5, 0x40, 0x401}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e26, @local}, 0xd) setxattr$trusted_overlay_opaque(&(0x7f0000000300)='./bus\x00', &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f0000000580)='y\x00', 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f0000000340)=0x4, 0xffffffffffffff2a) clone(0x421020017fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000600)='./bus\x00', 0x141042, 0x0) close(r1) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0xfff, 0x105082) r3 = memfd_create(&(0x7f00000005c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x3) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x80000000005, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0x1061f) fcntl$setstatus(r1, 0x4, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x0, 0x5, 0xffff) write(r5, &(0x7f00000001c0), 0x526987c9) read(r4, &(0x7f0000000200)=""/250, 0x1000000d1) sendfile(r2, r3, 0x0, 0x80003) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f00000000c0)=@generic={0x3, 0xd5, 0x1f}) syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev_mcast\x00') ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$VT_WAITACTIVE(r4, 0x5607) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000540)={0x5, 0x5, 0x6a, &(0x7f00000003c0)="619fdd421e2e94d7f681e7b9c58fcda3c9ddc21641c97f9d51ce7d1c895d31253c39b07653f7112a5724ea1ee2c2b36293d0913fdb358fb60a6782fe3fba27e17886237f776eb957c5826a1b7206d2022bbc957a4de731a665720cc06b7670978c085273b9476ff9902c"}) openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x101400, 0x0) [ 214.003163] device hsr_slave_1 entered promiscuous mode [ 214.053382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 214.060846] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 214.092343] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.098877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.105874] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.112346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.183688] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 214.189826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.201536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.214891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.224927] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.239965] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.257529] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 214.279778] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 214.286129] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.308350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.317844] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.324323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.377107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.385224] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.391652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.401250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.409898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.418169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.426172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.448747] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 214.454871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.495764] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.504188] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.522456] 8021q: adding VLAN 0 to HW filter on device batadv0 03:16:42 executing program 1: socket(0xb, 0x807, 0x7f) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendmmsg(r0, &(0x7f00000063c0)=[{{0x0, 0x0, &(0x7f0000005940), 0x0, &(0x7f0000005980)=[{0x10}], 0x10}, 0x1c}, {{&(0x7f0000006000)=@nfc={0x27, 0x0, 0x2, 0x52e8da3876b4f7dc}, 