[   60.187987] audit: type=1800 audit(1544188102.247:25): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   60.207605] audit: type=1800 audit(1544188102.267:26): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   60.227092] audit: type=1800 audit(1544188102.277:27): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   61.531046] sshd (6617) used greatest stack depth: 54064 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
2018/12/07 13:08:38 fuzzer started
2018/12/07 13:08:43 dialing manager at 10.128.0.26:45691
2018/12/07 13:08:43 syscalls: 1
2018/12/07 13:08:43 code coverage: enabled
2018/12/07 13:08:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/07 13:08:43 setuid sandbox: enabled
2018/12/07 13:08:43 namespace sandbox: enabled
2018/12/07 13:08:43 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/07 13:08:43 fault injection: enabled
2018/12/07 13:08:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/07 13:08:43 net packet injection: enabled
2018/12/07 13:08:43 net device setup: enabled
13:11:05 executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x10000014c)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000500), 0x800)
clock_gettime(0x0, &(0x7f0000000040)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

syzkaller login: [  223.771383] IPVS: ftp: loaded support on port[0] = 21
[  224.737512] ip (6732) used greatest stack depth: 53552 bytes left
[  225.868032] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.874694] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.883583] device bridge_slave_0 entered promiscuous mode
[  226.005275] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.011965] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.020590] device bridge_slave_1 entered promiscuous mode
[  226.142385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  226.266334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  226.643096] bond0: Enslaving bond_slave_0 as an active interface with an up link
13:11:08 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="de75e1fe7d087634b214a3765ba0017995103a08917fc2a1", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)

[  226.768419] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  227.459477] IPVS: ftp: loaded support on port[0] = 21
[  227.663066] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  227.671641] team0: Port device team_slave_0 added
[  227.847803] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  227.856506] team0: Port device team_slave_1 added
[  228.050049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  228.296040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  228.303372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  228.312888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  228.515536] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  228.523277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  228.532603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  228.744307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  228.752182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  228.761501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  230.838937] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.845580] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.854371] device bridge_slave_0 entered promiscuous mode
[  231.033775] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.040325] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.049181] device bridge_slave_1 entered promiscuous mode
[  231.243106] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.249673] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.256931] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.263503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.272853] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  231.303620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  231.542035] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
13:11:13 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f0000000000)="0a5c2d0240316285717070")
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_mtu(r1, 0x29, 0x3, &(0x7f0000000000), 0x4)

[  231.856480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  232.369936] IPVS: ftp: loaded support on port[0] = 21
[  232.375791] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  232.747783] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  232.932090] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  232.939168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  233.166767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  233.173967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  233.997442] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  234.006055] team0: Port device team_slave_0 added
[  234.217371] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  234.226063] team0: Port device team_slave_1 added
[  234.499613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  234.506970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  234.516227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  234.748398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  234.755660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  234.764862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  235.006168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  235.014053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.023348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.293939] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  235.301630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.310877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  236.596764] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.603666] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.612402] device bridge_slave_0 entered promiscuous mode
[  236.927281] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.934070] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.942825] device bridge_slave_1 entered promiscuous mode
[  237.196496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  237.485879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  238.201304] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  238.350490] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.357157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.364402] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.370937] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.380351] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  238.485674] bond0: Enslaving bond_slave_1 as an active interface with an up link
13:11:20 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_create(&(0x7f0000000280)='[\'posix_acl_access\x00', 0x0)
pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000200)=',', 0x1}], 0x1, 0x4081806)
sendfile(r0, r2, 0x0, 0x20020102000007)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
getpgrp(0x0)
write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0)
getpgrp(0x0)
getpid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
sendmsg$NBD_CMD_STATUS(r3, 0x0, 0x0)
recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930000)

