[ 52.769602] audit: type=1800 audit(1545338775.807:26): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.300168] kauditd_printk_skb: 2 callbacks suppressed [ 54.300198] audit: type=1800 audit(1545338777.347:29): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 54.325142] audit: type=1800 audit(1545338777.357:30): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2018/12/20 20:46:28 fuzzer started 2018/12/20 20:46:33 dialing manager at 10.128.0.26:46613 2018/12/20 20:46:33 syscalls: 1 2018/12/20 20:46:33 code coverage: enabled 2018/12/20 20:46:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 20:46:33 setuid sandbox: enabled 2018/12/20 20:46:33 namespace sandbox: enabled 2018/12/20 20:46:33 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 20:46:33 fault injection: enabled 2018/12/20 20:46:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 20:46:33 net packet injection: enabled 2018/12/20 20:46:33 net device setup: enabled 20:48:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x8100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='tunl0\x00', 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 209.023235] IPVS: ftp: loaded support on port[0] = 21 [ 210.536580] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.543268] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.551831] device bridge_slave_0 entered promiscuous mode [ 210.649699] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.656484] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.664984] device bridge_slave_1 entered promiscuous mode [ 210.748907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.830986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.094201] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.186965] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.273357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.280467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.369250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.376534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.644460] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.653414] team0: Port device team_slave_0 added [ 211.739612] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.748472] team0: Port device team_slave_1 added [ 211.834850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.927873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.017698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.026285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.035786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.126774] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.134756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.144197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 20:48:55 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r1, 0x80045432, 0x70f000) [ 213.055195] IPVS: ftp: loaded support on port[0] = 21 [ 213.532144] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.538754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.545997] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.552603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.561975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.568471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.275379] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.282017] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.290203] device bridge_slave_0 entered promiscuous mode [ 215.384090] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.390614] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.399060] device bridge_slave_1 entered promiscuous mode [ 215.523199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.677457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.996504] ip (6702) used greatest stack depth: 53896 bytes left [ 216.117529] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.306593] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.114253] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.123174] team0: Port device team_slave_0 added [ 217.313511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.322410] team0: Port device team_slave_1 added [ 217.492666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.601927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 20:49:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x100000000032, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000001c0)={@loopback, @dev}, 0x8) [ 217.729051] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.736919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.746441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.912501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.920463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.929867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.347876] IPVS: ftp: loaded support on port[0] = 21 [ 219.295775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.833306] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.839914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.847207] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.853820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.863298] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.869910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.905584] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.675184] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.681544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.689860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.132814] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.139356] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.147922] device bridge_slave_0 entered promiscuous mode [ 221.205633] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.371762] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.378348] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.386653] device bridge_slave_1 entered promiscuous mode [ 221.593809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.784068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.317132] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.458285] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.255787] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.264527] team0: Port device team_slave_0 added [ 223.423568] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.432272] team0: Port device team_slave_1 added [ 223.647183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 223.655071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.664043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.815782] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.982029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 223.989914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.999097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.146028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 224.153762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.162922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 20:49:08 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x8100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='tunl0\x00', 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 20:49:08 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x8100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='tunl0\x00', 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 20:49:08 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x8100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='tunl0\x00', 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 20:49:08 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x5, 0x1, 0xffffffffffffffff}, 0x14}}, 0x0) 20:49:09 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) dup3(r1, r0, 0x0) [ 