[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.594122][ T26] audit: type=1800 audit(1572196794.481:25): pid=8641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.614169][ T26] audit: type=1800 audit(1572196794.481:26): pid=8641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.651573][ T26] audit: type=1800 audit(1572196794.481:27): pid=8641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. 2019/10/27 17:20:06 fuzzer started 2019/10/27 17:20:07 dialing manager at 10.128.0.26:34793 2019/10/27 17:20:07 syscalls: 2534 2019/10/27 17:20:07 code coverage: enabled 2019/10/27 17:20:07 comparison tracing: enabled 2019/10/27 17:20:07 extra coverage: extra coverage is not supported by the kernel 2019/10/27 17:20:07 setuid sandbox: enabled 2019/10/27 17:20:07 namespace sandbox: enabled 2019/10/27 17:20:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/27 17:20:07 fault injection: enabled 2019/10/27 17:20:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/27 17:20:07 net packet injection: enabled 2019/10/27 17:20:07 net device setup: enabled 2019/10/27 17:20:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 17:22:39 executing program 0: clock_getres(0xd336b5c6baf1fdee, 0x0) 17:22:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000002070184a50000000000000000ff0003180001002a6574683176626f786e65743073656c66000000"], 0x2c}}, 0x0) syzkaller login: [ 220.398209][ T8807] IPVS: ftp: loaded support on port[0] = 21 [ 220.541010][ T8809] IPVS: ftp: loaded support on port[0] = 21 17:22:39 executing program 2: creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x203, 0xffffffffffffffff) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x100) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 220.608157][ T8807] chnl_net:caif_netlink_parms(): no params data found [ 220.671764][ T8807] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.688238][ T8807] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.699894][ T8807] device bridge_slave_0 entered promiscuous mode [ 220.710298][ T8807] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.718525][ T8807] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.727811][ T8807] device bridge_slave_1 entered promiscuous mode [ 220.751665][ T8807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.762969][ T8807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.790487][ T8807] team0: Port device team_slave_0 added [ 220.820451][ T8807] team0: Port device team_slave_1 added 17:22:39 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1001004c8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x108, r2, 0xcc502151525db192, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x8, 0x4, [@TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee63}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}}}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3d6f379c}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4800}, 0x40) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 220.928702][ T8807] device hsr_slave_0 entered promiscuous mode [ 221.006947][ T8807] device hsr_slave_1 entered promiscuous mode [ 221.100402][ T8813] IPVS: ftp: loaded support on port[0] = 21 [ 221.103066][ T8815] IPVS: ftp: loaded support on port[0] = 21 [ 221.151152][ T8809] chnl_net:caif_netlink_parms(): no params data found 17:22:40 executing program 4: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) [ 221.244173][ T8807] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.252182][ T8807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.260060][ T8807] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.267184][ T8807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.415083][ T8809] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.428405][ T8809] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.438963][ T8809] device bridge_slave_0 entered promiscuous mode [ 221.448081][ T8809] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.455153][ T8809] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.466153][ T8809] device bridge_slave_1 entered promiscuous mode [ 221.512128][ T8818] IPVS: ftp: loaded support on port[0] = 21 [ 221.512247][ T8813] chnl_net:caif_netlink_parms(): no params data found 17:22:40 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) [ 221.560655][ T8809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.620498][ T8809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.699254][ T2624] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.719006][ T2624] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.737040][ T8813] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.744134][ T8813] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.752417][ T8813] device bridge_slave_0 entered promiscuous mode [ 221.762133][ T8813] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.769381][ T8813] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.777582][ T8813] device bridge_slave_1 entered promiscuous mode [ 221.785509][ T8809] team0: Port device team_slave_0 added [ 221.804605][ T8823] IPVS: ftp: loaded support on port[0] = 21 [ 221.832642][ T8809] team0: Port device team_slave_1 added [ 221.841947][ T8815] chnl_net:caif_netlink_parms(): no params data found [ 221.858773][ T8813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.870717][ T8813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.937601][ T8809] device hsr_slave_0 entered promiscuous mode [ 221.975801][ T8809] device hsr_slave_1 entered promiscuous mode [ 222.015670][ T8809] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.043969][ T8807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.063336][ T8813] team0: Port device team_slave_0 added [ 222.072209][ T8813] team0: Port device team_slave_1 added [ 222.083847][ T8807] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.108465][ T8815] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.115845][ T8815] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.123589][ T8815] device bridge_slave_0 entered promiscuous mode [ 222.133814][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.142213][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.179434][ T8815] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.187016][ T8815] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.194621][ T8815] device bridge_slave_1 entered promiscuous mode [ 222.214448][ T8815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 222.223680][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.232551][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.241967][ T2624] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.249098][ T2624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.271035][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.280000][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.289320][ T3532] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.296424][ T3532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.316284][ T8815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 222.389451][ T8813] device hsr_slave_0 entered promiscuous mode [ 222.446007][ T8813] device hsr_slave_1 entered promiscuous mode [ 222.486417][ T8813] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.550229][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.559456][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.569372][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.578362][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.588413][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.600083][ T8815] team0: Port device team_slave_0 added [ 222.611416][ T8815] team0: Port device team_slave_1 added [ 222.635385][ T8818] chnl_net:caif_netlink_parms(): no params data found [ 222.648405][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.658028][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.738940][ T8815] device hsr_slave_0 entered promiscuous mode [ 222.776228][ T8815] device hsr_slave_1 entered promiscuous mode [ 222.825682][ T8815] debugfs: Directory 'hsr0' with parent '/' already present! [ 222.849039][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.860200][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.903076][ T8807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.915118][ T8807] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 222.929656][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.938658][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.037093][ T8818] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.044293][ T8818] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.052260][ T8818] device bridge_slave_0 entered promiscuous mode [ 223.060789][ T8818] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.068206][ T8818] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.076214][ T8818] device bridge_slave_1 entered promiscuous mode [ 223.101748][ T8823] chnl_net:caif_netlink_parms(): no params data found [ 223.131388][ T8818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.151200][ T8818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.179541][ T8807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.210858][ T8823] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.224917][ T8823] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.233591][ T8823] device bridge_slave_0 entered promiscuous mode [ 223.267489][ T8823] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.274777][ T8823] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.290779][ T8823] device bridge_slave_1 entered promiscuous mode [ 223.301871][ T8818] team0: Port device team_slave_0 added [ 223.309986][ T8818] team0: Port device team_slave_1 added [ 223.326991][ T8813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.344232][ T8809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.435236][ T8818] device hsr_slave_0 entered promiscuous mode [ 223.485985][ T8818] device hsr_slave_1 entered promiscuous mode [ 223.555758][ T8818] debugfs: Directory 'hsr0' with parent '/' already present! [ 223.574944][ T8823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.635232][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.661140][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.669954][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 