[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ 122.131552][ T8161] sshd (8161) used greatest stack depth: 4048 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts. 2020/08/24 21:06:10 fuzzer started 2020/08/24 21:06:11 dialing manager at 10.128.0.26:38233 2020/08/24 21:06:11 syscalls: 3160 2020/08/24 21:06:11 code coverage: enabled 2020/08/24 21:06:11 comparison tracing: enabled 2020/08/24 21:06:11 extra coverage: enabled 2020/08/24 21:06:11 setuid sandbox: enabled 2020/08/24 21:06:11 namespace sandbox: enabled 2020/08/24 21:06:11 Android sandbox: /sys/fs/selinux/policy does not exist 2020/08/24 21:06:11 fault injection: enabled 2020/08/24 21:06:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/24 21:06:11 net packet injection: enabled 2020/08/24 21:06:11 net device setup: enabled 2020/08/24 21:06:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/24 21:06:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/24 21:06:11 USB emulation: enabled 2020/08/24 21:06:11 hci packet injection: enabled 21:11:00 executing program 0: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000040)={0x3}, 0x8, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x1000) syzkaller login: [ 443.439160][ T8500] IPVS: ftp: loaded support on port[0] = 21 [ 444.005705][ T8500] chnl_net:caif_netlink_parms(): no params data found [ 444.157992][ T8500] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.165352][ T8500] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.175975][ T8500] device bridge_slave_0 entered promiscuous mode [ 444.190803][ T8500] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.198522][ T8500] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.208178][ T8500] device bridge_slave_1 entered promiscuous mode [ 444.261304][ T8500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 444.279350][ T8500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.329779][ T8500] team0: Port device team_slave_0 added [ 444.344201][ T8500] team0: Port device team_slave_1 added [ 444.389786][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.396975][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.423318][ T8500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.439768][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.447565][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.473980][ T8500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.539939][ T8500] device hsr_slave_0 entered promiscuous mode [ 444.550587][ T8500] device hsr_slave_1 entered promiscuous mode [ 444.835236][ T8500] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 444.870463][ T8500] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 444.892353][ T8500] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 444.913333][ T8500] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 445.243515][ T8500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.283412][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 445.293048][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 445.320372][ T8500] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.340177][ T5] Bluetooth: hci0: command 0x0409 tx timeout [ 445.361344][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 445.372059][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 445.381854][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.389314][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 445.411186][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 445.421996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 445.432416][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 445.442675][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.450096][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 445.477778][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 445.505362][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 445.532657][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 445.544214][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 445.591569][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 445.602280][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 445.613285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 445.624905][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 445.635028][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 445.650096][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 445.660493][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 445.689894][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 445.760597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 445.769067][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 445.802782][ T8500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.875144][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 445.888756][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 445.967404][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 445.976905][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 446.008465][ T8500] device veth0_vlan entered promiscuous mode [ 446.016140][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 446.025485][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 