226.251425] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.258111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.265346] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.272084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.281224] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.288032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:49:09 executing program 0: mlock2(&(0x7f0000a62000/0x3000)=nil, 0x3000, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8)=0x1, 0x2, 0x0) mremap(&(0x7f0000bca000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000903000/0x4000)=nil) 20:49:09 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000440)={0x17, 0x0, 0x7, 0xfffffffffffff6d5, 0x4, 0xffffffffffffffff, 0x0, [0xc, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x2c) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8, 0x100) sendmmsg$unix(r0, &(0x7f00000002c0), 0x1, 0x4080) write$FUSE_INTERRUPT(r0, &(0x7f0000000040)={0x10, 0x0, 0x2}, 0x10) [ 226.618246] IPVS: ftp: loaded support on port[0] = 21 20:49:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) recvmsg$kcm(0xffffffffffffff9c, &(0x7f0000000340)={&(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000140)=""/212, 0xd4}], 0x1, &(0x7f0000000240)=""/207, 0xcf}, 0x12023) ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f00000003c0)={0x0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x2, 0x4e24, @empty}, {0x2, 0x4e22, @loopback}, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000380)='nr0\x00', 0x80000001, 0x6, 0x6}) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x1f00000000000000, 0xd2, &(0x7f0000000000), 0x3c) 20:49:10 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uhid\x00', 0x802, 0x0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000080)={0xb, 'syz1\x00', 'syz1\x00', 'syz1\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '?'}, 0x119) writev(r1, &(0x7f0000000040)=[{&(0x7f0000001880)="4acc582d79a664b845dfb8ee626a97eafc2a28e15d983cb110e823411f632d7041ff470738a9b7a5ea70f60278245a3464dd847146c05aad7d4ec68f4956390fe89703784898e641efc2a86854554b757ca0efe403f110e46481994ab09dbfadaa4cbe0079bc83eef7e47f40fd0f4f5af7d304968c963a19e20803b92b9cff7ded7f9cbc463e43c9a26b3d59e40ca26693f3310de13ac814276b90b9c7a4cb7613bdfafedcabc1a9595d4fe0928fdee85621275bc35fd9d2c2a4e6e63e63d4ead6ec198c7a68a59d76e528f8371024090186e540956371c7a429797c324068134d2230c98d93173ae680ab3b6416e2dc511c58c850d42cf2e115b44c9ba4b131067fe28e5ea9957ce4e58be93dc5038f264cbe37a739c6db8b5dd5812e31e95f95f210d10a56741fc91c6e6552d02e070d09e220cd89e67253a3a76470d0f6e0d43217b824f386b8a6d13198f55afcc51c8b23e4ac891f99ae7fdb341c08938f87346f86cd6b66ef82638b1e1ff361562b430d744359dd5dd6d5ee30c8b2d1357cd67f126b9eaf369877c0006c4c5e81a5c914f0cf028b1343d4b325b49c35e6c87f8ea7c9b8a1aad96ef2a7da871410824c8210637d75eca7156d4e955d19d3e45631414afcd62668b940e433ffa02b0269d42ebc3ddb803545a797be5471e0192b43c0b99899fa5d070f1c995721a00ecfc4507e0b8d518db888337eec3438a68dc4c44426f08d79115d5c63176bd8949569653913450f9e4d3b00ce4cf4a9d5bf8bfb94487225ae8369ef84001bcc38b7c455753f5790ec6aa5f8d3837a11b2c98e57e1b2cfd6cdeeb17de093bc41d8671c1af67525f1445effb54ef997469174b99c8b10416579666d3e9eb4f390baaf15cc1f0a1c77d7a5a5aa824c63a256724b451dfbffc7ceccd8665423e635130147c5d3c64b2c855f060a56a55b4619a8415d88b5447ad6ec3d077bff12b186b8639198d99d052b73b8a2449934be5c404cfbcce76b6cd127556a5de5b810a6e9edbdd78415b92f6c726b81337c8eab9e261a6cff077eec729f8ba460bb05d44b3825fa81adc066eec0d7c165ce345e09cea1fc40b5e7aedd991ac25dd58a59cee888231ef9b3325ff89bc0370142c4ae22e3cddeb0bcf5c7457311f255f62fbbff205e0510164f27ff9c30ec1369ef698152e88d7a3d1098a6090fb560cb2e0b92df2b0ea5b0ec813b4d2291c4c3c1baf57bc38cf20ad7cf473d7b5188be9350ac61d651eccdc34fe89b7088138982ca802022932ae594460af77bb05471ac389318cf046d536a753048364b03bb682aba6cb9597ff2fdb7f7fc64526a77d23c8deee6a84ff2f9b2215a100f8f99e5f53e31fcffc81f69b791d896a5f0600269b48f55aa454242bf581e1d2e1b35e725fb595c86bbae30ef6cdeb7dfb42257bf8ef51cf7134b53a0985328da46838562f202dd9b2c862e59959a5fd5755080e019321e712c5dfc1b2b2f78db30bae08a0f3384fa44616c72442b9a606303ab98dcde21a95fe5029d5f04c783d26f21737bb9b9f8006e1e5f4498f3518d2238b3baff5e76de08f699cc25f643ed0759f2cfd7061c9c1fc249de9f648e6959592a202f8e099b915713d015896ffa5d7d1e4c40a948779a502d3e6c9c8c544c404720f6607a241650393fde7bf5c2063a3a9075cb9fdb3a421cf310dcf38ddc228444b0e2de4bc350fd6c45f6fc99fcec8bd919fe280ec85867f0bf0f049f4a49fbc25e3c1977a0c40e621424fa4846d24dafd28a5471130e1a25ad4103642e362febce1fa7b3410d36fac3841326ce61981d17ab6072e93890a813533a8bcd3ce9f38adb7aa157f9e7fcda349493d291cddce6198adefe845186891431ecd7a3cd48e6b89ab373cedfddc55e17ee0ea2d2b349de29274b58a12803648288a7ba5a98763a66b8675ddf3605fdc286ec2b0754b73f135d8ce590b48e82cbce47d5427bf3f5ffd0ce7fbbe49ed766d02e077b0eed0e3fc691589d86e208df6529187d3faa46ba5fc6c24fc96f58aff544b6c2990983dab835aff7434f94dbc1f012cd19bb847050c7bb7d6916a2a0b64e971700083cd5e82392983ae8977fba2c4d98ecaf6aebf6d11840036148238d2214c91be4f167ff0be7cf06ddc5786bf57e66667ed6f7a8dc883f635cf845becc59f09ba4289e99b1f805335f15ef8bf90b588704bffa536c9b59ebb822e3d471c37b1bf089a49a0a0f8bbf928024f4953c455c31905fcc20bddd70a4b83066d3fd9e27a56d7348e3633abe95a5133945ce31c7d041f1747aebf0f551deab060e09ad5c761266ede6c0f27a96da731206cc443973296c715aa811bf2c6ab385afd2e575ffed39613c40c3e67ffe3a6a7cc7e35a2f966d24c82eb7a24e65da4e879c9436f8a247287d2506e8bdc0e6d12ef771c1f87f61e2afce7b1c3a9382e21ae3e2a420d820901210991dcea40cf91078b7468e12d866403663adc35891dd374b99d996f7e28546ff56ad9fed9d6fce6934bf7b5f167d4f4526ae81d3877fa52f0edb311db232eaf97c503f4f8622e1519ea17e827362eaae654b295bafec7784e471852d04c3abd38c19fabcc12d1d6c85d9580a00445e1871a0e48cc86ac6e3eb18e7860272db3be38ab2a71c5e9d02e86d464c20b4561a5dfd42a8cce104deeb487330b3dbad0b9304488b697843f7fd3737f0b3bee7cdbccdae2a6e45a4d3a92b53fe076af5ab2e9ad45d578a297d1bcb2d9aa1ad2f1c1e894597ed490c4e7a2d3859beb97d6a57bb06d1ee8109e2350a705f5baf855c5c0be57f47d2fc354c28010bddedc83f820a9f0661c9b85c5fd5991fa8ee0fcdf537f434743a008b87a555cdd86abfdebd45b5a2bebbf6b48a44205057a84796c8c6054fe3e12690033d4356174b2d478975425d9478917349ca60a26d79ed686292f2e006d4baf951a7de536b96f582e94de2a815dc39107194db71239fdbecd7ee611d4ae441e6886acabf090c2c2e1f4f655df7bde92d4969efdf2edefa1b9e3f83f766e9b88d9e8c95e5e6d2ac5c4dbd133234c5ec5c65f0086e84207706f74c262b5fdb3cbe13eec1db8bbdce738d4f4dd21e0381e930dbbbb2cb2728d21cd25304c42b87c7a4c039a1e2841069dab32e58d133173d164a6f2acd38a56e5fa899b2d8fc8bb63eab1cd74d416f78d6f3e658924d9f416fbf526e7c3795d9ffaf75528c109b9dd25ec3d380e52fd2b475362f9ff001e4e5b73bc2f2a19876800caa90f145588aeb83e76878d4ce4d7e8687ec2012d89752fbbda438c61aa863c308c540ae5c741769a38032808a87853136fed9164d7240dfb9b7baabcd5830aca574854d27d2ea078cbdf66a9e329977dcfe8d184e76a603c9e13c595152dca122ecdc9dedf8097b86a11119d8776bdd8f091a473a562f1d0f0847d08012a77618c21eac49d1ceeb1dd6312ff40420f109e8597c47c1976bf8c220ead6401371db163de5e76c021862be25a7620b399f6e671d5cfb39d5110386897b23057b443972a834032b1bf488ee769ccf96340f2c46841d549e3621486dc3be59d972e3c474d40dccddb58db66900f86480af024d5cf90c2378ab3f7c121e10f97c700cf03286dd9912fa278d955be34217fe302b596405cebe1d4825c053079b9201069db203c96a8ff80bbb49b0894c6f424d7fbf7965aa39daa2d41795ad922179898a9de64f642f7b02b1170a57e3663d0067f99fc6c0e0b4a851b4ea5ae12c6aa0dbc81ffeb6656e1037c2691df41bff813a095ebd95ded4418cfd0e717a9f3c52695f8a1f2e9e57bcbb65aa5c40760d1ccbf2810f53cc9a63cf2b622a01cf4d18f58f78ced2d4261230d6f1f7909d20c2014be0c5e1591cefccfccad0f32c0395ec2b7a4f90c0263277f38ff7ff437c813b8699d493de67d90776b052278d64a79c7b94573b581f205223297689810145ff97c7d9d1f7647d3177a2a1dbe99119dc008b51de568fe955c78148de3221de6c98cc39b6969eb16638b23330838676061e3fbc971c5d5fb7e412c284d228da054c2855567a2a96dd1a0d8309319e1402f5f5a9049b3bbf888c53589f34baf00996487741aa8706ed35fe72d0b7358b7fed808ce7d2b94cfa4d718e93a84712049ed1e53e65c2e227a166e95074a587066c3f5d97ab2b47816cb7c52b266c94831605fea47bc62aa7c2f16852aa1440b642cf809d6c1a110ad3f443675a219ff596b265ab70c21e1bab5d9209a975972ddedae9e02994721eea0bd318c3ac153d63443d6e3c0af700631066292f3781a12d8f812d10262