[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started System Logging Service.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts.
2020/08/22 15:02:38 fuzzer started
2020/08/22 15:02:39 dialing manager at 10.128.0.26:35265
2020/08/22 15:02:40 syscalls: 3160
2020/08/22 15:02:40 code coverage: enabled
2020/08/22 15:02:40 comparison tracing: enabled
2020/08/22 15:02:40 extra coverage: enabled
2020/08/22 15:02:40 setuid sandbox: enabled
2020/08/22 15:02:40 namespace sandbox: enabled
2020/08/22 15:02:40 Android sandbox: /sys/fs/selinux/policy does not exist
2020/08/22 15:02:40 fault injection: enabled
2020/08/22 15:02:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/08/22 15:02:40 net packet injection: enabled
2020/08/22 15:02:40 net device setup: enabled
2020/08/22 15:02:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/08/22 15:02:40 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/08/22 15:02:40 USB emulation: enabled
2020/08/22 15:02:40 hci packet injection: enabled
15:07:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000240)="0a0775b0d5e383e5b3c066ff000000e2", 0x10)
sendmmsg$alg(r1, &(0x7f0000002700)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)="25560a00beb3de2dfa5ea3aedfd7a5e882465d3b032ba6cf1df009baf1cc9993a1b9abe2deabe75574aa3fb75aa83d96e65699710c2c2d78606afd5af06835f83cc64d196a284e9c2234cf0f9401903183fdba22583eb75c4f6c6cc86a1448ad084733f5eb331789ab2d89fc960ec0906b3795f3276ddd7632d851d4135447348c6cd06320394ae354b6ea9135f313ac85f1ebda22b531669121fb157c159fb0880b969799803cb612bba18703a3a89cbb64fd62224d59db9bdd39124911de8d5aa61a63b86f618a44a483027d0148bc3ccde2b8e075ecc1cf544366eb6405a5f6a2a922b7194115587c08f600fd1a22bd5ce9117387a314356496213ca791f89e6d31049a39cb4eb6627da5842e40768d7566eba94fd99eb50beee1deb7a85b57afc04837caff0103695e0fa2d454312523a1dcb0ca0112d20caa339035b70b4a0bec80a967b758f9defedb6a6bcd9c065dcdea15ebba85e5f26ef3b01dcfdcfa2fbada750fdb545d42d4459cc2484dc70499b3e06c5607ba62cd059dafbe3db091b4928c5b2ecd2b55bd4fbef077d2e5ddc08564d078c8367a643eb6", 0xae}, {&(0x7f0000000140)="0272f8e661d82e2f7a19243ccd5cef7165de1e59931f71baa88f3f", 0xd9}, {&(0x7f0000000200), 0xf000000}, {&(0x7f0000002900)="c9", 0x1}], 0x4, 0x0, 0x0, 0x24080010}], 0x500, 0x4805)

syzkaller login: [  419.336643][ T8485] IPVS: ftp: loaded support on port[0] = 21
[  419.652474][ T8485] chnl_net:caif_netlink_parms(): no params data found
[  419.814382][ T8485] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.822765][ T8485] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.832287][ T8485] device bridge_slave_0 entered promiscuous mode
[  419.846861][ T8485] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.854103][ T8485] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.863592][ T8485] device bridge_slave_1 entered promiscuous mode
[  419.908891][ T8485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  419.925701][ T8485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  419.978390][ T8485] team0: Port device team_slave_0 added
[  419.994598][ T8485] team0: Port device team_slave_1 added
[  420.039378][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  420.046915][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.073298][ T8485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  420.112474][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  420.119723][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.146789][ T8485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  420.214827][ T8485] device hsr_slave_0 entered promiscuous mode
[  420.224647][ T8485] device hsr_slave_1 entered promiscuous mode
[  420.560996][ T8485] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  420.589852][ T8485] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  420.628635][ T8485] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  420.669629][ T8485] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  420.963927][ T8485] 8021q: adding VLAN 0 to HW filter on device bond0
[  421.000969][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  421.010569][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  421.036907][ T8485] 8021q: adding VLAN 0 to HW filter on device team0
[  421.062783][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  421.073053][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  421.082552][ T3746] bridge0: port 1(bridge_slave_0) entered blocking state
[  421.089833][ T3746] bridge0: port 1(bridge_slave_0) entered forwarding state
[  421.111364][ T3746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  421.125534][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  421.134811][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  421.144205][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.151538][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  421.199534][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  421.210437][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  421.221166][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  421.232024][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  421.242446][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  421.252936][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  421.293935][ T8485] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  421.304495][ T8485] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  421.336393][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  421.346656][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  421.356396][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  421.366879][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  421.376873][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  421.388612][   T17] Bluetooth: hci0: command 0x0409 tx timeout
[  421.396184][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  421.429674][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  421.440918][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  421.478316][ T8485] 8021q: adding VLAN 0 to HW filter on device batadv0
[  421.537840][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  421.548133][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  421.602852][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  421.612451][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  421.634302][ T8485] device veth0_vlan entered promiscuous mode
[  421.644264][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  421.654075][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  421.684584][ T8485] device veth1_vlan entered promiscuous mode
[  421.694344][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  421.787060][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  421.797430][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  421.812523][ T8485] device veth0_macvtap entered promiscuous mode
[  421.836772][ T8485] device veth1_macvtap entered promiscuous mode
[  421.887980][ T8485] batman_adv: batadv0: Interface activated: batadv_slave_0
[  421.895907][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  421.905353][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  421.914776][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  421.924920][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  421.951123][ T8485] batman_adv: batadv0: Interface activated: batadv_slave_1
[  421.989247][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  421.999580][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  424.512796][ T8702] Bluetooth: hci0: command 0x041b tx timeout
15:07:21 executing program 0:
r0 = getpgid(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept$alg(r4, 0x0, 0x0)
r6 = dup(r5)
r7 = open(&(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
ftruncate(r7, 0x200004)
sendfile(r6, r7, 0x0, 0x80001d00c0d1)
dup2(r7, r3)

15:07:21 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGABS2F(r0, 0x8018456f, 0x0)

15:07:21 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x0, 0x0)
close(r2)