17:22:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000040)={[], 0x0, 0x4}) [ 223.684634][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.696284][ T8823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.713168][ T8836] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 223.732259][ T8809] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.750969][ T8813] 8021q: adding VLAN 0 to HW filter on device team0 17:22:42 executing program 0: [ 223.805238][ T8815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.834651][ T8823] team0: Port device team_slave_0 added [ 223.871677][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.886376][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.904289][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.911473][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state 17:22:42 executing program 0: [ 223.923350][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.932230][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.941613][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.948748][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.956798][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.984506][ T8815] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.998273][ T8823] team0: Port device team_slave_1 added [ 224.005532][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.014212][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.023797][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 17:22:42 executing program 0: [ 224.040773][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.053071][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.065283][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.077484][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 17:22:43 executing program 0: [ 224.088903][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.097764][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.106108][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.114026][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.130485][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.139573][ T8817] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.146750][ T8817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.147254][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.163759][ T8817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.172595][ T8817] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.179810][ T8817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.193537][ T8809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.211413][ T8809] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.232501][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 17:22:43 executing program 0: [ 224.241922][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.250427][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.259606][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.268853][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.278979][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.288568][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.300459][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.309351][ T3532] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.316558][ T3532] bridge0: port 1(bridge_slave_0) entered forwarding state 17:22:43 executing program 0: [ 224.338793][ T8809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.420082][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.436260][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.445330][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.460730][ T3532] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.467928][ T3532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.482875][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.491909][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.503992][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.512945][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.521746][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.530625][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.539564][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.548736][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.557595][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.566357][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.574634][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.583308][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.591713][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.600112][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.618431][ T8815] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.630162][ T8815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.649841][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 224.659716][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 224.673439][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.681906][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.693754][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.702297][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.711480][ T3532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.722742][ T8813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.778792][ T8823] device hsr_slave_0 entered promiscuous mode [ 224.815912][ T8823] device hsr_slave_1 entered promiscuous mode [ 224.855639][ T8823] debugfs: Directory 'hsr0' with parent '/' already present! [ 224.909134][ T8813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.936132][ T8815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.979427][ T8818] 8021q: adding VLAN 0 to HW filter on device bond0 17:22:43 executing program 1: [ 225.088213][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.101374][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.141563][ T8818] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.173375][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.182417][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.191099][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.198211][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.206628][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.215213][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.223789][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.231038][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.243091][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.256158][ T2624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.323539][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.336817][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.362325][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.371146][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.380328][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.398797][ T8818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 225.411438][ T8818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.444829][ C0] hrtimer: interrupt took 44291 ns [ 225.446009][ T8823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.457147][ T8872] Failed to obtain node identity [ 225.462788][ T8872] Enabling of bearer rejected, failed to enable media [ 225.476241][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.484392][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.500743][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.512382][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.529094][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.555169][ T8823] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.564103][ T8875] Failed to obtain node identity [ 225.570383][ T8875] Enabling of bearer rejected, failed to enable media [ 225.585889][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 225.593635][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.610090][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.637774][ T8818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.646063][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.654769][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.726223][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.733317][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.760291][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.776251][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.784698][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.791828][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.799779][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.809202][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.833075][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.843662][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.860768][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.873311][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.882963][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.908846][ T8823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 225.927866][ T8823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.956091][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.964098][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.982591][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.994484][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 226.009334][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.031399][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.062149][ T8823] 8021q: adding VLAN 0 to HW filter on device batadv0 17:22:45 executing program 1: 17:22:45 executing program 0: 17:22:45 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1001004c8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x108, r2, 0xcc502151525db192, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x8, 0x4, [@TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee63}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}}}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3d6f379c}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4800}, 0x40) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 226.351084][ T8901] Failed to obtain node identity [ 226.370055][ T8901] Enabling of bearer rejected, failed to enable