446.064113][ T8500] device veth1_vlan entered promiscuous mode [ 446.160779][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 446.171177][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 446.209662][ T8500] device veth0_macvtap entered promiscuous mode [ 446.231758][ T8500] device veth1_macvtap entered promiscuous mode [ 446.288042][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.296258][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 446.307192][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 446.317174][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 446.327672][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 446.356199][ T8500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.404771][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 446.415581][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 21:11:06 executing program 0: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000040)={0x3}, 0x8, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x1000) 21:11:06 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000480)=ANY=[@ANYBLOB='[d::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='ceph\x00', 0x0, 0x0) 21:11:06 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) close(r0) r1 = socket(0x200000100000011, 0x3, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00', 0x0}) bind$packet(r1, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000001c0)=0x8, 0x4) io_setup(0x7, &(0x7f0000000280)=0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x2000fe2f}]) [ 447.429543][ T3750] Bluetooth: hci0: command 0x041b tx timeout 21:11:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f000047b000)={0xa, 0x404e20, 0x0, @empty}, 0x1c) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0xe}}], 0x4000000000000d0, 0x0) 21:11:07 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xff000000, 0x0, 0x4}) 21:11:07 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4}) 21:11:07 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="3ccd80", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mkdir(&(0x7f0000000140)='./file0/file0\x00', 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='security.evm\x00', 0x0, 0x0, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0xa) r3 = socket$inet6(0xa, 0x2, 0x0) dup3(r3, r0, 0x0) [ 448.865508][ T8752] fuse: Unknown parameter '<̀0x0000000000000003' [ 448.888159][ T8754] fuse: Unknown parameter '<̀0x0000000000000003' 21:11:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x442000, 0x0) ioctl$CHAR_RAW_RAGET(r1, 0x1263, &(0x7f0000000100)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x105, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) 21:11:08 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x18, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000180)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in6=@mcast1={0xff, 0x1, [0x0, 0x3f000000]}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, r2}}}, 0xb8}, 0x1, 0xfffff000}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000600)="31a8a74c68e0576d9cd0c4741a0f6839f84fc6baa465a3f1153fbe538f25a929d282536660351a3581028e66de385e10e131124fe3f5ba72073e2d3c3f96cfb6d13ca9b9c6d5a0fee2b32c81839ef87b1843cf32bb270e925b79761d84da87242cd3d95cf159acc29f558ec395850eaaaa9061726fb30646066dd00503f0eec9f7c956570dddedbf0e6692cbf6427e52855de62360ab42", 0x97}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000ac0)="399d0210dcdacdcfc962b6b1e6a648c706b138082fe892fc7182d998a8ebe7434ed827118dfae41d466b687c54ee7de1a1a7d161c69189c18fa3e6725fb232affdeeeb5f00512d184d7742481fe79bc233f329b9d0d4208db657723a2c2808f0d046a1e794ee44e6fa84bb4588f7797bb32979da462f5021d24ebe82b2a26e871ee8916b24b21ad7ed57a55b9f9157f37f335379b3acef4f56e9b3b95fb732e294f61e226657dd1c9ffe29f78b589084a55a", 0xb2}], 0x6, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="0000000018000000000000000100000000000000d9a57029289a05e018814eb45bc0a065c5e339065e7627ccd0efd3945b863183ef0d8667214096d2294de0435259496e66577a08fbdaa4e8622938ab34551de3ea24fb4ce3ade63ad25d7361302a3b04cd40eec5702223a121d9a649357aeae7c5d6", @ANYRES32, @ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000003", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB, @ANYRES32, @ANYRES32], 0xb8, 0x28000}], 0x1, 0x50) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f00000002c0)={0xa0, 0x19, 0x2, {0x2040, {0x4, 0x1, 0x4}, 0x2, 0x0, r4, 0x100000000, 0x100000000, 0x10000, 0xfdf9, 0x786, 0x1000, 0xfffffffffffffff8, 0x2, 0x3f64, 0x4, 0x0, 0x1, 0x4, 0x1f, 0x1f}}, 0xa0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000600)="31a8a74c68e0576d9cd0c4741a0f6839f84fc6baa465a3f1153fbe538f25a929d282536660351a3581028e66de385e10e131124fe3f5ba72073e2d3c3f96cfb6d13ca9b9c6d5a0fee2b32c81839ef87b1843cf32bb270e925b79761d84da87242cd3d95cf159acc29f558ec395850eaaaa9061726fb30646066dd00503f0eec9f7c956570dddedbf0e6692cbf6427e52855de62360ab42", 0x97}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000ac0)="399d0210dcdacdcfc962b6b1e6a648c706b138082fe892fc7182d998a8ebe7434ed827118dfae41d466b687c54ee7de1a1a7d161c69189c18fa3e6725fb232affdeeeb5f00512d184d7742481fe79bc233f329b9d0d4208db657723a2c2808f0d046a1e794ee44e6fa84bb4588f7797bb32979da462f5021d24ebe82b2a26e871ee8916b24b21ad7ed57a55b9f9157f37f335379b3acef4f56e9b3b95fb732e294f61e226657dd1c9ffe29f78b589084a55a", 