[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 38.779845] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.992293] random: sshd: uninitialized urandom read (32 bytes read) [ 41.289236] random: sshd: uninitialized urandom read (32 bytes read) [ 42.401221] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. [ 48.119798] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/18 21:40:31 fuzzer started [ 49.272274] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/18 21:40:33 dialing manager at 10.128.0.26:46635 2018/08/18 21:40:37 syscalls: 1 2018/08/18 21:40:37 code coverage: enabled 2018/08/18 21:40:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/18 21:40:37 setuid sandbox: enabled 2018/08/18 21:40:37 namespace sandbox: enabled 2018/08/18 21:40:37 fault injection: enabled 2018/08/18 21:40:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/18 21:40:37 net packed injection: enabled 2018/08/18 21:40:37 net device setup: enabled [ 56.292756] random: crng init done 21:42:15 executing program 0: 21:42:15 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x2040, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x17cd, &(0x7f0000000300)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) creat(&(0x7f0000000040)='./file0\x00', 0x0) 21:42:15 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendmmsg(r0, &(0x7f0000005f00)=[{{&(0x7f0000004980)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000001500), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18e061500242ee7fcb010091ebf22800"], 0x10}}], 0x1, 0x0) 21:42:15 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x3f0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000001c0)={0xbf}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc0505350, &(0x7f00000002c0)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070") timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1000000000014) 21:42:15 executing program 3: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x20000140}}, 0x80, &(0x7f0000000200), 0x3e2, &(0x7f0000000580)}, 0x20008844) 21:42:15 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="0a5cc80700315f85715070") syz_open_procfs(0x0, &(0x7f0000000500)='smaps_rollup\x00') 21:42:15 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='attr/prev\x00') write$binfmt_aout(r0, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x1be}, "", [[]]}, 0x120) 21:42:15 executing program 6: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) ppoll(&(0x7f0000000140)=[{r0, 0x150}], 0x1, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0), 0x8) [ 153.332222] IPVS: ftp: loaded support on port[0] = 21 [ 153.379604] IPVS: ftp: loaded support on port[0] = 21 [ 153.445473] IPVS: ftp: loaded support on port[0] = 21 [ 153.453881] IPVS: ftp: loaded support on port[0] = 21 [ 153.471164] IPVS: ftp: loaded support on port[0] = 21 [ 153.474833] IPVS: ftp: loaded support on port[0] = 21 [ 153.531902] IPVS: ftp: loaded support on port[0] = 21 [ 153.531936] IPVS: ftp: loaded support on port[0] = 21 [ 156.084433] ip (4640) used greatest stack depth: 53712 bytes left [ 158.103788] ip (4754) used greatest stack depth: 53688 bytes left [ 158.174772] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.181293] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.223817] device bridge_slave_0 entered promiscuous mode [ 158.488747] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.495268] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.537991] device bridge_slave_0 entered promiscuous mode [ 158.597180] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.603654] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.646548] device bridge_slave_1 entered promiscuous mode [ 158.663275] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.669751] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.714338] device bridge_slave_0 entered promiscuous mode [ 158.751567] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.758178] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.780436] device bridge_slave_0 entered promiscuous mode [ 158.820911] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.827486] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.843376] device bridge_slave_0 entered promiscuous mode [ 158.857554] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.864010] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.886542] device bridge_slave_0 entered promiscuous mode [ 158.910428] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.916897] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.934971] device bridge_slave_1 entered promiscuous mode [ 158.955875] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.962388] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.997362] device bridge_slave_0 entered promiscuous mode [ 159.010654] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.017167] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.050538] device bridge_slave_1 entered promiscuous mode [ 159.073719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.096471] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.102932] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.150817] device bridge_slave_0 entered promiscuous mode [ 159.167860] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.174348] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.186350] device bridge_slave_1 entered promiscuous mode [ 159.204659] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.211143] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.234379] device bridge_slave_1 entered promiscuous mode [ 159.267625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.275308] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.283772] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.290258] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.336395] device bridge_slave_1 entered promiscuous mode [ 159.356768] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.363248] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.398849] device bridge_slave_1 entered promiscuous mode [ 159.416100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.436625] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.443136] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.484129] device bridge_slave_1 entered promiscuous mode [ 159.510562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.532186] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.552266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.564717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.640216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.687959] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.796289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.844897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.901405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.940866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.957584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 160.179512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 160.363970] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.465929] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.518424] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.691344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 160.742489] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 160.808516] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.845878] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 160.877786] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.897360] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 160.935576] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 161.006513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.013531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.066252] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.073238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.115650] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 161.136584] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.175511] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.187156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.223926] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.283941] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.318216] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.327426] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.334398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.375870] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.382862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.470639] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.496463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.503466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.527723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.534683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.567175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.574154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.624977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.632141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.696835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.705772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.805553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.812539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.847335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.854353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.936926] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.943939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.978899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.985892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.090323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 162.097347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.144886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 162.151943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.345327] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.383661] team0: Port device team_slave_0 added [ 162.401295] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.422124] team0: Port device team_slave_0 added [ 162.585458] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.610264] team0: Port device team_slave_0 added [ 162.672519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 162.700083] team0: Port device team_slave_1 added [ 162.793245] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 162.807607] team0: Port device team_slave_1 added [ 162.821054] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.848368] team0: Port device team_slave_0 added [ 162.870745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.886610] team0: Port device team_slave_0 added [ 162.909214] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 162.940241] team0: Port device team_slave_1 added [ 163.000549] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 163.023225] team0: Port device team_slave_0 added [ 163.062228] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.075945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.097263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.136917] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 163.155220] team0: Port device team_slave_0 added [ 163.178857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.185931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.200113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.245144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.253691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.279216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.295847] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.305436] team0: Port device team_slave_1 added [ 163.322189] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.333214] team0: Port device team_slave_1 added [ 163.349321] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 163.363215] team0: Port device team_slave_0 added [ 163.393426] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.419641] team0: Port device team_slave_1 added [ 163.443756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 163.453774] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.473505] team0: Port device team_slave_1 added [ 163.495354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 