media 17:22:45 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:45 executing program 2: creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x203, 0xffffffffffffffff) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x100) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 17:22:45 executing program 4: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 17:22:45 executing program 1: 17:22:45 executing program 0: 17:22:45 executing program 4: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 17:22:45 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:45 executing program 1: 17:22:45 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [0x0, 0x600], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 17:22:45 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1001004c8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x108, r2, 0xcc502151525db192, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x8, 0x4, [@TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee63}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}}}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3d6f379c}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4800}, 0x40) clone(0x0, 0x0, 0x0, 0x0, 0x0) 17:22:45 executing program 4: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 17:22:45 executing program 1: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000300)={0x0, @empty, 0x0, 0x0, 'fo\x00'}, 0x2c) 17:22:45 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) [ 226.935025][ T8939] Failed to obtain node identity [ 226.950712][ T8939] Enabling of bearer rejected, failed to enable media 17:22:46 executing program 2: creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x203, 0xffffffffffffffff) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x100) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 17:22:46 executing program 4: socket$inet(0x2, 0x200000002, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 17:22:46 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], 0x0}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) msgget(0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') 17:22:46 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [0x0, 0x600], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 17:22:46 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:46 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1001004c8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x108, r2, 0xcc502151525db192, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x8, 0x4, [@TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee63}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}}}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3d6f379c}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4800}, 0x40) clone(0x0, 0x0, 0x0, 0x0, 0x0) 17:22:46 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) [ 227.572627][ T8960] Failed to obtain node identity 17:22:46 executing program 4: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) [ 227.605727][ T8960] Enabling of bearer rejected, failed to enable media 17:22:46 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [0x0, 0x600], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 17:22:46 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:46 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], 0x0}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) msgget(0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') 17:22:46 executing program 4: syz_emit_ethernet(0x0, 0x0, 0x0) 17:22:47 executing program 2: creat(&(0x7f0000000280)='./file0\x00', 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x203, 0xffffffffffffffff) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x100) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 17:22:47 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1001004c8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x108, r2, 0xcc502151525db192, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x8, 0x4, [@TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee63}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}}}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3d6f379c}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4800}, 0x40) 17:22:47 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:47 executing program 4: syz_emit_ethernet(0x0, 0x0, 0x0) 17:22:47 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], 0x0}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) msgget(0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') 17:22:47 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [0x0, 0x600], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 228.595538][ T9000] Failed to obtain node identity 17:22:47 executing program 4: syz_emit_ethernet(0x0, 0x0, 0x0) 17:22:47 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 17:22:47 executing program 1: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [], 0x0}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) msgget(0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') [ 228.625629][ T9000] Enabling of bearer rejected, failed