0xb2}], 0x6, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="0000000018000000000000000100000000000000d9a57029289a05e018814eb45bc0a065c5e339065e7627ccd0efd3945b863183ef0d8667214096d2294de0435259496e66577a08fbdaa4e8622938ab34551de3ea24fb4ce3ade63ad25d7361302a3b04cd40eec5702223a121d9a649357aeae7c5d6", @ANYRES32, @ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000003", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB, @ANYRES32, @ANYRES32], 0xb8, 0x28000}], 0x1, 0x50) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f00000002c0)={0xa0, 0x19, 0x2, {0x2040, {0x4, 0x1, 0x4}, 0x2, 0x0, r6, 0x100000000, 0x100000000, 0x10000, 0xfdf9, 0x786, 0x1000, 0xfffffffffffffff8, 0x2, 0x3f64, 0x4, 0x0, 0x1, 0x4, 0x1f, 0x1f}}, 0xa0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000000c0)={{}, {0x1, 0xa}, [{0x2, 0x7, 0xffffffffffffffff}, {0x2, 0x1, r2}, {0x2, 0x2, 0xee00}], {0x4, 0x3}, [{0x8, 0x2}, {0x8, 0x3, 0xee00}, {0x8, 0x0, r4}, {0x8, 0x3, 0xee00}, {0x8, 0x6, r6}], {0x10, 0x4}, {0x20, 0x7}}, 0x64, 0x1) write(r0, &(0x7f0000000000)="240000005a001f000307f4f9002304000a04f51105000100020100020800038005000000", 0x24) [ 449.446873][ T8761] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 449.497654][ T3750] Bluetooth: hci0: command 0x040f tx timeout 21:11:08 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x4c042, 0x0) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x8001) r4 = open(&(0x7f0000000080)='./bus\x00', 0x4c042, 0x0) ftruncate(r4, 0x200004) sendfile(r1, r2, 0x0, 0x80001d00c0d0) fallocate(r0, 0x100000010, 0xec, 0x8001) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000340)) r7 = dup3(r5, r6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) [ 449.722284][ T28] audit: type=1800 audit(1598303468.827:2): pid=8765 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15718 res=0 [ 449.769791][ T28] audit: type=1800 audit(1598303468.857:3): pid=8765 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15718 res=0 [ 450.025224][ T28] audit: type=1800 audit(1598303469.127:4): pid=8765 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15720 res=0 [ 450.074880][ T28] audit: type=1800 audit(1598303469.157:5): pid=8769 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15720 res=0 21:11:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="ddffffffff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}, 0x40}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001500b59500000000002000000a000000", @ANYRES32=r4, @ANYBLOB="080008001f536bae1400020000000000000000000000ffff"], 0x34}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x4000000000002bc, 0x0) r5 = gettid() tkill(r5, 0x1002000000016) ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x1) ptrace$getregs(0xe, r5, 0x7fff, &(0x7f0000000040)=""/100) [ 450.249987][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 450.290084][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 451.588185][ T8715] Bluetooth: hci0: command 0x0419 tx timeout 21:11:10 executing program 1: clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) futex(&(0x7f0000000000)=0x2, 0x8d, 0x0, &(0x7f0000000080)={r0, r1+10000000}, &(0x7f00000000c0)=0x2, 0x1) getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, &(0x7f0000000180)) syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0)='SEG6\x00') ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f0000000200)=0x7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x9, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x20}, 0x8) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcsa\x00', 0x90000, 0x0) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000340)='l2tp\x00') r5 = accept4(r2, &(0x7f0000000380)=@alg, &(0x7f0000000400)=0x80, 0x400) sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, r4, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r5}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private0={0xfc, 0x0, [], 0x1}}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7f}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x810}, 0x400080a0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r3, 0xc400941d, &(0x7f0000000540)={0x0, 0x0, 0xffffffffffffffff}) ioctl$BTRFS_IOC_DEV_REPLACE(r3, 0xca289435, &(0x7f0000000940)={0x2, 0x9, @start={r6, 0x0, "9a5e2ec75de9d583be58f0590ab1705905c0445007e1ef8fc2bccd5885d289057722e518afe217c81998283366f523af99511a326b4225a37b218241e0dbfa5afd747793eeb21a726484f95975916dcc1ef6c3ec3cbed529fecfd8f73c7f1fa04dbebbbf3ca2b9b4b3f06eb6897e44a72870fc1fe9e4a430adb34513b4bf90f55847fdc974120c570cf93fe4ee0e7c4c19bda747c99307e6a304e6a7a09c2da1b9ace1dca4a9465e43a653be92aaaa579c05e373bddf49e489c4e810a541396d89272de92259605ebe0945198b59bdc80ff5f60c477027b55a3b0028260f7139d54f3875aba25b8d0dffbf9593cd2115765ad0d0e7061626f827d41484fa7e46424240db3524de1517d7d7c092873ebb2ffd8f008c289f0b845b179edb706e52d018a8757d0383a897714a6378bcaf3379a3183cbd4cbe25d8418e06256be471a8aaaefccfd9cc3c96c6c5e8915d1087fb208ff56c22f4b17c6735dc665fd9940052a90723b95b5cea86c656ada6fb2fce7ebf61e0966a5a9651260c6282932a1878f65975a7cff6581a