[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.044419][ T26] audit: type=1800 audit(1556678367.255:25): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.081980][ T26] audit: type=1800 audit(1556678367.255:26): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.107453][ T26] audit: type=1800 audit(1556678367.255:27): pid=7638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. 2019/05/01 02:39:38 fuzzer started 2019/05/01 02:39:41 dialing manager at 10.128.0.26:34869 2019/05/01 02:39:41 syscalls: 2440 2019/05/01 02:39:41 code coverage: enabled 2019/05/01 02:39:41 comparison tracing: enabled 2019/05/01 02:39:41 extra coverage: extra coverage is not supported by the kernel 2019/05/01 02:39:41 setuid sandbox: enabled 2019/05/01 02:39:41 namespace sandbox: enabled 2019/05/01 02:39:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/01 02:39:41 fault injection: enabled 2019/05/01 02:39:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/01 02:39:41 net packet injection: enabled 2019/05/01 02:39:41 net device setup: enabled 02:41:06 executing program 0: r0 = semget(0x0, 0x3, 0x412) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x800, @remote}, 0x1c) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) add_key(&(0x7f00000006c0)='rxrpc\x00', &(0x7f0000000700)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000a80)={0x6, {{0x2, 0x4e20, @multicast2}}, {{0x2, 0x4e24, @initdev}}}, 0x108) shmat(r0, &(0x7f0000ffa000/0x4000)=nil, 0x0) syzkaller login: [ 137.738111][ T7804] IPVS: ftp: loaded support on port[0] = 21 02:41:07 executing program 1: pause() syz_execute_func(&(0x7f00000003c0)="660f3a60af00000000954a2be94535e7000000980f053ef3aec4a37bf0c50341e2e9064598282142dc33660f1158469249f7dec461dc55172525000e8145dd99adbe76b290c5c083497c34c402cccc67f30f52a601000000c462b99e3d1ce647ed0a0a952e6d3fc21d9053c7ab8636331f6543c2d9c44145d40ca33f7a595d438f34b267f3e668b4b421f5758a03000000564105ba16f2aed3a69a62b16616286c6c0ff2f0458733c402795912c40195dda70000002030e4a2b300b1500909660fc5d7660f7e8ceb18a525f0e949609a567be4816185590000008248db350f352ec701530000e490b0b040db3e1400e4260fe88c4200000000c230ca0ff4fcc4c2cb8b4b0505c421a9fda2e5003666450ffcdb470f2cffee0468070faf34961515660fc20500d0000003263666440f5530d8002e44abc4a1025deef243a5660fd9d20c0ce42ec4a17c1002970678260f38c9bb0f0000008374fb0a07c40155f64e06f247acc0d53323d5332395e96a21b66bd182ebf062e3204be32043910002f20f5f3347cc47cc66430f38f6de389f9f060f0f2ef246e16d660f594802d8fbc9c4a1fc5a6e86663e41a5df") [ 137.856389][ T7804] chnl_net:caif_netlink_parms(): no params data found [ 137.947032][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.964818][ T7804] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.973287][ T7804] device bridge_slave_0 entered promiscuous mode [ 137.983538][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.004816][ T7804] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.023271][ T7804] device bridge_slave_1 entered promiscuous mode [ 138.049686][ T7804] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 138.060483][ T7804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 138.088840][ T7804] team0: Port device team_slave_0 added 02:41:07 executing program 2: pause() syz_execute_func(&(0x7f0000001100)="660f3a60af00000000954a2be94535e7000000980f053ef3aec4a37bf0c50341e2e9064598c4417a2d58d442dc33660f1158469249f7dec461dc55b1e617f344306e008181d78890c5c083497c34c42e67660fe9da664c0f3a6052729acc1894cc180f52a60100f343aac462b99e3d1ce647ed0a0a6566430f381d7b00009532f6c4613fc21d9053c7ab8636331f6543c2d9d97dbf3f7a595d438f34b267f36ab4c421f5758a03000000564105ba16f2aed3a6da62216616286c6c0ff2f0458733c402795912c40195dda70000002030e4a2b300b15009090fc5d709e9e949609a56c456d59e7a17a1ec823bb8e7d6d6828248db350f352ec7c100000000f5c4e3490a5aa958d7b0b0660f38de8e85e1f3261400e4260fe88c4200000000c4a161593ac41026c17d6fad000880418041cbf54b0502c421a9fda2e5003666450ffcdb0000ee0468070faf34961515df7ac20500d00000032664642e66460f3a0983765feb2c01d800470f1310c4a1025deebc43a5660fd9d20c0ce42ea17c1002970678260f38c9bb0f0000008374fb0a07c40155f64e06f247acc0d53323d5332395e96a21b66b67420f18d9204be32043910002660f71e0016e4c47cc66430f38f6de389f9f060f0f2ef246e16d660f594802d8fa8ecbc4a1fcfc6e86663e41a5df") [ 138.096549][ T7804] team0: Port device team_slave_1 added [ 138.100072][ T7807] IPVS: ftp: loaded support on port[0] = 21 [ 138.157937][ T7804] device hsr_slave_0 entered promiscuous mode [ 138.195100][ T7804] device hsr_slave_1 entered promiscuous mode [ 138.277593][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.284905][ T7804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.292716][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.299872][ T7804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.310993][ T7809] IPVS: ftp: loaded support on port[0] = 21 02:41:07 executing program 3: pause() syz_execute_func(&(0x7f0000000b40)="660f3a60af00000000954a2be94535e7000000980f053ef3aec4a37bf0c50341e2e9064598c4417a2d58d442dc33660f1158469249f7dec461dc55b1e61775a38181d78890c5c083497c34c4021394cc1894cc180f52a601000000c462b99e3d1ce647ed0a0a6566430f381d7b00009532f6c4613fc21d9053c7ab86331f43c25299d9d97dbf3f7a595d438d3467f36ab4c421f5758a03000000564105ba16f2aed3a69a62b16616286c6c0ff2f0458733c402795912c40195dda70000002030e4a2b300b15009090fc5d709e9e949609a567be4a1ec823bb8e7d6d68282430f957b00c10000f0461908f5c4e3490a5aa95890b0b0660f38de8e85e1f326e4260fe88c4200000000c4e161593ac4c17d6fad00088041c4c2cbf54b0502c421a9fda2e5003666450ffcdb0000ee0468070faf34961515df7ac20500d000000326c4c27d306700d800d800c4a1025deebc43a5660fd9d20c0ce42ea17c1002970678260f38c9bb0f0000008374fb0a07c40155f64e06f247acc0d53323d5332395e96a21b66b67420f18d9204be32043910002660f71e0016e4c47cc66430f38f6de389f9f060f0f2ef246e16d660f594802d86a8ecb8fa98895ed663e41a5df") [ 138.437229][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.472144][ T7804] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.481473][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.493356][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.513720][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.537219][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 138.582169][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.591818][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.598961][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.608148][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.617232][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.624336][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.709960][ T7809] chnl_net:caif_netlink_parms(): no params data found [ 138.722229][ T7813] IPVS: ftp: loaded support on port[0] = 21 [ 138.734339][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.751867][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 02:41:08 executing program 4: clone(0xbffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000240)="c4e3f9614832074a2be93693980f05460f4ae8c4a37bf0c50141e2e9400f189841ca00002726fa68660f8fc97cc61ba163796379450de29c39c50000f047a2c1a87a520000c461dc55b1e62500008182b00080008080e285f3d9f7fbcdcd0f189700000000c4e2090229c54de90d07e82c719c6466dbca0ba156a1563e533df500c443d9497dbf59f0d234f60f3434b2b2fb4cb446c4224d797df8b6ebeb0536dee16800000100400f0f298ac40293a3130966c4a13915715f8f69601656d7138713877474d8d8a1de2ad764b5c1c4213a5fc040dcfec00f383b7d0f12e401f4e39bc422014727ca30ca2f842a2a434d7969654af0808a0080000003e27d19d1660f38298f000000008a2fc4817d5b8cd0c43400008fe978cb5ae2f92e28c45e3aa07ae6423095c3d8c4c3c472a2fd216100000c64e42e4b160bdddd0606c401657d699c7adbe86bc4637d19a6d5b973e85866cc1b5400664c1b7f7ff0e547c463791422b236f30f2d041f1f0fab0e0077aeae66470fec8a1d340282f1eb2759cd424201c2c4623d409a6ed70000ed36660f38058b97610d928fa878c0250000000064c403716accb33b80c74382004d8bcaf0caf066c4e3cd4087c18a00001c2666f30fa00f65002d0800000030f9646466f3f0428090ae60000000580e6190073b06c442b9aa8ef9af07b5c4e1fc2bb000a9bb000042c4f2456cd147473636a6") [ 138.787908][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.808092][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.843705][ T7807] chnl_net:caif_netlink_parms(): no params data found [ 138.928471][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.945463][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.960551][ T7804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.978484][ T7809] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.985938][ T7809] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.994060][ T7809] device bridge_slave_0 entered promiscuous mode [ 139.026232][ T7817] IPVS: ftp: loaded support on port[0] = 21 [ 139.045107][ T7809] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.052377][ T7809] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.064059][ T7809] device bridge_slave_1 entered promiscuous mode [ 139.104507][ T7804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.150798][ T7807] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.159449][ T7807] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.175882][ T7807] device bridge_slave_0 entered promiscuous mode [ 139.185788][ T7809] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:41:08 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0x4, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f00000002c0)=0xe8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001100)={{{@in=@multicast2, @in6=@ipv4={[], [], @broadcast}}}, {{@in6}, 0x0, @in=@broadcast}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000940)}], 0x1, 0x0, 0x0, 0x14}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000480)={0x1, [0x0]}, &(0x7f00000004c0)=0x8) ioctl$EVIOCSFF(r3, 0x402c4580, &(0x7f0000000f40)={0x55, 0x5, 0x4, {0x0, 0x5}, {0x8000, 0x5}, @const={0xffffffffffffff81, {0xfffffffffffffffc, 0x53, 0x9, 0x39a5fe91}}}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f0000000900)='trusted.overlay.nlink\x00', &(0x7f00000008c0)={'L-', 0xfffffffffffff000}, 0x28, 0x2) sendmsg$kcm(r3, &(0x7f0000000980)={&(0x7f0000000840)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @rand_addr=0x894}}, 0x80, 