[  238.761005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  238.769431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  239.003385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  239.063890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  239.071035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  239.872085] IPVS: ftp: loaded support on port[0] = 21
[  239.996959] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  240.005565] team0: Port device team_slave_0 added
[  240.310360] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  240.319086] team0: Port device team_slave_1 added
[  240.636293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  240.643548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  240.652616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  240.933511] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  240.940629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  240.949559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  241.205947] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  241.213762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  241.223006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  241.520759] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  241.528711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  241.537954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  241.947153] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.160901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  244.286569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  244.293135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  244.301210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  244.839066] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.845753] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.854445] device bridge_slave_0 entered promiscuous mode
[  245.065956] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.072600] bridge0: port 2(bridge_slave_1) entered forwarding state
[  245.079704] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.086440] bridge0: port 1(bridge_slave_0) entered forwarding state
[  245.095926] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  245.203555] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.210091] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.219399] device bridge_slave_1 entered promiscuous mode
[  245.301919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  245.436650] 8021q: adding VLAN 0 to HW filter on device team0
[  245.575769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  245.878786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  246.770224] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  247.107107] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  247.493709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  247.500841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  247.714974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  247.722209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
13:11:30 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "a77760f5a7645bc43c241d699100000000c221723ad4bdf9dc2c1a2d98de7ba4987a05000000ce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a17900"}, 0xd8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6)
write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd)

[  248.618721] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  248.627363] team0: Port device team_slave_0 added
[  248.939418] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  248.948286] team0: Port device team_slave_1 added
[  249.307407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  249.314704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  249.323900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  249.727846] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  249.735193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  249.744333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  249.859064] IPVS: ftp: loaded support on port[0] = 21
[  250.155899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  250.163719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  250.172987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  250.552648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  250.560331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  250.569653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  251.327580] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.452418] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  253.362294] binder: 7420:7422 ioctl 40086602 0 returned -22
[  253.839049] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  253.845666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  253.854734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  254.134267] binder: 7420:7444 ioctl 40086602 0 returned -22
13:11:36 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}], 0x10)
writev(r0, &(0x7f0000002600)=[{&(0x7f0000000040)='W', 0x1}], 0x1)

[  254.715118] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.721838] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.728899] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.735479] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.744262] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  254.852817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
13:11:36 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}], 0x10)
writev(r0, &(0x7f0000002600)=[{&(0x7f0000000040)='W', 0x1}], 0x1)

[  255.233091] 8021q: adding VLAN 0 to HW filter on device team0
13:11:37 executing program 0:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1000000000005, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
unshare(0x400)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
r2 = socket$key(0xf, 0x3, 0x2)
fgetxattr(r2, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000100)=""/76, 0x4c)

13:11:37 executing program 0:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1000000000005, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
unshare(0x400)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
r2 = socket$key(0xf, 0x3, 0x2)
fgetxattr(r2, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000100)=""/76, 0x4c)

[  256.296427] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.303082] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.311939] device bridge_slave_0 entered promiscuous mode
13:11:38 executing program 0:
setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000080), 0x4)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x48000, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB="85000000896b2388b5c734e5817d9c89dfcd91710ff684238c40410dcbbdb7e35c71dabd60517c5709473f5f474407396665c1a90083456533795661ca57aa406711abfeb834ea724511afbc65d246877e1817166427ebed711a97550dc43ca8a81f5cd006cf5ce74c0874eec61ef6ce1bd24855a34c35b1307ad08b8cfb4dd42df271000000000000000e5e089df341e777cb7fe605a43939067081caf41a5779557bf070a7c81a303733815aab0fc745407bb7a48ed1a0fc6af0f19e65b6feaf9a75d01a7ee0bf88e1c1b37bc60e3e4b30316cd17dc6609890adc5cffce612ed34b8463281d6bd89b8f4eca55cf2cbb7bc946bf99a91bbe12027b1417b00a9e179ac4085be2901f0f2f9689da714b2f49e24508bfe8f5ceaeaba81077a73d9277128e5d1c8de7d47e7128f7adee525985135893c323a327ddc6073fc6eb39c4e8a8cc0ed387fe06e5ad5061d3111ac662e163ffe"], &(0x7f00000000c0)=0x8d)

13:11:38 executing program 0:
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x82c00, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x400, 0x112, r0, 0x0)
r1 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x4000, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x2)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040))
r3 = dup(r1)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000100)={0x1, 'dummy0\x00', 0x2}, 0x18)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0305710, &(0x7f00000000c0)={0x1, 0x8001, 0x81a, 0x6})
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000180))

[  256.637994] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.644794] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.653604] device bridge_slave_1 entered promiscuous mode
[  257.007824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
13:11:39 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x400)
getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000000000)=""/3, &(0x7f0000000100)=0x3)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000080), 0x4)
r2 = semget(0x0, 0x0, 0x530)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f00000000c0)=[0x23ed])