15:07:21 executing program 0:
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='devpts\x00', 0x0, &(0x7f00000005c0)='\xd6)\xadA\x83^\t\xe6\xfb\xab\x1c\x8e\xb3*r/\xc2\t%/\xc2\xfe\xb3\xda\xc99\xed\xbaA\xc9y\xca\xfe\x06\x00IA\xd8\xb3\x05\x00\xcc\x90s\xcc\x1a\xb3X\xeb#k\xd5\xd9s\xef\x16\x7f}7:\xff]\xe2J\xbc\xb7T\x0e2I\xb9\xc2\x01\x9f\x8f\xccr\xb0\xa9L^k\xed\xae\x93\x1c\r\xa6D-\xfa\x82\x9a\xb0\x94\x9a\x04\xe1\xb2\xbaK\xea\'\xfbA\xc8\xb3\xf4\xd1\xd95\f\\\x19\x18~\x06\xf3\xa5\x13]\x125C\\\x0e<n\x80\x82*\x95oc\r\x1e.\\\x11\"G&\xaa\xbb\ag\xcd\x1f\xb9\xd2\x8b\xc2E\xe8b \xeaKa\xea\x97\x9e}\n,\xed\xf0\xb0\xd6\x8c\xcc.\xd3\xb0\x06\x00\x00\x00\xff\x1d\xa6\xf6\x9bs\x8c \xd3pM+\xcf\x8e$\x17\xba{\xa5yT\x1d\xc9W8\xa4OF0\xf1\x8f\xc6MN\xcd\xa7\xc7\xce\x9c\xa7(\xc7P\x94\xa0i\xb3(m\xd7B\x11^\x06\xc6H\x88#]\xa5\x14\a\x17\x00D*5\xe2>\xce\x82#V_\x92q\b\xa3\x82i\xcc.\xc6S\xe8__\xab\xfeo$\xfc\xebU~\xe7%k\x0f\x16\x10\x97B\xcat\xa3\xb7\x87\xa2\xa8\xca\x10\x88i\xc2\f\xec\xa4\x04[\xb5\a\xe9))Vy\x17\xc6\b59\xbd\xfa\x8d=\xfe\xecOk\x9a;\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x000>\xbf\xb1\xa6p\xa1\x82\xb1\x87\xf4\xb0\x9f\xfc\xc7.\x94%\xb5\x97X*y\x81:\x8dgJ\'\x8f\xab\xc4\x9a\xf4\x89\\Y_\xa5V\xb1:\xff?\x1d\x89\xb3\xed\x84\x9e\xf4\xa4\xbe\xaa\x1cn\x87m\xc5k\xd8ImK7[\x10\xca2\xa9X\xb3t\xd2ka%\xcb`G\xb7\x06\xe66\xf0G\f\xf4P\xe4\xc5\xb0\n\xe5\xb2\xd01\x84y\aq\x873\xd6p\x040\xa4\xac<\xfc\xf9\xb3\xd7K\xf5C\xcf\xebT\x88 \x00\x00\x00\x00\x00\x00\x00')
io_setup(0x100000000000c333, &(0x7f0000000180))

[  425.495766][ T8726] devpts: called with bogus options
[  425.557997][ T8727] devpts: called with bogus options
15:07:22 executing program 0:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r0, r1, 0x0, 0x800000080004103)

[  426.567249][ T8702] Bluetooth: hci0: command 0x040f tx timeout
15:07:23 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c09a8c552fc99a7422007613872ecb4f63a"], 0x63)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x30}}, 0x0)

[  426.835414][    C0] sd 0:0:1:0: [sg0] tag#611 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  426.846031][    C0] sd 0:0:1:0: [sg0] tag#611 CDB: Test Unit Ready
[  426.852598][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.862488][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.872343][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.882491][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.892331][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.902352][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.912285][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.922118][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.931900][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.941676][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.951441][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.961291][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  426.971042][    C0] sd 0:0:1:0: [sg0] tag#611 CDB[c0]: 00 00 00 00 00 00 00 00
[  426.991335][    C1] sd 0:0:1:0: [sg0] tag#612 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[  427.001961][    C1] sd 0:0:1:0: [sg0] tag#612 CDB: Test Unit Ready
[  427.008670][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.018473][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.028378][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.038187][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.047962][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.057759][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.067546][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.077338][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.087124][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.096923][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.106701][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.116471][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  427.126213][    C1] sd 0:0:1:0: [sg0] tag#612 CDB[c0]: 00 00 00 00 00 00 00 00
15:07:23 executing program 0:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x38f, &(0x7f00000000c0)={0x0, 0x31b}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r1=>0x0})
r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
io_setup(0x81, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x200a00}])
write$P9_RFLUSH(r2, 0x0, 0x0)
lseek(r2, 0x0, 0x7)
read$snddsp(r2, &(0x7f0000000040)=""/18, 0x12)
getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f0000000180)={'nat\x00'}, &(0x7f0000000100)=0x78)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c00000011003586000000030000000007000000", @ANYRES32=r1, @ANYBLOB="00210005000000000c001a00080002"], 0x2c}}, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x2, 0x0)

15:07:23 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0xe)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000000)={r4, 0x5}, 0x14)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000000100)=@assoc_value={r4}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={r4, 0x3ff}, 0x8)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)="4c000000120081ae08060c0f006b10007f03e37b00000000000000ca1b4e0906a6bd7c49d8413080b41b4da456331dbf64700169a1049b5464e64d275d5c3ef0381ad6e74703c48f93b8446b", 0x4c}], 0x1}, 0x0)

15:07:24 executing program 0:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x80000101005, 0x0)
r3 = dup2(r2, r2)
sendto$unix(0xffffffffffffffff, &(0x7f0000000340)="1d9b000000007675d706d94e590291c9900d3be5299d0a4d3d1891a1fe3d8edd715c9f981c39daefbae33fbd06698cc347008d", 0x33, 0x40408d5, 0x0, 0x0)
ioctl$EVIOCGPROP(r3, 0xc004743e, &(0x7f0000000380)=""/230)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = fcntl$dupfd(r2, 0x0, r4)
ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000000100))
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000140)=0x5c5064)
pwritev(r3, &(0x7f0000000180)=[{&(0x7f0000000340)="00214900000000000000000601000000000000000100", 0xad}], 0x1, 0x0, 0x0)

15:07:24 executing program 0:
clone(0x3a3dd4008400ad81, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d8, 0xf8, 0xf8, 0x208, 0x0, 0xf8, 0x208, 0x208, 0x208, 0x208, 0x208, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a], 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28, 'icmp6\x00'}, {0x0, "8c6f"}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a], 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x60000000, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x338)
r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x1, 0x880)
write$binfmt_misc(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="5300000044a6aeab0000152000000000000000100000f64017db9820080014170000d403ffff633b27e59a797cdcd4019f1da9173f09c4ecee26560000000049d2e181baf9459c5c953948c6801d2c09a8c500000000000000003872ecb4f63a2e9e519e36d105d5d7de84f3d581bbfea304000000000000000cff3a69f6c144b4963bc373ef8c21ffe43827709658163d5407475a6799553cc1c7c85993d53021327d9250656bcc390c30508b541810a6d8e37283579289db779923b1902de380cc49438f7f9bb98a908924c959aa93c450cd9bc9bfa23459cca078ae7c4991bc9849b0"], 0x63)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000000))

15:07:24 executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="1201000014da2108ab12a190ef09000000010902240001000000000904410002ff5d010009050f1f0100000000090583030091"], 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000100)={0x50, 0xffff, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xf4, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc037, 0x48100)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000080)=0x7)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000100)={0x50, 0xffff, 0x0, {}, {}, @rumble})