871726e73731163a5ba0e56aa94213f8c226a86e79b30e40da3cd12373c3325d4b21c83fcf815890080fa5c868bb4689270de43a54d59775b5114cccf64d18a26a0dcd482ca6492b3bc8b3c945ace3ea6cc7ba36c9bf7b6ec4fda5af4330b08e100de127204b933eb71fb021921b0dbb7d1a69c4cd41040aa239074e1893cd2159b49184089cee861e4e3f34f4a051ade0c4e550c2194aee4c507683b7437707d2cd82ab25892c2254680d2ea96724e005e161949e6a5b0f7326966692e207e7741b119d4ce90ab7c3a56098f6151146bc5f42dd670d1fafc68159568cb1a81f9e184c951ad092bb0a08c9c6fc7b56a20702c5b867254161674c88372dcc6f9c55dabbf50dc374c0373233ce34dc874f653d49c6f42c02a593433dc297fba33706213621684bbf2e5588393f3915922f2d07cec7728fbaa752cfa49ed46b2e6e08600d642e8cadbb2e1eae960aecbab929d502ffc0f2f0c2f2e50e278ec7aee90caf5f12ced9c3db68416b32cec97883958a280ee5c95d210ebfc4de070b09a307f53ee7a7ff6eeac43efc92a7727ee384e7d48c31045ef7f24a08b6ba864d2c31f10d9df496eb431ed5dbeb59ece4e973a5c34e4f7a7c41a3c29d786d131d68cb26eb97da195b98e7ae0a814b6266cac3f24ea8c041b2a69bae2f0611a9d0fb93683c07eb8e3fe9b39fad4ce8dfda99b476e19c55390311cdfe9331bf3fceb8d27f287acdfe9992d7ac728eea2f1a0884e1312fbf177034643a4da4f67d97fca481803ca636020f0e699889a42d84f1bbfa66bc0f95220c4326d741c26cb41dcdc4f043ad510e8d97037b82a51aae7439666ff72204b7ddf706b1671d4f41c040bc4a20d73d4c73d85fb77992c0610fb50dc8d5dd1a9e084964ef05f126c3a56dc9f7803e595520a4882d994d9430b0fc2f83cd4f65140c110be2efb024e8e1523cf47ad56c3027abcb8fb59a94f314d668babd19635be8e8ce290cabd80ce2daaad60ed17e218c01c554a876189037c29ff42c9be4bb84a025c6ae4e6ccc1b5c57faeb87465ff0e5d092df67bf8aa5d0e43a4000000000000000000000000009e0a406a27de0601", 0xeeb}], 0x1) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000000)) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) [ 227.199848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.202899] hid-generic 0000:0000:0000.0001: item fetching failed at offset 1675906905 [ 227.214361] hid-generic: probe of 0000:0000:0000.0001 failed with error -22 20:49:10 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000980)='/dev/vga_arbiter\x00', 0x4002, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x101100, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0xf7, 0x7, 0x3, 0x44741aa4, [], [], [], 0x1ff, 0x1000, 0x8, 0x1000, "224373a574e442afa5dac6056baa90b4"}) ioctl(r0, 0x800000000000937e, &(0x7f00000001c0)="8c000000070000007f") write$binfmt_elf64(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="7f454c460089001d030000000000000003000300030000001901000000000000400000000000000006010000000000000500000000003800020001001d080700000000700080000001000000000000000000008000000000040000000000000074c6b61800000000ffffffff000000000100000001000000e6d4ae80f45c014d7cdb72a9091a3260f01af66d672162a67897a3948fb71af590bc44db8e6c4110a1780e206ad6ba539166b51f8b4b60f4898534ca175109a188145fbd2c9e32f411976c85644a93ef8a7e1fb8037741fdcfc07fb903e3483da56bd4792e99033dbadd3933bca25f80f222cf1c58bb82898182797ac8213aeaa4b57877032b486c323381f71e46d094b3d6af6afa4078f1c8a12fd547b6b4b76107d1c01743d69174d5c14c3e4cc400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc8db05b581b7100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x727) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000200)) [ 227.480447] autofs4:pid:7111:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(140.7), cmd(0x0000937e) [ 227.493181] autofs4:pid:7111:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) [ 227.555394] autofs4:pid:7115:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(140.7), cmd(0x0000937e) [ 227.568136] autofs4:pid:7115:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) [ 228.040555] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.691736] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.698060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.706132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.414127] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.854654] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.861222] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.870115] device bridge_slave_0 entered promiscuous mode [ 230.069827] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.076462] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.084757] device bridge_slave_1 entered promiscuous mode [ 230.237412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.391071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.932822] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.102996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.320746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.329966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.944859] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.953707] team0: Port device team_slave_0 added [ 232.094178] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.103900] team0: Port device team_slave_1 added [ 232.262591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.269649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.278826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.476453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.483631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.492742] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.646464] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.654206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.664052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.781364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.789076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.798249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.715382] 8021q: adding VLAN 0 to HW filter on device bond0 20:49:17 executing program 1: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000140)="38aee6362c94314d7916e9c94bf2bb41f9e77a3b26cdd58b4edbe03657753524a1365e4b745330630091937c7ab1be97f04fa4a04b63a443c0adc09d72d016c1ba8f4a59f8c1ef1738a9b0c1f07502972c3a2860b82ba11ad353d00aab365968340cb5144613bff1296b83b6c287b69c25954fdae46793a5edc0f8f9b37aa64fa15eb2e691eaf42b4134c606dbb74e43f5db46a8288928b951f91a2bef25b8fcde944a5da021ca3142788ad5737aae1a11ea29fa8e9b350dcbf08b918ef96d557bf2433fb2729c3285e0cedc0529ad43139f2a35b80dc61325346033fa", 0xdd, 0xfffffffffffffffc) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm-monitor\x00', 0x40, 0x0) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000400)) r2 = request_key(&(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)='/dev/kvm\x00', 0xfffffffffffffffc) keyctl$search(0xa, r0, &(0x7f0000000080)='rxrpc\x00', &(0x7f0000000240)={'syz', 0x1}, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xa) chmod(&(0x7f0000000380)='./file0\x00', 0x80) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) [ 234.098538] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 234.389483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.735419] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.742054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.749190] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.755832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.764932] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.771428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.854005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.860320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.868215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.368991] 8021q: adding VLAN 0 to HW filter on device team0 20:49:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000000)={{0x100000001, 0x8000}, {0x80000001, 0x9}, 0x6, 0x0, 0x5}) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x19, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="006340400000000000000000000000004440e73b73a302b891"], 0x0, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x48, 0x0, &(0x7f0000000480)="f27aec438116cefc2a394072b6ad8809e53ac6553db7f225a4e47722a00ba8846454ad779316094e4bee8cab76761555d3676404fb3c728f045f7d9ecc9b2662539500d7df7d1802"}) 20:49:21 executing