[  257.399007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
13:11:39 executing program 0:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket(0x11, 0x80002, 0x7)
bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
socket$inet_sctp(0x2, 0x5, 0x84)
fcntl$setstatus(r0, 0x4, 0x2800)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000942000)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10)

[  257.744045] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  258.542743] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  258.878416] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  259.173565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  259.180658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  259.546135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  259.553467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  259.964389] 8021q: adding VLAN 0 to HW filter on device bond0
[  260.231026] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  260.239770] team0: Port device team_slave_0 added
[  260.548188] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  260.556830] team0: Port device team_slave_1 added
[  260.771345] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  260.779824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  260.788920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  261.018188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  261.048069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  261.055320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  261.064244] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  261.327122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  261.334986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  261.344314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  261.660723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  261.668626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  261.677788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  261.901452] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  261.907989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  261.916132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
13:11:44 executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='pagemap\x00')
exit(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_open_procfs(0x0, &(0x7f0000000080)='fd/3\x00')

[  262.909593] 8021q: adding VLAN 0 to HW filter on device team0
[  264.124009] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.130560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.137832] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.144429] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.153336] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  264.160395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  265.491291] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.087263] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  266.762257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  266.768720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  266.776941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  267.438246] 8021q: adding VLAN 0 to HW filter on device team0
13:11:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2d, &(0x7f0000000140)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108)

[  270.450446] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.919493] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  271.410613] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  271.417323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  271.425588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  271.923331] 8021q: adding VLAN 0 to HW filter on device team0
13:11:56 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_create(&(0x7f0000000280)='[\'posix_acl_access\x00', 0x0)
pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000200)=',', 0x1}], 0x1, 0x4081806)
sendfile(r0, r2, 0x0, 0x20020102000007)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
getpgrp(0x0)
write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0)
getpgrp(0x0)
getpid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
sendmsg$NBD_CMD_STATUS(r3, 0x0, 0x0)
recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930000)

13:11:57 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "a77760f5a7645bc43c241d699100000000c221723ad4bdf9dc2c1a2d98de7ba4987a05000000ce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a17900"}, 0xd8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6)
write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd)

13:11:57 executing program 0:
mmap(&(0x7f000009d000/0x6000)=nil, 0x6000, 0x0, 0x400071, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1b)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0)
r0 = request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)=',systemkeyring\x00', 0xfffffffffffffffb)
add_key(&(0x7f0000000200)='blacklist\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)="1a92284e71b5e1105de2dd7aeac8c7a4b97c1f5a9152f1fa787c101777ce60494baa4d342cb0ab809b00bd6064cd1167587694e657a8252ef73bf25637bebc7f8091e72b33f618c3cab7c6451344e13145430a0942076895cbb9fa9237590d2e8d8e15f5d0f723e46a1629d30b06bddb1b6b8b7f215dadc8204e501212aae84f5d1cdeb381940ffc1c1af8b0aaf5f589a5a850d40536b714cb0c4dcabc10a2c8a8c02364ef7c1ca6491b9e059a9c131723062dde596d9144172b2120e7b4c7da91bcbdabc7fe697a270eff8ebbfcf48e12297f328a027c9f3825ab166fcf6fdc22ea8b212422cd", 0xe7, r0)
add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="d9cbc5bbfbcd3fb9e8332fbf9258684ac59c42bcac86b598ad16caf24620e838fd0fbd5959c0479ae58b2a770a94bfa1ef85bd72028f3575450290e58f7dad2b81f935962ba2c58b71735fedf1d508b75c5c780da263af018bf72a44bae0f22f515829592b7596cd3777dfaf939e53636d686c9f68a29fb398acdfa88a69e52f9de358129a83ad6226b307161502048a6e6a10b35c29b0f0f5f2cf04a0c6c6ad3e350fa65e2f1bad8bbbb78e63b55cbbf53bf5", 0xb3, r0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f00004aa000/0x4000)=nil, 0x3)

13:11:57 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x5, 0x1000000000000914, 0x4000000005}, 0x38)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xd, 0x81, 0x4, 0x4, 0x0, r1}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000240), 0x0, 0x2}, 0x20)

