[ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Found device /dev/ttyS0. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 87.042027][ T8332] sshd (8332) used greatest stack depth: 3904 bytes left Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. 2020/07/22 12:18:57 fuzzer started 2020/07/22 12:18:58 dialing manager at 10.128.0.26:40471 2020/07/22 12:18:58 syscalls: 3112 2020/07/22 12:18:58 code coverage: enabled 2020/07/22 12:18:58 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/22 12:18:58 extra coverage: enabled 2020/07/22 12:18:58 setuid sandbox: enabled 2020/07/22 12:18:58 namespace sandbox: enabled 2020/07/22 12:18:58 Android sandbox: enabled 2020/07/22 12:18:58 fault injection: enabled 2020/07/22 12:18:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/22 12:18:58 net packet injection: enabled 2020/07/22 12:18:58 net device setup: enabled 2020/07/22 12:18:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/22 12:18:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/22 12:18:58 USB emulation: /dev/raw-gadget does not exist 12:21:10 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$GIO_FONT(r2, 0x4b60, 0x0) [ 233.450447][ T32] audit: type=1400 audit(1595420470.853:8): avc: denied { execmem } for pid=8491 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 233.813673][ T8492] IPVS: ftp: loaded support on port[0] = 21 [ 234.098001][ T8492] chnl_net:caif_netlink_parms(): no params data found [ 234.345385][ T8492] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.353410][ T8492] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.362934][ T8492] device bridge_slave_0 entered promiscuous mode [ 234.378385][ T8492] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.386209][ T8492] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.395852][ T8492] device bridge_slave_1 entered promiscuous mode [ 234.453059][ T8492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.470787][ T8492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.526743][ T8492] team0: Port device team_slave_0 added [ 234.540956][ T8492] team0: Port device team_slave_1 added [ 234.601713][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.608770][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.635359][ T8492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.650253][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.657295][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.683771][ T8492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.868402][ T8492] device hsr_slave_0 entered promiscuous mode [ 234.991109][ T8492] device hsr_slave_1 entered promiscuous mode [ 235.551763][ T8492] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 235.619261][ T8492] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 235.698706][ T8492] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 235.909981][ T8492] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 236.354616][ T8492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.391628][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.401450][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.427556][ T8492] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.450417][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.462133][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.471673][ T4625] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.478888][ T4625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.533171][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.543469][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.553568][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.563163][ T4625] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.571136][ T4625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.580177][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.591305][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.602339][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.613815][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.633525][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 236.651792][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.662704][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.700638][ T8492] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 236.711198][ T8492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 236.733366][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 236.743897][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 236.754731][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 236.765278][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 236.810802][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 236.840242][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 236.848030][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 236.870626][ T8492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.932578][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 236.943517][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 237.001989][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 237.011832][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 237.038294][ T8492] device veth0_vlan entered promiscuous mode [ 237.047221][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 237.057550][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 237.102719][ T8492] device veth1_vlan entered promiscuous mode [ 237.163235][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 237.173329][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 237.182982][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 237.192929][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 237.224334][ T8492] device veth0_macvtap entered promiscuous mode [ 237.244279][ T8492] device veth1_macvtap entered promiscuous mode [ 237.291144][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.299188][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 237.308730][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 237.318203][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 237.328455][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 