9457b0ec0d8a30656369aefa0e48ed56913aa1d6865609eeaf68205584db32e773fae388421a98159f90642e8c612afcdb9e099ddbd04b15256bda5451cc099ed019386121efa049fe717ee1fb7799f012c5d21b5f6de6fd8f56bcd3b0ef03861cb0a323fd97b81e754d3fccab01c09cae2c863f1edf3613c4f3d98c7ca9c927a6acdfc4db764bc502b1905232466f80a152d7ccb9f6f7b9c464f4c25abb237055f959c3c262390dd1c77f5d103ce4e8704e4c857d2f0673e78b8efcd0b17db0263be03e2cc33f0543bc84a9d2da665d9826842779abe529e7ecdf41a5b20a6dc03f8ed6b9df5444a3b1e912491d18b8de4c2837ab7352b4976e44f85f83f3be858c0285312c7c32aa629b9a4a4b18da5b7432aa460bffa8f9511bc96d72cce6af06cc0fa3a44cccdbeb27f57f83aa0adeaf7a022990d954d5db331ee2405199b3651d4e45034048350f4f7e84ff7f4fb185d8c9577a379d1273838b380771d9d400d44e67782a8e4558eac3b954f4ea2dbd4dd0c4b6439afb19f6852aeea7145a40d63096bbe51a8781d22271066eb2384cee1932649d78af250af0b0f14fb59a2dac9595c8eceec60bd41b78b4f624997b08cafd97b271837d69dbeb1d3ba47d031b6d9bf389d644ce92a422c8d951c4aa365e846f0580e079e163bfe9b23d1e2baec2e3a9a8742a74157e4d2a0e220b9caffc2989f7fdba21b46dbbe08f621b5608d86a25166af054ba021d38c481c5aaf8e6f7dad62a2e793c67d7e111dec3edd24332412b8e9e65740f7be9da02c31666a6a4a3f7f6d4ffa582526a0971618c557632f80f98b5b6729e78799177a615e8b0795d7c37a1aab61f74dd1914a76271e65487e09a06c16e91d3255d031476d65aa57066", "ad6f9fec3b67e4104690eb5dcce22b604782e655eb83b264deb201e2d00a8561d524ef7ba53ecb70ad1008d2ad9ce92e0605684ae1627a6d480b027cc67b4582df850a7b3a13d53c9f0561b6b627bec24915dcacbaead003423a4dd2074dca1d5b0e4eecf080fea46f11d5d034073170cb13a92f6a5390f6f867b9da626cd91e366f3a719b641b655f725e6297c9c4397ec5a99fc8ffb067dc85087199fef57e518bb49be8ebbda5e824a937df1ae7b3230e423d3faa0447144bef186b137b7da71ac285579b4151ed1f85f9e89aa8be12eea06a22e8bd8ac401e984aca607f9aed1216c381603a89b1adcf68f27993c45006a8db87589da0db7f2532fd9ec228bdb049f0c0d09e18579fff13d42c51d5b2df349f71a175e136f20c4b1a2be5f7e2ac237ee9ee9cfb223b6412a0619d5df5a236eca56c3a43a058a4070c00f6db93e0dda23b5624ebbaf832d0a0bd32f4698d9fe6667d0220d64bca550b241b447740383c0142ba734d9f532ec8ecf9d40cd15bc9f28ccecbda2767349e42c3c607c05f8e405813c8b8d30a5c92878ad39af23309534e0232f5d0a11d41a472e156ae3e4434602ccd577799147ddcc882274548decad96f4046d93afb7c094c816e2f8f47a5dd5b20af8f4978d968791fcf545d1a76237f14d16a97df7a2bb5d2bcdce2fcc3e3fc5622e2700ee9cfbc2fbcc09e6eefdc1fb8f93f4b320bea1d5a41de27c6b7c625b1d3ff91de2ce3e613206c5dea1cf2470872a1df7e811416ba0ad97fcba58a76dd445672f5d665930fdf7a453af94b4d1802c813278cbb1cff454383c8272b9348b8e8d6adb77817dfe8c646bdd382b39a96020ea070171819fe58514664a7816b2f8c189877b1289372ec9ee077279095935bbc63d72efa5c22f48bafa6b987afcc675240f33123342c9c6e65a5e72c9478e09f6200eab5732442a5e436a717f299113c13993dc9143f1169dcf144a4506234980df12fb28967060440eeb510506d93dc8b7e8305fdcbf1162480a53cd1ac3d2570466b5bd003666e036c3c79764ac794046bbdc3a22d46d962e7da61b4b6a9fc0fee41b4c4db067f2d1aca3a92039cad4ce0871c4e3e65a222670c476a60c5865305e4be67bf58c1c79e321118f0d23059190cf53594018bae578e26b6fbec914d6645f08021e63dc6ab23d4feb5c22115a1208f7d05fe1f0b10c4cc6ec7de1bd43c79a0d59032c7078e719b1b3a9525d2dcc1fcdae922e7c2f7ea98b86d3bd722b45da91b4f965b78df0422c2d1077e5cc5648ce00e59e1311be10d27f8706e5e51fa0cc714fa4ea9cbdad2e79cbbb1402f43df1f00b4390c6138c7ee4e63663737a4724054774d6b2fabc7e1ffb55360eafb03bf5ac2d006cdad70fa87c4c87ace42491dce1b7f668c947df5b4a689c807d13ef6c2466fb1416e7f7f46ebe4d5a8deaf1a4"}, [0x7fff, 0xfffffffffffffff8, 0x5, 0x1f, 0x4, 0x4, 0xff, 0x100000001, 0x0, 0x1ff, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x2400000000000, 0x8, 0x9d5e, 0x0, 0x5, 0xffff, 0x0, 0xfffffffffffeffff, 0x800, 0x7fffffff000000, 0x10000, 0x4f, 0x271, 0x8, 0xffffffffffff0000, 0x100, 0x7fff, 0x8000, 0x100, 0x10000, 0x0, 0x80, 0x3ff, 0x2, 0x0, 0x1f, 0x80000001, 0xc6, 0x550c, 0x0, 0x401, 0x3, 0x797b, 0x4, 0x4, 0x5, 0x7fffffff, 0x8001, 0x1, 0x428, 0x7fb873d2, 0xe1c, 0x9, 0x0, 0x1247, 0x6, 0x40, 0x6]}) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000001380)=""/4096) r7 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000002380)='/dev/dlm-control\x00', 0x80000, 0x0) ioctl$SG_GET_VERSION_NUM(r7, 0x2282, &(0x7f00000023c0)) sendmsg$NLBL_MGMT_C_REMOVEDEF(r5, &(0x7f00000024c0)={&(0x7f0000002400)={0x10, 0x0, 0x0, 0x24200000}, 0xc, &(0x7f0000002480)={&(0x7f0000002440)={0x24, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x11}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040004}, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000002500)=0x7fffffff, 0x4) 21:11:12 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x200000c, 0x10032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) r2 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x40008000, 0x4d0003) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000100)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x13, 0x0, &(0x7f0000000080)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r1) dup3(r6, r0, 0x0) [ 453.465588][ T8782] IPVS: ftp: loaded support on port[0] = 21 21:11:13 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80) getsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000380)=""/214, &(0x7f0000000000)=0xd6) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x5e) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000000)={0x1000001c}) epoll_wait(r5, &(0x7f00000000c0)=[{}], 