0x80, &(0x7f0000006180)=[{&(0x7f0000006080)="e7d70d19d5231ea5bcb6d45af6fdd78e9ccf70990eff539689b1e6ab4c90673e3c191797567baa179f546d12de0abc20f57e6c13a0a47f2da08a289bff3ae70789487c10816a0b512b069abd615523142ec83e488064e7bfcac479c0eed45b1bb97d1d0a2120a7669cb2de3dfe3911258f61899a6266b720a6af4525d1d2187d3715477e3aba152bcc51665c5e030ea4a34d2cd07c9953e58fa9a8e82ca79a1e9b7d59b199634be83350df376ca964d99c4eb26d3eace1ad9388953a2a8a053d76ade05621731d938b403833e451338a66dac1e1bbd22c0ab0a030", 0xdb}], 0x1}, 0x7ff}, {{&(0x7f0000006300)=@vsock={0x28, 0x0, 0x2711}, 0x80, &(0x7f0000006380)}, 0xc418}], 0x3, 0x20000000) 03:16:42 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000002c0), 0x8) pipe(&(0x7f0000000180)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:16:43 executing program 0: 03:16:43 executing program 0: r0 = gettid() r1 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/156, 0x9c}], 0x1) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 03:16:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x103) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000780)={&(0x7f0000000640), 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x74, r2, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x24, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x10000, 0x0) setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000500)={0xfffffffffffffff9, {{0x2, 0x4e21, @empty}}, {{0x2, 0x4e20, @empty}}}, 0x108) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$IMSETDEVNAME(r5, 0x80184947, &(0x7f0000000380)={0xffffffff, 'syz0\x00'}) r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r6, 0xc02c564a, &(0x7f0000000280)={0xd2e, 0x72317776, 0x2, @stepwise={0x100000001, 0x13, 0x5, 0x46e19270, 0x200, 0xab}}) sendmsg$alg(r3, &(0x7f0000002700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x0) write$binfmt_script(r3, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmsg(r3, &(0x7f00000026c0)={&(0x7f0000000300)=@pppol2tpv3, 0x80, &(0x7f0000002540)=[{&(0x7f0000000000)=""/115, 0xf}, {&(0x7f00000023c0)=""/143, 0x8f}, {&(0x7f00000001c0)=""/22, 0xfffffea0}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f00000000c0)=""/190, 0xbe}, {&(0x7f0000000440)=""/9, 0x9}], 0x6, &(0x7f00000025c0)=""/230, 0xe6}, 0x0) 03:16:44 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/udmabuf\x00', 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1ff, 0x101200) ioctl$RNDADDENTROPY(r2, 0x40085203, &(0x7f0000000100)={0x1, 0xf1, "0e1ccfc5b55ac1d293384b9b0ff132429475395223aa19f78d65761a57ee5523b2c32c982123c33b29d9a7e96304e145604b6d913f549f666aef280c8d13bd84f7af2997bbaea46d4ff6b394e4f8013adb58cac428814f4aa4b58228df635eb44d0e8223772571494450261e869f41cb48e07a0b5d024334590acaf5df81adfb1284b7c996a4192d8fc5c2e779eb35b2277f4045655c19580706e74edc82e12a26a173cfd88a7877bf451096cea82c7d91dc8877e6e73710e282be859755e5adf06e1cb6182c50eb3bfe90d5464b9e2cde29de0ab5379de7f085e7a1898d241a3a7d54851317e84eb9db4424f22c138752"}) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000000c0)) 03:16:44 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000300)={0x56aa, 0xd, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000007000/0x2000)=nil, 0x2, 0x0, 0x6012, r1, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 216.196171] x86/PAT: syz-executor.0:9694 map pfn RAM range req write-combining for [mem 0x52ae5000-0x52ae5fff], got write-back [ 216.222114] x86/PAT: syz-executor.0:9696 map pfn RAM range req write-combining for [mem 0x52ae5000-0x52ae5fff], got write-back 03:16:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x40000, 0x0) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000001c0)={0x5, 0x0, [{0x7ff, 0x3, 0x0, 0x0, @sint={0x6, 0x6}}, {0x0, 0x3, 0x0, 0x0, @sint={0x7, 0x2}}, {0x1800000, 0x2, 0x0, 0x0, @sint={0x6, 0xff}}, {0x607, 0x1, 0x0, 0x0, @adapter={0xa1d2, 0x7, 0x7f, 0xfffffffffffffe01, 0x7}}, {0xffffffffffffff28, 0x2, 0x0, 