[  428.471254][ T8762] xt_CT: You must specify a L4 protocol and not use inversions on it
[  428.648873][ T8697] Bluetooth: hci0: command 0x0419 tx timeout
[  428.956019][ T8698] usb 1-1: new high-speed USB device number 2 using dummy_hcd
15:07:25 executing program 1:
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000000))
lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0x4e, 0x3, 0x0, "116810a1eb3dbc7bcf1d1e77e53fc014", "410231f506db4dd69b48fbae0cb9b083b84413afe56d4718fb62697fff89075deaf2045c34ebdb95fc6c7204fdd96fe6bab5d1e718d2f3f534"}, 0x4e, 0x2)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000140)={0x2, 'netdevsim0\x00', {0x9}, 0x8})
r1 = syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x3, 0x1)
ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f00000001c0)={0x7, 0x20303159, 0x2, @discrete={0x80000001}})
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x81, 0x0, 0x12, 0xa, 0x11, "ffbd2b6d94021bc2ba46de32a5f947934c704d5d240e4355712b7c1c272c4b56075a791e87c43c28c602c71d873258abb58c447b83acbf9cbc6be7a582f9c2ab", "bb4985a81744a07b8a9dc24638ee8012c3ae2b3adaeffd168aad056cd145a5cef1c032ede28c1008e1397922518678cd096c5e489e39cc7ab5cc207438e86730", "838a2031767b73978e269422f0ebbc5ff7d4be592f0f69a6a5f5cc782d96993f", [0x100000000, 0x6]})
ioctl$VIDIOC_G_JPEGCOMP(0xffffffffffffffff, 0x808c563d, &(0x7f0000000300))
r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/video0\x00', 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000400)={0x0, 0x0, {0x1, 0x8, 0x1009, 0x1, 0x9, 0x1, 0x1, 0x2}})
pipe(&(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r4, 0x800442d2, &(0x7f0000000600)={0xa, &(0x7f00000004c0)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @remote}, {}, {0x0, 0x0, 0x0, @broadcast}, {}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @multicast}]})
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000006c0)={<r5=>0x0, 0x7c, &(0x7f0000000640)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e21, 0xe2a, @dev={0xfe, 0x80, [], 0x25}, 0x7}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e22, @broadcast}]}, &(0x7f0000000700)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000740)={r5, @in6={{0xa, 0x4e20, 0x89, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1}}}, &(0x7f0000000800)=0x84)
r6 = accept$inet6(r4, &(0x7f0000000840)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000880)=0x1c)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000008c0)={<r7=>0x0, 0x1}, &(0x7f0000000900)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x77, &(0x7f0000000940)={r7, 0x400, 0x2, [0x17, 0xa8f8]}, 0xc)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001cc0)='cpuacct.usage_all\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r8, &(0x7f0000002000)={&(0x7f0000001d00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001ec0)={0xd0, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0xd0}}, 0x4080)

[  429.215687][ T8698] usb 1-1: Using ep0 maxpacket: 8
[  429.336519][ T8698] usb 1-1: config 0 has an invalid interface number: 65 but max is 0
[  429.344787][ T8698] usb 1-1: config 0 has no interface number 0
[  429.351284][ T8698] usb 1-1: config 0 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  429.362450][ T8698] usb 1-1: config 0 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  429.373721][ T8698] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice= 9.ef
[  429.383001][ T8698] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.457670][ T8698] usb 1-1: config 0 descriptor??
[  429.505690][ T8698] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.65/input/input5
[  429.734285][ T8698] usb 1-1: USB disconnect, device number 2
[  429.740456][    C0] xpad 1-1:0.65: xpad_irq_out - usb_submit_urb failed with result -19
[  429.740679][    C0] xpad 1-1:0.65: xpad_irq_in - usb_submit_urb failed with result -19
[  429.759737][ T8698] xpad 1-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  430.567341][ T8702] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  430.650797][ T8801] IPVS: ftp: loaded support on port[0] = 21
[  430.826110][ T8702] usb 1-1: Using ep0 maxpacket: 8
[  430.980438][ T8702] usb 1-1: config 0 has an invalid interface number: 65 but max is 0
[  430.989300][ T8702] usb 1-1: config 0 has no interface number 0
[  430.995850][ T8702] usb 1-1: config 0 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  431.007103][ T8702] usb 1-1: config 0 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  431.018341][ T8702] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a1, bcdDevice= 9.ef
[  431.027665][ T8702] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.090614][ T8801] chnl_net:caif_netlink_parms(): no params data found
[  431.111387][ T8702] usb 1-1: config 0 descriptor??
[  431.165502][ T8702] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.65/input/input6
[  431.339272][ T8801] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.347118][ T8801] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.390294][ T8701] usb 1-1: USB disconnect, device number 3
[  431.395531][    C1] xpad 1-1:0.65: xpad_irq_out - usb_submit_urb failed with result -19
[  431.405114][ T8701] xpad 1-1:0.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  431.426028][ T8801] device bridge_slave_0 entered promiscuous mode
[  431.474170][ T8801] bridge0: port 2(bridge_slave_1) entered blocking state
[  431.481707][ T8801] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.491498][ T8801] device bridge_slave_1 entered promiscuous mode
15:07:28 executing program 0:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x101002, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246)
r1 = memfd_create(&(0x7f0000000280)='^\x00', 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x17642c4)
pwritev(r1, &(0x7f0000000400)=[{&(0x7f0000000380)="a8", 0xffffff5b}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000080)={0x3, 0x48, [0x0, 0x8, 0x8, 0xfffffffffffffff7], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sendfile(r0, r1, 0x0, 0x102002700)

[  431.645025][ T8801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  431.666086][ T8801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  431.773598][ T8801] team0: Port device team_slave_0 added
[  431.801966][ T8801] team0: Port device team_slave_1 added
[  431.917769][ T8801] batman_adv: batadv0: Adding interface: batadv_slave_0
[  431.924853][ T8801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  431.951058][ T8801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  432.032058][ T8801] batman_adv: batadv0: Adding interface: batadv_slave_1
[  432.039283][ T8801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.068047][ T8801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  432.273355][ T8801] device hsr_slave_0 entered promiscuous mode
[  432.317798][ T8801] device hsr_slave_1 entered promiscuous mode
[  432.366492][ T8801] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  432.374217][ T8801] Cannot create hsr debugfs directory
[  432.565768][ T8702] Bluetooth: hci1: command 0x0409 tx timeout
[  432.697467][ T8801] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  432.734243][ T8801] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  432.770016][ T8801] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  432.807125][ T8801] netdevsim netdevsim1 netdevsim3: renamed from eth3
15:07:29 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000000)="580000001500add427323b472545a45602117fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d2d82817a90d626c65280003ffffffffffffffffffffffe7ee000000", 0x58}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @empty, 0x1}, 0x1c)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000024000100000000000000000000000000000000000000000007ae75111bc6ddc3f5"], 0x1c}, 0x8}, 0x0)