237.356394][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.365127][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 237.375298][ T4625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 12:21:15 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:15 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:16 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:16 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:16 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:16 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:16 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 12:21:17 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:17 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) [ 239.964362][ T8748] IPVS: ftp: loaded support on port[0] = 21 12:21:17 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) [ 240.364227][ T8748] chnl_net:caif_netlink_parms(): no params data found 12:21:18 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) [ 240.611156][ T8748] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.618437][ T8748] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.651406][ T8748] device bridge_slave_0 entered promiscuous mode [ 240.670577][ T8748] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.677854][ T8748] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.687455][ T8748] device bridge_slave_1 entered promiscuous mode 12:21:18 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) [ 240.806299][ T8748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.831327][ T8748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.938529][ T8748] team0: Port device team_slave_0 added [ 240.952145][ T8748] team0: Port device team_slave_1 added [ 241.001635][ T8748] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.009460][ T8748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.035659][ T8748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.066859][ T8748] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.076678][ T8748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.102934][ T8748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 12:21:18 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) [ 241.236604][ T8748] device hsr_slave_0 entered promiscuous mode [ 241.260277][ T8748] device hsr_slave_1 entered promiscuous mode [ 241.300089][ T8748] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.307796][ T8748] Cannot create hsr debugfs directory 12:21:18 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:19 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) [ 241.795106][ T8748] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 241.840562][ T8748] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 241.895641][ T8748] netdevsim netdevsim1 netdevsim2: renamed from eth2 12:21:19 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) [ 241.937926][ T8748] netdevsim netdevsim1 netdevsim3: renamed from eth3 12:21:19 executing program 0: perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) [ 242.330398][ T8748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.380720][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.390473][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.434344][ T8748] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.467069][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 12:21:19 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) [ 242.479343][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.488754][ T3084] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.496096][ T3084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.570957][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.580788][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.590745][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.600225][ T3084] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.607439][ T3084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.616617][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.627565][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.639504][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.650255][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.660491][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.671154][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.749315][ T8748] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 242.761045][ T8748] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 242.865158][ T8748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.891757][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.902183][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.912030][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.923062][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.932876][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.942621][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.950519][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.040682][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 243.050382][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 243.060785][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 243.071378][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 243.082353][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 243.104237][ T8748] device veth0_vlan entered promiscuous mode [ 243.130397][ T8748] device veth1_vlan entered promiscuous mode [ 243.161566][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 243.171314][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 243.180501][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 243.190087][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 243.230914][ T8748] device veth0_macvtap entered promiscuous mode [ 243.241607][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 243.253050][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 243.272082][ T8748] device veth1_macvtap entered promiscuous mode [ 243.292241][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 243.301889][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 243.328269][ T8748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 243.339409][ T8748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.353351][ T8748] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.363795][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 243.377772][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 243.450088][ T8748] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 243.460718][ T8748] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.474560][ T8748] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.484745][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 243.496088][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 244.170231][ C0] hrtimer: interrupt took 79525 ns 12:21:22 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 12:21:22 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:22 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:22 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:23 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 12:21:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) [ 246.534494][ T9059] sg_write: process 59 (syz-executor.0) called from kernel context, this is not allowed. 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:24 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:25 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:26 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200), 0x0) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) fcntl$dupfd(r1, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xd811) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) fcntl$dupfd(r1, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xd811) 12:21:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) fcntl$dupfd(r1, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xd811) 12:21:27 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$cgroup_int(r0, &(0x7f0000000140), 0xff4d) sendfile(r2, r1, 0x0, 0xffffffff800) 12:21:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:27 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200), 0x0) 12:21:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) [ 250.443164][ T9149] IPVS: ftp: loaded support on port[0] = 21 12:21:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x0) 12:21:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x0) 12:21:28 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200), 0x0) 12:21:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x0) [ 251.099838][ T9149] chnl_net:caif_netlink_parms(): no params data found [ 251.427814][ T9149] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.436812][ T9149] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.446291][ T9149] device bridge_slave_0 entered promiscuous mode 12:21:28 executing program 0: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioprio_get$pid(0x0, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=@random={'btrfs.', 'GPL\x00'}, &(0x7f0000000180)='\x00', 0x1, 0x1) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000460700004c0000000f75000000000000bf5400000000000007040000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a57862712cb064ecce5e7a9ce0a575a4f7952cb768637e60bd5d2e4b5992de991371274fdf535e001022e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0cc5bf6fec345ae9606c3c1a348f9b395592c1018e5e4b41b13000c94df67ae6083062ba2f49ec035883e27b1a9e1dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8bef9aa55841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cf9e4e2d23f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd36d44f9299c8fd1a7817450bc7921dd372e621dd447b86e7ffd1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446101c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf95bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250b7d00a6c8cf314fa8d37932055bb6bce4f618cad2375a34c7f15c3096f31e6aa6887864f62760ae35214552982bba84d92b1280251330dde4cf97b7cc6b2349e4f7a576c931941f787327fceb5091d9e347056003f7303d210fccd2efe6cda25b5aacc36db66ff83af576b56dfbd40b15d569244dbfed73ab9ef37705f9d2734801899e248e1a7155e2ccfca30db4ac54080fce52263e3953a6f8560f8599df272602ca901b58a9e2dbf16dd0322d0bb3ceb1b0a002090c09ab606e91ad9d88e7205464594add8691b62d55127cd891b8abf038753c0aa220cdce78b9346adbd72b293e66ef1a04905935d7adb2bf9fb3c6f145472c58dbc8dbd8d0cde99df707000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0xc, 0x0, &(0x7f0000000080)) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0) [ 251.510431][ T9149] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.517755][ T9149] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.527964][ T9149] device bridge_slave_1 entered promiscuous mode [ 251.680085][ T9149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.735483][ T9149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.867282][ T9149] team0: Port device team_slave_0 added [ 251.894109][ T9149] team0: Port device team_slave_1 added [ 252.021067][ T9149] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 252.028143][ T9149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.055144][ T9149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active 12:21:29 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 252.204240][ T9149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 252.211481][ T9149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.237666][ T9149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 12:21:30 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x2000014, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') socket$inet_udplite(0x2, 0x2, 0x88) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) [ 252.597453][ T9149] device hsr_slave_0 entered promiscuous mode [ 252.640624][ T9149] device hsr_slave_1 entered promiscuous mode [ 252.699126][ T9149] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.706801][ T9149] Cannot create hsr debugfs directory [ 253.076273][ T9149] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 253.152106][ T9149] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 253.209379][ T9149] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 253.269167][ T9149] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 253.779854][ T9149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.851934][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 