0x0, @msi={0x6, 0x4, 0x8001}}]}) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r1, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffff}]}]}, 0x20}}, 0x0) 03:16:44 executing program 0: socketpair$unix(0x1, 0x100000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) close(r0) r1 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) bind$packet(r1, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000400)=0x7, 0x4) io_setup(0x1, &(0x7f00000000c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x3000000, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x29c}]) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000180)={r4, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1c}}]}, &(0x7f0000000240)=0x10) [ 216.479015] ================================================================== [ 216.486445] BUG: KMSAN: uninit-value in batadv_interface_tx+0x772/0x1e40 [ 216.493282] CPU: 1 PID: 9703 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 216.500367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.509706] Call Trace: [ 216.512309] dump_stack+0x173/0x1d0 [ 216.515937] kmsan_report+0x12e/0x2a0 [ 216.519746] __msan_warning+0x82/0xf0 [ 216.523554] batadv_interface_tx+0x772/0x1e40 [ 216.528066] ? batadv_softif_is_valid+0xb0/0xb0 [ 216.532737] dev_direct_xmit+0x8a3/0xbb0 [ 216.536821] packet_direct_xmit+0x256/0x3e0 [ 216.541263] ? __packet_rcv_has_room+0xc00/0xc00 [ 216.546020] ? __packet_rcv_has_room+0xc00/0xc00 [ 216.550778] packet_sendmsg+0x79bb/0x9760 [ 216.554925] ? kmsan_internal_chain_origin+0x134/0x230 [ 216.560201] ? kmsan_memcpy_metadata+0xb/0x10 [ 216.564710] ? aio_write+0x7cd/0xa60 [ 216.568420] ? io_submit_one+0x17de/0x3f90 [ 216.572648] ? __se_sys_io_submit+0x2aa/0x660 [ 216.577148] ? __x64_sys_io_submit+0x4a/0x70 [ 216.581556] ? do_syscall_64+0xbc/0xf0 [ 216.585440] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 216.590805] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.596167] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.601358] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.606761] ? compat_packet_setsockopt+0x360/0x360 [ 216.611778] sock_write_iter+0x3f4/0x4d0 [ 216.615853] ? sock_read_iter+0x4e0/0x4e0 [ 216.620004] aio_write+0x7cd/0xa60 [ 216.623585] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.628775] io_submit_one+0x17de/0x3f90 [ 216.632833] ? kmsan_unpoison_pt_regs+0x2a/0x30 [ 216.637522] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.642720] __se_sys_io_submit+0x2aa/0x660 [ 216.647062] __x64_sys_io_submit+0x4a/0x70 [ 216.651294] do_syscall_64+0xbc/0xf0 [ 216.655010] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 216.660200] RIP: 0033:0x457e29 [ 216.663403] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.682296] RSP: 002b:00007ffb659e4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 216.689999] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 216.697262] RDX: 0000000020000080 RSI: 0000000000000001 RDI: 00007ffb659c4000 [ 216.704539] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 216.711802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb659e56d4 [ 216.719153] R13: 00000000004bf030 R14: 00000000004d0910 R15: 00000000ffffffff [ 216.726423] [ 216.728040] Uninit was created at: [ 216.731580] kmsan_save_stack_with_flags+0x7a/0x130 [ 216.736592] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 216.742384] kmsan_alloc_page+0x7e/0x100 [ 216.746460] __alloc_pages_nodemask+0x137b/0x5e30 [ 216.751297] alloc_pages_current+0x4a9/0x9b0 [ 216.755697] new_slab+0x3c6/0x20b0 [ 216.759245] ___slab_alloc+0x1577/0x2060 [ 216.763300] kmem_cache_alloc+0xae8/0xb60 [ 216.767439] mempool_alloc_slab+0x66/0xc0 [ 216.771576] mempool_init_node+0x50b/0xa40 [ 216.775803] mempool_init+0x102/0x120 [ 216.779600] bioset_init+0x989/0xd90 [ 216.783305] extent_io_init+0x154/0x31d [ 216.787268] init_btrfs_fs+0xc4/0x47d [ 216.791172] do_one_initcall+0x557/0x9a0 [ 216.795224] do_initcall_level+0x403/0x4be [ 216.799451] do_basic_setup+0x5a/0x6b [ 216.803245] kernel_init_freeable+0x24e/0x4af [ 216.807731] kernel_init+0x1f/0xb20 [ 216.811356] ret_from_fork+0x35/0x40 [ 216.815054] ================================================================== [ 216.822484] Disabling lock debugging due to kernel taint [ 216.827920] Kernel panic - not syncing: panic_on_warn set ... [ 216.833810] CPU: 1 PID: 9703 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 216.842396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.851740] Call Trace: [ 216.854343] dump_stack+0x173/0x1d0 [ 216.857991] panic+0x3d1/0xb01 [ 216.861206] kmsan_report+0x293/0x2a0 [ 216.865012] __msan_warning+0x82/0xf0 [ 216.868813] batadv_interface_tx+0x772/0x1e40 [ 216.873327] ? batadv_softif_is_valid+0xb0/0xb0 [ 216.877994] dev_direct_xmit+0x8a3/0xbb0 [ 216.882069] packet_direct_xmit+0x256/0x3e0 [ 216.886391] ? __packet_rcv_has_room+0xc00/0xc00 [ 216.891141] ? __packet_rcv_has_room+0xc00/0xc00 [ 216.895908] packet_sendmsg+0x79bb/0x9760 [ 216.900055] ? kmsan_internal_chain_origin+0x134/0x230 [ 216.905324] ? kmsan_memcpy_metadata+0xb/0x10 [ 216.909838] ? aio_write+0x7cd/0xa60 [ 216.913546] ? io_submit_one+0x17de/0x3f90 [ 216.917778] ? __se_sys_io_submit+0x2aa/0x660 [ 216.922268] ? __x64_sys_io_submit+0x4a/0x70 [ 216.926706] ? do_syscall_64+0xbc/0xf0 03:16:45 executing program 2: r0 = getpgid(0x0) sched_setattr(r0, &(0x7f0000000000)={0x30, 0x7, 0x1, 0x1f, 0x800, 0x4, 0x6, 0x4}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x8200, 0x0) ioctl$TCSBRK(r1, 0x5409, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r2, 0x100, 0x10}, 0xc) r4 = syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x3fd, 0x101002) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000180)="b0a97928f6bb505296e4370bf480d68a", 0x10) getsockname$unix(r4, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x1000, 0x7, 0xfffffffffffffffb, 0x80, 0x0, 0xffff, 0x2000, 0x1, 0x7, 0x1, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x10001, 0x5, 0xffffffffffffffff, 0x5, 0x6, 0x1f, 0x7fffffff, 0x3, 0x1f, 0x7, 0x5, 0x1, 0x1, 0xffff, 0xfffffffffffff024, 0x1, 0x101, 0xe7, 0x370e7187, 0x9, 0x7, 0x0, 0x9, 0x2, @perf_config_ext={0x7ff, 0x7}, 0x400, 0x800, 0x80000001, 0x8, 0x6, 0x2}, r0, 0xd, 0xffffffffffffffff, 0xa) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, r5, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x147}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100000000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) ioctl$EVIOCGABS20(r4, 0x80184560, &(0x7f0000000440)=""/4096) ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000001440)=[0x200, 0x8001]) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001580)={r4, &(0x7f0000001480)="c42e94", &(0x7f00000014c0)="8487ff4be994e18a7bfafe4d4871852221322d7851413437ca181b827068f75894833546731da7b67e15d631ea6b2cfb47934c9ff799609deffb590aef8afea9b44b9d34ad7e92b3b8f09eb9bdcc098054b5377f52c78e2da53980e1370dddd8267572481387e8b1cb3eb54087335e3b4aa3f274fb1e16d11d27c03497b738b3627d8b14faa56ca438b8764edfc67551104b8b68a5cfcbf441b37627545d5ede1a28ef011e6555dda5314009a44e6f4b78ba340575437ca54ecc983dd7be78ea", 0x2}, 0x20) epoll_create(0x40) ioctl$CAPI_NCCI_GETUNIT(r4, 0x80044327, &(0x7f00000015c0)) uselib(&(0x7f0000001600)='./file0\x00') ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000001640)={0x3, 0xffff, 0x1}) ioctl$KVM_GET_XSAVE(r4, 0x9000aea4, &(0x7f0000001680)) epoll_create(0x4) sendto$inet6(r3, &(0x7f0000001a80)="106e23cd9efa93b84b052afa2753f2f6185ade264d8c8f50c1dde76401c4ec01f8798ff7dac40fff7fd10efe60079f29570cb6d03e08b3ec76ff040f4278dc41cae69ca8336a909c7bac601afe11ab11bf9359587cae27f78d8859031cc66ee5d5d5f19cf8b3b2e807a3e0f72cb98dcbd27647c0b556a2eee47e7eb04e3efbbbef72a81b9371e7c528bedc2e", 