to enable media 17:22:47 executing program 3: timer_delete(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="28ff0300e58b03ad3bdeaf6f0c9c9e768ea0e58886880f0a454963044347b751f47e", @ANYRES16, @ANYBLOB="2900000000000000000003000000e0ffffffffffffff69623a6970365f76"], 0x3}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)={0x28, r2, 0x29, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip6_vti0\x00'}}]}]}, 0x28}}, 0x0) 17:22:47 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) syz_open_dev$swradio(0x0, 0x1, 0x2) r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, [0x0, 0x600], &(0x7f00000000c0)={0x98f90a, 0x3000000, [], @p_u8=&(0x7f0000000040)}}) syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x3480, 0x0) 17:22:47 executing program 4: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) [ 228.876161][ T9017] Failed to obtain node identity [ 228.895649][ T9017] Enabling of bearer rejected, failed to enable media [ 229.022379][ T9029] ================================================================== [ 229.030702][ T9029] BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.039040][ T9029] Read of size 1 at addr ffff888091522004 by task syz-executor.4/9029 [ 229.047193][ T9029] [ 229.049542][ T9029] CPU: 1 PID: 9029 Comm: syz-executor.4 Not tainted 5.4.0-rc4-next-20191025 #0 [ 229.058476][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.068545][ T9029] Call Trace: [ 229.071853][ T9029] dump_stack+0x172/0x1f0 [ 229.076202][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.082291][ T9029] print_address_description.constprop.0.cold+0xd4/0x30b [ 229.089329][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.095325][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.101324][ T9029] __kasan_report.cold+0x1b/0x41 [ 229.106275][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.112270][ T9029] kasan_report+0x12/0x20 [ 229.116613][ T9029] __asan_report_load1_noabort+0x14/0x20 [ 229.122249][ T9029] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.128069][ T9029] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 229.134491][ T9029] ? nf_nat_inet_fn+0x211/0x8b0 [ 229.139359][ T9029] nf_confirm+0x3d8/0x4d0 [ 229.143702][ T9029] ipv4_confirm+0x14c/0x240 [ 229.148216][ T9029] nf_hook_slow+0xbc/0x1e0 [ 229.152646][ T9029] ip_local_deliver+0x352/0x520 [ 229.157504][ T9029] ? ip_local_deliver_finish+0x380/0x380 [ 229.163160][ T9029] ? ip_protocol_deliver_rcu+0x880/0x880 [ 229.168823][ T9029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.175072][ T9029] ? __this_cpu_preempt_check+0x35/0x190 [ 229.180722][ T9029] ip_sublist_rcv_finish+0x9b/0x2d0 [ 229.185930][ T9029] ip_sublist_rcv+0x27d/0x940 [ 229.190624][ T9029] ? ip_rcv_finish+0x2f0/0x2f0 [ 229.195409][ T9029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 229.201666][ T9029] ? ip_rcv_finish_core.isra.0+0x1b70/0x1b70 [ 229.207671][ T9029] ? ip_rcv_core.isra.0+0x878/0xc80 [ 229.212887][ T9029] ip_list_rcv+0x370/0x4ac [ 229.217342][ T9029] ? __lockdep_free_key_range+0x120/0x120 [ 229.223069][ T9029] ? ip_rcv+0x3f0/0x3f0 [ 229.227236][ T9029] ? ip_rcv+0x3f0/0x3f0 [ 229.231399][ T9029] __netif_receive_skb_list_core+0x5fc/0x9d0 [ 229.237390][ T9029] ? ktime_get_with_offset+0x135/0x360 [ 229.243133][ T9029] ? ktime_get_with_offset+0x135/0x360 [ 229.248600][ T9029] ? process_backlog+0x750/0x750 [ 229.253544][ T9029] ? lock_acquire+0x190/0x410 [ 229.258230][ T9029] ? __kasan_check_read+0x11/0x20 [ 229.263268][ T9029] netif_receive_skb_list_internal+0x7eb/0xe50 [ 229.269438][ T9029] ? __netif_receive_skb_list_core+0x9d0/0x9d0 [ 229.275620][ T9029] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 229.281868][ T9029] ? eth_type_trans+0x3a5/0x760 [ 229.286730][ T9029] gro_normal_list.part.0+0x1e/0xb0 [ 229.291937][ T9029] gro_normal_one+0x184/0x1d0 [ 229.296714][ T9029] napi_gro_frags+0x915/0xd00 [ 229.301403][ T9029] tun_get_user+0x2e8e/0x3f80 [ 229.306086][ T9029] ? __kasan_check_read+0x11/0x20 [ 229.311138][ T9029] ? tun_build_skb.isra.0+0x1380/0x1380 [ 229.316704][ T9029] ? rcu_read_lock_held+0x9c/0xb0 [ 229.321744][ T9029] ? __kasan_check_read+0x11/0x20 [ 229.328437][ T9029] tun_chr_write_iter+0xbd/0x156 [ 229.333472][ T9029] do_iter_readv_writev+0x5f8/0x8f0 [ 229.338695][ T9029] ? no_seek_end_llseek_size+0x70/0x70 [ 229.344180][ T9029] ? apparmor_file_permission+0x25/0x30 [ 229.349744][ T9029] ? rw_verify_area+0x126/0x360 [ 229.354618][ T9029] do_iter_write+0x184/0x610 [ 229.359219][ T9029] ? dup_iter+0x260/0x260 [ 229.363566][ T9029] vfs_writev+0x1b3/0x2f0 [ 229.367911][ T9029] ? vfs_iter_write+0xb0/0xb0 [ 229.372607][ T9029] ? __kasan_check_read+0x11/0x20 [ 229.377655][ T9029] ? ksys_dup3+0x3e0/0x3e0 [ 229.382090][ T9029] ? __kasan_check_read+0x11/0x20 [ 229.387128][ T9029] ? __fget_light+0x1a9/0x230 [ 229.391819][ T9029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.398162][ T9029] do_writev+0x15b/0x330 [ 229.402412][ T9029] ? vfs_writev+0x2f0/0x2f0 [ 229.406928][ T9029] ? do_syscall_64+0x26/0x760 [ 229.411610][ T9029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.417683][ T9029] ? do_syscall_64+0x26/0x760 [ 229.422376][ T9029] __x64_sys_writev+0x75/0xb0 [ 229.427071][ T9029] do_syscall_64+0xfa/0x760 [ 229.431591][ T9029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.437490][ T9029] RIP: 0033:0x459df1 [ 229.441385][ T9029] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 229.461589][ T9029] RSP: 002b:00007fd90edefba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 229.461614][ T9029] RAX: ffffffffffffffda RBX: 000000000000002a RCX: 0000000000459df1 [ 229.461621][ T9029] RDX: 0000000000000001 RSI: 00007fd90edefc00 RDI: 00000000000000f0 [ 229.461629][ T9029] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 229.461637][ T9029] R10: 00007fd90edf09d0 R11: 0000000000000293 R12: 00007fd90edf06d4 [ 229.461651][ T9029] R13: 00000000004c9352 R14: 00000000004e0a60 R15: 00000000ffffffff [ 229.478016][ T9029] [ 229.478026][ T9029] Allocated by task 9029: [ 229.478046][ T9029] save_stack+0x23/0x90 [ 229.478057][ T9029] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 229.478074][ T9029] kasan_krealloc+0x84/0xc0 [ 229.530820][ T9029] krealloc+0xa6/0xd0 [ 229.534822][ T9029] nf_ct_ext_add+0x2c7/0x630 [ 229.534842][ T9029] init_conntrack.isra.0+0x5ed/0x11a0 [ 229.544775][ T9029] nf_conntrack_in+0xd94/0x1460 [ 229.544790][ T9029] ipv4_conntrack_in+0x1e/0x30 [ 229.544813][ T9029] nf_hook_slow+0xbc/0x1e0 [ 229.558799][ T9029] nf_hook_slow_list+0x1d9/0x480 [ 229.563743][ T9029] ip_sublist_rcv+0x66e/0x940 [ 229.568425][ T9029] ip_list_rcv+0x370/0x4ac [ 229.572858][ T9029] __netif_receive_skb_list_core+0x5fc/0x9d0 [ 229.578849][ T9029] netif_receive_skb_list_internal+0x7eb/0xe50 [ 229.585002][ T9029] gro_normal_list.part.0+0x1e/0xb0 [ 229.590339][ T9029] gro_normal_one+0x184/0x1d0 [ 229.595005][ T9029] napi_gro_frags+0x915/0xd00 [ 229.599680][ T9029] tun_get_user+0x2e8e/0x3f80 [ 229.604354][ T9029] tun_chr_write_iter+0xbd/0x156 [ 229.609455][ T9029] do_iter_readv_writev+0x5f8/0x8f0 [ 229.614631][ T9029] do_iter_write+0x184/0x610 [ 229.619211][ T9029] vfs_writev+0x1b3/0x2f0 [ 229.623517][ T9029] do_writev+0x15b/0x330 [ 229.627750][ T9029] __x64_sys_writev+0x75/0xb0 [ 229.632407][ T9029] do_syscall_64+0xfa/0x760 [ 229.636897][ T9029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.642763][ T9029] [ 229.645068][ T9029] Freed by task 9029: [ 229.649034][ T9029] save_stack+0x23/0x90 [ 229.653172][ T9029] __kasan_slab_free+0x102/0x150 [ 229.658091][ T9029] kasan_slab_free+0xe/0x10 [ 229.662570][ T9029] kfree+0x10a/0x2c0 [ 229.666445][ T9029] nf_ct_ext_destroy+0x2ab/0x2e0 [ 229.671360][ T9029] nf_conntrack_free+0x8f/0xe0 [ 229.676101][ T9029] destroy_conntrack+0x1a2/0x270 [ 229.681014][ T9029] nf_conntrack_destroy+0xed/0x230 [ 229.686112][ T9029] __nf_conntrack_confirm+0x21ca/0x2830 [ 229.691635][ T9029] nf_confirm+0x3e7/0x4d0 [ 229.695941][ T9029] ipv4_confirm+0x14c/0x240 [ 229.700434][ T9029] nf_hook_slow+0xbc/0x1e0 [ 229.704857][ T9029] ip_local_deliver+0x352/0x520 [ 229.709690][ T9029] ip_sublist_rcv_finish+0x9b/0x2d0 [ 229.714869][ T9029] ip_sublist_rcv+0x27d/0x940 [ 229.719525][ T9029] ip_list_rcv+0x370/0x4ac [ 229.724021][ T9029] __netif_receive_skb_list_core+0x5fc/0x9d0 [ 229.729987][ T9029] netif_receive_skb_list_internal+0x7eb/0xe50 [ 229.736136][ T9029] gro_normal_list.part.0+0x1e/0xb0 [ 229.741313][ T9029] gro_normal_one+0x184/0x1d0 [ 229.745985][ T9029] napi_gro_frags+0x915/0xd00 [ 229.750643][ T9029] tun_get_user+0x2e8e/0x3f80 [ 229.755297][ T9029] tun_chr_write_iter+0xbd/0x156 [ 229.760220][ T9029] do_iter_readv_writev+0x5f8/0x8f0 [ 229.765394][ T9029] do_iter_write+0x184/0x610 [ 229.769973][ T9029] vfs_writev+0x1b3/0x2f0 [ 229.774286][ T9029] do_writev+0x15b/0x330 [ 229.778519][ T9029] __x64_sys_writev+0x75/0xb0 [ 229.783210][ T9029] do_syscall_64+0xfa/0x760 [ 229.787714][ T9029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.793605][ T9029] [ 229.795932][ T9029] The buggy address belongs to the object at ffff888091522000 [ 229.795932][ T9029] which belongs to the cache kmalloc-128 of size 128 [ 229.809981][ T9029] The buggy address is located 4 bytes inside of [ 229.809981][ T9029] 128-byte region [ffff888091522000, ffff888091522080) [ 229.823091][ T9029] The buggy address belongs to the page: [ 229.828717][ T9029] page:ffffea0002454880 refcount:1 mapcount:0 mapping:ffff8880aa400700 index:0x0 [ 229.837808][ T9029] flags: 0x1fffc0000000200(slab) [ 229.842820][ T9029] raw: 01fffc0000000200 ffffea0002588bc8 ffffea000266be08 ffff8880aa400700 [ 229.851389][ T9029] raw: 0000000000000000 ffff888091522000 0000000100000010 0000000000000000 [ 229.859953][ T9029] page dumped because: kasan: bad access detected [ 229.866353][ T9029] [ 229.868671][ T9029] Memory state around the buggy address: [ 229.874280][ T9029] ffff888091521f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 229.882325][ T9029] ffff888091521f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 229.890367][ T9029] >ffff888091522000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 229.898402][ T9029] ^ [ 229.902444][ T9029] ffff888091522080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 229.910486][ T9029] ffff888091522100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 