[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.403322][ T26] audit: type=1800 audit(1571946969.318:25): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.423145][ T26] audit: type=1800 audit(1571946969.318:26): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.470723][ T26] audit: type=1800 audit(1571946969.338:27): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. 2019/10/24 19:56:19 fuzzer started 2019/10/24 19:56:21 dialing manager at 10.128.0.26:38287 2019/10/24 19:56:21 syscalls: 2525 2019/10/24 19:56:21 code coverage: enabled 2019/10/24 19:56:21 comparison tracing: enabled 2019/10/24 19:56:21 extra coverage: extra coverage is not supported by the kernel 2019/10/24 19:56:21 setuid sandbox: enabled 2019/10/24 19:56:21 namespace sandbox: enabled 2019/10/24 19:56:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/24 19:56:21 fault injection: enabled 2019/10/24 19:56:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/24 19:56:21 net packet injection: enabled 2019/10/24 19:56:21 net device setup: enabled 2019/10/24 19:56:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 19:58:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x20b, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) open$dir(&(0x7f0000000180)='./file0\x00', 0x841, 0x0) clone(0x3102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$P9_RGETATTR(r2, 0x0, 0x0) 19:58:26 executing program 1: lchown(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) dup3(r0, r2, 0x0) syzkaller login: [ 194.886235][ T9007] IPVS: ftp: loaded support on port[0] = 21 19:58:27 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x400300, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x60, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) [ 195.024905][ T9007] chnl_net:caif_netlink_parms(): no params data found [ 195.056594][ T9010] IPVS: ftp: loaded support on port[0] = 21 [ 195.129647][ T9007] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.137371][ T9007] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.160818][ T9007] device bridge_slave_0 entered promiscuous mode [ 195.184043][ T9007] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.200378][ T9007] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.218889][ T9007] device bridge_slave_1 entered promiscuous mode [ 195.254422][ T9007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.267187][ T9007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.294281][ T9012] IPVS: ftp: loaded support on port[0] = 21 [ 195.305436][ T9007] team0: Port device team_slave_0 added [ 195.317266][ T9007] team0: Port device team_slave_1 added 19:58:27 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x420980, 0x0) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000180)={0x8, 0xd1e}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000880)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) getdents(r1, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) [ 195.426746][ T9007] device hsr_slave_0 entered promiscuous mode [ 195.490094][ T9007] device hsr_slave_1 entered promiscuous mode 19:58:27 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x420980, 0x0) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000180)={0x8, 0xd1e}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000880)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) getdents(r1, 0x0, 0x0) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) [ 195.575867][ T9007] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.583180][ T9007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.591141][ T9007] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.598245][ T9007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.692084][ T9014] IPVS: ftp: loaded support on port[0] = 21 [ 195.754786][ T9010] chnl_net:caif_netlink_parms(): no params data found [ 195.821931][ T9017] IPVS: ftp: loaded support on port[0] = 21 [ 195.881488][ T9007] 8021q: adding VLAN 0 to HW filter on device bond0 19:58:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000200)={[{0x0, 0xfffc, 0x40}], 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 195.960745][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.992953][ T2522] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.013885][ T2522] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.023775][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 196.055319][ T9007] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.077138][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.084598][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.093234][ T9010] device bridge_slave_0 entered promiscuous mode [ 196.104345][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.112788][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.121065][ T9010] device bridge_slave_1 entered promiscuous mode [ 196.129323][ T9012] chnl_net:caif_netlink_parms(): no params data found [ 196.168072][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.176784][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.186201][ T3498] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.193305][ T3498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.229968][ T9022] IPVS: ftp: loaded support on port[0] = 21 [ 196.244700][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.255329][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.263936][ T3498] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.271027][ T3498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.279101][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.287701][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.296386][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.305066][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.314128][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.323740][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.356841][ T9012] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.366507][ T9012] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.374673][ T9012] device bridge_slave_0 entered promiscuous mode [ 196.383841][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.393020][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.401697][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.409999][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.426377][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.447906][ T9010] team0: Port device team_slave_0 added [ 196.473148][ T9012] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.481440][ T9012] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.489375][ T9012] device bridge_slave_1 entered promiscuous mode [ 196.511312][ T9007] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.522657][ T9007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.531825][ T9010] team0: Port device team_slave_1 added [ 196.555484][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.564158][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.615018][ T9017] chnl_net:caif_netlink_parms(): no params data found [ 196.690610][ T9010] device hsr_slave_0 entered promiscuous mode [ 196.759787][ T9010] device hsr_slave_1 entered promiscuous mode [ 196.829140][ T9010] debugfs: Directory 'hsr0' with parent '/' already present! [ 196.847597][ T9012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.858001][ T9014] chnl_net:caif_netlink_parms(): no params data found [ 196.906707][ T9012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.932021][ T9012] team0: Port device team_slave_0 added [ 196.939313][ T9012] team0: Port device team_slave_1 added [ 196.952966][ T9017] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.960475][ T9017] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.968177][ T9017] device bridge_slave_0 entered promiscuous mode [ 196.993737][ T9014] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.002030][ T9014] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.010403][ T9014] device bridge_slave_0 entered promiscuous mode [ 197.018803][ T9014] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.025873][ T9014] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.033733][ T9014] device bridge_slave_1 entered promiscuous mode [ 197.044265][ T9017] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.051554][ T9017] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.062283][ T9017] device bridge_slave_1 entered promiscuous mode [ 197.086444][ T9007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.126434][ T9014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.137903][ T9017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.169742][ T9014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.181496][ T9017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.281771][ T9012] device hsr_slave_0 entered promiscuous mode [ 197.339334][ T9012] device hsr_slave_1 entered promiscuous mode [ 197.378717][ T9012] debugfs: Directory 'hsr0' with parent '/' already present! [ 197.437947][ T9014] team0: Port device team_slave_0 added [ 197.460399][ T9017] team0: Port device team_slave_0 added [ 197.472864][ T9014] team0: Port device team_slave_1 added [ 197.495289][ T9017] team0: Port device team_slave_1 added [ 197.524115][ T9022] chnl_net:caif_netlink_parms(): no params data found 19:58:29 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = dup2(r1, r0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f0000000140)) 19:58:29 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}, 0x0, 0x68, 0x0, 0x0, 0x3c0}, 0x9c) [ 197.631453][ T9014] device hsr_slave_0 entered promiscuous mode 19:58:29 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0xc4b, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 197.689547][ T9014] device hsr_slave_1 entered promiscuous mode [ 197.709385][ T9014] debugfs: Directory 'hsr0' with parent '/' already present! [ 197.727632][ T9010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.752287][ T9022] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.759648][ T9022] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.780624][ T9022] device bridge_slave_0 entered promiscuous mode [ 197.807291][ T9010] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.826303][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.834337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.842200][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.850980][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.858584][ T9047] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 197.859689][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.882165][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.919128][ C0] hrtimer: interrupt took 29105 ns [ 197.952214][ T9017] device hsr_slave_0 entered promiscuous mode [ 197.998948][ T9017] device hsr_slave_1 entered promiscuous mode [ 198.038990][ T9017] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.054873][ T9022] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.064399][ T9022] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.077092][ T9022] device bridge_slave_1 entered promiscuous mode [ 198.114040][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.124777][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.142506][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.152173][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.159396][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 19:58:30 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000001c0)=""/4096, &(0x7f0000000100)=0x1000) [ 198.245254][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.260481][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.276775][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.295028][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.305329][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.322240][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.336985][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.356920][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.382517][ T9010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 19:58:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00f\x82}r2\xf2\xf0|<\x14\x85H\x1c\xba\xb6\x06A\x92\xf9\xcc\x84\x8f\xd2~\x8c\x84r\xed\xca\xea\x159\xf0{\xa9\xc65\xd0\xad\xad\x18\x84\xed\"\f\xe5\x02k\xcdk\x1fNcr\x8d\xfd\x1bi\xb6\xaf*L\x9a_w\"\x8d?D\x8f[0\xd9\xb8\xbe^\x89\x9f\xf8\xed\xa1\xe7\xe1\x94J\xfd-\x84\x85\xd9\xa4\x15\xcf\xadP~N\xb3\x91\x8f:\x91\xe5\xbb\x8d\x142\x94}e\x98*H/BC\xdd,lm\xbd\x88\xf5\x85u\xc7C#&t\t\xa9(X:6\x95\xf4\xcd\x8fwX\x8f\xd3\xdeU\xfd\x9aJ,\xdb\x15\xaad\xb3LR\x8aXn\x13U\x93B\xd88\xd5\xf0\xc0$o\xec\x9az\x84\xa13\xe1\xabs\xe5\x9b\x17\xfaJ\x00\xacc\xae7@\xe1\x02\x85h\xab\xa3\x00\r\xce\xf4I]\xc6\xa4\xa9\xdd\xe91v\xc5\xdc:L[\xc8\t*\xbbe\xa1\xfav\xfe\x0e\xb9A\x01*\xe4\xeb\xe1`\xfal\x8e') fstat(r0, &(0x7f00000002c0)) [ 198.403592][ T9010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.423186][ T9022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.435999][ T9012] 8021q: adding VLAN 0 to HW filter on device bond0 19:58:30 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) [ 198.461414][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.475171][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.498875][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.520135][ T9017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.546058][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.563160][ T9022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.617464][ T9022] team0: Port device team_slave_0 added [ 198.624519][ T9022] team0: Port device team_slave_1 added [ 198.649047][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.656855][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.694362][ T9012] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.720943][ T9014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.730768][ T9017] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.750868][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.759541][ T3498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.832336][ T9022] device hsr_slave_0 entered promiscuous mode [ 198.900017][ T9022] device hsr_slave_1 entered promiscuous mode 19:58:30 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f00000002c0)=0xece) fcntl$setsig(r1, 0xa, 0x12) recvmmsg(r2, &(0x7f0000002bc0)=[{{0x0, 0xfffffffffffffd10, 0x0, 0x0, 0x0, 0xfffffffffffffde4}}], 0x40000fd, 0x0, 0x0) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x16) [ 198.948766][ T9022] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.968143][ T9014] 8021q: adding VLAN 0 to HW filter on device team0 19:58:30 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) [ 199.010049][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.039669][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.048156][ T9023] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.055469][ T9023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.077115][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.091036][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.106446][ T9023] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.113601][ T9023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.128637][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.136642][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.151321][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.164683][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.199131][ T9023] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.206236][ T9023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.220649][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.244650][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.263702][ T9023] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.270851][ T9023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.286603][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.295694][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.321234][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.342928][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.359207][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.367790][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.382725][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.394309][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.407078][ T9023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.453778][ T9017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.472423][ T9017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.485144][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.496624][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.512500][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.527214][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.543510][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.555621][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.568332][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.575442][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.590310][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.603506][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.614240][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.621359][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.637581][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.646513][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.661855][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.673650][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.685769][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.742418][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.760846][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.777260][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.787826][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.804140][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.814183][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.827893][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.837636][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.853042][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.864359][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.876949][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.888012][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.903645][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.914751][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.927518][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.938384][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.970920][ T9014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.983455][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.994601][ T9017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.006657][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.015196][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.080247][ T9012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.105004][ T9022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.117308][ T9014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.165919][ T9022] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.179768][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.188409][ T2522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.245847][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.276023][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.298408][ T9019] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.305557][ T9019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.334055][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.361501][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.379175][ T9019] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.386262][ T9019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.394995][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.403967][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.419871][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.438893][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.458125][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.475522][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.495520][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.519983][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.528808][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.537629][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.555362][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.575430][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.600729][ T9022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.708815][ T9022] 8021q: adding VLAN 0 to HW filter on device batadv0 19:58:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x28001, 0x0) ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000000c0)) ioctl$int_in(r0, 0x800060c004500a, &(0x7f0000000100)) 19:58:33 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) 19:58:33 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x420980, 0x0) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000180)={0x8, 0xd1e}) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000880)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) getdents(r1, 0x0, 0x0) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) 19:58:34 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0x0, 0x8, {0xfff}}, 0x18) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/udplite\x00') pread64(r1, 0x0, 0x0, 0x2b) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') syncfs(r2) 19:58:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x28001, 0x0) ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000000c0)) ioctl$int_in(r0, 0x800060c004500a, &(0x7f0000000100)) 19:58:34 executing program 3: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) 