253.861099][ T3084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 253.881110][ T9149] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.908923][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 253.919028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 253.929547][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.936756][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.012720][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.022512][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 254.032459][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 254.042065][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.049517][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.058441][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 254.069455][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 254.081083][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 254.091652][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 254.124997][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 254.135287][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 254.146039][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 254.172240][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 254.182581][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 254.204837][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 254.215075][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 254.232133][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 254.302332][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 254.310591][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 254.344130][ T9149] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.411881][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 254.422008][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 254.485864][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 254.496071][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 254.514177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 254.525868][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 254.552991][ T9149] device veth0_vlan entered promiscuous mode [ 254.583845][ T9149] device veth1_vlan entered promiscuous mode [ 254.658291][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 254.667840][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 254.677306][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 254.687301][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 254.705168][ T9149] device veth0_macvtap entered promiscuous mode [ 254.734032][ T9149] device veth1_macvtap entered promiscuous mode [ 254.790170][ T9149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 254.800752][ T9149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.810797][ T9149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 254.821343][ T9149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.835276][ T9149] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.848443][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 254.858056][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 254.869189][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 254.879078][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 254.915797][ T9149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 254.926479][ T9149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.939677][ T9149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 254.950307][ T9149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.964287][ T9149] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.978451][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 254.989623][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 255.697081][ T32] audit: type=1804 audit(1595420493.094:9): pid=9420 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir945934860/syzkaller.9q1ppL/0/memory.events" dev="sda1" ino=15763 res=1 [ 255.722717][ T32] audit: type=1800 audit(1595420493.094:10): pid=9420 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=15763 res=0 [ 255.761012][ T32] audit: type=1804 audit(1595420493.154:11): pid=9421 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir945934860/syzkaller.9q1ppL/0/memory.events" dev="sda1" ino=15763 res=1 12:21:33 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$cgroup_int(r0, &(0x7f0000000140), 0xff4d) sendfile(r2, r1, 0x0, 0xffffffff800) 12:21:33 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:33 executing program 0: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 256.106525][ T32] audit: type=1804 audit(1595420493.504:12): pid=9433 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir945934860/syzkaller.9q1ppL/1/memory.events" dev="sda1" ino=15771 res=1 [ 256.132802][ T32] audit: type=1800 audit(1595420493.504:13): pid=9433 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=15771 res=0 [ 256.180491][ T32] audit: type=1804 audit(1595420493.584:14): pid=9434 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir945934860/syzkaller.9q1ppL/1/memory.events" dev="sda1" ino=15771 res=1 12:21:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:34 executing program 0 (fault-call:4 fault-nth:0): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:34 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 257.003565][ T9448] FAULT_INJECTION: forcing a failure. [ 257.003565][ T9448] name failslab, interval 1, probability 0, space 0, times 1 [ 257.016803][ T9448] CPU: 1 PID: 9448 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 257.025460][ T9448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.035566][ T9448] Call Trace: [ 257.039059][ T9448] dump_stack+0x1df/0x240 [ 257.043472][ T9448] should_fail+0x8b7/0x9e0 [ 257.047972][ T9448] __should_failslab+0x1f6/0x290 [ 257.052977][ T9448] should_failslab+0x29/0x70 [ 257.057650][ T9448] kmem_cache_alloc_trace+0xf3/0xd70 [ 257.063723][ T9448] ? terminate_walk+0x56d/0x640 [ 257.068650][ T9448] ? alloc_pipe_info+0x116/0xa30 [ 257.073668][ T9448] ? kmsan_get_metadata+0x11d/0x180 [ 257.078944][ T9448] ? kmsan_set_origin_checked+0x95/0xf0 [ 257.084577][ T9448] ? kmsan_get_metadata+0x11d/0x180 [ 257.089853][ T9448] alloc_pipe_info+0x116/0xa30 [ 257.094711][ T9448] ? kmsan_get_metadata+0x11d/0x180 [ 257.099988][ T9448] splice_direct_to_actor+0xc27/0xf50 [ 257.105564][ T9448] ? do_splice_direct+0x580/0x580 [ 257.110684][ T9448] ? security_file_permission+0x1dc/0x220 [ 257.116483][ T9448] ? rw_verify_area+0x2c4/0x5b0 [ 257.121421][ T9448] do_splice_direct+0x342/0x580 [ 257.126383][ T9448] do_sendfile+0x101b/0x1d40 [ 257.131094][ T9448] __se_compat_sys_sendfile+0x301/0x3c0 [ 257.136746][ T9448] ? kmsan_get_metadata+0x11d/0x180 [ 257.142010][ T9448] ? __ia32_sys_sendfile64+0x70/0x70 [ 257.147368][ T9448] __ia32_compat_sys_sendfile+0x56/0x70 [ 257.153013][ T9448] __do_fast_syscall_32+0x2aa/0x400 [ 257.158310][ T9448] do_fast_syscall_32+0x6b/0xd0 [ 257.163265][ T9448] do_SYSENTER_32+0x73/0x90 [ 257.167838][ T9448] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 257.174209][ T9448] RIP: 0023:0xf7f56549 [ 257.178359][ T9448] Code: Bad RIP value. [ 257.182464][ T9448] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 257.190934][ T9448] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007 12:21:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) [ 257.198953][ T9448] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 257.206972][ T9448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 257.215691][ T9448] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 257.223721][ T9448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 12:21:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) 12:21:35 executing program 0 (fault-call:4 fault-nth:1): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) [ 257.816010][ T9463] FAULT_INJECTION: forcing a failure. [ 257.816010][ T9463] name failslab, interval 1, probability 0, space 0, times 0 [ 257.829426][ T9463] CPU: 0 PID: 9463 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 257.838085][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.848194][ T9463] Call Trace: [ 257.851597][ T9463] dump_stack+0x1df/0x240 [ 257.856013][ T9463] should_fail+0x8b7/0x9e0 [ 257.860532][ T9463] __should_failslab+0x1f6/0x290 [ 257.865555][ T9463] should_failslab+0x29/0x70 [ 257.870233][ T9463] __kmalloc+0xae/0x460 [ 257.874475][ T9463] ? kmsan_get_metadata+0x11d/0x180 [ 257.879740][ T9463] ? kcalloc+0x94/0x110 [ 257.884058][ T9463] kcalloc+0x94/0x110 [ 257.888119][ T9463] alloc_pipe_info+0x626/0xa30 [ 257.892998][ T9463] splice_direct_to_actor+0xc27/0xf50 [ 257.898447][ T9463] ? do_splice_direct+0x580/0x580 [ 257.903574][ T9463] ? security_file_permission+0x1dc/0x220 [ 257.909384][ T9463] ? rw_verify_area+0x2c4/0x5b0 [ 257.914441][ T9463] do_splice_direct+0x342/0x580 [ 257.919408][ T9463] do_sendfile+0x101b/0x1d40 [ 257.924167][ T9463] __se_compat_sys_sendfile+0x301/0x3c0 [ 257.929817][ T9463] ? kmsan_get_metadata+0x11d/0x180 [ 257.935094][ T9463] ? __ia32_sys_sendfile64+0x70/0x70 [ 257.940455][ T9463] __ia32_compat_sys_sendfile+0x56/0x70 [ 257.946102][ T9463] __do_fast_syscall_32+0x2aa/0x400 [ 257.951390][ T9463] do_fast_syscall_32+0x6b/0xd0 [ 257.956315][ T9463] do_SYSENTER_32+0x73/0x90 [ 257.960893][ T9463] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 257.967267][ T9463] RIP: 0023:0xf7f56549 [ 257.971358][ T9463] Code: Bad RIP value. [ 257.975482][ T9463] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 257.983978][ T9463] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007 [ 257.992021][ T9463] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 258.000060][ T9463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 258.008103][ T9463] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 12:21:35 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xd811) [ 258.016139][ T9463] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 12:21:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) 12:21:35 executing program 0 (fault-call:4 fault-nth:2): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) [ 258.566660][ T9477] FAULT_INJECTION: forcing a failure. [ 258.566660][ T9477] name failslab, interval 1, probability 0, space 0, times 0 [ 258.579897][ T9477] CPU: 1 PID: 9477 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 258.588554][ T9477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.598701][ T9477] Call Trace: [ 258.602176][ T9477] dump_stack+0x1df/0x240 [ 258.606624][ T9477] should_fail+0x8b7/0x9e0 [ 258.611148][ T9477] __should_failslab+0x1f6/0x290 [ 258.616242][ T9477] should_failslab+0x29/0x70 [ 258.620915][ T9477] __kmalloc_node+0x1b1/0x11f0 [ 258.625743][ T9477] ? fsnotify_parent+0xbe/0x410 [ 258.630653][ T9477] ? kvmalloc_node+0x19a/0x3d0 [ 258.635493][ T9477] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 258.641748][ T9477] kvmalloc_node+0x19a/0x3d0 [ 258.646506][ T9477] iov_iter_get_pages_alloc+0x173e/0x21c0 [ 258.652333][ T9477] do_splice_to+0x4fc/0x14f0 [ 258.657010][ T9477] ? kmsan_get_metadata+0x11d/0x180 [ 258.662320][ T9477] ? __kmalloc+0x115/0x460 [ 258.666807][ T9477] ? kmsan_get_metadata+0x11d/0x180 [ 258.672090][ T9477] ? kmsan_get_metadata+0x11d/0x180 [ 258.677372][ T9477] ? kmsan_get_metadata+0x4f/0x180 [ 258.682603][ T9477] ? kmsan_internal_set_origin+0x75/0xb0 [ 258.688411][ T9477] ? __msan_poison_alloca+0xf0/0x120 [ 258.698481][ T9477] ? alloc_pipe_info+0x83e/0xa30 [ 258.703502][ T9477] ? kmsan_get_metadata+0x11d/0x180 [ 258.708776][ T9477] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 258.714671][ T9477] splice_direct_to_actor+0x45c/0xf50 [ 258.720126][ T9477] ? do_splice_direct+0x580/0x580 [ 258.725274][ T9477] do_splice_direct+0x342/0x580 [ 258.730300][ T9477] do_sendfile+0x101b/0x1d40 [ 258.735076][ T9477] __se_compat_sys_sendfile+0x301/0x3c0 [ 258.740704][ T9477] ? kmsan_get_metadata+0x11d/0x180 [ 258.746064][ T9477] ? __ia32_sys_sendfile64+0x70/0x70 [ 258.751459][ T9477] __ia32_compat_sys_sendfile+0x56/0x70 [ 258.757177][ T9477] __do_fast_syscall_32+0x2aa/0x400 [ 258.762476][ T9477] do_fast_syscall_32+0x6b/0xd0 [ 258.767404][ T9477] do_SYSENTER_32+0x73/0x90 [ 258.772089][ T9477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 258.778724][ T9477] RIP: 0023:0xf7f56549 [ 258.782819][ T9477] Code: Bad RIP value. [ 258.787096][ T9477] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 258.795581][ T9477] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007 [ 258.803638][ T9477] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 258.811679][ T9477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 258.819709][ T9477] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 258.827740][ T9477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 12:21:36 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:36 executing program 0 (fault-call:4 fault-nth:3): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xd811) [ 259.470767][ T9489] FAULT_INJECTION: forcing a failure. [ 259.470767][ T9489] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 259.484315][ T9489] CPU: 1 PID: 9489 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 259.492970][ T9489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.503087][ T9489] Call Trace: [ 259.506472][ T9489] dump_stack+0x1df/0x240 [ 259.510905][ T9489] should_fail+0x8b7/0x9e0 [ 259.515421][ T9489] should_fail_alloc_page+0x1e9/0x260 [ 259.520877][ T9489] __alloc_pages_nodemask+0x3aa/0x5dc0 [ 259.526421][ T9489] ? kmsan_internal_poison_shadow+0x9f/0xd0 [ 259.532397][ T9489] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 259.538371][ T9489] ? kmsan_slab_alloc+0x8a/0xe0 [ 259.543314][ T9489] ? __kmalloc_node+0xb39/0x11f0 [ 259.548321][ T9489] ? kvmalloc_node+0x19a/0x3d0 [ 259.553181][ T9489] ? iov_iter_get_pages_alloc+0x173e/0x21c0 [ 259.559329][ T9489] ? do_splice_to+0x4fc/0x14f0 [ 259.564165][ T9489] ? splice_direct_to_actor+0x45c/0xf50 [ 259.569815][ T9489] ? do_splice_direct+0x342/0x580 [ 259.574911][ T9489] ? do_sendfile+0x101b/0x1d40 [ 259.579742][ T9489] ? __se_compat_sys_sendfile+0x301/0x3c0 [ 259.585544][ T9489] ? __ia32_compat_sys_sendfile+0x56/0x70 [ 259.591346][ T9489] ? __do_fast_syscall_32+0x2aa/0x400 [ 259.596809][ T9489] ? do_fast_syscall_32+0x6b/0xd0 [ 259.601919][ T9489] ? do_SYSENTER_32+0x73/0x90 [ 259.606672][ T9489] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 259.614137][ T9489] ? __msan_poison_alloca+0xf0/0x120 [ 259.619498][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.624779][ T9489] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.630667][ T9489] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 259.636913][ T9489] ? should_fail+0x208/0x9e0 [ 259.641577][ T9489] ? kmsan_get_metadata+0x4f/0x180 [ 259.646771][ T9489] ? kmsan_get_metadata+0x4f/0x180 [ 259.651961][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.657233][ T9489] alloc_pages_current+0x672/0x990 [ 259.662423][ T9489] push_pipe+0x605/0xb70 [ 259.666750][ T9489] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 259.672583][ T9489] do_splice_to+0x4fc/0x14f0 [ 259.677259][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.682564][ T9489] ? __kmalloc+0x115/0x460 [ 259.687056][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.692339][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.697610][ T9489] ? kmsan_get_metadata+0x4f/0x180 [ 259.702807][ T9489] ? kmsan_internal_set_origin+0x75/0xb0 [ 259.708543][ T9489] ? __msan_poison_alloca+0xf0/0x120 [ 259.713894][ T9489] ? alloc_pipe_info+0x83e/0xa30 [ 259.718928][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.724211][ T9489] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.730119][ T9489] splice_direct_to_actor+0x45c/0xf50 [ 259.735588][ T9489] ? do_splice_direct+0x580/0x580 [ 259.740728][ T9489] do_splice_direct+0x342/0x580 [ 259.745679][ T9489] do_sendfile+0x101b/0x1d40 [ 259.750362][ T9489] __se_compat_sys_sendfile+0x301/0x3c0 [ 259.755980][ T9489] ? kmsan_get_metadata+0x11d/0x180 [ 259.761248][ T9489] ? __ia32_sys_sendfile64+0x70/0x70 [ 259.767554][ T9489] __ia32_compat_sys_sendfile+0x56/0x70 [ 259.773186][ T9489] __do_fast_syscall_32+0x2aa/0x400 [ 259.778493][ T9489] do_fast_syscall_32+0x6b/0xd0 [ 259.783430][ T9489] do_SYSENTER_32+0x73/0x90 [ 259.788005][ T9489] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 259.794393][ T9489] RIP: 0023:0xf7f56549 [ 259.798505][ T9489] Code: Bad RIP value. [ 259.802605][ T9489] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 259.811081][ T9489] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000007 [ 259.819114][ T9489] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 259.827201][ T9489] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 259.835237][ T9489] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 259.844134][ T9489] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 12:21:37 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) r4 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x1) sendfile(r2, r3, 0x0, 0xd811) 12:21:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) r4 = openat$null(0xffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6c6240, 0x0) fsetxattr$security_selinux(r4, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCGKEYCODE_V2(r4, 0x80284504, &(0x7f0000000000)=""/32) 12:21:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) r4 = openat$null(0xffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6c6240, 0x0) fsetxattr$security_selinux(r4, 0x0, 0x0, 0x0, 0x0) r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0x242c0, 0x5) fcntl$setsig(r5, 0xa, 0x25) 12:21:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:38 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:38 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000000)={@none, 0x1}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:39 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:39 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:39 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:39 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x4, 0xb0800) r2 = fcntl$dupfd(r1, 0x406, r0) openat$vcsu(0xffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x46ca81, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) ioctl$DRM_IOCTL_MODE_GETENCODER(r3, 0xc01464a6, &(0x7f00000000c0)={0x5}) 12:21:39 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:39 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:39 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) memfd_create(&(0x7f00000000c0)='\x00', 