[ 65.458459] audit: type=1800 audit(1542917718.488:27): pid=6617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 67.638597] kauditd_printk_skb: 1 callbacks suppressed [ 67.638646] audit: type=1800 audit(1542917720.688:29): pid=6617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 67.663709] audit: type=1800 audit(1542917720.698:30): pid=6617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. 2018/11/22 20:15:32 fuzzer started 2018/11/22 20:15:37 dialing manager at 10.128.0.26:36751 2018/11/22 20:15:38 syscalls: 1 2018/11/22 20:15:38 code coverage: enabled 2018/11/22 20:15:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/22 20:15:38 setuid sandbox: enabled 2018/11/22 20:15:38 namespace sandbox: enabled 2018/11/22 20:15:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/22 20:15:38 fault injection: enabled 2018/11/22 20:15:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/22 20:15:38 net packet injection: enabled 2018/11/22 20:15:38 net device setup: enabled 20:17:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x12, r0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) fadvise64(r0, 0x0, 0x10802, 0x4) syzkaller login: [ 171.799600] IPVS: ftp: loaded support on port[0] = 21 [ 174.195573] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.202181] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.211127] device bridge_slave_0 entered promiscuous mode [ 174.356525] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.363358] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.372302] device bridge_slave_1 entered promiscuous mode [ 174.510791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.649460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.078673] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.223701] bond0: Enslaving bond_slave_1 as an active interface with an up link 20:17:08 executing program 1: setxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000140)='trusted.', 0x18, 0x0) [ 175.632942] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.640027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.131383] IPVS: ftp: loaded support on port[0] = 21 [ 176.346163] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.354708] team0: Port device team_slave_0 added [ 176.608836] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.617370] team0: Port device team_slave_1 added [ 176.906455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.913638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.922891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.090038] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.097189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.106319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.364758] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.372587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.381819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.586597] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.594466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.603893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.948442] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.955149] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.964249] device bridge_slave_0 entered promiscuous mode [ 180.136730] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.143360] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.152443] device bridge_slave_1 entered promiscuous mode [ 180.215187] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.221802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.229047] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.235706] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.244806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.407777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.581810] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.811942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:17:14 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000000040), 0x4) [ 181.235823] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.527496] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.829489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.838150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.149633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.156935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.208840] IPVS: ftp: loaded support on port[0] = 21 [ 183.004311] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.012842] team0: Port device team_slave_0 added [ 183.309807] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.318098] team0: Port device team_slave_1 added [ 183.576779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.584051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.593341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.892151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.899375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.908459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.283954] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.291857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.300881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.585031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.593069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.602336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.936796] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.943455] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.952063] device bridge_slave_0 entered promiscuous mode [ 187.214165] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.220646] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.229410] device bridge_slave_1 entered promiscuous mode [ 187.522953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.563414] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.569907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.577024] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.583669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.593738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.612358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.809925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.748244] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.972895] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.260224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.267463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 20:17:22 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) munmap(&(0x7f00001bd000/0x4000)=nil, 0x4000) mmap(&(0x7f00001bd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) [ 189.530191] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.537564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.578079] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.586462] team0: Port device team_slave_0 added [ 190.670393] IPVS: ftp: loaded support on port[0] = 21 [ 190.916558] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.924997] team0: Port device team_slave_1 added [ 