0x1, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="17de000010000100000000000000000000000000edc9fcd40ee17e62ebe54038b05ef133044933c5f27649f09a07bf88ef0ea10e47d3693ca43f914d3354cd2fe92c8cd2201a0d963ac8645add74632ffc2ade404f98850a4f1ba97e42c5d095f0cd8a0134ba5735f298e8a807000000000000004b9e329e86eb191588e3e5016127301b34c6d27ac60bc0752cd3b33ade67511438a2389c23a3526f2c3aaf721a62279c9686932c8336065dc4df9b009c4034d62adf1ed04a5d21889d188d", @ANYRES32=r3, @ANYRES32=r5, @ANYRES32=r0, @ANYBLOB="08000a01", @ANYRESHEX=r1, @ANYBLOB="a5de66b61f26deb2aaad40e8c661b2919eb15fe9f52b836efd3f88e338aa483da8142311c45019a8182a49a2ff2debe0c51f01006cc64e8c70e51a68b0e9c96c6182ad9ada533d3d7a01fc2904708303bc36d3ac4fd58c290ef94bd6db07422bb8ca782a4bb134873a13e345ddc38927e598b3e123c958ab295b14c198974d7ba11975d1c9e877e4b1d8f4bf9b6f8d7b33deec2207e05ab9e76feb10f2e225d7d5765a617647a6534df401c249efa04f9ebe3f55fd4210a1ab78b099475573b69131f6e4986b327cbefcd7a1e14c3b27071de75d50a9b63ff2c19ce0da8df85f3ad7c5120a2b94100a4fd3d85b0fc5cf8732ba8c171b2412"], 0x34}}, 0x0) [ 454.286544][ T8782] chnl_net:caif_netlink_parms(): no params data found 21:11:13 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480002a41000050700000000000000000000000043cbde9b8dc5222b3a87cfd758c6d503087fe8a2f5c919696547a4bc08639bee6fd6c6ed91b8c82622fe1b3300b1224a84ecc680ecfe1761a61f3b01e3cc630650f90365bd947b552f8cfea6a60f72547b1e8a", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r1}, 0x8) sendmsg$NFT_MSG_GETGEN(r7, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xc}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000024000b0f00000000e4ff000000000000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000b00010064736d61726b00000c0002000600010020"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000011c0)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x2}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0) 21:11:13 executing program 0: r0 = syz_usb_connect(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x9e, 0x9d, 0xd9, 0x40, 0x6d6, 0x41, 0x6532, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa3, 0xfb}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x8004510a, &(0x7f0000000180)) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0xb7}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x0, 0x1}}]}, 0x28}}, 0x4805) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x1, "d7"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0x34, &(0x7f0000000400)={0x0, 0x0, 0x1, '$'}, 0x0, &(0x7f0000000680)={0x0, 0x8, 0x1}, 0x0, 0x0, 0x0}) [ 454.630593][ T8782] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.638072][ T8782] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.647732][ T8782] device bridge_slave_0 entered promiscuous mode [ 454.735486][ T8782] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.742876][ T8782] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.752577][ T8782] device bridge_slave_1 entered promiscuous mode [ 454.858410][ T8782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.894749][ T8782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.013337][ T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 455.025967][ T8782] team0: Port device team_slave_0 added [ 455.062494][ T8782] team0: Port device team_slave_1 added [ 455.132282][ T8782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.139512][ T8782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.165746][ T8782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.184551][ T8782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.193038][ T8782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.219165][ T8782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.291855][ T8782] device hsr_slave_0 entered promiscuous mode [ 455.305991][ T8782] device hsr_slave_1 entered promiscuous mode [ 455.337656][ T3750] Bluetooth: hci1: command 0x0409 tx timeout [ 455.339670][ T8782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 455.351714][ T8782] Cannot create hsr debugfs directory [ 455.394172][ T27] usb 1-1: New USB device found, idVendor=06d6, idProduct=0041, bcdDevice=65.32 [ 455.403602][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.449610][ T27] usb 1-1: config 0 descriptor?? [ 455.494837][ T27] gspca_main: sunplus-2.14.0 probing 06d6:0041 [ 455.850522][ T8782] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 455.890078][ T8782] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 455.942094][ T8782] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 455.988817][ T8782] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 456.331524][ T8782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.378299][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 456.388423][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 456.415235][ T8782] 8021q: adding VLAN 0 to HW filter on device team0 [ 456.441525][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 456.453121][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 456.462891][ T3750] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.470249][ T3750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 