0x0}, 0x80) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[]}}, 0x24000800) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000500)={0x84, @rand_addr, 0x0, 0x0, 'mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 '}, 0x2c) poll(&(0x7f0000000440)=[{r5}, {0xffffffffffffffff, 0x40000}], 0x2, 0x3ff) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0}) sysfs$1(0x1, &(0x7f0000000140)='mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 ') fsetxattr$security_capability(r2, &(0x7f0000000940)='security.capability\x00', &(0x7f00000009c0)=@v1={0x1000000, [{0x1851e26e}]}, 0xc, 0x2) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) mkdirat(r3, &(0x7f0000000180)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000540)) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) ioctl$RTC_WIE_OFF(r3, 0x7010) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 139.224111][ T7807] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.231464][ T7807] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.240024][ T7807] device bridge_slave_1 entered promiscuous mode [ 139.265234][ T7809] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.316435][ T7809] team0: Port device team_slave_0 added [ 139.336607][ T7809] team0: Port device team_slave_1 added [ 139.350679][ T7807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.427934][ T7809] device hsr_slave_0 entered promiscuous mode [ 139.485164][ T7809] device hsr_slave_1 entered promiscuous mode 02:41:08 executing program 0: ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 139.582854][ T7807] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.652953][ T7809] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.658981][ T7831] binder: 7830:7831 transaction failed 29189/-22, size 24-8 line 2995 [ 139.660104][ T7809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.670237][ T3686] binder: undelivered TRANSACTION_ERROR: 29189 [ 139.675702][ T7809] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.686016][ T7832] binder: 7830:7832 transaction failed 29189/-22, size 24-8 line 2995 02:41:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) r1 = dup(r0) write$binfmt_aout(r1, &(0x7f0000000280), 0x20) write$P9_RSTAT(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="59000000941f0000005200000000000000000000000100000000000000000000000000000000000000206fcfda87adfdcf7f0108cf77e6e220b84cc064c933edc91a3c7d870cca4a75bcf4404598b07d7a9c1b9995fac0770736749a8913b33fd06d0eaa0470f847fb7c21d5dc54312a4c2378489780eeb5eaf67ee9edce65510e19333fb7a7d22dd75bf482623c4f9f3ccf0a194f82a245785a9c43ce4670d099368e108dfbd90c"], 0xa8) [ 139.688996][ T7809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.704873][ T3686] binder: undelivered TRANSACTION_ERROR: 29189 [ 139.755270][ T7807] team0: Port device team_slave_0 added [ 139.770168][ T7807] team0: Port device team_slave_1 added [ 139.777257][ T7835] sg_write: data in/out 8048/126 bytes for SCSI command 0x0-- guessing data in; [ 139.777257][ T7835] program syz-executor.0 not setting count and/or reply_len properly [ 139.786246][ T7823] IPVS: ftp: loaded support on port[0] = 21 02:41:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x1000000077, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x8090ae81, &(0x7f0000000040)) [ 139.808065][ T7813] chnl_net:caif_netlink_parms(): no params data found [ 139.883728][ T7840] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 139.914094][ T3686] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.930620][ T3686] bridge0: port 2(bridge_slave_1) entered disabled state 02:41:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x1000000077, 0x0, [0x4b564d03, 0x1]}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x8090ae81, &(0x7f0000000040)) [ 140.043513][ T7817] chnl_net:caif_netlink_parms(): no params data found [ 140.061297][ T7813] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.071738][ T7813] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.080420][ T7813] device bridge_slave_0 entered promiscuous mode [ 140.127987][ T7807] device hsr_slave_0 entered promiscuous mode [ 140.165990][ T7807] device hsr_slave_1 entered promiscuous mode [ 140.199217][ T7809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.222878][ T7813] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.231861][ T7813] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.241008][ T7813] device bridge_slave_1 entered promiscuous mode [ 140.258747][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.266758][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:41:09 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x80000) [ 140.301888][ T7809] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.358686][ T7817] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.366548][ T7817] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.374289][ T7817] device bridge_slave_0 entered promiscuous mode [ 140.391922][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 02:41:09 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x80000) [ 