program 0: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000100)={0x4, [0xbe, 0x20, 0x5, 0x0, 0x4, 0x7fff, 0x1, 0x4, 0x6, 0x0, 0x1, 0x2, 0x2, 0x8, 0x4, 0x3, 0x3, 0xffffffffffffffff, 0x100000000, 0xffffffff80000001, 0x7fff, 0x56fa, 0x7ff, 0x6, 0x8, 0x4, 0x6, 0xfffffffffffffffb, 0xbff, 0xffffffff80000001, 0x1b20, 0x8, 0xce53, 0xffffffff80000001, 0x5, 0x4, 0xfffffffffffffff9, 0x6, 0xb661, 0x7fff, 0x1, 0x4649, 0x6, 0x3, 0x0, 0x8ba1, 0x3], 0x9}) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000000)={0x0, [], 0x4}) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000080)=0x5) 20:49:21 executing program 4: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20000, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000040)={0x10000}, 0x4) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000080)={0x0, 0x3, 0x5, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x1}) ioctl$TIOCNXCL(r0, 0x540d) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffc73}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={r1, 0x80000, r0}) bind$tipc(r0, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x1}}, 0x10) r3 = getpid() ptrace$getenv(0x4201, r3, 0x6, &(0x7f0000000180)) r4 = socket$l2tp(0x18, 0x1, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff) r5 = perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0xe1a, 0x1f, 0x3, 0x40, 0x0, 0x1ff, 0x4020, 0x0, 0x8, 0x2, 0x1000, 0x8000, 0xffffffff, 0x9, 0xdb, 0x5, 0x3, 0x5, 0xafab, 0x2d, 0x20, 0xffffffffffffffdc, 0x7ff, 0x8000, 0x0, 0x2, 0x3f, 0x6, 0x9, 0x101, 0x100000000, 0x9, 0x100000001, 0x100, 0x8000, 0x100, 0x0, 0xdb, 0x7, @perf_bp={&(0x7f0000000200), 0x9}, 0x20000, 0x87, 0x7, 0x8, 0x7f, 0x0, 0x7fff80000000}, r3, 0x2, r0, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x9a0, @local, 0x6182}}, [0x3ff, 0x9, 0x1f, 0x7, 0xd397, 0x8, 0x1ff, 0x5, 0x0, 0x7ff, 0x2, 0xfaef, 0x7fffffff, 0xfff]}, &(0x7f00000003c0)=0x100) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)={r6, 0x81, 0x69, "4fec84f50a10096d3f0f6483e5ea7248d8ab70f771d6ef92b14e88e16d933210ad639bd439c5aa10aa16541152777bcc5d108d23a5730cb5796ed0db7590a2e896eb2a464542ddc7fb71a335bb689d6bd87e07e06b5708fbd8e56ba2b70259bccb2940c5b96563ed76"}, 0x71) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000480)=@assoc_value={r6, 0x3ff}, &(0x7f00000004c0)=0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000580)={0x8, 0x120, 0xfa00, {0x1, {0x3, 0x2, "479febcee8f43f3cde99f03c4477eb5fd54f9ec7260799b87c1547a2b4f562222d1a2b352e0cfff1d606c1314c832e91e595d92ddb4c348cb96f29bc6ffbd4892f1cceb0b23c39ce1cb2c1c54e63c0ba31351e07ce3f4606cf76b2b09c66620ab8f8d963bc256d35e82aafe6dd74c55cd17cb9cf42f0ddd6cb541c77e0306d1d82d8012ed7eb3d11c89ad2041240f2b86963f81a7249d5c46f62e45820595d1ea49643d8744727fbc1c4b9ac3cdfe7af58e6b05fb6ad273fba70dd098bedc596fc230a223c90531e1c6948ad7372b4ba797569f2de089e9f8102f3e005b2dd8a9346f22dd8e23e4694904ae3c79db104cc8002db03024298a5d1cb781b83855d", 0x70, 0x3, 0x0, 0xfffffffffffffc36, 0x8, 0x5, 0x5}, r8}}, 0x128) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000006c0)={r7, 0xff}, &(0x7f0000000700)=0x8) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000740), 0x4) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000780)='/dev/video35\x00', 0x2, 0x0) fcntl$lock(r5, 0x26, &(0x7f00000007c0)={0x0, 0xb95d9df57122d85f, 0x7ff, 0xffff, r3}) write$P9_RREMOVE(r0, &(0x7f0000000800)={0x7, 0x7b, 0x2}, 0x7) getpid() write$RDMA_USER_CM_CMD_REJECT(r2, &(0x7f0000000840)={0x9, 0x108, 0xfa00, {r8, 0xc3, '$23', "f74a0f5dc9d674a678540e6f36509a8a66c91fd1aa9eac10335c57f4d93a4b8cc3f2d1ccae1a7c029a771acc706b0d3ec6fda47dc3b960ab97264f9c7849d5f77476546ebe9e8877ac6077463a4d48c34e789977eee565577b595d00e09fb965db9b22a2d6f6bfab791cde5958672bbf8122b4522abd1f315b559b9d99f1a92431c9a553c68f89f0d3c98138f1671aee5c0b314e64be97e5f0e25a89097aaec38f211b44dd00691d38d17cd4ecf25262dd433b497e2086fb0c05b76df0a5d8e7d969c074a763b80048017cdd8d97c28535597238320e7b9cdcff411cc3564f55e0950901eb88119ce1ce5eb4af994d8f78ebec5992c371b9cc13d6519e199b34"}}, 0x110) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000006, 0x10, r0, 0x180000000) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000980)={{{@in=@multicast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@multicast2}}, &(0x7f0000000a80)=0xe8) r11 = getegid() write$FUSE_ATTR(r2, &(0x7f0000000ac0)={0x78, 0x0, 0x4, {0xffff, 0x5, 0x0, {0x4, 0x7, 0x3, 0x7, 0x4, 0x5, 0x5, 0x77cfe0e2, 0x80000000, 0x9, 0x7, r10, r11, 0x80000000, 0x8001}}}, 0x78) setsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000b40)={r9, 0x6, 0x5, 0xd38, 0x3ff, 0x101}, 0x14) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000b80)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f0000000bc0)={r12, 0x1}) 20:49:21 executing program 1: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000140)="38aee6362c94314d7916e9c94bf2bb41f9e77a3b26cdd58b4edbe03657753524a1365e4b745330630091937c7ab1be97f04fa4a04b63a443c0adc09d72d016c1ba8f4a59f8c1ef1738a9b0c1f07502972c3a2860b82ba11ad353d00aab365968340cb5144613bff1296b83b6c287b69c25954fdae46793a5edc0f8f9b37aa64fa15eb2e691eaf42b4134c606dbb74e43f5db46a8288928b951f91a2bef25b8fcde944a5da021ca3142788ad5737aae1a11ea29fa8e9b350dcbf08b918ef96d557bf2433fb2729c3285e0cedc0529ad43139f2a35b80dc61325346033fa", 0xdd, 0xfffffffffffffffc) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm-monitor\x00', 0x40, 0x0) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000400)) r2 = request_key(&(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)='/dev/kvm\x00', 0xfffffffffffffffc) keyctl$search(0xa, r0, &(0x7f0000000080)='rxrpc\x00', &(0x7f0000000240)={'syz', 0x1}, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xa) chmod(&(0x7f0000000380)='./file0\x00', 0x80) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) [ 238.954372] binder: 7508:7509 ioctl 40505330 20000000 returned -22 [ 238.987652] binder: 7509 RLIMIT_NICE not set [ 239.015797] binder_alloc: binder_alloc_mmap_handler: 7508 20001000-20004000 already mapped failed -16 [ 239.060803] binder: BINDER_SET_CONTEXT_MGR already set [ 239.066416] binder: 7508:7509 ioctl 40046207 0 returned -16 [ 239.103197] binder: 7508:7513 ioctl 40505330 20000000 returned -22 [ 239.175595] binder_alloc: 7508: binder_alloc_buf, no vma [ 239.181215] binder: 7508:7516 transaction failed 29189/-3, size 0-0 line 2973 [ 239.214642] binder: undelivered TRANSACTION_ERROR: 29189 [ 239.220352] binder: undelivered TRANSACTION_COMPLETE [ 239.485988] IPVS: ftp: loaded support on port[0] = 21 [ 240.242898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.569972] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.853187] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.859754] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.867634] device bridge_slave_0 entered promiscuous mode [ 240.883695] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.890026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.898079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.949895] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.956483] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.964830] device bridge_slave_1 entered promiscuous mode [ 241.047846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.126958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.226219] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.383524] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 241.471942] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 241.556976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 241.565607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.660718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 241.667795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.926398] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.935501] team0: Port device team_slave_0 added [ 242.020898] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.030722] team0: Port device