[  433.243249][ T9047] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  433.253004][ T9047] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  433.301791][ T8801] 8021q: adding VLAN 0 to HW filter on device bond0
[  433.339151][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  433.339679][ T9048] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  433.347902][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  433.355934][ T9048] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  433.397432][ T8801] 8021q: adding VLAN 0 to HW filter on device team0
[  433.452174][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  433.462394][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  433.475924][ T8701] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.483196][ T8701] bridge0: port 1(bridge_slave_0) entered forwarding state
[  433.492332][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  433.502200][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  433.511508][ T8701] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.518805][ T8701] bridge0: port 2(bridge_slave_1) entered forwarding state
[  433.527886][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  433.710694][ T8801] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  433.722154][ T8801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  433.756562][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  433.765963][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  433.776816][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  433.789284][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  433.799463][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  433.809842][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  433.820137][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  433.829659][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  433.839810][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  433.849316][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  433.872530][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  433.882547][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  433.986664][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  433.994557][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  434.049870][ T8801] 8021q: adding VLAN 0 to HW filter on device batadv0
[  434.167409][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  434.177273][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  434.240539][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  434.250482][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  434.274277][ T8801] device veth0_vlan entered promiscuous mode
[  434.284631][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  434.294165][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  434.327954][ T8801] device veth1_vlan entered promiscuous mode
15:07:30 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @loopback}})
lseek(0xffffffffffffffff, 0x0, 0x7)
read$snddsp(0xffffffffffffffff, &(0x7f0000000040)=""/18, 0x12)
r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x6, 0xa00)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = dup(r4)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000100)={<r6=>0x0})
r7 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000002c0)='devices.deny\x00', 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000300)={r6, 0x1, r7})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r10, 0x4008ae89, &(0x7f0000000200)={0x2, 0x0, [0x122]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r6, 0x1, r10, 0x8})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000040)=r6)
write$tun(r0, &(0x7f0000000680)={@void, @val, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "a5c268", 0x80, 0x3a, 0xff, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x3, 0xe, "06f0833ae2772f05d302c778833be4f2b9c43c83284b82e71ca1ee382af46513079a2f52da08c93afdfc1a18e4b677b307a1c7df90787cbd143b129bc8dbc39104eb21674d26fd4ced8626df256869e168d42f4d160ad1442cae2bd8fda0fc44a08759d245bfe8eba42ec7967c1e"}]}}}}}, 0xb2)

[  434.411390][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  434.421167][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  434.430534][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  434.440338][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  434.471869][ T8801] device veth0_macvtap entered promiscuous mode
[  434.496969][ T8801] device veth1_macvtap entered promiscuous mode
[  434.563813][ T9053] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  434.609055][ T8801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  434.619701][ T8801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  434.633372][ T8801] batman_adv: batadv0: Interface activated: batadv_slave_0
[  434.647499][ T8697] Bluetooth: hci1: command 0x041b tx timeout
[  434.851852][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  434.861424][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  434.870817][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  434.880743][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  434.902922][ T8801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  434.913870][ T8801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  434.927416][ T8801] batman_adv: batadv0: Interface activated: batadv_slave_1
[  434.968587][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  434.978925][ T8702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
15:07:32 executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
read$snddsp(0xffffffffffffffff, &(0x7f0000000040)=""/18, 0x12)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0)='ethtool\x00')
r2 = socket(0x10, 0x80002, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_delvlan={0x24, 0x70, 0x6bc6711ac5763745, 0x0, 0x0, {0x7, 0x0, 0x0, r5}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}]}, 0x24}}, 0x0)
r6 = socket(0x10, 0x80002, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_delvlan={0x24, 0x70, 0x6bc6711ac5763745, 0x0, 0x0, {0x7, 0x0, 0x0, r9}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}]}, 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r1, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_RINGS_TX={0x8}, @ETHTOOL_A_RINGS_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x78}}, 0x4844)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000)='ethtool\x00')

[  435.727801][ T9078] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  435.741523][ T9078] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  435.812323][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
15:07:32 executing program 1:
r0 = socket$inet6(0xa, 0x80003, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000080)=0xfffffffd, 0x4)
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
io_setup(0x81, &(0x7f0000000040)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000280)="d2b889cc03d01f7ac72f783fbba0370566b4f1b3d964af1ec2c279db13fe5076ae86b03808cee7a77e2bd9155e6dffcd773c23b9202d61e1eb9b7a5e250530cc619d3288b4200538ba317d81768319e8f0281523f46f6522383baa8903e6f993fdab22257c5a14798128e9af777868149f9df35435d13ce5d1b603164458c9", 0x7f}])
write$P9_RFLUSH(r1, 0x0, 0x0)
lseek(r1, 0x0, 0x7)
read$snddsp(r1, &(0x7f0000000040)=""/18, 0x12)
r3 = socket(0x10, 0x80002, 0x0)
openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240)='/proc/capi/capi20ncci\x00', 0x880, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_delvlan={0x24, 0x70, 0x6bc6711ac5763745, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}]}, 0x24}}, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f00000000c0)={@dev={0xfe, 0x80, [], 0xb}, r6}, 0x14)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000040)={0x8, 0x6, [], [@calipso={0x7, 0x28, {0x2, 0x8, 0x1, 0x9, [0xffffffff, 0x7, 0x5, 0xfffffffffffffff8]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, 0x40)
sendmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x0, &(0x7f00000011c0)}}], 0x1, 0x20080804)

15:07:32 executing program 0:
r0 = socket(0x1000000010, 0x80002, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x3, 0x2, 0xfffffffe)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000a6da000000", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000002400ffffff7f00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736321d20cad1f5a0b"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xe}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x7}]}}]}, 0x38}}, 0x0)
r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
io_setup(0x81, &(0x7f0000000040)=<r7=>0x0)
io_cancel(r7, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x7ff, r4, &(0x7f00000003c0)="2285241e4b795ed582ba6415ef7b237bf8d2e5aeda59997d164ba37f0b7cd9a4b67d2b4142f1971aeb88277c0bdbf4c48dff1de709c358779437e277c1892188d93c2b4fde4314b6e579609e5b54532ef91ddbd162918dfffe33792c7703b3b1f3c004fa92d3b4a359e7d1e8410ae09f732a437f0ffab1e1e71f5ea41f72b64394fa36bf115d70f0d085d00582200529595ea236e3aea1dc84c0808c6e46ca4f877ccbc823b5cacf07881f6737939dc4a2329b5d3d67c7f198146caf504fedf21eb234", 0xc3, 0x80000001, 0x0, 0x1}, &(0x7f00000001c0))
io_submit(r7, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0x200a00}])
write$P9_RFLUSH(r6, 0x0, 0x0)
lseek(r6, 0x0, 0x7)
read$snddsp(r6, &(0x7f0000000040)=""/18, 0x12)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r6, 0x40405515, &(0x7f00000000c0)={0x6, 0x4, 0x200, 0x5, 'syz0\x00', 0x6})
sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