0x8c, 0x4801, &(0x7f0000001b40)={0xa, 0x4e23, 0x4, @empty, 0x5}, 0x1c) ioctl$VIDIOC_S_FBUF(r4, 0x4030560b, &(0x7f0000001c40)={0xac, 0x21, &(0x7f0000001b80)="ea936cc0a1ca8956aed3da3c6f21b671779268ece3b02e1373182b3e857ed94cd32e69bdc06a17f8d80e98f157c62cb157c3152188ed2bf33ad9e22e520a173041adfa5fbdd7072c1e7511a8f5d8d2203fc5fe0236051f48ba56db6f2863e0acba3f980a1f48d69add8b40ef27b63efa9ff2a387c8929386605389be399732ca3d56fb5dfb2125416ff02d83fe1d67c14fed00047305f59e34581e2f6749d76d52e01162ba83a0966966667e3573e09852bda273054c9442caed3a4a", {0x3, 0x80000001, 0x30313953, 0x9, 0x1, 0x10000, 0xf, 0x1e42}}) ioctl$INOTIFY_IOC_SETNEXTWD(r4, 0x40044900, 0x1) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000001c80)=[@in6={0xa, 0x4e22, 0x5, @mcast1, 0xfffffffffffffffe}, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e22, @rand_addr=0x2}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e24, @multicast2}], 0x5c) setsockopt$inet6_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000001d00)={0x7}, 0x4) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000001d80)={'filter\x00', 0x7, 0x4, 0x4a8, 0x0, 0x140, 0x0, 0x3c0, 0x3c0, 0x3c0, 0x4, &(0x7f0000001d40), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local, @empty, @multicast2, 0xf}}}, {{@arp={@rand_addr=0x3, @empty, 0xffffffff, 0xffffff00, @mac=@dev={[], 0x15}, {[0x0, 0xb787ae19f331555d, 0xff, 0xff]}, @mac=@random="902b70790e8e", {[0xff, 0x0, 0xff]}, 0x3, 0xa7, 0x400000000, 0x6, 0xe0c, 0x7fffffff, 'nr0\x00', 'veth1_to_team\x00', {0xff}, {0xff}, 0x0, 0x76}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @dev={0xac, 0x14, 0x14, 0x1c}, @remote, 0x1, 0xffffffff}}}, {{@arp={@rand_addr=0x9, @multicast2, 0xff000000, 0x0, @empty, {[0x0, 0xff, 0x0, 0xff, 0xff]}, @empty, {[0xff, 0x0, 0xff, 0xff, 0xff]}, 0x80000000, 0x7, 0x800, 0xfffffffffffff0a4, 0x101, 0x1f, 'nlmon0\x00', 'rose0\x00', {}, {0xff}, 0x0, 0x80}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={[], 0xe}, @mac=@dev={[], 0x23}, @broadcast, @empty, 0x8, 0x1}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4f8) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r4, 0xc040564a, &(0x7f0000002280)={0x10000, 0x0, 0x3017, 0x401, 0x1ff, 0x8001, 0x5, 0x1}) setsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f00000022c0)=0x63, 0x2) [ 216.930597] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 216.935988] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.941353] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.946547] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.952038] ? compat_packet_setsockopt+0x360/0x360 [ 216.957078] sock_write_iter+0x3f4/0x4d0 [ 216.961152] ? sock_read_iter+0x4e0/0x4e0 [ 216.965306] aio_write+0x7cd/0xa60 [ 216.968873] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.974065] io_submit_one+0x17de/0x3f90 [ 216.978126] ? kmsan_unpoison_pt_regs+0x2a/0x30 [ 216.982813] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 216.988005] __se_sys_io_submit+0x2aa/0x660 [ 216.992336] __x64_sys_io_submit+0x4a/0x70 [ 216.996571] do_syscall_64+0xbc/0xf0 [ 217.000290] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 217.005471] RIP: 0033:0x457e29 [ 217.008655] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.027553] RSP: 002b:00007ffb659e4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 217.035261] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 217.042614] RDX: 0000000020000080 RSI: 0000000000000001 RDI: 00007ffb659c4000 [ 217.049888] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 217.057149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb659e56d4 [ 217.064414] R13: 00000000004bf030 R14: 00000000004d0910 R15: 00000000ffffffff [ 217.073050] Kernel Offset: disabled [ 217.076680] Rebooting in 86400 seconds..