team_slave_1 added [ 242.116979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.201331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.291935] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.301255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.310638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.392747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.400410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.409757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.742389] ip (7677) used greatest stack depth: 53840 bytes left 20:49:26 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000000000002000000e000000100000000000000000800120002000200000000000000000030000000020300000000001700000000020000000000000092ab0000000000010a0014bb000000000000000000000000030005000000000002000000e00000010000000002000000"], 0x80}}, 0x0) 20:49:26 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe290, 0x193800) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x0, 0x100000001, 0x4, {0x2, @raw_data="37eff2653430a431c64fbfa30c2a38dac2bfec391e57a058488681818c09f696cb927986149d147e5bdb188052955e73dbf46d0c32aeefcf9e6d9c6dfa4d837c7d89baad901a0c27dadb0b9776316a2c36b33646115376e3602346de9a65e5d812ecf6eeb88f247ed31abc084429e7d6a0f8935c808ac4a805487b5567ebe45005271260780a78abcf70deaff66bccb36c3d9fb3c831a9e576ad07f3ce722003c54f90a4dfba0e81095ad2f4c1089003cdd592bb47b86b4224fee36fbe35865d14833c4094de11b3"}}) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000040)={0xffff, 0x3, 0x0, 0x4, 0x7, 0x5, 0x8}) ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000180)=0x2) 20:49:26 executing program 2: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffff9c}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000100)={0x8, 0x0, 0x0, 0xa76}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000140)={0x773, r1}) r2 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000000)={0x980000, 0xa1, 0x0, [], &(0x7f00000000c0)={0x98f905, 0x0, [], @ptr}}) 20:49:26 executing program 0: r0 = semget$private(0x0, 0x1, 0x8) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f00000001c0)=""/156) seccomp(0x0, 0xfffffffffffffffe, &(0x7f0000001980)={0x1, &(0x7f0000000000)=[{0x94, 0x0, 0x0, 0x9}]}) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x44}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x800, 0xc226, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4f6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) 20:49:26 executing program 5: r0 = socket$vsock_dgram(0x28, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000040)={"16ef055700d00d3b8b7a2818755bbade3373606df83c00d527c4e59ce6694406848d03e6ce68197eed3165ed5b3645a858ed98674c41c8f832e482ffb178affd5feb8c0c8d9c3d8780c1422d1c663bcc5cb8e1bd7190fd83b7991b4203f392ee3cb34a8837fc192667c8aa15239e43f8602c3694815c58547153438be9f2097e2e1f9d1a2b86e5b9296b6e519248c9ceab8116b0b7e63804992cb9b14a0dfa3c30a210d5718a165d84ed93830c020e89dbe8c2e7cbafe1a5fc4f6775aa5c7267fd95791183c75b02b2f88868f509a719e19ebda39f652d109537c8d8110e2b1f04f0e2d010fcbf334434a9964eb26455237f9ddcf9cc4bc047af5b9b626c10e6d096f667226e0a3049579e51c62c310ca0f2e6a056f3ef6b65de6c9e2a1a816b330123ef9181ffc2743faabc20c2de0053a30c993594e8d61f41b4969ed44719e149e12e273fc7f34f40f7b8b65b8598cfc2baadfeb29e056142b3405a62ed48d214df079d93223fef9085a5311a799009d96b1aeeeb3ee1c34daa4e20d2d349c0b71bd61be41a7e9413d4191ee53d216c9e9ce721535215aeb425eb9195727cdf34ce656feb43a97c20079ab312d0ee1664f85901035ffb83160dbc616961eaca2b2ebc6d3d5f6bdd6e3000536ba6f0a5da03eedf38874f893f8f3ad661b97c7dcd021149e63927c2ce4e3c2c72701fe726884a94477a553d322ca58825ff9abab0881e869c2b752ee2b2f5e4f8903844c81f553cdf1a3c6ef5c064b219ace6016c7ca083fddaa659e8b892683f178f6f2d3b695e5fa79814dbabedb5d5c7c7e81e73c8318fa03c4023a4c75140800902a5dde2f7e7e6c8459e7a25b1db329b88d51abb7e0bee2a7f8a5b299c144121bc3381d7439e684a04d42d6b0f7621fd1e0cbf398208692b12283a0584657b2b36581e6817e3dc4d6317128591cde39d0df8ab29845edbd2d6f0e24252cc61ce34c0f240f56c6ffb4398630b8d46000da261ec30551a2ac7c32d2c315ba462c11701bfb019c691d1bf21f919f35ce9d50f43f52f74c4f1b0baf8912182a02f65fd947eb9f881ebd3547c7f994a27aea0c2f8fcf9d5aaa5ff43d1b639a896afdb837d9754cd674128c595575c52575f8dcebedaa31d97e2cc34f65db66e5a338d85bf0f1b05b00e70dd21c0c9a1935f1c8051fe4b661d93ebccbe71f99f1a2beb4686fa6c947d50e8eb9bbe07346127519ff90dff5001182f20e3f04051e3e8d28d6e7570ae6d775309ec2886431d7f7423e02212594361dc8aae914d2eed7674a02aa5f5ce6ade886cc7bfd8d9cc7f5c75188645a7dfd72c8d5ad0c8e01666b25fc7a5aadc22633c1589313ca53f1434e314c790d318ac5e8bc83e952506d60ae60d7bda1b93fbed146d7b4c042eee227933d7da94334426e4943a18ff317d5573ac2b1682c6d9a065dfe322b6f51c0e"}) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000440), &(0x7f0000000480)=0xc) rt_sigaction(0x2c, &(0x7f0000000580)={&(0x7f00000004c0)="6736440f3800ab060000008fa860975d6b650fc762d7c441f910849800800000c4e17c5a4900c4c17b2cba0000008042de7a008f8828ecaf5e25000007c40179e75fcec481fc5a527e", {0x46ea}, 0x0, &(0x7f0000000540)="d9bd8982130f41dfd964430f67c33ef3440faec4f2d9eac4a30944d5e1f365460f0b664d0f7eeec422790f21c40171f636"}, &(0x7f0000000640)={&(0x7f00000005c0)="8b6727c4a1ccc6eb0042addfc7f2410f38f1ae6300000045d0d4c4437d0476fd40c4827d0e997a1c00000f92501ac4c17e16aa00008020", {}, 0x0, &(0x7f0000000600)="6464dc0ac4c221923c8036f2406fdadb3e0f38f1470642d911660f3a401345c462fd25eec462799274cb02480fc7a706820000"}, 0x8, &(0x7f0000000680)) r2 = socket$inet(0x2, 0x800, 0x1) symlink(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='./file0\x00') ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000740)="020dbff9e24c952d52f3c8b2d2d9") llistxattr(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)=""/76, 0x4c) lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getuid() fstat(r1, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000a00)={0x0, 0x0, 0x0}, &(0x7f0000000a40)=0xc) r7 = getegid() stat(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000b40)={0x0, 0x0, 0x0}, &(0x7f0000000b80)=0xc) fstat(r1, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getegid() getresgid(&(0x7f0000000c40), &(0x7f0000000c80), &(0x7f0000000cc0)=0x0) fstat(r0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)='system.posix_acl_default\x00', &(0x7f0000000e00)={{}, {0x1, 0x1}, [{0x2, 0x0, r3}, {0x2, 0x2, r4}], {0x4, 0x4}, [{0x8, 0x0, r5}, {0x8, 0x1, r6}, {0x8, 0x5, r7}, {0x8, 0x1, r8}, {0x8, 0x5, r9}, {0x8, 0x5, r10}, {0x8, 0x0, r11}, {0x8, 0x2, r12}, {0x8, 0x1, r13}, {0x8, 0x2, r14}], {0x10, 0x5}, {0x20, 0x7}}, 0x84, 0x2) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000ec0), &(0x7f0000000f00)=0xc) r15 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000f80)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f0000001180)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001140)={&(0x7f0000000fc0)={0x14c, r15, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2000000000000000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x38}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffe01}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5b63}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x548}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4903}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7bc864d2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1000}]}, @TIPC_NLA_NET={0x34, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1064}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfd6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x200}, @TIPC_NLA_NET_NODEID={0xc}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3ff}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x20008044}, 0x8000) r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001200)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f00000012c0)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x2c, r16, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4f}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x4) r17 = syz_genetlink_get_family_id$tipc(&(0x7f0000001340)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x2c, r17, 0x500, 0x70bd25, 0x25dfdbff, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz1\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x800) [ 243.352882] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.359544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.366768] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.373428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.382447] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.461955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 20:49:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(r0, 0x80984120, &(0x7f0000000080)) 20:49:26 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) select(0x40, &(0x7f00000001c0)={0x8}, &(0x7f00000003c0)={0x4}, &(0x7f0000000480), &(0x7f0000000700)={0x77359400}) 20:49:26 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev_mcast\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r1, r0, 0x0, 0x100000001) 20:49:26 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}, @local, {[], @tcp={{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000100)) 20:49:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @local, 0x0, 0x2, [@rand_addr, @rand_addr]}, 0x3ebc) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r0) [ 244.266472] IPVS: ftp: loaded support on port[0] = 21 [ 245.684354] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.690924] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.699273] device bridge_slave_0 entered promiscuous mode [ 245.784957] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.791516] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.800085] device bridge_slave_1 entered promiscuous mode [ 245.883807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 245.965518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.218611] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 246.312825] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 246.403244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.410374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.497075] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 246.504255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.761773] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 246.770412] team0: Port device team_slave_0 added [ 246.857300] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 246.865695] team0: Port device team_slave_1 added [ 246.949909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.036756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.124171] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 247.132639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.142803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.236363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 247.245740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.254892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.511877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.824336] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.132324] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.138671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.146738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 248.186658] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.193267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.200378] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.207016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.216503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 248.361804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 248.466904] 8021q: adding VLAN 0 to HW filter on device team0 20:49:33 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000400)="ea6b8cb595303c972701babba8729c0a86d1b53fd2887d5a08164f896f8b2486c9a1e6c64289009e80883af1602d19ae7ff9579eb1c0ddc53907ebf430a0168a", 0x40}], 0x1, 0x0) 20:49:33 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)={{}, "b1"}, 0x21) ioctl(r0, 0xc1004110, &(0x7f0000000000)) 20:49:33 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) select(0x40, &(0x7f00000001c0)={0x8}, &(0x7f00000003c0)={0x4}, &(0x7f0000000480), &(0x7f0000000700)={0x77359400}) 20:49:33 executing program 3: prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000180)=@hat={'permhat ', 0x0, 0x5e, ['wlan0.\x00']}, 0x22) 20:49:33 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00'}) [ 250.623150] audit: type=1400 audit(1545338973.677:31): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=8066 comm="syz-executor3" [ 251.492227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.671137] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 251.847932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.854323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.862193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.044737] 8021q: adding VLAN 0 to HW filter on device team0 20:49:36 executing program 5: personality(0x6400008) uname(&(0x7f0000000440)=""/176) 20:49:36 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)={{}, "b1"}, 0x21) ioctl(r0, 0xc1004110, &(0x7f0000000000)) 20:49:36 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$key(r0, &(0x7f0000196fe4)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000327f68)={0x2, 0x400000000000003, 0x0, 0x2, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty={[0x2]}}}, @sadb_address={0x3, 0x8, 0x2, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x88}}, 0x0) 20:49:36 executing program 2: r0 = socket(0x11, 0x4000000000080002, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000004e00)=[{{&(0x7f0000000000)=@l2, 0x80, &(0x7f0000001280), 0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB='{'], 0x1}}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x1c, &(0x7f0000000300), 0x0, &(0x7f0000000340)}}, {{&(0x7f0000000040)=@nfc={0x27, 0x9}, 0x4b8, &(0x7f0000000e40), 0x0, &(0x7f00000012c0), 0x302}}], 0x2, 0x0) 20:49:36 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000400)="ea6b8cb595303c972701babba8729c0a86d1b53fd2887d5a08164f896f8b2486c9a1e6c64289009e80883af1602d19ae7ff9579eb1c0ddc53907ebf430a0168a", 0x40}], 0x1, 0x0) 20:49:36 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) select(0x40, &(0x7f00000001c0)={0x8}, &(0x7f00000003c0)={0x4}, &(0x7f0000000480), &(0x7f0000000700)={0x77359400}) 20:49:36 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) select(0x40, &(0x7f00000001c0)={0x8}, &(0x7f00000003c0)={0x4}, &(0x7f0000000480), &(0x7f0000000700)={0x77359400}) 20:49:36 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)={{}, "b1"}, 0x21) ioctl(r0, 0xc1004110, &(0x7f0000000000)) 20:49:36 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000400)="ea6b8cb595303c972701babba8729c0a86d1b53fd2887d5a08164f896f8b2486c9a1e6c64289009e80883af1602d19ae7ff9579eb1c0ddc53907ebf430a0168a", 0x40}], 0x1, 0x0) 20:49:36 executing program 5: personality(0x6400008) uname(&(0x7f0000000440)=""/176) 20:49:36 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x1, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 20:49:36 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)={{}, "b1"}, 0x21) ioctl(r0, 0xc1004110, &(0x7f0000000000)) 20:49:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") sysfs$2(0x2, 0x9, &(0x7f0000001d40)=""/162) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x200, 0x4) ftruncate(r3, 0x80003) recvmmsg(0xffffffffffffffff, &(0x7f0000001b00), 0x0, 0x0, &(0x7f0000001bc0)={0x0, 0x1c9c380}) sendfile(r1, r3, &(0x7f0000000080), 0x8000fffffffe) recvmmsg(r2, &(0x7f0000003440), 0x1cf, 0x2000, &(0x7f0000003500)={0x0, 0x1c9c380}) 20:49:36 executing program 5: personality(0x6400008) uname(&(0x7f0000000440)=""/176) 20:49:36 executing program 0: unshare(0x400) inotify_rm_watch(0xffffffffffffffff, 0x0) [ 253.873243] ================================================================== [ 