456.492976][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 456.503135][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 456.514654][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 456.524352][ T8715] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.531718][ T8715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 456.561340][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 456.593680][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 456.631686][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 456.642845][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 456.662426][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 456.684678][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 456.695858][ T8714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 456.738121][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 456.748258][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 456.758271][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 456.769151][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 456.796756][ T8782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 456.872123][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 456.880056][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 456.923792][ T8782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 457.004300][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 457.015222][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 457.087506][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 457.098946][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 457.130960][ T8782] device veth0_vlan entered promiscuous mode [ 457.142639][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 457.152324][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 457.209102][ T8782] device veth1_vlan entered promiscuous mode [ 457.332124][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 457.344512][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 457.369961][ T8782] device veth0_macvtap entered promiscuous mode [ 457.404846][ T8782] device veth1_macvtap entered promiscuous mode [ 457.420181][ T3750] Bluetooth: hci1: command 0x041b tx timeout [ 457.462835][ T27] usb 1-1: USB disconnect, device number 2 [ 457.509462][ T8782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 457.520232][ T8782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 457.534279][ T8782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 457.545012][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 457.554871][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 457.564566][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 457.574871][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 457.612026][ T8782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 457.623670][ T8782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 457.637934][ T8782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 457.654931][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 457.666755][ T8713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 21:11:17 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x3a7}, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)}, 0x5323d84900f2172c) sendmmsg$alg(r0, &(0x7f0000000140), 0xcc, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2841c0, 0x0) [ 458.338983][ T3228] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 458.709069][ T3228] usb 1-1: New USB device found, idVendor=06d6, idProduct=0041, bcdDevice=65.32 [ 458.718409][ T3228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.758624][ T3228] usb 1-1: config 0 descriptor?? [ 458.803588][ T3228] gspca_main: sunplus-2.14.0 probing 06d6:0041 21:11:18 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406a05000100000000000109022400010000000009040000010301000009210000000122050009058103"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8c, 0x22, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x40, 0x0) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f00000000c0)=0xd6b2) syz_usb_control_io(r1, &(0x7f0000000000)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\"'], 0x0, 0x0, 0x0, 0x0}, 0x0) 21:11:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0x4}}}]}, 0x34}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r5, 0xc1004111, &(0x7f0000000100)={0xfffeffff, [0x0, 0x2, 0xa58], [{0x1, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x8, 0x1, 0x1, 0x1, 0x1, 0x1}, {0x3, 0x20, 0x1, 0x0, 0x0, 0x1}, {0x4, 0x8, 0x0, 0x1, 0x1, 0x1}, {0x4, 0x7fff, 0x0, 0x0, 0x1}, {0x1ff, 0xff71, 0x1, 0x0, 0x1, 0x1}, {0x4, 0xff}, {0xb9, 0xebdb, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x5, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x800, 0x0, 0x1, 0x1, 0x1}, {0x6, 0x2, 0x1, 0x0, 0x1, 0x1}], 0x8}) [ 459.110163][ T3228] gspca_sunplus: reg_w_riv err -71 [ 459.115735][ T3228] sunplus: probe of 1-1:0.0 failed with error -71 [ 459.188126][ T3228] usb 1-1: USB disconnect, device number 3 [ 459.436955][ C1] ===================================================== [ 459.444060][ C1] BUG: KMSAN: uninit-value in geneve_xmit+0x300c/0x3200 [ 459.451025][ C1] CPU: 1 PID: 9049 Comm: systemd-cgroups Not