140.401996][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.411230][ T3680] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.418390][ T3680] bridge0: port 1(bridge_slave_0) entered forwarding state 02:41:09 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x80000) [ 140.459118][ T7817] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.473588][ T7817] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.481812][ T7817] device bridge_slave_1 entered promiscuous mode [ 140.496207][ T7813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.552711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.565024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.573619][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.580761][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.588995][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.623175][ T7813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.649861][ T7817] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.660899][ T7817] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.692400][ T7813] team0: Port device team_slave_0 added [ 140.709280][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.718291][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.726957][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.744195][ T7809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 140.756286][ T7809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 140.768447][ T7823] chnl_net:caif_netlink_parms(): no params data found [ 140.790392][ T7813] team0: Port device team_slave_1 added [ 140.802959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.811056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.820470][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.828948][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.837600][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.846488][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.854841][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.863325][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.888455][ T7817] team0: Port device team_slave_0 added [ 140.902311][ T7817] team0: Port device team_slave_1 added [ 140.996677][ T7817] device hsr_slave_0 entered promiscuous mode [ 141.055329][ T7817] device hsr_slave_1 entered promiscuous mode [ 141.124159][ T7823] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.132275][ T7823] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.141063][ T7823] device bridge_slave_0 entered promiscuous mode [ 141.176622][ T7813] device hsr_slave_0 entered promiscuous mode [ 141.215581][ T7813] device hsr_slave_1 entered promiscuous mode [ 141.270657][ T7809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.279765][ T7823] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.292507][ T7823] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.305933][ T7823] device bridge_slave_1 entered promiscuous mode [ 141.350137][ T7807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.387069][ T7823] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.413027][ T7817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.429968][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.437920][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.447862][ T7823] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 141.458988][ T7807] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.494345][ T7817] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.525145][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.533529][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.543569][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.553297][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.562967][ T3680] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.570071][ T3680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.578745][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.595340][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.604426][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.620139][ T3686] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.627452][ T3686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.638645][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.647645][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.659182][ T3686] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.666458][ T3686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.684404][ T7823] team0: Port device team_slave_0 added [ 141.699288][ T7823] team0: Port device team_slave_1 added [ 141.728950][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.737051][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.746104][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.754867][ T3686] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.761920][ T3686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.770210][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.778826][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.838341][ T7823] device hsr_slave_0 entered promiscuous mode [ 141.895520][ T7823] device hsr_slave_1 entered promiscuous mode [ 141.942032][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.950719][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.959994][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.971118][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.979922][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.989231][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.998310][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.006304][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.029703][ T7813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.037567][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.046413][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.054791][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.063006][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.071570][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.080043][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.088494][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.097282][ T7811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.128951][ T7817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.137967][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.150425][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.158991][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.168298][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.177344][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.185429][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.194075][ T7807] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.207630][ T7813] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.233794][ T7817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.263143][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.273369][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.282478][ T3680] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.289613][ T3680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.313903][ T7807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.323070][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 142.331929][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.341072][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.351142][ T3686] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.358285][ T3686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.384604][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.398143][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.432083][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.463455][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.481148][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.490803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.504108][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.513022][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.525796][ T7823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.544128][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.556804][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.567532][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.568110][ T7881] mmap: syz-executor.4 (7881) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 142.597208][ T7813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.605748][ T7864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.613706][ T7864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.625855][ T7823] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.651997][ T7864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.663614][ T7864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.672735][ T7864] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.679915][ T7864] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.707924][ T7813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.727831][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 142.738869][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.764546][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.774509][ T3686] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.781632][ T3686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.790345][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.799260][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.820363][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.830076][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.844237][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.852976][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.865134][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.887512][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.896614][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.905616][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.914131][ T3680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.933888][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.990378][ T7823] 8021q: adding VLAN 0 to HW filter on device batadv0 02:41:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() socket$inet(0x2, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x12) wait4(0x0, 0x0, 0x0, 0x0) 02:41:12 executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x80000) 02:41:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x4020011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f00000009c0)}) 02:41:13 executing program 2: ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x0, 0x0, 0x5, 0x0, 0x0, "1be8d3ad9eb0330da25c6cc480a710f0382ad6"}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec7) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:41:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 02:41:13 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0x4, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f00000002c0)=0xe8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001100)={{{@in=@multicast2, @in6=@ipv4={[], [], @broadcast}}}, {{@in6}, 0x0, @in=@broadcast}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000940)}], 0x1, 0x0, 0x0, 0x14}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000480)={0x1, [0x0]}, &(0x7f00000004c0)=0x8) ioctl$EVIOCSFF(r3, 0x402c4580, &(0x7f0000000f40)={0x55, 0x5, 0x4, {0x0, 0x5}, {0x8000, 0x5}, @const={0xffffffffffffff81, {0xfffffffffffffffc, 0x53, 0x9, 0x39a5fe91}}}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f0000000900)='trusted.overlay.nlink\x00', &(0x7f00000008c0)={'L-', 0xfffffffffffff000}, 0x28, 0x2) sendmsg$kcm(r3, &(0x7f0000000980)={&(0x7f0000000840)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @rand_addr=0x894}}, 0x80, 0x0}, 0x80) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[]}}, 0x24000800) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000500)={0x84, @rand_addr, 0x0, 0x0, 'mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 '}, 0x2c) poll(&(0x7f0000000440)=[{r5}, {0xffffffffffffffff, 0x40000}], 0x2, 0x3ff) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0}) sysfs$1(0x1, &(0x7f0000000140)='mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 ') fsetxattr$security_capability(r2, &(0x7f0000000940)='security.capability\x00', &(0x7f00000009c0)=@v1={0x1000000, [{0x1851e26e}]}, 0xc, 0x2) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) mkdirat(r3, &(0x7f0000000180)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000540)) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) ioctl$RTC_WIE_OFF(r3, 0x7010) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 02:41:13 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002780)=[@assoc={0x18, 0x29, 0x3b}], 0x18}], 0x3ad, 0x0) 02:41:13 executing program 1: r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002780)=[@assoc={0x18, 0x29, 0x3}], 0x18}], 0x3ad, 0x0) [ 143.861361][ T7924] binder: 7923:7924 transaction failed 29189/-22, size 24-8 line 2995 [ 143.876790][ C1] hrtimer: interrupt took 26810 ns 02:41:13 executing program 1: r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002780)=[@assoc={0x18, 0x29, 0x3}], 0x18}], 0x3ad, 0x0) [ 143.905122][ T7935] binder: 7933:7935 ioctl c018620b 0 returned -14 [ 143.932062][ T7937] binder: 7923:7937 transaction failed 29189/-22, size 24-8 line 2995 02:41:13 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002780)=[@assoc={0x18, 0x29, 0x3b}], 0x18}], 0x3ad, 0x0) 02:41:13 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0x4, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f00000002c0)=0xe8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001100)={{{@in=@multicast2, @in6=@ipv4={[], [], @broadcast}}}, {{@in6}, 0x0, @in=@broadcast}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000940)}], 0x1, 0x0, 0x0, 0x14}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000480)={0x1, [0x0]}, &(0x7f00000004c0)=0x8) ioctl$EVIOCSFF(r3, 0x402c4580, &(0x7f0000000f40)={0x55, 0x5, 0x4, {0x0, 0x5}, {0x8000, 0x5}, @const={0xffffffffffffff81, {0xfffffffffffffffc, 0x53, 0x9, 0x39a5fe91}}}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f0000000900)='trusted.overlay.nlink\x00', &(0x7f00000008c0)={'L-', 0xfffffffffffff000}, 0x28, 0x2) sendmsg$kcm(r3, &(0x7f0000000980)={&(0x7f0000000840)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @rand_addr=0x894}}, 0x80, 0x0}, 0x80) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[]}}, 0x24000800) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000500)={0x84, @rand_addr, 0x0, 0x0, 'mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 '}, 0x2c) poll(&(0x7f0000000440)=[{r5}, {0xffffffffffffffff, 0x40000}], 0x2, 0x3ff) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0}) sysfs$1(0x1, &(0x7f0000000140)='mh\x00\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00 ') fsetxattr$security_capability(r2, &(0x7f0000000940)='security.capability\x00', &(0x7f00000009c0)=@v1={0x1000000, [{0x1851e26e}]}, 0xc, 