229.918607][ T9029] ================================================================== [ 229.926654][ T9029] Disabling lock debugging due to kernel taint [ 229.932901][ T9029] Kernel panic - not syncing: panic_on_warn set ... [ 229.939500][ T9029] CPU: 1 PID: 9029 Comm: syz-executor.4 Tainted: G B 5.4.0-rc4-next-20191025 #0 [ 229.949807][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.959843][ T9029] Call Trace: [ 229.963131][ T9029] dump_stack+0x172/0x1f0 [ 229.967441][ T9029] panic+0x2e3/0x75c [ 229.971315][ T9029] ? add_taint.cold+0x16/0x16 [ 229.975970][ T9029] ? retint_kernel+0x2b/0x2b [ 229.980561][ T9029] ? trace_hardirqs_on+0x5e/0x240 [ 229.985574][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 229.991546][ T9029] end_report+0x47/0x4f [ 229.995690][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 230.001650][ T9029] __kasan_report.cold+0xe/0x41 [ 230.006480][ T9029] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 230.012451][ T9029] kasan_report+0x12/0x20 [ 230.016770][ T9029] __asan_report_load1_noabort+0x14/0x20 [ 230.022482][ T9029] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 230.028266][ T9029] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 230.034659][ T9029] ? nf_nat_inet_fn+0x211/0x8b0 [ 230.039487][ T9029] nf_confirm+0x3d8/0x4d0 [ 230.043809][ T9029] ipv4_confirm+0x14c/0x240 [ 230.048295][ T9029] nf_hook_slow+0xbc/0x1e0 [ 230.052694][ T9029] ip_local_deliver+0x352/0x520 [ 230.057524][ T9029] ? ip_local_deliver_finish+0x380/0x380 [ 230.063225][ T9029] ? ip_protocol_deliver_rcu+0x880/0x880 [ 230.068837][ T9029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 230.075056][ T9029] ? __this_cpu_preempt_check+0x35/0x190 [ 230.080675][ T9029] ip_sublist_rcv_finish+0x9b/0x2d0 [ 230.085853][ T9029] ip_sublist_rcv+0x27d/0x940 [ 230.090514][ T9029] ? ip_rcv_finish+0x2f0/0x2f0 [ 230.095257][ T9029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 230.101480][ T9029] ? ip_rcv_finish_core.isra.0+0x1b70/0x1b70 [ 230.107455][ T9029] ? ip_rcv_core.isra.0+0x878/0xc80 [ 230.112642][ T9029] ip_list_rcv+0x370/0x4ac [ 230.117044][ T9029] ? __lockdep_free_key_range+0x120/0x120 [ 230.122746][ T9029] ? ip_rcv+0x3f0/0x3f0 [ 230.126882][ T9029] ? ip_rcv+0x3f0/0x3f0 [ 230.131021][ T9029] __netif_receive_skb_list_core+0x5fc/0x9d0 [ 230.136982][ T9029] ? ktime_get_with_offset+0x135/0x360 [ 230.142420][ T9029] ? ktime_get_with_offset+0x135/0x360 [ 230.147858][ T9029] ? process_backlog+0x750/0x750 [ 230.152778][ T9029] ? lock_acquire+0x190/0x410 [ 230.157438][ T9029] ? __kasan_check_read+0x11/0x20 [ 230.162443][ T9029] netif_receive_skb_list_internal+0x7eb/0xe50 [ 230.169122][ T9029] ? __netif_receive_skb_list_core+0x9d0/0x9d0 [ 230.175263][ T9029] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 230.181485][ T9029] ? eth_type_trans+0x3a5/0x760 [ 230.186319][ T9029] gro_normal_list.part.0+0x1e/0xb0 [ 230.191494][ T9029] gro_normal_one+0x184/0x1d0 [ 230.196154][ T9029] napi_gro_frags+0x915/0xd00 [ 230.200813][ T9029] tun_get_user+0x2e8e/0x3f80 [ 230.205468][ T9029] ? __kasan_check_read+0x11/0x20 [ 230.210481][ T9029] ? tun_build_skb.isra.0+0x1380/0x1380 [ 230.216013][ T9029] ? rcu_read_lock_held+0x9c/0xb0 [ 230.221016][ T9029] ? __kasan_check_read+0x11/0x20 [ 230.226028][ T9029] tun_chr_write_iter+0xbd/0x156 [ 230.231034][ T9029] do_iter_readv_writev+0x5f8/0x8f0 [ 230.236228][ T9029] ? no_seek_end_llseek_size+0x70/0x70 [ 230.241669][ T9029] ? apparmor_file_permission+0x25/0x30 [ 230.247197][ T9029] ? rw_verify_area+0x126/0x360 [ 230.252024][ T9029] do_iter_write+0x184/0x610 [ 230.256592][ T9029] ? dup_iter+0x260/0x260 [ 230.260902][ T9029] vfs_writev+0x1b3/0x2f0 [ 230.265296][ T9029] ? vfs_iter_write+0xb0/0xb0 [ 230.269958][ T9029] ? __kasan_check_read+0x11/0x20 [ 230.274974][ T9029] ? ksys_dup3+0x3e0/0x3e0 [ 230.279371][ T9029] ? __kasan_check_read+0x11/0x20 [ 230.284380][ T9029] ? __fget_light+0x1a9/0x230 [ 230.289038][ T9029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 230.295257][ T9029] do_writev+0x15b/0x330 [ 230.299480][ T9029] ? vfs_writev+0x2f0/0x2f0 [ 230.303964][ T9029] ? do_syscall_64+0x26/0x760 [ 230.308707][ T9029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.314776][ T9029] ? do_syscall_64+0x26/0x760 [ 230.319433][ T9029] __x64_sys_writev+0x75/0xb0 [ 230.324092][ T9029] do_syscall_64+0xfa/0x760 [ 230.328594][ T9029] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.334464][ T9029] RIP: 0033:0x459df1 [ 230.338343][ T9029] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 230.357936][ T9029] RSP: 002b:00007fd90edefba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 230.366336][ T9029] RAX: ffffffffffffffda RBX: 000000000000002a RCX: 0000000000459df1 [ 230.374907][ T9029] RDX: 0000000000000001 RSI: 00007fd90edefc00 RDI: 00000000000000f0 [ 230.382859][ T9029] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 230.390812][ T9029] R10: 00007fd90edf09d0 R11: 0000000000000293 R12: 00007fd90edf06d4 [ 230.398763][ T9029] R13: 00000000004c9352 R14: 00000000004e0a60 R15: 00000000ffffffff [ 230.408164][ T9029] Kernel Offset: disabled [ 230.412493][ T9029] Rebooting in 86400 seconds..