tainted 5.8.0-rc5-syzkaller #0 [ 459.459702][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.469775][ C1] Call Trace: [ 459.473074][ C1] [ 459.476029][ C1] dump_stack+0x21c/0x280 [ 459.480478][ C1] kmsan_report+0xf7/0x1e0 [ 459.484932][ C1] __msan_warning+0x58/0xa0 [ 459.489487][ C1] geneve_xmit+0x300c/0x3200 [ 459.494104][ C1] ? kmsan_report+0x1a0/0x1e0 [ 459.498814][ C1] ? __msan_metadata_ptr_for_store_n+0x10/0x10 [ 459.505015][ C1] ? geneve_stop+0x400/0x400 [ 459.509694][ C1] xmit_one+0x3cf/0x750 [ 459.513878][ C1] ? kmsan_get_metadata+0x116/0x180 [ 459.519106][ C1] __dev_queue_xmit+0x3aad/0x4470 [ 459.524252][ C1] ? __local_bh_enable_ip+0x97/0x1d0 [ 459.529608][ C1] dev_queue_xmit+0x4b/0x60 [ 459.534205][ C1] ip6_finish_output2+0x23f1/0x2a70 [ 459.539470][ C1] ? kmsan_get_metadata+0x116/0x180 [ 459.544703][ C1] __ip6_finish_output+0x9c0/0xa90 [ 459.549858][ C1] ip6_finish_output+0x14b/0x4b0 [ 459.554839][ C1] ip6_output+0x68d/0x7f0 [ 459.559211][ C1] ? ip6_output+0x7f0/0x7f0 [ 459.563739][ C1] ? ac6_seq_show+0x200/0x200 [ 459.569488][ C1] mld_sendpack+0xf6c/0x1470 [ 459.574148][ C1] ? mld_send_report+0x510/0x510 [ 459.579132][ C1] mld_ifc_timer_expire+0x13b8/0x1b50 [ 459.584545][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 459.590391][ C1] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 459.596507][ C1] ? mld_gq_timer_expire+0x180/0x180 [ 459.601899][ C1] call_timer_fn+0x226/0x550 [ 459.606528][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 459.612375][ C1] expire_timers+0x4fc/0x780 [ 459.617004][ C1] ? mld_gq_timer_expire+0x180/0x180 [ 459.622314][ C1] __run_timers+0xaf4/0xd30 [ 459.626864][ C1] ? kmsan_get_metadata+0x116/0x180 [ 459.632086][ C1] run_timer_softirq+0x2d/0x50 [ 459.636869][ C1] ? migrate_timer_list+0x780/0x780 [ 459.642163][ C1] __do_softirq+0x2ea/0x7f5 [ 459.646709][ C1] asm_call_on_stack+0xf/0x20 [ 459.651391][ C1] [ 459.654419][ C1] do_softirq_own_stack+0x7c/0xa0 [ 459.659468][ C1] __irq_exit_rcu+0x226/0x270 [ 459.664171][ C1] irq_exit_rcu+0xe/0x10 [ 459.668517][ C1] sysvec_apic_timer_interrupt+0x107/0x130 [ 459.674356][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 459.680360][ C1] RIP: 0010:kmsan_task_context_state+0x4/0x90 [ 459.686551][ C1] Code: f2 15 00 00 e9 ab fd ff ff 49 89 d6 8b 7d d0 e8 92 13 00 00 41 89 06 e9 ae fd ff ff cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 <53> 65 8b 05 2c 83 ca 7d 65 8b 0d dd f2 cb 7d 80 3d 96 a7 c8 10 00 [ 459.706177][ C1] RSP: 0000:ffff8880409c77b8 EFLAGS: 00000296 [ 459.712475][ C1] RAX: ffffffff821e515c RBX: ffff888040bc5f00 RCX: ffff888040bc5b80 [ 459.720468][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea00056bd5a0 [ 459.728554][ C1] RBP: ffff8880409c77b8 R08: ffffea000000000f R09: ffff88812fffa000 [ 459.736552][ C1] R10: 0000000000000002 R11: ffff888040bc5b80 R12: ffff888040bc6558 [ 459.744544][ C1] R13: ffffea00056bd5a0 R14: 0000000000000000 R15: 0000000000000000 [ 459.752656][ C1] ? page_add_file_rmap+0x3c/0xc10 [ 459.757805][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 459.763634][ C1] __msan_get_context_state+0x9/0x20 [ 459.769013][ C1] lock_page_memcg+0x19/0x310 [ 459.773723][ C1] ? kmsan_internal_set_origin+0x75/0xb0 [ 459.779393][ C1] page_add_file_rmap+0x64/0xc10 [ 459.784363][ C1] ? kmsan_get_metadata+0x116/0x180 [ 459.789668][ C1] alloc_set_pte+0x966/0x1e80 [ 459.794447][ C1] filemap_map_pages+0x1c11/0x1f60 [ 459.799655][ C1] ? cache_from_obj+0x67/0x640 [ 459.804464][ C1] ? filemap_fault+0x3b30/0x3b30 [ 459.809467][ C1] do_read_fault+0x7fd/0x1950 [ 459.814207][ C1] handle_mm_fault+0x3445/0x4940 [ 459.819263][ C1] do_user_addr_fault+0xe09/0x19d0 [ 459.824434][ C1] ? kmsan_get_metadata+0x116/0x180 [ 459.829696][ C1] __exc_page_fault+0x308/0x450 [ 459.834628][ C1] ? asm_exc_page_fault+0x8/0x30 [ 459.839589][ C1] exc_page_fault+0x45/0x50 [ 459.844114][ C1] asm_exc_page_fault+0x1e/0x30 [ 459.849242][ C1] RIP: 0033:0x7fc52545ad30 [ 459.853656][ C1] Code: Bad RIP value. [ 459.857736][ C1] RSP: 002b:00007ffea6d520a8 EFLAGS: 00010202 [ 459.863814][ C1] RAX: 00000000fbad8001 RBX: 000000000000001b RCX: 0000000000000000 [ 459.871806][ C1] RDX: 00007ffea6d521e8 RSI: 00007fc525b0c092 RDI: 00007ffea6d520b0 [ 459.879789][ C1] RBP: 00007ffea6d522c0 R08: 0000000000000000 R09: 0000000000000001 [ 459.887781][ C1] R10: 0000000000080000 R11: 0000000000000246 R12: 00007ffea6d520b0 [ 459.895771][ C1] R13: 00007fc525b0c092 R14: 00007ffea6d521e8 R15: 0000000000000001 [ 459.903774][ C1] [ 459.906112][ C1] Uninit was stored to memory at: [ 459.911174][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 459.916909][ C1] __msan_chain_origin+0x50/0x90 [ 459.921865][ C1] geneve_changelink+0xdb2/0x10f0 [ 459.926985][ C1] rtnl_newlink+0x3384/0x3ed0 [ 459.931683][ C1] rtnetlink_rcv_msg+0x142b/0x18c0 [ 459.936888][ C1] netlink_rcv_skb+0x6d7/0x7e0 [ 459.941669][ C1] rtnetlink_rcv+0x50/0x60 [ 459.946102][ C1] netlink_unicast+0x11c8/0x1490 [ 459.951058][ C1] netlink_sendmsg+0x173a/0x1840 [ 459.956080][ C1] ____sys_sendmsg+0xc82/0x1240 [ 459.960951][ C1] __sys_sendmsg+0x6d1/0x840 [ 459.965553][ C1] __se_sys_sendmsg+0x97/0xb0 [ 459.970244][ C1] __x64_sys_sendmsg+0x4a/0x70 [ 459.975036][ C1] do_syscall_64+0xad/0x160 [ 459.979561][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 459.985451][ C1] [ 459.987787][ C1] Local variable ----df@geneve_changelink created at: [ 459.994574][ C1] geneve_changelink+0x101/0x10f0 [ 459.999609][ C1] geneve_changelink+0x101/0x10f0 [ 460.004631][ C1] ===================================================== [ 460.011569][ C1] Disabling lock debugging due to kernel taint [ 460.017729][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 460.024336][ C1] CPU: 1 PID: 9049 Comm: systemd-cgroups Tainted: G B 5.8.0-rc5-syzkaller #0 [ 460.034403][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.044470][ C1] Call Trace: [ 460.047774][ C1] [ 460.050653][ C1] dump_stack+0x21c/0x280 [ 460.055017][ C1] panic+0x4d7/0xef7 [ 460.058964][ C1] ? add_taint+0x17c/0x210 [ 460.063409][ C1] kmsan_report+0x1df/0x1e0 [ 460.067943][ C1] __msan_warning+0x58/0xa0 [ 460.072472][ C1] geneve_xmit+0x300c/0x3200 [ 460.077093][ C1] ? kmsan_report+0x1a0/0x1e0 [ 460.081805][ C1] ? __msan_metadata_ptr_for_store_n+0x10/0x10 [ 460.088003][ C1] ? geneve_stop+0x400/0x400 [ 460.092636][ C1] xmit_one+0x3cf/0x750 [ 460.096817][ C1] ? kmsan_get_metadata+0x116/0x180 [ 460.102042][ C1] __dev_queue_xmit+0x3aad/0x4470 [ 460.107089][ C1] ? __local_bh_enable_ip+0x97/0x1d0 [ 460.112436][ C1] dev_queue_xmit+0x4b/0x60 [ 460.116965][ C1] ip6_finish_output2+0x23f1/0x2a70 [ 460.122218][ C1] ? kmsan_get_metadata+0x116/0x180 [ 460.127452][ C1] __ip6_finish_output+0x9c0/0xa90 [ 460.132602][ C1] ip6_finish_output+0x14b/0x4b0 [ 460.137583][ C1] ip6_output+0x68d/0x7f0 [ 460.141962][ C1] ? ip6_output+0x7f0/0x7f0 [ 460.146490][ C1] ? ac6_seq_show+0x200/0x200 [ 460.151195][ C1] mld_sendpack+0xf6c/0x1470 [ 460.155837][ C1] ? mld_send_report+0x510/0x510 [ 460.160813][ C1] mld_ifc_timer_expire+0x13b8/0x1b50 [ 460.166212][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 460.172042][ C1] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 460.178149][ C1] ? mld_gq_timer_expire+0x180/0x180 [ 460.183454][ C1] call_timer_fn+0x226/0x550 [ 460.188071][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 460.193898][ C1] expire_timers+0x4fc/0x780 [ 460.198529][ C1] ? mld_gq_timer_expire+0x180/0x180 [ 460.203841][ C1] __run_timers+0xaf4/0xd30 [ 460.208394][ C1] ? kmsan_get_metadata+0x116/0x180 [ 460.213617][ C1] run_timer_softirq+0x2d/0x50 [ 460.218399][ C1] ? migrate_timer_list+0x780/0x780 [ 460.223617][ C1] __do_softirq+0x2ea/0x7f5 [ 460.228159][ C1] asm_call_on_stack+0xf/0x20 [ 460.232837][ C1] [ 460.235796][ C1] do_softirq_own_stack+0x7c/0xa0 [ 460.240844][ C1] __irq_exit_rcu+0x226/0x270 [ 460.245567][ C1] irq_exit_rcu+0xe/0x10 [ 460.249919][ C1] sysvec_apic_timer_interrupt+0x107/0x130 [ 460.255757][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 460.261759][ C1] RIP: 0010:kmsan_task_context_state+0x4/0x90 [ 460.267864][ C1] Code: f2 15 00 00 e9 ab fd ff ff 49 89 d6 8b 7d d0 e8 92 13 00 00 41 89 06 e9 ae fd ff ff cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 <53> 65 8b 05 2c 83 ca 7d 65 8b 0d dd f2 cb 7d 80 3d 96 a7 c8 10 00 [ 460.287490][ C1] RSP: 0000:ffff8880409c77b8 EFLAGS: 00000296 [ 460.293589][ C1] RAX: ffffffff821e515c RBX: ffff888040bc5f00 RCX: ffff888040bc5b80 [ 460.301578][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea00056bd5a0 [ 460.309570][ C1] RBP: ffff8880409c77b8 R08: ffffea000000000f R09: ffff88812fffa000 [ 460.317568][ C1] R10: 0000000000000002 R11: ffff888040bc5b80 R12: ffff888040bc6558 [ 460.325563][ C1] R13: ffffea00056bd5a0 R14: 0000000000000000 R15: 0000000000000000 [ 460.333582][ C1] ? page_add_file_rmap+0x3c/0xc10 [ 460.338757][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 460.344612][ C1] __msan_get_context_state+0x9/0x20 [ 460.349936][ C1] lock_page_memcg+0x19/0x310 [ 460.354641][ C1] ? kmsan_internal_set_origin+0x75/0xb0 [ 460.360308][ C1] page_add_file_rmap+0x64/0xc10 [ 460.365270][ C1] ? kmsan_get_metadata+0x116/0x180 [ 460.370504][ C1] alloc_set_pte+0x966/0x1e80 [ 460.375246][ C1] filemap_map_pages+0x1c11/0x1f60 [ 460.380403][ C1] ? cache_from_obj+0x67/0x640 [ 460.385203][ C1] ? filemap_fault+0x3b30/0x3b30 [ 460.390161][ C1] do_read_fault+0x7fd/0x1950 [ 460.394883][ C1] handle_mm_fault+0x3445/0x4940 [ 460.399893][ C1] do_user_addr_fault+0xe09/0x19d0 [ 460.405037][ C1] ? kmsan_get_metadata+0x116/0x180 [ 460.410287][ C1] __exc_page_fault+0x308/0x450 [ 460.415166][ C1] ? asm_exc_page_fault+0x8/0x30 [ 460.420130][ C1] exc_page_fault+0x45/0x50 [ 460.424662][ C1] asm_exc_page_fault+0x1e/0x30 [ 460.429570][ C1] RIP: 0033:0x7fc52545ad30 [ 460.433991][ C1] Code: Bad RIP value. [ 460.438083][ C1] RSP: 002b:00007ffea6d520a8 EFLAGS: 00010202 [ 460.444170][ C1] RAX: 00000000fbad8001 RBX: 000000000000001b RCX: 0000000000000000 [ 460.452158][ C1] RDX: 00007ffea6d521e8 RSI: 00007fc525b0c092 RDI: 00007ffea6d520b0 [ 460.460141][ C1] RBP: 00007ffea6d522c0 R08: 0000000000000000 R09: 0000000000000001 [ 460.468127][ C1] R10: 0000000000080000 R11: 0000000000000246 R12: 00007ffea6d520b0 [ 460.476122][ C1] R13: 00007fc525b0c092 R14: 00007ffea6d521e8 R15: 0000000000000001 [ 460.485397][ C1] Kernel Offset: disabled [ 460.489741][ C1] Rebooting in 86400 seconds..