191.232341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.239449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.248982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.570564] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.577768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.586794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.956251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.964124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.973031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.291204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.299442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.308627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.546664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.927033] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.177935] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.184425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.192948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.128955] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.135557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.142631] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.149179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.158223] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 196.165254] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.171836] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.180319] device bridge_slave_0 entered promiscuous mode [ 196.505757] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.512468] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.521066] device bridge_slave_1 entered promiscuous mode [ 196.573986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.603961] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.869386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 197.147934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.210391] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.628393] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.995240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.002469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.318207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.325481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.280369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.288678] team0: Port device team_slave_0 added [ 200.618896] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.627495] team0: Port device team_slave_1 added 20:17:34 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, &(0x7f00000001c0)) [ 200.988927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.996474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.005906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.479944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.487348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.496532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.683021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.937485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.945670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.954870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.362571] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.370506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.380068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.575945] IPVS: ftp: loaded support on port[0] = 21 [ 203.378331] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 204.838921] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 204.845719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.854199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 20:17:38 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x12, r0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) fadvise64(r0, 0x0, 0x10802, 0x4) 20:17:38 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x12, r0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) fadvise64(r0, 0x0, 0x10802, 0x4) 20:17:39 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x12, r0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) fadvise64(r0, 0x0, 0x10802, 0x4) [ 206.549556] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.221918] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.228638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.235683] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.242239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.250738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.257463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:17:40 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x8, 0x0, 0x0, 0x5}) 20:17:40 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x8, 0x0, 0x0, 0x5}) 20:17:41 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x8, 0x0, 0x0, 0x5}) 20:17:41 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000280)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x0, 0x8, 0x0, 0x0, 0x5}) 20:17:42 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) [ 209.520406] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.527132] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.536134] device bridge_slave_0 entered promiscuous mode [ 209.939676] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.946508] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.955324] device bridge_slave_1 entered promiscuous mode [ 210.325109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.716523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.893442] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.152792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.229084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.575676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.583176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.994553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.002245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.673965] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.095730] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 214.104292] team0: Port device team_slave_0 added [ 214.467990] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.476850] team0: Port device team_slave_1 added [ 214.659531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.666995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.676005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.936195] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.943426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.952376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.986946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.993456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.001251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.195664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.203493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.212679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 20:17:48 executing program 1: setxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000140)='trusted.', 0x18, 0x0) [ 215.527113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.535352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.544629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.073366] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.916531] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.923102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.930051] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.936701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.945254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.952437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.844071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.568544] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 