[  436.125608][ T9089] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  436.230725][ T9097] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  436.273351][    C0] =====================================================
[  436.280443][    C0] BUG: KMSAN: uninit-value in ip6_parse_tlv+0x6d3/0xf80
[  436.287401][    C0] CPU: 0 PID: 9097 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0
[  436.295983][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  436.306041][    C0] Call Trace:
[  436.309339][    C0]  <IRQ>
[  436.312279][    C0]  dump_stack+0x21c/0x280
[  436.316670][    C0]  kmsan_report+0xf7/0x1e0
[  436.321101][    C0]  __msan_warning+0x58/0xa0
[  436.325614][    C0]  ip6_parse_tlv+0x6d3/0xf80
[  436.330232][    C0]  ipv6_destopt_rcv+0x630/0xe80
[  436.335103][    C0]  ? ipv6_rthdr_rcv+0xa470/0xa470
[  436.340192][    C0]  ip6_protocol_deliver_rcu+0x14a2/0x2660
[  436.345933][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.351142][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.353193][ T9089] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  436.356997][    C0]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  436.357026][    C0]  ip6_input+0x2dd/0x370
[  436.357050][    C0]  ? ip6_input+0x370/0x370
[  436.357070][    C0]  ? ip6_protocol_deliver_rcu+0x2660/0x2660
[  436.357086][    C0]  ip6_rcv_finish+0x5fc/0x7f0
[  436.357134][    C0]  ipv6_rcv+0x3bb/0x460
[  436.395676][    C0]  ? local_bh_enable+0x40/0x40
[  436.400565][    C0]  __netif_receive_skb+0x265/0x670
[  436.405685][    C0]  ? kmsan_set_origin_checked+0x95/0xf0
[  436.411236][    C0]  ? ip6_rcv_finish+0x7f0/0x7f0
[  436.416113][    C0]  process_backlog+0x50d/0xba0
[  436.420888][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.426710][    C0]  ? rps_trigger_softirq+0x2e0/0x2e0
[  436.432004][    C0]  napi_poll+0x43b/0xfd0
[  436.436261][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.441473][    C0]  net_rx_action+0x35c/0xd40
[  436.446086][    C0]  ? net_tx_action+0xdc0/0xdc0
[  436.450878][    C0]  __do_softirq+0x2ea/0x7f5
[  436.455400][    C0]  asm_call_on_stack+0xf/0x20
[  436.460070][    C0]  </IRQ>
[  436.463069][    C0]  do_softirq_own_stack+0x7c/0xa0
[  436.468207][    C0]  __local_bh_enable_ip+0x184/0x1d0
[  436.473424][    C0]  local_bh_enable+0x36/0x40
[  436.478021][    C0]  ip6_finish_output2+0x24b4/0x2a70
[  436.483247][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.488453][    C0]  __ip6_finish_output+0x9c0/0xa90
[  436.493587][    C0]  ip6_finish_output+0x14b/0x4b0
[  436.498540][    C0]  ip6_output+0x68d/0x7f0
[  436.502885][    C0]  ? ip6_output+0x7f0/0x7f0
[  436.507398][    C0]  ? ac6_seq_show+0x200/0x200
[  436.512147][    C0]  ip6_local_out+0x17b/0x1e0
[  436.516753][    C0]  ip6_push_pending_frames+0x252/0x5b0
[  436.522248][    C0]  rawv6_sendmsg+0x42fe/0x4740
[  436.527024][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.532237][    C0]  ? kmsan_internal_set_origin+0x75/0xb0
[  436.537893][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.543100][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.548923][    C0]  ? compat_rawv6_ioctl+0x130/0x130
[  436.554226][    C0]  inet_sendmsg+0x15b/0x1d0
[  436.558777][    C0]  ____sys_sendmsg+0xc82/0x1240
[  436.563644][    C0]  ? inet_send_prepare+0x6b0/0x6b0
[  436.568770][    C0]  __sys_sendmmsg+0xa05/0xf70
[  436.573475][    C0]  ? __msan_poison_alloca+0xf0/0x120
[  436.578832][    C0]  ? ktime_get_ts64+0x79f/0x8d0
[  436.583702][    C0]  ? kmsan_copy_to_user+0x81/0x90
[  436.588792][    C0]  ? _copy_to_user+0x1bf/0x260
[  436.593573][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.598868][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.604678][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.609888][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.615741][    C0]  ? __prepare_exit_to_usermode+0x16c/0x560
[  436.622508][    C0]  __se_sys_sendmmsg+0xbd/0xe0
[  436.627291][    C0]  __x64_sys_sendmmsg+0x56/0x70
[  436.632199][    C0]  do_syscall_64+0xad/0x160
[  436.636715][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  436.642622][    C0] RIP: 0033:0x45d4d9
[  436.646516][    C0] Code: Bad RIP value.
[  436.650582][    C0] RSP: 002b:00007f1e36e78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  436.658997][    C0] RAX: ffffffffffffffda RBX: 00000000000278c0 RCX: 000000000045d4d9
[  436.666972][    C0] RDX: 0000000000000001 RSI: 0000000020001300 RDI: 0000000000000003
[  436.674945][    C0] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[  436.682918][    C0] R10: 0000000020080804 R11: 0000000000000246 R12: 000000000118cf4c
[  436.690905][    C0] R13: 000000000169fb6f R14: 00007f1e36e799c0 R15: 000000000118cf4c
[  436.698881][    C0] 
[  436.701203][    C0] Uninit was created at:
[  436.705451][    C0]  kmsan_internal_poison_shadow+0x66/0xd0
[  436.711174][    C0]  kmsan_slab_alloc+0x8a/0xe0
[  436.715935][    C0]  __kmalloc_node_track_caller+0xeab/0x12e0
[  436.721834][    C0]  __alloc_skb+0x35f/0xb30
[  436.725280][ T8702] Bluetooth: hci1: command 0x040f tx timeout
[  436.726277][    C0]  alloc_skb_with_frags+0x1f2/0xc10
[  436.737511][    C0]  sock_alloc_send_pskb+0xc83/0xe50
[  436.742738][    C0]  sock_alloc_send_skb+0xca/0xe0
[  436.747676][    C0]  __ip6_append_data+0x4fbf/0x71b0
[  436.752793][    C0]  ip6_append_data+0x44b/0x6e0
[  436.757563][    C0]  rawv6_sendmsg+0x2cfe/0x4740
[  436.762329][    C0]  inet_sendmsg+0x15b/0x1d0
[  436.766838][    C0]  ____sys_sendmsg+0xc82/0x1240
[  436.771689][    C0]  __sys_sendmmsg+0xa05/0xf70
[  436.776364][    C0]  __se_sys_sendmmsg+0xbd/0xe0
[  436.781129][    C0]  __x64_sys_sendmmsg+0x56/0x70
[  436.785980][    C0]  do_syscall_64+0xad/0x160
[  436.790485][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  436.796366][    C0] =====================================================
[  436.803291][    C0] Disabling lock debugging due to kernel taint
[  436.809437][    C0] Kernel panic - not syncing: panic_on_warn set ...
[  436.816029][    C0] CPU: 0 PID: 9097 Comm: syz-executor.1 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  436.825991][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  436.836038][    C0] Call Trace:
[  436.839320][    C0]  <IRQ>
[  436.842188][    C0]  dump_stack+0x21c/0x280
[  436.846577][    C0]  panic+0x4d7/0xef7
[  436.850495][    C0]  ? add_taint+0x17c/0x210
[  436.854923][    C0]  kmsan_report+0x1df/0x1e0
[  436.859435][    C0]  __msan_warning+0x58/0xa0
[  436.864061][    C0]  ip6_parse_tlv+0x6d3/0xf80
[  436.868683][    C0]  ipv6_destopt_rcv+0x630/0xe80