19:58:34 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0) 19:58:34 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) 19:58:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000140)=0x84) 19:58:34 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 19:58:34 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @dev}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x11, &(0x7f0000000000)={r1}, &(0x7f0000000080)=0x8) 19:58:34 executing program 2: get_mempolicy(0x0, &(0x7f0000000180), 0x6, &(0x7f0000ffd000/0x1000)=nil, 0x2) 19:58:34 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = dup2(r1, r0) recvfrom$packet(r2, 0x0, 0xffec, 0x62938e102510aedb, 0x0, 0x0) 19:58:34 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x0, @empty}}, 0x0, 0x5, 0x0, "9779cc07bb9496b900a1f0979b3dfcf03db2ee5f4f4fae713b3b49e7d8996eb5e5967cd5ee5e84643f35cd92487347b7d2aee5fd930cb96a5211115703a40800"}, 0xd8) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) 19:58:34 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) 19:58:34 executing program 3: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000000)={0x9, 0x6, 0x6}) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) 19:58:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x49) connect$inet6(r0, &(0x7f0000000080), 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_opts(r0, 0x29, 0x1a, 0x0, 0x41) ptrace$setopts(0x4206, r2, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) 19:58:35 executing program 4: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) poll(&(0x7f0000000140)=[{r2}, {r0}, {r1}], 0x3, 0x400) 19:58:35 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160011000586f9835b3f000b9148790003f85acc7c45", 0x2e}], 0x1}, 0x0) 19:58:35 executing program 1: bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000040), 0x12) write$cgroup_pid(r1, &(0x7f0000000240), 0x12) [ 203.214356][ T9200] BPF:hdr_len not found 19:58:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:58:35 executing program 5: gettid() r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000080)=0x10) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000100)={0x5, {{0x2, 0x4e24, @local}}, 0x1, 0x5, [{{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e22, @broadcast}}, {{0x2, 0x4e22, @multicast1}}, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}}, {{0x2, 0x4e20, @loopback}}]}, 0x310) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() tkill(r1, 0x16) 19:58:35 executing program 1: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000400)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0x40045612, &(0x7f0000000480)={0xc, @vbi}) 19:58:35 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) getdents(r1, &(0x7f00000014c0)=""/120, 0x78) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) 19:58:35 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(r1, &(0x7f0000000180)={0x1f, {0xffffffffffffffff, 0x1ff, 0x2}}, 0xa) 19:58:35 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x400300, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x60, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) 19:58:35 executing program 3: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='io\x00') write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 19:58:35 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) accept4$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10, 0x100000) ioctl(r0, 0x4001000008912, &(0x7f00000001c0)="0800b5055e0bcfe87b2071") socketpair(0x25, 0x3, 0x0, &(0x7f0000000040)) 19:58:35 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r0 = syz_open_dev$rtc(&(0x7f0000000240)='/dev/rtc#\x00', 0x0, 0x0) ioctl$RTC_AIE_ON(r0, 0x7001) 19:58:35 executing program 4: openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='io\x00') write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) 19:58:35 executing program 1: syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x0, 0x0) 19:58:36 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) 19:58:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x11, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) 19:58:36 executing program 5: bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) gettid() fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fchdir(0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x0, @empty}}}, 0x90) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, 0x0, 0x0) 19:58:36 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007020000dffeffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040200010000001704000001000a00b7040000000100206a0af2fe000000008500000019000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x3f) 19:58:36 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706f17b26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdafb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5eb5b800000000"], 0x18}}], 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuset.effective_cpus\x00', 0x26e1, 0x0) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) 19:58:36 executing program 2: pipe(0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f000063b000/0x3000)=nil) fchdir(0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x0, @empty}}}, 0x90) 19:58:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r2, 0x0, 0x40000000000027, &(0x7f0000000000)={@multicast2, @remote, @dev}, 0xc) setsockopt$inet_mreqn(r1, 0x0, 0xf, 0x0, 0x0) [ 204.542290][ T9279] ================================================================== [ 204.550712][ T9279] BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.559056][ T9279] Read of size 1 at addr ffff8880a4f2f904 by task syz-executor.0/9279 [ 204.567204][ T9279] [ 204.569552][ T9279] CPU: 1 PID: 9279 Comm: syz-executor.0 Not tainted 5.4.0-rc4-next-20191024 #0 [ 204.578497][ T9279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.588568][ T9279] Call Trace: [ 204.591880][ T9279] dump_stack+0x172/0x1f0 [ 204.596242][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.602265][ T9279] print_address_description.constprop.0.cold+0xd4/0x30b [ 204.609318][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.615321][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.621324][ T9279] __kasan_report.cold+0x1b/0x41 [ 204.626292][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.632290][ T9279] kasan_report+0x12/0x20 [ 204.636634][ T9279] __asan_report_load1_noabort+0x14/0x20 [ 204.642285][ T9279] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 204.648110][ T9279] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 204.654544][ T9279] nf_confirm+0x3d8/0x4d0 [ 204.658887][ T9279] ipv4_confirm+0x14c/0x240 [ 204.663401][ T9279] nf_hook_slow+0xbc/0x1e0 [ 204.667836][ T9279] ip_output+0x40d/0x670 [ 204.672089][ T9279] ? ip_mc_output+0xf60/0xf60 [ 204.676780][ T9279] ? __ip_finish_output+0xbd0/0xbd0 [ 204.681993][ T9279] ? __this_cpu_preempt_check+0x35/0x190 [ 204.687634][ T9279] ? retint_kernel+0x2b/0x2b [ 204.692266][ T9279] ip_local_out+0xbb/0x1b0 [ 204.696676][ T9279] ip_send_skb+0x42/0xf0 [ 204.700921][ T9279] udp_send_skb.isra.0+0x6d5/0x11b0 [ 204.706133][ T9279] ? xfrm_lookup_route+0x5b/0x1e0 [ 204.711192][ T9279] udp_sendmsg+0x1e8f/0x2810 [ 204.715816][ T9279] ? mark_held_locks+0xa4/0xf0 [ 204.720592][ T9279] ? ip_reply_glue_bits+0xc0/0xc0 [ 204.725631][ T9279] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 204.731534][ T9279] ? __kasan_check_read+0x11/0x20 [ 204.736574][ T9279] ? mark_lock+0xc2/0x1220 [ 204.741008][ T9279] ? mark_held_locks+0xa4/0xf0 [ 204.745773][ T9279] ? retint_kernel+0x2b/0x2b [ 204.750366][ T9279] ? trace_hardirqs_on_caller+0x6a/0x240 [ 204.756023][ T9279] ? preempt_schedule_irq+0xf3/0x160 [ 204.761320][ T9279] ? retint_kernel+0x2b/0x2b [ 204.765939][ T9279] inet_sendmsg+0x9e/0xe0 [ 204.770440][ T9279] ? inet_sendmsg+0x9e/0xe0 [ 204.774958][ T9279] ? inet_send_prepare+0x4e0/0x4e0 [ 204.780251][ T9279] sock_sendmsg+0xd7/0x130 [ 204.784685][ T9279] kernel_sendmsg+0x44/0x50 [ 204.789199][ T9279] rxrpc_send_data_packet+0x10cb/0x36b0 [ 204.794765][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.800256][ T9279] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 204.805918][ T9279] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 204.812089][ T9279] ? rxrpc_get_connection+0x31/0x380 [ 204.817392][ T9279] ? rxrpc_get_connection+0xa3/0x380 [ 204.822691][ T9279] rxrpc_send_data+0x1097/0x4130 [ 204.827632][ T9279] ? rxrpc_send_data+0x1097/0x4130 [ 204.832764][ T9279] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 204.838409][ T9279] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 204.843967][ T9279] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 204.849957][ T9279] ? _raw_spin_unlock_bh+0x2c/0x30 [ 204.855079][ T9279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.861325][ T9279] ? rxrpc_new_client_call+0xc31/0x1ad0 [ 204.866885][ T9279] ? rxrpc_put_peer+0x106/0x760 [ 204.871749][ T9279] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 204.876702][ T9279] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 204.882260][ T9279] ? mutex_unlock+0xd/0x10 [ 204.886829][ T9279] rxrpc_sendmsg+0x4d6/0x5f0 [ 204.891406][ T9279] ? rxrpc_kernel_probe_life+0x40/0x40 [ 204.896893][ T9279] sock_sendmsg+0xd7/0x130 [ 204.901306][ T9279] ___sys_sendmsg+0x3e2/0x920 [ 204.905976][ T9279] ? copy_msghdr_from_user+0x440/0x440 [ 204.911419][ T9279] ? lock_downgrade+0x920/0x920 [ 204.916252][ T9279] ? rcu_read_lock_held+0x9c/0xb0 [ 204.921267][ T9279] ? __kasan_check_read+0x11/0x20 [ 204.926286][ T9279] ? __fget+0x37f/0x550 [ 204.930421][ T9279] ? ksys_dup3+0x3e0/0x3e0 [ 204.934827][ T9279] ? __lock_acquire+0x16f2/0x4a00 [ 204.939842][ T9279] ? __kasan_check_read+0x11/0x20 [ 204.944858][ T9279] ? mark_lock+0xc2/0x1220 [ 204.949271][ T9279] ? __fget_light+0x1a9/0x230 [ 204.953923][ T9279] ? __fdget+0x1b/0x20 [ 204.957996][ T9279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.964225][ T9279] ? sockfd_lookup_light+0xcb/0x180 [ 204.969414][ T9279] __sys_sendmmsg+0x1bf/0x4d0 [ 204.974073][ T9279] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 204.979103][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.984581][ T9279] ? lockdep_hardirqs_on+0x421/0x5e0 [ 204.989879][ T9279] ? retint_kernel+0x2b/0x2b [ 204.994450][ T9279] ? trace_hardirqs_on_caller+0x6a/0x240 [ 205.000175][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.005648][ T9279] ? __this_cpu_preempt_check+0x35/0x190 [ 205.011264][ T9279] ? retint_kernel+0x2b/0x2b [ 205.015842][ T9279] __x64_sys_sendmmsg+0x9d/0x100 [ 205.020769][ T9279] ? do_syscall_64+0xea/0x760 [ 205.025438][ T9279] do_syscall_64+0xfa/0x760 [ 205.029926][ T9279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.035797][ T9279] RIP: 0033:0x459ef9 [ 205.039687][ T9279] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.059293][ T9279] RSP: 002b:00007f5f36f4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 205.067720][ T9279] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459ef9 [ 205.075679][ T9279] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 205.083663][ T9279] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 205.091626][ T9279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f36f4c6d4 [ 205.099598][ T9279] R13: 00000000004c7ab9 R14: 00000000004dd908 R15: 00000000ffffffff [ 205.107584][ T9279] [ 205.109903][ T9279] Allocated by task 9279: [ 205.114232][ T9279] save_stack+0x23/0x90 [ 205.118368][ T9279] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 205.123990][ T9279] kasan_krealloc+0x84/0xc0 [ 205.128482][ T9279] krealloc+0xa6/0xd0 [ 205.132446][ T9279] nf_ct_ext_add+0x2c7/0x630 [ 205.137012][ T9279] init_conntrack.isra.0+0x5ed/0x11a0 [ 205.142392][ T9279] nf_conntrack_in+0xd94/0x1460 [ 205.147248][ T9279] ipv4_conntrack_local+0x127/0x220 [ 205.152495][ T9279] nf_hook_slow+0xbc/0x1e0 [ 205.156903][ T9279] __ip_local_out+0x403/0x870 [ 205.161585][ T9279] ip_local_out+0x2d/0x1b0 [ 205.165998][ T9279] ip_send_skb+0x42/0xf0 [ 205.170226][ T9279] udp_send_skb.isra.0+0x6d5/0x11b0 [ 205.175405][ T9279] udp_sendmsg+0x1e8f/0x2810 [ 205.179990][ T9279] inet_sendmsg+0x9e/0xe0 [ 205.184325][ T9279] sock_sendmsg+0xd7/0x130 [ 205.188720][ T9279] kernel_sendmsg+0x44/0x50 [ 205.193200][ T9279] rxrpc_send_data_packet+0x10cb/0x36b0 [ 205.198731][ T9279] rxrpc_send_data+0x1097/0x4130 [ 205.203683][ T9279] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 205.208639][ T9279] rxrpc_sendmsg+0x4d6/0x5f0 [ 205.213316][ T9279] sock_sendmsg+0xd7/0x130 [ 205.217717][ T9279] ___sys_sendmsg+0x3e2/0x920 [ 205.222387][ T9279] __sys_sendmmsg+0x1bf/0x4d0 [ 205.227053][ T9279] __x64_sys_sendmmsg+0x9d/0x100 [ 205.231983][ T9279] do_syscall_64+0xfa/0x760 [ 205.236483][ T9279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.242372][ T9279] [ 205.244690][ T9279] Freed by task 9279: [ 205.248671][ T9279] save_stack+0x23/0x90 [ 205.252804][ T9279] __kasan_slab_free+0x102/0x150 [ 205.257719][ T9279] kasan_slab_free+0xe/0x10 [ 205.262208][ T9279] kfree+0x10a/0x2c0 [ 205.266109][ T9279] nf_ct_ext_destroy+0x2ab/0x2e0 [ 205.271060][ T9279] nf_conntrack_free+0x8f/0xe0 [ 205.275802][ T9279] destroy_conntrack+0x1a2/0x270 [ 205.280729][ T9279] nf_conntrack_destroy+0xed/0x230 [ 205.285854][ T9279] __nf_conntrack_confirm+0x21ca/0x2830 [ 205.291377][ T9279] nf_confirm+0x3e7/0x4d0 [ 205.295723][ T9279] ipv4_confirm+0x14c/0x240 [ 205.300228][ T9279] nf_hook_slow+0xbc/0x1e0 [ 205.304641][ T9279] ip_output+0x40d/0x670 [ 205.308876][ T9279] ip_local_out+0xbb/0x1b0 [ 205.313284][ T9279] ip_send_skb+0x42/0xf0 [ 205.317561][ T9279] udp_send_skb.isra.0+0x6d5/0x11b0 [ 205.322758][ T9279] udp_sendmsg+0x1e8f/0x2810 [ 205.327428][ T9279] inet_sendmsg+0x9e/0xe0 [ 205.331743][ T9279] sock_sendmsg+0xd7/0x130 [ 205.336262][ T9279] kernel_sendmsg+0x44/0x50 [ 205.340769][ T9279] rxrpc_send_data_packet+0x10cb/0x36b0 [ 205.346312][ T9279] rxrpc_send_data+0x1097/0x4130 [ 205.351275][ T9279] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 205.356198][ T9279] rxrpc_sendmsg+0x4d6/0x5f0 [ 205.360797][ T9279] sock_sendmsg+0xd7/0x130 [ 205.365253][ T9279] ___sys_sendmsg+0x3e2/0x920 [ 205.369914][ T9279] __sys_sendmmsg+0x1bf/0x4d0 [ 205.374575][ T9279] __x64_sys_sendmmsg+0x9d/0x100 [ 205.379520][ T9279] do_syscall_64+0xfa/0x760 [ 205.384028][ T9279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.389906][ T9279] [ 205.392219][ T9279] The buggy address belongs to the object at ffff8880a4f2f900 [ 205.392219][ T9279] which belongs to the cache kmalloc-128 of size 128 [ 205.406343][ T9279] The buggy address is located 4 bytes inside of [ 205.406343][ T9279] 128-byte region [ffff8880a4f2f900, ffff8880a4f2f980) [ 205.419437][ T9279] The buggy address belongs to the page: [ 205.425063][ T9279] page:ffffea000293cbc0 refcount:1 mapcount:0 mapping:ffff8880aa400700 index:0x0 [ 205.434149][ T9279] flags: 0x1fffc0000000200(slab) [ 205.439080][ T9279] raw: 01fffc0000000200 ffffea00028f9d48 ffffea00024e3a48 ffff8880aa400700 [ 205.447655][ T9279] raw: 0000000000000000 ffff8880a4f2f000 0000000100000010 0000000000000000 [ 205.456215][ T9279] page dumped because: kasan: bad access detected [ 205.462605][ T9279] [ 205.464918][ T9279] Memory state around the buggy address: [ 205.471749][ T9279] ffff8880a4f2f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 205.479801][ T9279] ffff8880a4f2f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.487850][ T9279] >ffff8880a4f2f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 205.495887][ T9279] ^ [ 205.499942][ T9279] ffff8880a4f2f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.507992][ T9279] ffff8880a4f2fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 205.516039][ T9279] ================================================================== [ 205.524094][ T9279] Disabling lock debugging due to kernel taint [ 205.544997][ T9279] Kernel panic - not syncing: panic_on_warn set ... [ 205.551619][ T9279] CPU: 0 PID: 9279 Comm: syz-executor.0 Tainted: G B 5.4.0-rc4-next-20191024 #0 [ 205.562030][ T9279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.572078][ T9279] Call Trace: [ 205.575398][ T9279] dump_stack+0x172/0x1f0 [ 205.579709][ T9279] panic+0x2e3/0x75c [ 205.583580][ T9279] ? add_taint.cold+0x16/0x16 [ 205.588237][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 205.594195][ T9279] ? preempt_schedule+0x4b/0x60 [ 205.599024][ T9279] ? ___preempt_schedule+0x16/0x18 [ 205.604147][ T9279] ? trace_hardirqs_on+0x5e/0x240 [ 205.609162][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 205.615119][ T9279] end_report+0x47/0x4f [ 205.619249][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 205.625206][ T9279] __kasan_report.cold+0xe/0x41 [ 205.630031][ T9279] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 205.635983][ T9279] kasan_report+0x12/0x20 [ 205.640286][ T9279] __asan_report_load1_noabort+0x14/0x20 [ 205.645894][ T9279] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 205.651676][ T9279] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 205.658067][ T9279] nf_confirm+0x3d8/0x4d0 [ 205.662372][ T9279] ipv4_confirm+0x14c/0x240 [ 205.666850][ T9279] nf_hook_slow+0xbc/0x1e0 [ 205.671239][ T9279] ip_output+0x40d/0x670 [ 205.675456][ T9279] ? ip_mc_output+0xf60/0xf60 [ 205.680120][ T9279] ? __ip_finish_output+0xbd0/0xbd0 [ 205.685305][ T9279] ? __this_cpu_preempt_check+0x35/0x190 [ 205.690914][ T9279] ? retint_kernel+0x2b/0x2b [ 205.695492][ T9279] ip_local_out+0xbb/0x1b0 [ 205.699883][ T9279] ip_send_skb+0x42/0xf0 [ 205.704112][ T9279] udp_send_skb.isra.0+0x6d5/0x11b0 [ 205.709283][ T9279] ? xfrm_lookup_route+0x5b/0x1e0 [ 205.714284][ T9279] udp_sendmsg+0x1e8f/0x2810 [ 205.718850][ T9279] ? mark_held_locks+0xa4/0xf0 [ 205.723591][ T9279] ? ip_reply_glue_bits+0xc0/0xc0 [ 205.728601][ T9279] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 205.734471][ T9279] ? __kasan_check_read+0x11/0x20 [ 205.739470][ T9279] ? mark_lock+0xc2/0x1220 [ 205.743862][ T9279] ? mark_held_locks+0xa4/0xf0 [ 205.748600][ T9279] ? retint_kernel+0x2b/0x2b [ 205.753163][ T9279] ? trace_hardirqs_on_caller+0x6a/0x240 [ 205.758773][ T9279] ? preempt_schedule_irq+0xf3/0x160 [ 205.764030][ T9279] ? retint_kernel+0x2b/0x2b [ 205.768641][ T9279] inet_sendmsg+0x9e/0xe0 [ 205.772944][ T9279] ? inet_sendmsg+0x9e/0xe0 [ 205.777419][ T9279] ? inet_send_prepare+0x4e0/0x4e0 [ 205.782539][ T9279] sock_sendmsg+0xd7/0x130 [ 205.786937][ T9279] kernel_sendmsg+0x44/0x50 [ 205.791416][ T9279] rxrpc_send_data_packet+0x10cb/0x36b0 [ 205.796948][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.802421][ T9279] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 205.808039][ T9279] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 205.814170][ T9279] ? rxrpc_get_connection+0x31/0x380 [ 205.819429][ T9279] ? rxrpc_get_connection+0xa3/0x380 [ 205.824687][ T9279] rxrpc_send_data+0x1097/0x4130 [ 205.829597][ T9279] ? rxrpc_send_data+0x1097/0x4130 [ 205.834688][ T9279] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 205.840379][ T9279] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 205.845896][ T9279] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 205.851846][ T9279] ? _raw_spin_unlock_bh+0x2c/0x30 [ 205.857036][ T9279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.863249][ T9279] ? rxrpc_new_client_call+0xc31/0x1ad0 [ 205.868776][ T9279] ? rxrpc_put_peer+0x106/0x760 [ 205.873601][ T9279] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 205.878523][ T9279] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 205.884050][ T9279] ? mutex_unlock+0xd/0x10 [ 205.888446][ T9279] rxrpc_sendmsg+0x4d6/0x5f0 [ 205.893013][ T9279] ? rxrpc_kernel_probe_life+0x40/0x40 [ 205.898444][ T9279] sock_sendmsg+0xd7/0x130 [ 205.902835][ T9279] ___sys_sendmsg+0x3e2/0x920 [ 205.907489][ T9279] ? copy_msghdr_from_user+0x440/0x440 [ 205.912925][ T9279] ? lock_downgrade+0x920/0x920 [ 205.917754][ T9279] ? rcu_read_lock_held+0x9c/0xb0 [ 205.922754][ T9279] ? __kasan_check_read+0x11/0x20 [ 205.927756][ T9279] ? __fget+0x37f/0x550 [ 205.931887][ T9279] ? ksys_dup3+0x3e0/0x3e0 [ 205.936278][ T9279] ? __lock_acquire+0x16f2/0x4a00 [ 205.941277][ T9279] ? __kasan_check_read+0x11/0x20 [ 205.946275][ T9279] ? mark_lock+0xc2/0x1220 [ 205.950667][ T9279] ? __fget_light+0x1a9/0x230 [ 205.955335][ T9279] ? __fdget+0x1b/0x20 [ 205.959386][ T9279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.965610][ T9279] ? sockfd_lookup_light+0xcb/0x180 [ 205.970794][ T9279] __sys_sendmmsg+0x1bf/0x4d0 [ 205.975455][ T9279] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 205.980482][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 205.985919][ T9279] ? lockdep_hardirqs_on+0x421/0x5e0 [ 205.991178][ T9279] ? retint_kernel+0x2b/0x2b [ 205.995742][ T9279] ? trace_hardirqs_on_caller+0x6a/0x240 [ 206.001351][ T9279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 206.006795][ T9279] ? __this_cpu_preempt_check+0x35/0x190 [ 206.012415][ T9279] ? retint_kernel+0x2b/0x2b [ 206.016979][ T9279] __x64_sys_sendmmsg+0x9d/0x100 [ 206.021947][ T9279] ? do_syscall_64+0xea/0x760 [ 206.026633][ T9279] do_syscall_64+0xfa/0x760 [ 206.031111][ T9279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.036975][ T9279] RIP: 0033:0x459ef9 [ 206.040847][ T9279] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.060436][ T9279] RSP: 002b:00007f5f36f4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 206.068822][ T9279] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459ef9 [ 206.076769][ T9279] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 206.084732][ T9279] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 206.092687][ T9279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5f36f4c6d4 [ 206.100637][ T9279] R13: 00000000004c7ab9 R14: 00000000004dd908 R15: 00000000ffffffff [ 206.109941][ T9279] Kernel Offset: disabled [ 206.114263][ T9279] Rebooting in 86400 seconds..