13:11:57 executing program 5:
r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6c, 0x8000)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000080)={0x0, 0x498, 0x5, &(0x7f0000000040)=0xaf08})
r1 = getpgrp(0xffffffffffffffff)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@dev}}, &(0x7f0000000340)=0xe8)
getresgid(&(0x7f0000000380), &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000400))
r4 = fcntl$getown(r0, 0x9)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, <r5=>0x0}, &(0x7f0000000480)=0xc)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000580)=<r7=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000005c0)={0x0, <r8=>0x0}, &(0x7f0000000600)=0xc)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000640)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000680)=0xc)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$unix(r0, &(0x7f00000007c0)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000140)="c2200d6c9967b4e0a6577d47b558ec4123341fc32d3bfcf5214bdee7e8be074d1bc689c6cc2f56f06c786cd58c382fe6dffa50665c9ce474f4148c4c7f298e6d7f6fc7804b2cba258c51a5ed0baf4afb8aeaadd39c812b6b0e8ecbbd885751ac3cb7fe04", 0x64}, {&(0x7f00000001c0)="170cd64fb8d602863caf24501ffb262459c5e3a780df237017894ff3c4c678597f3a6e72e2", 0x25}], 0x2, &(0x7f00000006c0)=[@rights={0x18, 0x1, 0x1, [r0, r0]}, @rights={0x30, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}, @cred={0x20, 0x1, 0x2, r1, r2, r3}, @cred={0x20, 0x1, 0x2, r4, r5, r6}, @cred={0x20, 0x1, 0x2, r7, r8, r9}, @rights={0x30, 0x1, 0x1, [r0, r0, r0, r0, r0, r10, r0]}], 0xf0}, 0x20000010)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000800)={'TPROXY\x00'}, &(0x7f0000000840)=0x1e)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000880)=0x7, 0x4)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000008c0)={'ip6gretap0\x00', {0x2, 0x4e23, @multicast1}})
prctl$PR_SET_UNALIGN(0x6, 0x1)
write$eventfd(r0, &(0x7f0000000900), 0x8)
arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0xffffffff)
getresgid(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0))
ioctl$FS_IOC_FSGETXATTR(r10, 0x801c581f, &(0x7f0000000a00)={0x5, 0x8, 0x2, 0x2, 0x7})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000a40)={<r11=>0x0, 0x0, 0xfffffffffffffffd})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000a80)={r11, 0x0, 0x3})
ioctl$VT_RELDISP(r0, 0x5605)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r10, 0x400c6615, &(0x7f0000000ac0))
getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000b00), &(0x7f0000000b40)=0x8)
timer_create(0x3, &(0x7f0000000b80)={0x0, 0x18, 0x4, @tid=r1}, &(0x7f0000000bc0))
arch_prctl$ARCH_SET_GS(0x1001, 0x8)
ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000000c00)=""/118)
pselect6(0x40, &(0x7f0000000c80)={0xfffffffffffffeff, 0x6, 0x1, 0x39e, 0x18b, 0x8000, 0x81, 0x3f}, &(0x7f0000000cc0)={0x0, 0x8, 0x3, 0xfffffffeffffffff, 0x7, 0x9, 0x4, 0x10001}, &(0x7f0000000d00)={0x8, 0x7fff, 0x1, 0x8, 0x1, 0x8, 0x5, 0x57c7f6e5}, &(0x7f0000000d40)={0x77359400}, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x80000001}, 0x8})

13:11:57 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x100, @remote}, 0x1c)

13:11:57 executing program 0:
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "a77760f5a7645bc43c241d699100000000c221723ad4bdf9dc2c1a2d98de7ba4987a05000000ce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a17900"}, 0xd8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6)
write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd)

13:11:57 executing program 1:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000003c0))

13:11:57 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000dc9ff0)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
getpgrp(0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x4007ffd, 0x0, 0x0)

[  275.721925] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
13:11:57 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0xfffffffffffffffd, 0x100000001})
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
r1 = getpid()
rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000180))
ptrace(0x10, r1)
ptrace$poke(0x4209, r1, &(0x7f00000000c0), 0x710000)

13:11:58 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_create(&(0x7f0000000280)='[\'posix_acl_access\x00', 0x0)
pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000200)=',', 0x1}], 0x1, 0x4081806)
sendfile(r0, r2, 0x0, 0x20020102000007)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
getpgrp(0x0)
write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0)
getpgrp(0x0)
getpid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
sendmsg$NBD_CMD_STATUS(r3, 0x0, 0x0)
recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930000)