0x2) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) r4 = openat$null(0xffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6c6240, 0x0) fsetxattr$security_selinux(r4, 0x0, 0x0, 0x0, 0x0) write$cgroup_devices(r4, &(0x7f0000000000)={'a', ' *:* ', 'm\x00'}, 0x8) r5 = openat$null(0xffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6c6240, 0x0) fsetxattr$security_selinux(r5, 0x0, 0x0, 0x0, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f0000000100)) 12:21:39 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:40 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x400000000000004, 0x308945) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000240)='team\x00') r2 = fcntl$dupfd(r0, 0x406, r1) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @multicast}]}, 0x28}, 0x1, 0x0, 0x0, 0x40885}, 0x8040) 12:21:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = openat$null(0xffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6c6240, 0x0) fsetxattr$security_selinux(r1, 0x0, 0x0, 0x0, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x1, 0x3, 0x3, 0x2}}, 0x26) r2 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r3 = fcntl$dupfd(r2, 0x0, r0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xd811) 12:21:40 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mdstat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1fb}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 12:21:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x8945) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xd811) 12:21:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:41 executing program 0: r0 = openat$vga_arbiter(0xffffff9c, &(0x7f0000000a40)='/dev/vga_arbiter\x00', 0x4000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x1c, r2, 0x301, 0x0, 0x0, {0xc}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x44, r2, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7fff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xc6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r5, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) sendmsg$sock(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="358c9ef7a5", 0x5}, {&(0x7f00000001c0)="3c59a9545b3c2fbc4702fdc8924733a1e6faedf1242c1ad9392558dfab6f24112e7acb9f7e1c75a0aa3cd4f1c5a974f14e25ba81030132ccf79472893a85a14533c3cb8991c04df45b8522ef6e43a88a88378af0fff141cc3a0714b18a581a516737339924cdeb3e1af5fb6cdb76b19d092eed049779697a3e9778e88c3d333d908e9b894924295c44b576c4e89950f1c8d0275547aa443f4a50e018e4e56718bd6b34afe19f490461cab00ddb8642b541842dbaa943600173d1a758adbd9565422929441e6ec3", 0xc7}, {&(0x7f00000002c0)="8bd1cdaf61613906617ce20c32b7088529f99122006049113e4718fa417e697112948c01fa9993b6d4afc5dc299bb6a91fdc2cbe208cbb5e7fe2f18c7d62998d4a7668e345ea2c5af40ffb85768685a69fa2dbca83d713215f53417a53810d3ea8eaccd703683b3e65c329122a62a9191f9b2ef2", 0x74}, {&(0x7f0000000040)="5d467f734358ff34cb78623509681bda881c233f617d0e6e2205f7de9f11c6", 0x1f}, {&(0x7f0000000340)="c6b1e893aabd6768cdb96576b3383b2bab58a35e3b4c82bd80d9c1fe3175110993774a0da69d20073367358258afe32db5a20da6d4c37422cb06db44e4b64688a9f78838757f2e742d6b8b672ccf614f79a910364d77de2ac0bcd18b49a6a95d4610dffad5d60a9b6d86dfe6c04fec09ce949ccf372a31eff92207038195a405", 0x80}], 0x5, &(0x7f0000000140)=[@timestamping={{0x10, 0x1, 0x25, 0x8}}, @txtime={{0x14, 0x1, 0x3d, 0xff}}], 0x24}, 0x2000c040) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r7 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r8 = fcntl$dupfd(r7, 0x0, r6) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0xd811) 12:21:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) 12:21:41 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000140)) syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000004, 0x8945) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f0000000580)={0x0, 0x60, &(0x7f0000000200)={0x0}, 0xb, 0x6000000}, 0x0) getpeername(r2, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, &(0x7f00000000c0)=0x80) r4 = fcntl$dupfd(r0, 0x0, r3) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xd811) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x480940, 0x0) ioctl$MON_IOCG_STATS(r6, 0x80089203, &(0x7f0000000240)) 12:21:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x8945) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd811) [ 264.383179][ T9610] ===================================================== [ 264.392191][ T9610] BUG: KMSAN: uninit-value in selinux_netlink_send+0x413/0xba0 [ 264.399756][ T9610] CPU: 1 PID: 9610 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 264.408347][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.418440][ T9610] Call Trace: [ 264.421762][ T9610] dump_stack+0x1df/0x240 [ 264.426147][ T9610] kmsan_report+0xf7/0x1e0 [ 264.430582][ T9610] __msan_warning+0x58/0xa0 [ 264.435133][ T9610] selinux_netlink_send+0x413/0xba0 [ 264.440358][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 264.445565][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 264.450781][ T9610] ? selinux_vm_enough_memory+0x1a0/0x1a0 [ 264.457133][ T9610] security_netlink_send+0xef/0x1e0 [ 264.462368][ T9610] netlink_sendmsg+0x1008/0x14d0 [ 264.467376][ T9610] ? netlink_getsockopt+0x1440/0x1440 [ 264.472760][ T9610] kernel_sendmsg+0x433/0x440 [ 264.477465][ T9610] sock_no_sendpage+0x235/0x300 [ 264.482356][ T9610] ? sock_no_mmap+0x30/0x30 [ 264.487392][ T9610] sock_sendpage+0x1e1/0x2c0 [ 264.492010][ T9610] pipe_to_sendpage+0x38c/0x4c0 [ 264.496873][ T9610] ? sock_fasync+0x250/0x250 [ 264.501502][ T9610] __splice_from_pipe+0x565/0xf00 [ 264.506540][ T9610] ? generic_splice_sendpage+0x2d0/0x2d0 [ 264.513865][ T9610] generic_splice_sendpage+0x1d5/0x2d0 [ 264.519358][ T9610] ? iter_file_splice_write+0x1800/0x1800 [ 264.525091][ T9610] direct_splice_actor+0x1fd/0x580 [ 264.530229][ T9610] ? kmsan_get_metadata+0x4f/0x180 [ 264.535358][ T9610] splice_direct_to_actor+0x6b2/0xf50 [ 264.540746][ T9610] ? do_splice_direct+0x580/0x580 [ 264.545820][ T9610] do_splice_direct+0x342/0x580 [ 264.550711][ T9610] do_sendfile+0x101b/0x1d40 [ 264.555353][ T9610] __se_compat_sys_sendfile+0x301/0x3c0 [ 