253.880731] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 253.887357] CPU: 0 PID: 8228 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #8 [ 253.894477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.903883] Call Trace: [ 253.906510] dump_stack+0x173/0x1d0 [ 253.910208] kmsan_report+0x120/0x290 [ 253.914057] kmsan_internal_check_memory+0x9a7/0xa20 20:49:36 executing program 2: r0 = socket$inet(0x2, 0x6000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000008c0)=0x7fe, 0x370) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='tunl0\x00\x00\x00\x00\x00\x00\x00\xe4\xa1\x00', 0x10) write(r0, &(0x7f0000001880)="89f9d765312b4001000000b0967bdae72ee5094371136a6477ba0a51a2969dbc2d4028ac7b5af67f178f9314ea2bb3ac1c442eaf749c21ae2af8e39a40c3dc032e6f8eb738786a79df71302ff3b5d42731597d995bed6103ff63b9a908bcc05e0400000092bdf4d3282f62d6928117f82c2dae48742dac857de846096e82c1a02e1edcadda721a3f8dc9a54da05d467ed35b6f931d8686986960e756048c61c2a2c374c318d21d7a7ef550779190066e82ea3f6724a9f61ff028ec7e8d7a04352e7a78f777a68b823abb646bdc55dbde285ce15bf45820f0ae20e4023f57c71f8b41e08eff14c3441485c6f54a30750c780852dad879d6d4be7243bd07f841f89009000000c23d6b4f70fe48b54577449cfcbc4d5dbefb8b465d45bc2d11afbe7bfbe6ca76ac259e634eebf8db694ff02fe2b4c80783b443ef68287e9cf7cbcc2ee196f10c4ffb3f59e4921e0f9f08cba9a2c56c49fa7465b4836da5b2d9b142763889caa718d8a4fcb2f3ef6dc6185708fb1e0f9081d29fb3defae8c525f07437c7835b4eac8f86e2a22a81eff4120340e4a379446aac45dbff791d147805cd2748d74b8996c9b51ec03b410ef8fe126117fbf106795bc1b25d8dd786b6496bd743b7c75c638b516214ff56ec99a9c0f2919fa781cd8b4f2f2e425a6780c630a05c8e60011bc8e10055a6b6b6ddff94bbf18a2cd46bac52e5a13c73fd96f79038a65d6991ac38899ab98486d92bbcffdcf39a08a248ae1045ff8c6123de2f15d9ac360a3497c07001a3a1936ff1c03194ace131d380f515629ff016bd890ff822704c0db8bc68efad2eace5466628e7d6c2f2b3043698c46fdd62588fc54b72a786af0d026353879892c58007f7988a3f2240a43303218cc1df27807bfbde117c505f060396850a82459830a89a6a8601ea2e47f2e41379d110b96576f8f7705bba7ec63d6b44ccf84073cf9bdcf1aee48cb60c2f6dd3e89f3626a5e23339ea99c918d76a43fecf7401f7550e8eaefa4d84f1143320599daf7699858b2bf408e9093aa91d6dd9ae39d8decf3f7a199b0c1918d47be3b7aeff9a8c10efabe787b43141e7abaa431716c607e8a51e39ef0ab79cade1223c3ef81da4c4eefdd5b21fcc1b87872fc3b346737105589b84ba9814679b7510ed9b4f290083ee634ae12243ccc63413d7bc35eee0d1a4bc9dd33c37f5130303edddfc2636ffbf1ee0febb953436710c2ed9bd001d2ebe878788ddf7f7ad55b7a8cbcb348e82cd65b59315858086606115d04a3cda0e4af2a703afe09e4afedf00d5fbb2284df9af1d1ec9f15356c58fdcde45fff250568347f3b0b49e11e44c0a4d98a1e3393ce5d76614990f23b2e146842b166fb070894c128f957b0cc7d80a16275efd15659e0f81990062ebfdf9454d12e63d1ce1dad7848fcbab642a0d62ebb17abc824883e4c6e1e81992f28f5bbd7b26e2645c7941b03dd2f27c29baa2412976a05fa13d8fc4d6bd152a8668d98698cf605b8b4a61600481e01bdd74c96d73390518add968100ac742aaf5dd7eb4ccf0868ee3ef7f12c32298737dea65bd5d7161dd679b4dd6799aa086bf3b8c889780ac102b7b1ebcf2569dd77f201d74d94a61400ced9c613414012b451628a96e6cc8fe738e964940f7b753065677776f3b5398975aeac974fced560667cead03a8976eb4229ff4e1bca5588d5d544cbca8588215a2f5ef7a5fc1a07438d3a3e05d21eb30d46f1688543d4327d36e07635396eaab4e9bc862ee9c7fa24de38c5cbf8fa5afd024116bc84854d01072145ecc4bb415d94a333e0d91e9cf6fda5a2c244a585e3a32c95398f44800c578faf4a2ccc5979664db7a55aa5cc02789f84321ccaeed4f37dd48c8d1484ade0588fc4255ec8780534a693e2bfe88b622034552084492c6757429239bbe8dad8b904e58007639ca773344040a441dc0027a46c22198f3d0b0588e164881a9fc7a85a63c459b0d002e3d890edd250742d363e85250badb91a734759baf773c", 0x595) sendto$inet(r0, &(0x7f0000000200)='I', 0x1, 0x0, 0x0, 0x0) [ 253.919215] ? __local_bh_enable_ip+0xb3/0x1a0 [ 253.923867] __msan_instrument_asm_load+0x8a/0x90 [ 253.928767] __siphash_aligned+0x512/0xae0 [ 253.933099] secure_tcpv6_seq+0x143/0x2b0 [ 253.937309] ? inet6_hash_connect+0x176/0x1a0 [ 253.941855] tcp_v6_connect+0x242b/0x2890 [ 253.946077] ? __msan_poison_alloca+0x1e0/0x270 [ 253.950809] ? tcp_v6_pre_connect+0x130/0x130 [ 253.955380] __inet_stream_connect+0x2f9/0x1340 [ 253.960088] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 253.964978] ? tcp_sendmsg_locked+0x6394/0x6be0 20:49:37 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sysfs$1(0x1, &(0x7f0000000000)='reiserfs\x00') [ 253.969709] tcp_sendmsg_locked+0x65d5/0x6be0 [ 253.974250] ? aa_label_sk_perm+0xda/0x940 [ 253.978525] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 253.983937] ? aa_label_sk_perm+0x6d6/0x940 [ 253.988322] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 253.993722] ? futex_wait+0x912/0xc40 [ 253.997632] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 254.003051] ? semctl_main+0x2da4/0x5500 [ 254.007181] tcp_sendmsg+0xb2/0x100 [ 254.010887] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 254.015596] inet_sendmsg+0x54a/0x720 [ 254.019445] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.024851] ? security_socket_sendmsg+0x1bd/0x200 [ 254.029842] ? inet_getname+0x490/0x490 [ 254.033863] __sys_sendto+0x8c4/0xac0 [ 254.037739] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 254.043235] ? prepare_exit_to_usermode+0x114/0x420 [ 254.046053] syz-executor2 (8233) used greatest stack depth: 53584 bytes left [ 254.048297] ? syscall_return_slowpath+0x50/0x650 [ 254.060356] __se_sys_sendto+0x107/0x130 [ 254.064469] __x64_sys_sendto+0x6e/0x90 [ 254.068523] do_syscall_64+0xbc/0xf0 20:49:37 executing program 2: r0 = socket$inet(0x2, 0x6000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000008c0)=0x7fe, 0x370) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='tunl0\x00\x00\x00\x00\x00\x00\x00\xe4\xa1\x00', 0x10) write(r0, &(0x7f0000001880)="89f9d765312b4001000000b0967bdae72ee5094371136a6477ba0a51a2969dbc2d4028ac7b5af67f178f9314ea2bb3ac1c442eaf749c21ae2af8e39a40c3dc032e6f8eb738786a79df71302ff3b5d42731597d995bed6103ff63b9a908bcc05e0400000092bdf4d3282f62d6928117f82c2dae48742dac857de846096e82c1a02e1edcadda721a3f8dc9a54da05d467ed35b6f931d8686986960e756048c61c2a2c374c318d21d7a7ef550779190066e82ea3f6724a9f61ff028ec7e8d7a04352e7a78f777a68b823abb646bdc55dbde285ce15bf45820f0ae20e4023f57c71f8b41e08eff14c3441485c6f54a30750c780852dad879d6d4be7243bd07f841f89009000000c23d6b4f70fe48b54577449cfcbc4d5dbefb8b465d45bc2d11afbe7bfbe6ca76ac259e634eebf8db694ff02fe2b4c80783b443ef68287e9cf7cbcc2ee196f10c4ffb3f59e4921e0f9f08cba9a2c56c49fa7465b4836da5b2d9b142763889caa718d8a4fcb2f3ef6dc6185708fb1e0f9081d29fb3defae8c525f07437c7835b4eac8f86e2a22a81eff4120340e4a379446aac45dbff791d147805cd2748d74b8996c9b51ec03b410ef8fe126117fbf106795bc1b25d8dd786b6496bd743b7c75c638b516214ff56ec99a9c0f2919fa781cd8b4f2f2e425a6780c630a05c8e60011bc8e10055a6b6b6ddff94bbf18a2cd46bac52e5a13c73fd96f79038a65d6991ac38899ab98486d92bbcffdcf39a08a248ae1045ff8c6123de2f15d9ac360a3497c07001a3a1936ff1c03194ace131d380f515629ff016bd890ff822704c0db8bc68efad2eace5466628e7d6c2f2b3043698c46fdd62588fc54b72a786af0d026353879892c58007f7988a3f2240a43303218cc1df27807bfbde117c505f060396850a82459830a89a6a8601ea2e47f2e41379d110b96576f8f7705bba7ec63d6b44ccf84073cf9bdcf1aee48cb60c2f6dd3e89f3626a5e23339ea99c918d76a43fecf7401f7550e8eaefa4d84f1143320599daf7699858b2bf408e9093aa91d6dd9ae39d8decf3f7a199b0c1918d47be3b7aeff9a8c10efabe787b43141e7abaa431716c607e8a51e39ef0ab79cade1223c3ef81da4c4eefdd5b21fcc1b87872fc3b346737105589b84ba9814679b7510ed9b4f290083ee634ae12243ccc63413d7bc35eee0d1a4bc9dd33c37f5130303edddfc2636ffbf1ee0febb953436710c2ed9bd001d2ebe878788ddf7f7ad55b7a8cbcb348e82cd65b59315858086606115d04a3cda0e4af2a703afe09e4afedf00d5fbb2284df9af1d1ec9f15356c58fdcde45fff250568347f3b0b49e11e44c0a4d98a1e3393ce5d76614990f23b2e146842b166fb070894c128f957b0cc7d80a16275efd15659e0f81990062ebfdf9454d12e63d1ce1dad7848fcbab642a0d62ebb17abc824883e4c6e1e81992f28f5bbd7b26e2645c7941b03dd2f27c29baa2412976a05fa13d8fc4d6bd152a8668d98698cf605b8b4a61600481e01bdd74c96d73390518add968100ac742aaf5dd7eb4ccf0868ee3ef7f12c32298737dea65bd5d7161dd679b4dd6799aa086bf3b8c889780ac102b7b1ebcf2569dd77f201d74d94a61400ced9c613414012b451628a96e6cc8fe738e964940f7b753065677776f3b5398975aeac974fced560667cead03a8976eb4229ff4e1bca5588d5d544cbca8588215a2f5ef7a5fc1a07438d3a3e05d21eb30d46f1688543d4327d36e07635396eaab4e9bc862ee9c7fa24de38c5cbf8fa5afd024116bc84854d01072145ecc4bb415d94a333e0d91e9cf6fda5a2c244a585e3a32c95398f44800c578faf4a2ccc5979664db7a55aa5cc02789f84321ccaeed4f37dd48c8d1484ade0588fc4255ec8780534a693e2bfe88b622034552084492c6757429239bbe8dad8b904e58007639ca773344040a441dc0027a46c22198f3d0b0588e164881a9fc7a85a63c459b0d002e3d890edd250742d363e85250badb91a734759baf773c", 