[  436.873558][    C0]  ? ipv6_rthdr_rcv+0xa470/0xa470
[  436.878591][    C0]  ip6_protocol_deliver_rcu+0x14a2/0x2660
[  436.884330][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.889537][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.895351][    C0]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  436.901432][    C0]  ip6_input+0x2dd/0x370
[  436.905684][    C0]  ? ip6_input+0x370/0x370
[  436.910105][    C0]  ? ip6_protocol_deliver_rcu+0x2660/0x2660
[  436.916001][    C0]  ip6_rcv_finish+0x5fc/0x7f0
[  436.920687][    C0]  ipv6_rcv+0x3bb/0x460
[  436.924856][    C0]  ? local_bh_enable+0x40/0x40
[  436.929722][    C0]  __netif_receive_skb+0x265/0x670
[  436.934840][    C0]  ? kmsan_set_origin_checked+0x95/0xf0
[  436.940388][    C0]  ? ip6_rcv_finish+0x7f0/0x7f0
[  436.945256][    C0]  process_backlog+0x50d/0xba0
[  436.950036][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  436.955861][    C0]  ? rps_trigger_softirq+0x2e0/0x2e0
[  436.961151][    C0]  napi_poll+0x43b/0xfd0
[  436.965403][    C0]  ? kmsan_get_metadata+0x116/0x180
[  436.970611][    C0]  net_rx_action+0x35c/0xd40
[  436.975215][    C0]  ? net_tx_action+0xdc0/0xdc0
[  436.979985][    C0]  __do_softirq+0x2ea/0x7f5
[  436.984506][    C0]  asm_call_on_stack+0xf/0x20
[  436.989174][    C0]  </IRQ>
[  436.992122][    C0]  do_softirq_own_stack+0x7c/0xa0
[  436.997153][    C0]  __local_bh_enable_ip+0x184/0x1d0
[  437.002364][    C0]  local_bh_enable+0x36/0x40
[  437.007057][    C0]  ip6_finish_output2+0x24b4/0x2a70
[  437.012542][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.017752][    C0]  __ip6_finish_output+0x9c0/0xa90
[  437.022879][    C0]  ip6_finish_output+0x14b/0x4b0
[  437.027831][    C0]  ip6_output+0x68d/0x7f0
[  437.032170][    C0]  ? ip6_output+0x7f0/0x7f0
[  437.036679][    C0]  ? ac6_seq_show+0x200/0x200
[  437.041463][    C0]  ip6_local_out+0x17b/0x1e0
[  437.046064][    C0]  ip6_push_pending_frames+0x252/0x5b0
[  437.051528][    C0]  rawv6_sendmsg+0x42fe/0x4740
[  437.056309][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.061515][    C0]  ? kmsan_internal_set_origin+0x75/0xb0
[  437.067172][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.072374][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.078201][    C0]  ? compat_rawv6_ioctl+0x130/0x130
[  437.083407][    C0]  inet_sendmsg+0x15b/0x1d0
[  437.087921][    C0]  ____sys_sendmsg+0xc82/0x1240
[  437.092790][    C0]  ? inet_send_prepare+0x6b0/0x6b0
[  437.097913][    C0]  __sys_sendmmsg+0xa05/0xf70
[  437.102616][    C0]  ? __msan_poison_alloca+0xf0/0x120
[  437.107909][    C0]  ? ktime_get_ts64+0x79f/0x8d0
[  437.112775][    C0]  ? kmsan_copy_to_user+0x81/0x90
[  437.117809][    C0]  ? _copy_to_user+0x1bf/0x260
[  437.122589][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.127793][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.133601][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.138812][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.144622][    C0]  ? __prepare_exit_to_usermode+0x16c/0x560
[  437.150520][    C0]  __se_sys_sendmmsg+0xbd/0xe0
[  437.155297][    C0]  __x64_sys_sendmmsg+0x56/0x70
[  437.160158][    C0]  do_syscall_64+0xad/0x160
[  437.164671][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  437.170564][    C0] RIP: 0033:0x45d4d9
[  437.174447][    C0] Code: Bad RIP value.
[  437.178510][    C0] RSP: 002b:00007f1e36e78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  437.186925][    C0] RAX: ffffffffffffffda RBX: 00000000000278c0 RCX: 000000000045d4d9
[  437.194895][    C0] RDX: 0000000000000001 RSI: 0000000020001300 RDI: 0000000000000003
[  437.202865][    C0] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[  437.210841][    C0] R10: 0000000020080804 R11: 0000000000000246 R12: 000000000118cf4c
[  437.218918][    C0] R13: 000000000169fb6f R14: 00007f1e36e799c0 R15: 000000000118cf4c
[  437.227500][    C0] ------------[ cut here ]------------
[  437.232935][    C0] kernel BUG at mm/kmsan/kmsan.h:87!
[  437.238327][    C0] invalid opcode: 0000 [#1] SMP
[  437.243154][    C0] CPU: 0 PID: 9097 Comm: syz-executor.1 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  437.253132][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  437.263200][    C0] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0
[  437.269759][    C0] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff
[  437.289334][    C0] RSP: 0018:ffff88812fc05258 EFLAGS: 00010046
[  437.295371][    C0] RAX: 0000000000000002 RBX: 000000000434010f RCX: 000000000434010f
[  437.303315][    C0] RDX: 0000000000000000 RSI: 00000000000004a0 RDI: ffff88812fc0533c
[  437.311269][    C0] RBP: ffff88812fc05300 R08: ffffea000000000f R09: ffff88812fffa000
[  437.319212][    C0] R10: 0000000000000002 R11: ffff888125643d00 R12: 0000000000000000
[  437.327155][    C0] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001
[  437.335104][    C0] FS:  00007f1e36e79700(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000
[  437.344006][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  437.350564][    C0] CR2: 0000000000000000 CR3: 00000000300c4000 CR4: 00000000001406f0
[  437.358511][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  437.366471][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  437.374547][    C0] Call Trace:
[  437.377804][    C0]  <IRQ>
[  437.380659][    C0]  kmsan_check_memory+0xd/0x10
[  437.385573][    C0]  iowrite8+0x99/0x300
[  437.389684][    C0]  pvpanic_panic_notify+0xb7/0xe0
[  437.394793][    C0]  ? pvpanic_mmio_remove+0x60/0x60
[  437.399933][    C0]  atomic_notifier_call_chain+0x123/0x290
[  437.405645][    C0]  panic+0x560/0xef7
[  437.409533][    C0]  ? add_taint+0x17c/0x210
[  437.413939][    C0]  kmsan_report+0x1df/0x1e0
[  437.418425][    C0]  __msan_warning+0x58/0xa0
[  437.422999][    C0]  ip6_parse_tlv+0x6d3/0xf80
[  437.427615][    C0]  ipv6_destopt_rcv+0x630/0xe80
[  437.432451][    C0]  ? ipv6_rthdr_rcv+0xa470/0xa470
[  437.437455][    C0]  ip6_protocol_deliver_rcu+0x14a2/0x2660
[  437.443157][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.448332][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.454118][    C0]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  437.460269][    C0]  ip6_input+0x2dd/0x370
[  437.464490][    C0]  ? ip6_input+0x370/0x370
[  437.468886][    C0]  ? ip6_protocol_deliver_rcu+0x2660/0x2660
[  437.474754][    C0]  ip6_rcv_finish+0x5fc/0x7f0
[  437.479411][    C0]  ipv6_rcv+0x3bb/0x460
[  437.483542][    C0]  ? local_bh_enable+0x40/0x40
[  437.488282][    C0]  __netif_receive_skb+0x265/0x670