264.560918][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 264.566122][ T9610] ? __ia32_sys_sendfile64+0x70/0x70 [ 264.571418][ T9610] __ia32_compat_sys_sendfile+0x56/0x70 [ 264.576975][ T9610] __do_fast_syscall_32+0x2aa/0x400 [ 264.582215][ T9610] do_fast_syscall_32+0x6b/0xd0 [ 264.587083][ T9610] do_SYSENTER_32+0x73/0x90 [ 264.591597][ T9610] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 264.597924][ T9610] RIP: 0023:0xf7f56549 [ 264.602013][ T9610] Code: Bad RIP value. [ 264.606687][ T9610] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 264.615106][ T9610] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000000c [ 264.623086][ T9610] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 264.631060][ T9610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 264.639035][ T9610] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 264.647034][ T9610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 264.655031][ T9610] [ 264.657360][ T9610] Uninit was stored to memory at: [ 264.662834][ T9610] kmsan_internal_chain_origin+0xad/0x130 [ 264.668564][ T9610] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 264.674555][ T9610] kmsan_memcpy_metadata+0xb/0x10 [ 264.679583][ T9610] __msan_memcpy+0x43/0x50 [ 264.684007][ T9610] _copy_from_iter_full+0xbfe/0x13b0 [ 264.690005][ T9610] netlink_sendmsg+0xfaa/0x14d0 [ 264.694879][ T9610] kernel_sendmsg+0x433/0x440 [ 264.699576][ T9610] sock_no_sendpage+0x235/0x300 [ 264.704431][ T9610] sock_sendpage+0x1e1/0x2c0 [ 264.709078][ T9610] pipe_to_sendpage+0x38c/0x4c0 [ 264.713935][ T9610] __splice_from_pipe+0x565/0xf00 [ 264.718965][ T9610] generic_splice_sendpage+0x1d5/0x2d0 [ 264.724428][ T9610] direct_splice_actor+0x1fd/0x580 [ 264.729557][ T9610] splice_direct_to_actor+0x6b2/0xf50 [ 264.735280][ T9610] do_splice_direct+0x342/0x580 [ 264.740131][ T9610] do_sendfile+0x101b/0x1d40 [ 264.744720][ T9610] __se_compat_sys_sendfile+0x301/0x3c0 [ 264.750267][ T9610] __ia32_compat_sys_sendfile+0x56/0x70 [ 264.755814][ T9610] __do_fast_syscall_32+0x2aa/0x400 [ 264.761102][ T9610] do_fast_syscall_32+0x6b/0xd0 [ 264.765960][ T9610] do_SYSENTER_32+0x73/0x90 [ 264.770487][ T9610] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 264.776975][ T9610] [ 264.779300][ T9610] Uninit was created at: [ 264.783576][ T9610] kmsan_save_stack_with_flags+0x3c/0x90 [ 264.789353][ T9610] kmsan_alloc_page+0xb9/0x180 [ 264.794177][ T9610] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 264.799842][ T9610] alloc_pages_current+0x672/0x990 [ 264.805312][ T9610] push_pipe+0x605/0xb70 [ 264.810174][ T9610] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 264.815927][ T9610] do_splice_to+0x4fc/0x14f0 [ 264.821491][ T9610] splice_direct_to_actor+0x45c/0xf50 [ 264.826870][ T9610] do_splice_direct+0x342/0x580 [ 264.831728][ T9610] do_sendfile+0x101b/0x1d40 [ 264.836319][ T9610] __se_compat_sys_sendfile+0x301/0x3c0 [ 264.841907][ T9610] __ia32_compat_sys_sendfile+0x56/0x70 [ 264.847455][ T9610] __do_fast_syscall_32+0x2aa/0x400 [ 264.852674][ T9610] do_fast_syscall_32+0x6b/0xd0 [ 264.857543][ T9610] do_SYSENTER_32+0x73/0x90 [ 264.862065][ T9610] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 264.868471][ T9610] ===================================================== [ 264.875402][ T9610] Disabling lock debugging due to kernel taint [ 264.882254][ T9610] Kernel panic - not syncing: panic_on_warn set ... [ 264.888858][ T9610] CPU: 1 PID: 9610 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 264.898833][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.908902][ T9610] Call Trace: [ 264.912226][ T9610] dump_stack+0x1df/0x240 [ 264.916583][ T9610] panic+0x3d5/0xc3e [ 264.920537][ T9610] kmsan_report+0x1df/0x1e0 [ 264.925069][ T9610] __msan_warning+0x58/0xa0 [ 264.929775][ T9610] selinux_netlink_send+0x413/0xba0 [ 264.935019][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 264.940230][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 264.946146][ T9610] ? selinux_vm_enough_memory+0x1a0/0x1a0 [ 264.951874][ T9610] security_netlink_send+0xef/0x1e0 [ 264.957094][ T9610] netlink_sendmsg+0x1008/0x14d0 [ 264.962072][ T9610] ? netlink_getsockopt+0x1440/0x1440 [ 264.967449][ T9610] kernel_sendmsg+0x433/0x440 [ 264.972152][ T9610] sock_no_sendpage+0x235/0x300 [ 264.977040][ T9610] ? sock_no_mmap+0x30/0x30 [ 264.981553][ T9610] sock_sendpage+0x1e1/0x2c0 [ 264.986170][ T9610] pipe_to_sendpage+0x38c/0x4c0 [ 264.991033][ T9610] ? sock_fasync+0x250/0x250 [ 264.995653][ T9610] __splice_from_pipe+0x565/0xf00 [ 265.001646][ T9610] ? generic_splice_sendpage+0x2d0/0x2d0 [ 265.007313][ T9610] generic_splice_sendpage+0x1d5/0x2d0 [ 265.012799][ T9610] ? iter_file_splice_write+0x1800/0x1800 [ 265.018556][ T9610] direct_splice_actor+0x1fd/0x580 [ 265.023691][ T9610] ? kmsan_get_metadata+0x4f/0x180 [ 265.028819][ T9610] splice_direct_to_actor+0x6b2/0xf50 [ 265.034236][ T9610] ? do_splice_direct+0x580/0x580 [ 265.039311][ T9610] do_splice_direct+0x342/0x580 [ 265.044192][ T9610] do_sendfile+0x101b/0x1d40 [ 265.048832][ T9610] __se_compat_sys_sendfile+0x301/0x3c0 [ 265.054392][ T9610] ? kmsan_get_metadata+0x11d/0x180 [ 265.059599][ T9610] ? __ia32_sys_sendfile64+0x70/0x70 [ 265.064902][ T9610] __ia32_compat_sys_sendfile+0x56/0x70 [ 265.070504][ T9610] __do_fast_syscall_32+0x2aa/0x400 [ 265.075726][ T9610] do_fast_syscall_32+0x6b/0xd0 [ 265.080589][ T9610] do_SYSENTER_32+0x73/0x90 [ 265.085100][ T9610] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 265.091433][ T9610] RIP: 0023:0xf7f56549 [ 265.096365][ T9610] Code: Bad RIP value. [ 265.100426][ T9610] RSP: 002b:00000000f5d510cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 265.108853][ T9610] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000000c [ 265.116832][ T9610] RDX: 0000000000000000 RSI: 000000000000d811 RDI: 0000000000000000 [ 265.124812][ T9610] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 265.132796][ T9610] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 265.140773][ T9610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 265.150069][ T9610] Kernel Offset: 0x1e200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 265.161709][ T9610] Rebooting in 86400 seconds..