0x2) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) mkdirat(r3, &(0x7f0000000180)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000540)) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) ioctl$RTC_WIE_OFF(r3, 0x7010) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 143.961494][ T2989] binder: release 7933:7935 transaction 6 out, still active [ 143.975118][ T7939] binder: BINDER_SET_CONTEXT_MGR already set [ 143.975556][ T7935] binder: 7933:7935 ioctl c018620b 0 returned -14 [ 143.998935][ T2989] binder: undelivered TRANSACTION_COMPLETE [ 144.035835][ T7939] binder: 7933:7939 ioctl 40046207 0 returned -16 [ 144.053519][ T2989] binder: send failed reply for transaction 6, target dead [ 144.066275][ T7940] kasan: CONFIG_KASAN_INLINE enabled [ 144.069549][ T7946] binder: 7933:7946 Release 1 refcount change on invalid ref 1 ret -22 [ 144.071745][ T7940] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 144.071784][ T7940] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 144.071810][ T7940] CPU: 1 PID: 7940 Comm: syz-executor.2 Not tainted 5.1.0-rc7-next-20190430 #33 [ 144.104139][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.114217][ T7940] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 144.119946][ T7940] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 144.139912][ T7940] RSP: 0018:ffff888065177a00 EFLAGS: 00010006 [ 144.145992][ T7940] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000a40c000 [ 144.153982][ T7940] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 144.161957][ T7940] RBP: ffff888065177b10 R08: ffff88808a12a140 R09: ffffed1015d26be0 [ 144.169955][ T7940] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880650400ac [ 144.177932][ T7940] R13: 0000000000000000 R14: ffff8880650400b0 R15: ffff888065040080 [ 144.185932][ T7940] FS: 00007f010884f700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 144.194860][ T7940] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.201467][ T7940] CR2: 00007f212212ad90 CR3: 0000000089f6f000 CR4: 00000000001426e0 [ 144.209490][ T7940] Call Trace: [ 144.212801][ T7940] ? emulator_read_emulated+0x50/0x50 [ 144.218180][ T7940] ? lock_acquire+0x16f/0x3f0 [ 144.222953][ T7940] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 144.229140][ T7940] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 144.234688][ T7940] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 144.240416][ T7940] kvm_vcpu_ioctl+0x4dc/0xf90 [ 144.245092][ T7940] ? kvm_set_memory_region+0x50/0x50 [ 144.250379][ T7940] ? tomoyo_path_number_perm+0x263/0x520 [ 144.256025][ T7940] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 144.261840][ T7940] ? __fget+0x35a/0x550 [ 144.265996][ T7940] ? kvm_set_memory_region+0x50/0x50 [ 144.271288][ T7940] do_vfs_ioctl+0xd6e/0x1390 [ 144.275882][ T7940] ? ioctl_preallocate+0x210/0x210 [ 144.281166][ T7940] ? __fget+0x381/0x550 [ 144.285329][ T7940] ? ksys_dup3+0x3e0/0x3e0 [ 144.289762][ T7940] ? nsecs_to_jiffies+0x30/0x30 [ 144.294620][ T7940] ? tomoyo_file_ioctl+0x23/0x30 [ 144.299564][ T7940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.305803][ T7940] ? security_file_ioctl+0x93/0xc0 [ 144.310914][ T7940] ksys_ioctl+0xab/0xd0 [ 144.315081][ T7940] __x64_sys_ioctl+0x73/0xb0 [ 144.319670][ T7940] do_syscall_64+0x103/0x670 [ 144.324268][ T7940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.330158][ T7940] RIP: 0033:0x458da9 [ 144.334063][ T7940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 144.353703][ T7940] RSP: 002b:00007f010884ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.362141][ T7940] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 144.370116][ T7940] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 144.378093][ T7940] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 144.386071][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f010884f6d4 [ 144.394049][ T7940] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff [ 144.402044][ T7940] Modules linked in: [ 144.405955][ T7940] ---[ end trace 764186188153f0ae ]--- [ 144.411419][ T7940] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 144.417139][ T7940] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 144.436745][ T7940] RSP: 0018:ffff888065177a00 EFLAGS: 00010006 [ 144.442829][ T7940] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000a40c000 [ 144.450827][ T7940] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 144.458816][ T7940] RBP: ffff888065177b10 R08: ffff88808a12a140 R09: ffffed1015d26be0 [ 144.466796][ T7940] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880650400ac [ 144.474783][ T7940] R13: 0000000000000000 R14: ffff8880650400b0 R15: ffff888065040080 [ 144.482770][ T7940] FS: 00007f010884f700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 144.491710][ T7940] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.498299][ T7940] CR2: 00007f212212ad90 CR3: 0000000089f6f000 CR4: 00000000001426e0 [ 144.506325][ T7940] Kernel panic - not syncing: Fatal exception [ 144.513664][ T7940] Kernel Offset: disabled [ 144.518011][ T7940] Rebooting in 86400 seconds..