[  437.493524][    C0]  ? kmsan_set_origin_checked+0x95/0xf0
[  437.499145][    C0]  ? ip6_rcv_finish+0x7f0/0x7f0
[  437.504175][    C0]  process_backlog+0x50d/0xba0
[  437.509066][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.514857][    C0]  ? rps_trigger_softirq+0x2e0/0x2e0
[  437.520138][    C0]  napi_poll+0x43b/0xfd0
[  437.524367][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.529551][    C0]  net_rx_action+0x35c/0xd40
[  437.534213][    C0]  ? net_tx_action+0xdc0/0xdc0
[  437.538958][    C0]  __do_softirq+0x2ea/0x7f5
[  437.543791][    C0]  asm_call_on_stack+0xf/0x20
[  437.548440][    C0]  </IRQ>
[  437.553356][    C0]  do_softirq_own_stack+0x7c/0xa0
[  437.558389][    C0]  __local_bh_enable_ip+0x184/0x1d0
[  437.563565][    C0]  local_bh_enable+0x36/0x40
[  437.568128][    C0]  ip6_finish_output2+0x24b4/0x2a70
[  437.573313][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.578490][    C0]  __ip6_finish_output+0x9c0/0xa90
[  437.583581][    C0]  ip6_finish_output+0x14b/0x4b0
[  437.588499][    C0]  ip6_output+0x68d/0x7f0
[  437.592809][    C0]  ? ip6_output+0x7f0/0x7f0
[  437.597637][    C0]  ? ac6_seq_show+0x200/0x200
[  437.602310][    C0]  ip6_local_out+0x17b/0x1e0
[  437.606886][    C0]  ip6_push_pending_frames+0x252/0x5b0
[  437.612338][    C0]  rawv6_sendmsg+0x42fe/0x4740
[  437.617860][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.623137][    C0]  ? kmsan_internal_set_origin+0x75/0xb0
[  437.628770][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.633950][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.639743][    C0]  ? compat_rawv6_ioctl+0x130/0x130
[  437.644919][    C0]  inet_sendmsg+0x15b/0x1d0
[  437.649402][    C0]  ____sys_sendmsg+0xc82/0x1240
[  437.654233][    C0]  ? inet_send_prepare+0x6b0/0x6b0
[  437.659324][    C0]  __sys_sendmmsg+0xa05/0xf70
[  437.664003][    C0]  ? __msan_poison_alloca+0xf0/0x120
[  437.669278][    C0]  ? ktime_get_ts64+0x79f/0x8d0
[  437.674106][    C0]  ? kmsan_copy_to_user+0x81/0x90
[  437.679119][    C0]  ? _copy_to_user+0x1bf/0x260
[  437.683864][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.689038][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.695030][    C0]  ? kmsan_get_metadata+0x116/0x180
[  437.700203][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.705985][    C0]  ? __prepare_exit_to_usermode+0x16c/0x560
[  437.711851][    C0]  __se_sys_sendmmsg+0xbd/0xe0
[  437.716592][    C0]  __x64_sys_sendmmsg+0x56/0x70
[  437.721421][    C0]  do_syscall_64+0xad/0x160
[  437.725899][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  437.731765][    C0] RIP: 0033:0x45d4d9
[  437.735629][    C0] Code: Bad RIP value.
[  437.739677][    C0] RSP: 002b:00007f1e36e78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  437.748062][    C0] RAX: ffffffffffffffda RBX: 00000000000278c0 RCX: 000000000045d4d9
[  437.756009][    C0] RDX: 0000000000000001 RSI: 0000000020001300 RDI: 0000000000000003
[  437.763953][    C0] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[  437.771900][    C0] R10: 0000000020080804 R11: 0000000000000246 R12: 000000000118cf4c
[  437.779859][    C0] R13: 000000000169fb6f R14: 00007f1e36e799c0 R15: 000000000118cf4c
[  437.787808][    C0] Modules linked in:
[  437.791682][    C0] ---[ end trace f1f13b0d1a7b6898 ]---
[  437.797115][    C0] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0
[  437.803678][    C0] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff
[  437.823261][    C0] RSP: 0018:ffff88812fc05258 EFLAGS: 00010046
[  437.829298][    C0] RAX: 0000000000000002 RBX: 000000000434010f RCX: 000000000434010f
[  437.837241][    C0] RDX: 0000000000000000 RSI: 00000000000004a0 RDI: ffff88812fc0533c
[  437.845201][    C0] RBP: ffff88812fc05300 R08: ffffea000000000f R09: ffff88812fffa000
[  437.853147][    C0] R10: 0000000000000002 R11: ffff888125643d00 R12: 0000000000000000
[  437.861094][    C0] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001
[  437.869040][    C0] FS:  00007f1e36e79700(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000
[  437.878057][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  437.884719][    C0] CR2: 0000000000000000 CR3: 00000000300c4000 CR4: 00000000001406f0
[  437.892669][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  437.900703][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  437.908653][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  437.915892][    C0] ------------[ cut here ]------------
[  437.921320][    C0] kernel BUG at mm/kmsan/kmsan.h:87!
[  437.926583][    C0] invalid opcode: 0000 [#2] SMP
[  437.931414][    C0] CPU: 0 PID: 9097 Comm: syz-executor.1 Tainted: G    B D           5.8.0-rc5-syzkaller #0
[  437.941355][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  437.951392][    C0] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0
[  437.957952][    C0] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff
[  437.977531][    C0] RSP: 0018:ffff88812fc04c38 EFLAGS: 00010002
[  437.983570][    C0] RAX: 0000000000000003 RBX: 00000000047a010f RCX: 00000000047a010f
[  437.991514][    C0] RDX: 0000000000000000 RSI: 00000000000004a0 RDI: ffff88812fc04d1c
[  437.999461][    C0] RBP: ffff88812fc04ce0 R08: ffffea000000000f R09: ffff88812fffa000
[  438.007408][    C0] R10: 0000000000000002 R11: ffff888125643d00 R12: 0000000000000000
[  438.015355][    C0] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001
[  438.023307][    C0] FS:  00007f1e36e79700(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000
[  438.032215][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  438.038772][    C0] CR2: 0000000000000000 CR3: 00000000300c4000 CR4: 00000000001406f0
[  438.046718][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  438.054764][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  438.062709][    C0] Call Trace:
[  438.066007][    C0]  <IRQ>
[  438.068846][    C0]  kmsan_check_memory+0xd/0x10
[  438.073586][    C0]  iowrite8+0x99/0x300
[  438.077636][    C0]  pvpanic_panic_notify+0xb7/0xe0
[  438.082635][    C0]  ? pvpanic_mmio_remove+0x60/0x60
[  438.087739][    C0]  atomic_notifier_call_chain+0x123/0x290
[  438.093465][    C0]  panic+0x560/0xef7
[  438.097342][    C0]  ? __show_regs+0xbfb/0xef0
[  438.101984][    C0]  ? irq_work_queue+0x103/0x3d0
[  438.106842][    C0]  oops_end+0x2a5/0x2d0
[  438.110974][    C0]  die+0x317/0x370
[  438.114679][    C0]  do_trap+0x3c0/0x760
[  438.118820][    C0]  handle_invalid_op+0x18b/0x230
[  438.123734][    C0]  ? kmsan_internal_check_memory+0x3c0/0x3d0
[  438.129709][    C0]  ? kmsan_internal_check_memory+0x3c0/0x3d0