[  276.043240] ==================================================================
[  276.050692] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1a4/0x250
[  276.057222] CPU: 1 PID: 8109 Comm: syz-executor1 Not tainted 4.20.0-rc5+ #110
[  276.064506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.073962] Call Trace:
[  276.076581]  dump_stack+0x32d/0x480
[  276.080232]  ? _copy_to_user+0x1a4/0x250
[  276.084326]  kmsan_report+0x12d/0x290
[  276.088161]  kmsan_internal_check_memory+0x514/0xa50
[  276.093292]  ? do_page_fault+0x7c/0xc0
[  276.097217]  kmsan_copy_to_user+0x8d/0xa0
[  276.101388]  _copy_to_user+0x1a4/0x250
[  276.105314]  copy_siginfo_to_user+0x80/0x160
[  276.109755]  ptrace_request+0x2421/0x2860
[  276.113933]  ? __msan_poison_alloca+0x1e0/0x270
[  276.118627]  ? arch_ptrace+0x89/0x1000
[  276.122539]  ? __se_sys_ptrace+0x463/0x990
[  276.126804]  arch_ptrace+0xa4a/0x1000
[  276.130640]  __se_sys_ptrace+0x463/0x990
[  276.134746]  __x64_sys_ptrace+0x56/0x70
[  276.138742]  do_syscall_64+0xcd/0x110
[  276.142570]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  276.147775] RIP: 0033:0x457569
[  276.150988] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  276.169908] RSP: 002b:00007f616b3fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  276.177646] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569
[  276.184939] RDX: 00000000200000c0 RSI: 000000000000010d RDI: 0000000000004209
[  276.192242] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  276.200008] R10: 0000000000710000 R11: 0000000000000246 R12: 00007f616b3fd6d4
[  276.207294] R13: 00000000004c3882 R14: 00000000004d5b40 R15: 00000000ffffffff
[  276.214591] 
[  276.216225] Local variable description: ----kiov@ptrace_request
[  276.222283] Variable was created at:
[  276.226022]  ptrace_request+0x194/0x2860
[  276.230103]  arch_ptrace+0xa4a/0x1000
[  276.233903] 
[  276.235543] Bytes 0-15 of 48 are uninitialized
[  276.240147] Memory access of size 48 starts at ffff88816f5cfd60
[  276.246219] Data copied to user address 0000000000710000
[  276.251671] ==================================================================
[  276.259045] Disabling lock debugging due to kernel taint
[  276.264505] Kernel panic - not syncing: panic_on_warn set ...
[  276.270584] CPU: 1 PID: 8109 Comm: syz-executor1 Tainted: G    B             4.20.0-rc5+ #110
[  276.279253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.288630] Call Trace:
[  276.291243]  dump_stack+0x32d/0x480
[  276.294900]  panic+0x5db/0xbb8
[  276.298145]  kmsan_report+0x290/0x290
[  276.301975]  kmsan_internal_check_memory+0x514/0xa50
[  276.307094]  ? do_page_fault+0x7c/0xc0
[  276.311025]  kmsan_copy_to_user+0x8d/0xa0
[  276.315226]  _copy_to_user+0x1a4/0x250
[  276.319147]  copy_siginfo_to_user+0x80/0x160
[  276.323589]  ptrace_request+0x2421/0x2860
[  276.327770]  ? __msan_poison_alloca+0x1e0/0x270
[  276.332465]  ? arch_ptrace+0x89/0x1000
[  276.336383]  ? __se_sys_ptrace+0x463/0x990
[  276.340643]  arch_ptrace+0xa4a/0x1000
[  276.344487]  __se_sys_ptrace+0x463/0x990
[  276.348590]  __x64_sys_ptrace+0x56/0x70
[  276.352591]  do_syscall_64+0xcd/0x110
[  276.356419]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  276.361624] RIP: 0033:0x457569
[  276.364838] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  276.383756] RSP: 002b:00007f616b3fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  276.391484] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569
[  276.398768] RDX: 00000000200000c0 RSI: 000000000000010d RDI: 0000000000004209
[  276.406068] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  276.413350] R10: 0000000000710000 R11: 0000000000000246 R12: 00007f616b3fd6d4
[  276.420635] R13: 00000000004c3882 R14: 00000000004d5b40 R15: 00000000ffffffff
[  276.429275] Kernel Offset: disabled
[  276.432916] Rebooting in 86400 seconds..