221.367624] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 221.374421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.382643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 20:17:54 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000000040), 0x4) [ 222.080338] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.933816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.526508] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 20:17:58 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f000023b000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000), 0x6, 0x0) mbind(&(0x7f0000154000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000300), 0x4, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) [ 225.961378] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.967733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.975858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.248811] 8021q: adding VLAN 0 to HW filter on device team0 20:18:01 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, &(0x7f00000001c0)) 20:18:01 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) 20:18:01 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) 20:18:01 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000000040), 0x4) 20:18:01 executing program 1: setxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000140)='trusted.', 0x18, 0x0) 20:18:01 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f000023b000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000), 0x6, 0x0) mbind(&(0x7f0000154000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000300), 0x4, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) 20:18:01 executing program 1: setxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000140)='trusted.', 0x18, 0x0) 20:18:01 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000000040), 0x4) [ 228.509095] hrtimer: interrupt took 263875 ns 20:18:01 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f000023b000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000), 0x6, 0x0) mbind(&(0x7f0000154000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000300), 0x4, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) 20:18:01 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0xff27, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4305, 0x8}}}}}, 0x0) 20:18:01 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, &(0x7f00000001c0)) 20:18:02 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f000023b000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000), 0x6, 0x0) mbind(&(0x7f0000154000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000300), 0x4, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) 20:18:02 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f00000000c0)="4dcbb590e512099a34fe000800001c2e0000000001000000c3") [ 229.478169] IPVS: ftp: loaded support on port[0] = 21 [ 230.847181] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.853823] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.861584] device bridge_slave_0 entered promiscuous mode [ 230.943781] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.950170] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.958542] device bridge_slave_1 entered promiscuous mode [ 231.039806] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.121056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 20:18:04 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) [ 231.468024] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.555868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.639179] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.646494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.731337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.738408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.983413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.991231] team0: Port device team_slave_0 added [ 232.072729] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.080393] team0: Port device team_slave_1 added [ 232.162054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.244431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.328952] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.336434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.345455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.421379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.428746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.437743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.407680] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.414194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.420994] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.427678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.435669] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.481924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.802205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.105236] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 237.407145] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.413552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.421855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.725097] 8021q: adding VLAN 0 to HW filter on device team0 20:18:15 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) 20:18:15 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, &(0x7f00000001c0)) 20:18:15 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0xff27, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4305, 0x8}}}}}, 0x0) 20:18:15 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f00000000c0)="4dcbb590e512099a34fe000800001c2e0000000001000000c3") 20:18:15 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:15 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) 20:18:16 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:16 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f00000000c0)="4dcbb590e512099a34fe000800001c2e0000000001000000c3") 20:18:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:16 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0xff27, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4305, 0x8}}}}}, 0x0) 20:18:16 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:16 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0xff27, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4305, 0x8}}}}}, 0x0) 20:18:18 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xffffffffffff6a25) 20:18:18 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:18 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f00000000c0)="4dcbb590e512099a34fe000800001c2e0000000001000000c3") 20:18:18 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:18 executing program 1: personality(0x1bb2baf3005ac133) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0xffffffffffffffff) 20:18:18 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x5) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000280), 0x1) ioctl$sock_ifreq(r1, 