[  438.135665][    C0]  exc_invalid_op+0x60/0x80
[  438.140147][    C0]  asm_exc_invalid_op+0x12/0x20
[  438.144975][    C0] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0
[  438.151552][    C0] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff
[  438.171131][    C0] RSP: 0018:ffff88812fc05258 EFLAGS: 00010046
[  438.177168][    C0] RAX: 0000000000000002 RBX: 000000000434010f RCX: 000000000434010f
[  438.185200][    C0] RDX: 0000000000000000 RSI: 00000000000004a0 RDI: ffff88812fc0533c
[  438.193232][    C0] RBP: ffff88812fc05300 R08: ffffea000000000f R09: ffff88812fffa000
[  438.201176][    C0] R10: 0000000000000002 R11: ffff888125643d00 R12: 0000000000000000
[  438.209208][    C0] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001
[  438.217425][    C0]  ? kmsan_internal_check_memory+0x324/0x3d0
[  438.223386][    C0]  kmsan_check_memory+0xd/0x10
[  438.228126][    C0]  iowrite8+0x99/0x300
[  438.232293][    C0]  pvpanic_panic_notify+0xb7/0xe0
[  438.237309][    C0]  ? pvpanic_mmio_remove+0x60/0x60
[  438.242396][    C0]  atomic_notifier_call_chain+0x123/0x290
[  438.248111][    C0]  panic+0x560/0xef7
[  438.252688][    C0]  ? add_taint+0x17c/0x210
[  438.257080][    C0]  kmsan_report+0x1df/0x1e0
[  438.261561][    C0]  __msan_warning+0x58/0xa0
[  438.266040][    C0]  ip6_parse_tlv+0x6d3/0xf80
[  438.270635][    C0]  ipv6_destopt_rcv+0x630/0xe80
[  438.275469][    C0]  ? ipv6_rthdr_rcv+0xa470/0xa470
[  438.280556][    C0]  ip6_protocol_deliver_rcu+0x14a2/0x2660
[  438.286270][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.291453][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  438.297248][    C0]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  438.303348][    C0]  ip6_input+0x2dd/0x370
[  438.307616][    C0]  ? ip6_input+0x370/0x370
[  438.312030][    C0]  ? ip6_protocol_deliver_rcu+0x2660/0x2660
[  438.317903][    C0]  ip6_rcv_finish+0x5fc/0x7f0
[  438.322806][    C0]  ipv6_rcv+0x3bb/0x460
[  438.327078][    C0]  ? local_bh_enable+0x40/0x40
[  438.331825][    C0]  __netif_receive_skb+0x265/0x670
[  438.336915][    C0]  ? kmsan_set_origin_checked+0x95/0xf0
[  438.342437][    C0]  ? ip6_rcv_finish+0x7f0/0x7f0
[  438.347289][    C0]  process_backlog+0x50d/0xba0
[  438.352118][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  438.357915][    C0]  ? rps_trigger_softirq+0x2e0/0x2e0
[  438.363183][    C0]  napi_poll+0x43b/0xfd0
[  438.367415][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.372751][    C0]  net_rx_action+0x35c/0xd40
[  438.377328][    C0]  ? net_tx_action+0xdc0/0xdc0
[  438.382071][    C0]  __do_softirq+0x2ea/0x7f5
[  438.386560][    C0]  asm_call_on_stack+0xf/0x20
[  438.391211][    C0]  </IRQ>
[  438.394168][    C0]  do_softirq_own_stack+0x7c/0xa0
[  438.399262][    C0]  __local_bh_enable_ip+0x184/0x1d0
[  438.404442][    C0]  local_bh_enable+0x36/0x40
[  438.409007][    C0]  ip6_finish_output2+0x24b4/0x2a70
[  438.414190][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.419366][    C0]  __ip6_finish_output+0x9c0/0xa90
[  438.424475][    C0]  ip6_finish_output+0x14b/0x4b0
[  438.429501][    C0]  ip6_output+0x68d/0x7f0
[  438.433914][    C0]  ? ip6_output+0x7f0/0x7f0
[  438.438394][    C0]  ? ac6_seq_show+0x200/0x200
[  438.443059][    C0]  ip6_local_out+0x17b/0x1e0
[  438.447632][    C0]  ip6_push_pending_frames+0x252/0x5b0
[  438.453083][    C0]  rawv6_sendmsg+0x42fe/0x4740
[  438.457823][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.463010][    C0]  ? kmsan_internal_set_origin+0x75/0xb0
[  438.468631][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.473806][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  438.479590][    C0]  ? compat_rawv6_ioctl+0x130/0x130
[  438.484775][    C0]  inet_sendmsg+0x15b/0x1d0
[  438.489407][    C0]  ____sys_sendmsg+0xc82/0x1240
[  438.494237][    C0]  ? inet_send_prepare+0x6b0/0x6b0
[  438.499327][    C0]  __sys_sendmmsg+0xa05/0xf70
[  438.503992][    C0]  ? __msan_poison_alloca+0xf0/0x120
[  438.509425][    C0]  ? ktime_get_ts64+0x79f/0x8d0
[  438.514253][    C0]  ? kmsan_copy_to_user+0x81/0x90
[  438.519354][    C0]  ? _copy_to_user+0x1bf/0x260
[  438.524097][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.529272][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  438.535169][    C0]  ? kmsan_get_metadata+0x116/0x180
[  438.540342][    C0]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  438.546126][    C0]  ? __prepare_exit_to_usermode+0x16c/0x560
[  438.551995][    C0]  __se_sys_sendmmsg+0xbd/0xe0
[  438.556837][    C0]  __x64_sys_sendmmsg+0x56/0x70
[  438.561664][    C0]  do_syscall_64+0xad/0x160
[  438.566169][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  438.572034][    C0] RIP: 0033:0x45d4d9
[  438.575917][    C0] Code: Bad RIP value.
[  438.579955][    C0] RSP: 002b:00007f1e36e78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  438.588352][    C0] RAX: ffffffffffffffda RBX: 00000000000278c0 RCX: 000000000045d4d9
[  438.596297][    C0] RDX: 0000000000000001 RSI: 0000000020001300 RDI: 0000000000000003
[  438.604259][    C0] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[  438.612209][    C0] R10: 0000000020080804 R11: 0000000000000246 R12: 000000000118cf4c
[  438.620154][    C0] R13: 000000000169fb6f R14: 00007f1e36e799c0 R15: 000000000118cf4c
[  438.628103][    C0] Modules linked in:
[  438.631975][    C0] ---[ end trace f1f13b0d1a7b6899 ]---
[  438.637427][    C0] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0
[  438.643991][    C0] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff
[  438.664014][    C0] RSP: 0018:ffff88812fc05258 EFLAGS: 00010046
[  438.670051][    C0] RAX: 0000000000000002 RBX: 000000000434010f RCX: 000000000434010f
[  438.677998][    C0] RDX: 0000000000000000 RSI: 00000000000004a0 RDI: ffff88812fc0533c
[  438.685944][    C0] RBP: ffff88812fc05300 R08: ffffea000000000f R09: ffff88812fffa000
[  438.693977][    C0] R10: 0000000000000002 R11: ffff888125643d00 R12: 0000000000000000
[  438.701923][    C0] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001
[  438.709991][    C0] FS:  00007f1e36e79700(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000
[  438.718990][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  438.725562][    C0] CR2: 0000000000000000 CR3: 00000000300c4000 CR4: 00000000001406f0
[  438.733524][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  438.743219][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  438.751858][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  438.759717][    C0] Kernel Offset: disabled
[  438.764032][    C0] Rebooting in 86400 seconds..