0x595) sendto$inet(r0, &(0x7f0000000200)='I', 0x1, 0x0, 0x0, 0x0) [ 254.072271] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.077515] RIP: 0033:0x457669 [ 254.080721] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.099646] RSP: 002b:00007f26b456dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 254.107378] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 254.114665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 254.121959] RBP: 000000000072bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 254.129267] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f26b456e6d4 [ 254.136568] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 254.143880] [ 254.145527] Local variable description: ----combined@secure_tcpv6_seq [ 254.152115] Variable was created at: [ 254.155872] secure_tcpv6_seq+0x7d/0x2b0 [ 254.159991] tcp_v6_connect+0x242b/0x2890 [ 254.164141] [ 254.165831] Bytes 4-7 of 8 are uninitialized [ 254.170251] Memory access of size 8 starts at ffff88813b15f658 [ 254.176228] ================================================================== [ 254.183606] Disabling lock debugging due to kernel taint [ 254.189100] Kernel panic - not syncing: panic_on_warn set ... [ 254.195024] CPU: 0 PID: 8228 Comm: syz-executor3 Tainted: G B 4.20.0-rc7+ #8 [ 254.203522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.212940] Call Trace: [ 254.215562] dump_stack+0x173/0x1d0 [ 254.219235] panic+0x3ce/0x961 20:49:37 executing program 2: r0 = socket$inet(0x2, 0x6000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000008c0)=0x7fe, 0x370) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='tunl0\x00\x00\x00\x00\x00\x00\x00\xe4\xa1\x00', 0x10) write(r0, &(0x7f0000001880)="89f9d765312b4001000000b0967bdae72ee5094371136a6477ba0a51a2969dbc2d4028ac7b5af67f178f9314ea2bb3ac1c442eaf749c21ae2af8e39a40c3dc032e6f8eb738786a79df71302ff3b5d42731597d995bed6103ff63b9a908bcc05e0400000092bdf4d3282f62d6928117f82c2dae48742dac857de846096e82c1a02e1edcadda721a3f8dc9a54da05d467ed35b6f931d8686986960e756048c61c2a2c374c318d21d7a7ef550779190066e82ea3f6724a9f61ff028ec7e8d7a04352e7a78f777a68b823abb646bdc55dbde285ce15bf45820f0ae20e4023f57c71f8b41e08eff14c3441485c6f54a30750c780852dad879d6d4be7243bd07f841f89009000000c23d6b4f70fe48b54577449cfcbc4d5dbefb8b465d45bc2d11afbe7bfbe6ca76ac259e634eebf8db694ff02fe2b4c80783b443ef68287e9cf7cbcc2ee196f10c4ffb3f59e4921e0f9f08cba9a2c56c49fa7465b4836da5b2d9b142763889caa718d8a4fcb2f3ef6dc6185708fb1e0f9081d29fb3defae8c525f07437c7835b4eac8f86e2a22a81eff4120340e4a379446aac45dbff791d147805cd2748d74b8996c9b51ec03b410ef8fe126117fbf106795bc1b25d8dd786b6496bd743b7c75c638b516214ff56ec99a9c0f2919fa781cd8b4f2f2e425a6780c630a05c8e60011bc8e10055a6b6b6ddff94bbf18a2cd46bac52e5a13c73fd96f79038a65d6991ac38899ab98486d92bbcffdcf39a08a248ae1045ff8c6123de2f15d9ac360a3497c07001a3a1936ff1c03194ace131d380f515629ff016bd890ff822704c0db8bc68efad2eace5466628e7d6c2f2b3043698c46fdd62588fc54b72a786af0d026353879892c58007f7988a3f2240a43303218cc1df27807bfbde117c505f060396850a82459830a89a6a8601ea2e47f2e41379d110b96576f8f7705bba7ec63d6b44ccf84073cf9bdcf1aee48cb60c2f6dd3e89f3626a5e23339ea99c918d76a43fecf7401f7550e8eaefa4d84f1143320599daf7699858b2bf408e9093aa91d6dd9ae39d8decf3f7a199b0c1918d47be3b7aeff9a8c10efabe787b43141e7abaa431716c607e8a51e39ef0ab79cade1223c3ef81da4c4eefdd5b21fcc1b87872fc3b346737105589b84ba9814679b7510ed9b4f290083ee634ae12243ccc63413d7bc35eee0d1a4bc9dd33c37f5130303edddfc2636ffbf1ee0febb953436710c2ed9bd001d2ebe878788ddf7f7ad55b7a8cbcb348e82cd65b59315858086606115d04a3cda0e4af2a703afe09e4afedf00d5fbb2284df9af1d1ec9f15356c58fdcde45fff250568347f3b0b49e11e44c0a4d98a1e3393ce5d76614990f23b2e146842b166fb070894c128f957b0cc7d80a16275efd15659e0f81990062ebfdf9454d12e63d1ce1dad7848fcbab642a0d62ebb17abc824883e4c6e1e81992f28f5bbd7b26e2645c7941b03dd2f27c29baa2412976a05fa13d8fc4d6bd152a8668d98698cf605b8b4a61600481e01bdd74c96d73390518add968100ac742aaf5dd7eb4ccf0868ee3ef7f12c32298737dea65bd5d7161dd679b4dd6799aa086bf3b8c889780ac102b7b1ebcf2569dd77f201d74d94a61400ced9c613414012b451628a96e6cc8fe738e964940f7b753065677776f3b5398975aeac974fced560667cead03a8976eb4229ff4e1bca5588d5d544cbca8588215a2f5ef7a5fc1a07438d3a3e05d21eb30d46f1688543d4327d36e07635396eaab4e9bc862ee9c7fa24de38c5cbf8fa5afd024116bc84854d01072145ecc4bb415d94a333e0d91e9cf6fda5a2c244a585e3a32c95398f44800c578faf4a2ccc5979664db7a55aa5cc02789f84321ccaeed4f37dd48c8d1484ade0588fc4255ec8780534a693e2bfe88b622034552084492c6757429239bbe8dad8b904e58007639ca773344040a441dc0027a46c22198f3d0b0588e164881a9fc7a85a63c459b0d002e3d890edd250742d363e85250badb91a734759baf773c", 0x595) sendto$inet(r0, &(0x7f0000000200)='I', 0x1, 0x0, 0x0, 0x0) [ 254.222536] kmsan_report+0x285/0x290 [ 254.226463] kmsan_internal_check_memory+0x9a7/0xa20 [ 254.231603] ? __local_bh_enable_ip+0xb3/0x1a0 [ 254.236273] __msan_instrument_asm_load+0x8a/0x90 [ 254.241148] __siphash_aligned+0x512/0xae0 [ 254.245440] secure_tcpv6_seq+0x143/0x2b0 [ 254.249643] ? inet6_hash_connect+0x176/0x1a0 [ 254.254225] tcp_v6_connect+0x242b/0x2890 [ 254.258436] ? __msan_poison_alloca+0x1e0/0x270 [ 254.263148] ? tcp_v6_pre_connect+0x130/0x130 [ 254.267717] __inet_stream_connect+0x2f9/0x1340 20:49:37 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000400)="ea6b8cb595303c972701babba8729c0a86d1b53fd2887d5a08164f896f8b2486c9a1e6c64289009e80883af1602d19ae7ff9579eb1c0ddc53907ebf430a0168a", 0x40}], 0x1, 0x0) [ 254.272416] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 254.277298] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 254.282028] tcp_sendmsg_locked+0x65d5/0x6be0 [ 254.286558] ? aa_label_sk_perm+0xda/0x940 [ 254.290842] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.296241] ? aa_label_sk_perm+0x6d6/0x940 [ 254.300599] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 254.305988] ? futex_wait+0x912/0xc40 [ 254.309875] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 254.315284] ? semctl_main+0x2da4/0x5500 [ 254.319398] tcp_sendmsg+0xb2/0x100 [ 254.323066] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 254.327764] inet_sendmsg+0x54a/0x720 [ 254.331603] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.336992] ? security_socket_sendmsg+0x1bd/0x200 [ 254.341975] ? inet_getname+0x490/0x490 [ 254.345975] __sys_sendto+0x8c4/0xac0 [ 254.349863] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 254.355354] ? prepare_exit_to_usermode+0x114/0x420 [ 254.360394] ? syscall_return_slowpath+0x50/0x650 [ 254.365270] __se_sys_sendto+0x107/0x130 [ 254.369384] __x64_sys_sendto+0x6e/0x90 [ 254.373393] do_syscall_64+0xbc/0xf0 [ 254.377139] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.382357] RIP: 0033:0x457669 [ 254.385568] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.404490] RSP: 002b:00007f26b456dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 254.412243] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 20:49:37 executing program 1: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x12, r0, 0x0) madvise(&(0x7f0000590000/0x4000)=nil, 0x4000, 0xc) [ 254.419541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 254.426859] RBP: 000000000072bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 254.434159] R10: 0000000020000004 R11: 0000000000000246 R12: 00007f26b456e6d4 [ 254.441457] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 254.449803] Kernel Offset: disabled [ 254.453470] Rebooting in 86400 seconds..