0x893f, &(0x7f0000000000)={'bridge0\x00', @ifru_ivalue=0x7}) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40000) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000080)) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x3}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000000002000001, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x1000000000016) 20:18:19 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000001c0)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x0, 0x0, 0x3014, 0x4000}}) 20:18:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000240)="5ec0fd90cc9973d7983865cf8d7d7eac3716b6b6ae96193cdb55a308a9db3ce558684440ff9e99214ab7b36aa71017c5c2ba146f92d794f143fa0fc3829e4e2fe1bff6e83d244b080855e46b04e02cf0fcdeaf1f6828a11408ff90db627aaf91fde749698a720d37ca02e189428630631a5f3e5aa639e1c7fa3d2aa51bbf152185e3c8d6fbec17a30cac119f2ce12d58", 0x90) 20:18:19 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000c33f70)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f00000002c0), 0x13e, &(0x7f0000000180)={&(0x7f0000000140)=@bridge_getneigh={0x20, 0x1e, 0x601}, 0xff15}}, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) recvfrom$inet(r2, &(0x7f0000000200)=""/165, 0xa5, 0x0, 0x0, 0x0) 20:18:19 executing program 1: personality(0x1bb2baf3005ac133) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0xffffffffffffffff) [ 246.442786] ================================================================== [ 246.450242] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4c0/0x2700 [ 246.456871] CPU: 0 PID: 8507 Comm: syz-executor3 Not tainted 4.20.0-rc3+ #93 [ 246.464078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.473459] Call Trace: [ 246.476107] dump_stack+0x32d/0x480 [ 246.479782] ? _copy_to_iter+0x4c0/0x2700 [ 246.483971] ? trace_event_raw_event_pm_qos_update_request_timeout+0x2a0/0x420 [ 246.491438] kmsan_report+0x19f/0x300 [ 246.495322] kmsan_internal_check_memory+0x331/0xa60 [ 246.500491] kmsan_copy_to_user+0x7c/0xe0 [ 246.504688] _copy_to_iter+0x4c0/0x2700 [ 246.508748] skb_copy_datagram_iter+0x4e2/0x1070 [ 246.513581] netlink_recvmsg+0x6f9/0x19d0 [ 246.517801] ? netlink_sendmsg+0x1440/0x1440 [ 246.522248] __sys_recvfrom+0x6d3/0x910 [ 246.526335] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 246.531825] ? prepare_exit_to_usermode+0x182/0x4c0 [ 246.536890] __se_sys_recvfrom+0x111/0x130 [ 246.541200] __x64_sys_recvfrom+0x6e/0x90 [ 246.545434] do_syscall_64+0xcf/0x110 [ 246.549262] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.554486] RIP: 0033:0x457569 [ 246.557712] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.576656] RSP: 002b:00007fee70c9bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 246.584406] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 246.591702] RDX: 00000000000000a5 RSI: 0000000020000200 RDI: 0000000000000005 [ 246.599034] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.606330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee70c9c6d4 [ 246.613638] R13: 00000000004c3941 R14: 00000000004d5e90 R15: 00000000ffffffff [ 246.620952] [ 246.622644] Uninit was stored to memory at: [ 246.627009] kmsan_internal_chain_origin+0x13d/0x240 [ 246.632167] kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 246.637677] kmsan_memcpy_metadata+0xb/0x10 [ 246.642044] __msan_memcpy+0x61/0x70 [ 246.645789] nla_put+0x20a/0x2d0 [ 246.649184] nlmsg_populate_fdb_fill+0x444/0x810 [ 246.653971] ndo_dflt_fdb_dump+0x73a/0x960 [ 246.658262] rtnl_fdb_dump+0x1318/0x1cb0 [ 246.662366] netlink_dump+0xc79/0x1c90 [ 246.666315] __netlink_dump_start+0x10c4/0x11d0 [ 246.671023] rtnetlink_rcv_msg+0x141b/0x1540 [ 246.675493] netlink_rcv_skb+0x394/0x640 [ 246.679591] rtnetlink_rcv+0x50/0x60 [ 246.683335] netlink_unicast+0x1699/0x1740 [ 246.687653] netlink_sendmsg+0x13c7/0x1440 [ 246.691918] ___sys_sendmsg+0xe3b/0x1240 [ 246.696004] __se_sys_sendmsg+0x305/0x460 [ 246.700189] __x64_sys_sendmsg+0x4a/0x70 [ 246.704301] do_syscall_64+0xcf/0x110 [ 246.708139] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.713343] [ 246.715000] Uninit was created at: [ 246.718583] kmsan_internal_poison_shadow+0x6d/0x130 [ 246.723717] kmsan_kmalloc+0xa1/0x100 [ 246.727541] __kmalloc+0x14c/0x4d0 [ 246.731124] __dev_mc_add+0x357/0x8a0 [ 246.734951] dev_mc_add+0x6d/0x80 [ 246.738452] igmp_group_added+0x4d4/0xb80 [ 246.742629] __ip_mc_inc_group+0xea9/0xf70 [ 246.746890] ip_mc_up+0x1c3/0x400 [ 246.750370] inetdev_event+0x1d03/0x1d80 [ 246.754474] raw_notifier_call_chain+0x13d/0x240 [ 246.759252] __dev_notify_flags+0x3da/0x860 [ 246.763621] dev_change_flags+0x1ac/0x230 [ 246.767792] do_setlink+0x165f/0x5ea0 [ 246.771615] rtnl_newlink+0x2ad7/0x35a0 [ 246.775664] rtnetlink_rcv_msg+0x1148/0x1540 [ 246.780104] netlink_rcv_skb+0x394/0x640 [ 246.784187] rtnetlink_rcv+0x50/0x60 [ 246.787923] netlink_unicast+0x1699/0x1740 [ 246.792183] netlink_sendmsg+0x13c7/0x1440 [ 246.796443] ___sys_sendmsg+0xe3b/0x1240 [ 246.800538] __se_sys_sendmsg+0x305/0x460 [ 246.804726] __x64_sys_sendmsg+0x4a/0x70 [ 246.808855] do_syscall_64+0xcf/0x110 [ 246.812683] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.817904] [ 246.819553] Bytes 36-37 of 165 are uninitialized [ 246.824336] Memory access of size 165 starts at ffff888180909000 [ 246.830490] Data copied to user address 0000000020000200 [ 246.835950] ================================================================== [ 246.843322] Disabling lock debugging due to kernel taint [ 246.848797] Kernel panic - not syncing: panic_on_warn set ... [ 246.854710] CPU: 0 PID: 8507 Comm: syz-executor3 Tainted: G B 4.20.0-rc3+ #93 [ 246.863313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.872687] Call Trace: [ 246.875330] dump_stack+0x32d/0x480 [ 246.879012] panic+0x624/0xc08 [ 246.882311] kmsan_report+0x300/0x300 [ 246.886159] kmsan_internal_check_memory+0x331/0xa60 [ 246.891334] kmsan_copy_to_user+0x7c/0xe0 [ 246.895536] _copy_to_iter+0x4c0/0x2700 [ 246.899620] skb_copy_datagram_iter+0x4e2/0x1070 [ 246.904476] netlink_recvmsg+0x6f9/0x19d0 [ 246.908713] ? netlink_sendmsg+0x1440/0x1440 [ 246.913166] __sys_recvfrom+0x6d3/0x910 [ 246.917204] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 246.922685] ? prepare_exit_to_usermode+0x182/0x4c0 [ 246.927750] __se_sys_recvfrom+0x111/0x130 [ 246.932048] __x64_sys_recvfrom+0x6e/0x90 [ 246.936232] do_syscall_64+0xcf/0x110 [ 246.940078] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.945301] RIP: 0033:0x457569 [ 246.948523] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.967485] RSP: 002b:00007fee70c9bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 246.975230] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 246.982572] RDX: 00000000000000a5 RSI: 0000000020000200 RDI: 0000000000000005 20:18:19 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000001c0)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x0, 0x0, 0x3014, 0x4000}}) 20:18:19 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000001c0)='/dev/v4l-subdev#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x0, 0x0, 0x3014, 0x4000}}) [ 246.989882] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.997177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee70c9c6d4 [ 247.004468] R13: 00000000004c3941 R14: 00000000004d5e90 R15: 00000000ffffffff [ 247.012737] Kernel Offset: disabled [ 247.016381] Rebooting in 86400 seconds..