163.522349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 163.550235] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 163.564196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 163.575731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 163.629173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 163.648004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 163.677228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 163.707649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.718559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.734584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.774714] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.783956] team0: Port device team_slave_1 added [ 163.801785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.816187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 163.831970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 163.853958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.863296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.889754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 163.927257] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.956328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 163.978380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.009717] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.018837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.043796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.060351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 164.068210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 164.075720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.100134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.123981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.141138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.157854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.170952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.185383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.199453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 164.207184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.219557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 164.237698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.247605] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.270581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.298528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.326885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.344779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.363704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 164.380814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.422379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.431158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 164.438536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.452559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.491476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.510735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.527930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.549400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.573688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.583114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.607958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.630951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 164.638441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.650133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.676850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.696426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.716921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.729806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.740477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.765162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.792920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.823899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.856921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.867374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.886535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.918712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.932980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.945893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.976348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.022551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.046563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.072569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.080980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 165.130420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.155220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.179991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.203002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.235761] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.245229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.263602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.345445] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.352927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.367374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.799664] ip (5103) used greatest stack depth: 53568 bytes left [ 167.946178] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.952668] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.959565] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.966057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.978494] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.994328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.123241] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.129728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.136588] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.143073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.221237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.236379] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.242846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.249703] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.256158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.282947] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.571876] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.578470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.585336] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.591785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.633675] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.642357] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.648810] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.655696] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.662152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.678429] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.735937] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.742436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.749317] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.755786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.846369] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.860355] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.866802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.873659] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.880104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.932482] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.950812] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.957265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.964227] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.970727] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.992200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 169.056175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.075680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.114135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.151306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.173736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.214150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.241237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.027518] ip (5709) used greatest stack depth: 53432 bytes left [ 181.110566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.141647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.302659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.476658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.561236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.692893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.881738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.111259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.331656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.341121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.496333] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.741824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.831572] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.979980] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.163009] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.242247] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.436109] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.442498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.457797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.549342] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.555745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.569980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.642819] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.649337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.665231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.892874] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.899174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.910728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.096590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.102916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.117063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.220621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.227942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.239895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.414886] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.421531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.439159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.602684] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.609119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.616857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.789717] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.887870] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.916583] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.056757] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.307079] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.526872] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.635584] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.926746] 8021q: adding VLAN 0 to HW filter on device team0 21:42:55 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x3, 0x0) unshare(0x20400) ioctl$TCSETSF(r0, 0x5101, &(0x7f0000000080)={0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x2, 0x20000}) 21:42:55 executing program 2: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000001540)={&(0x7f0000000040)=@un=@abs={0x1, 0x0, 0x4e21}, 0x80, &(0x7f0000000140)}, 0x20000890) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000180)=@req={0x28, &(0x7f0000000100)={'veth1_to_bond\x00', @ifru_data=&(0x7f0000000000)="bd5d20c6e38010de572635c92ec9dd7aaa278811e3d2141fab49fe45f1da80b8"}}) 21:42:55 executing program 3: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x20000140}}, 0x80, &(0x7f0000000200), 0x3e2, &(0x7f0000000580)}, 0x20008844) 21:42:55 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/if_inet6\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000180)="6f6f6d5f73636f72655f61646a00605a119bf0a3beaad2f8ce9203080460d060c2a469f1da124d726b7bdc66e5148a62b24f849098b33697e5b143b21fc4158a0826112baa3b4b4ea2313be32159686267389b11dac96f9da1765a1f324ce51f43459a9cc4b342bce7188228239f6b557821eec64bc3f9f7e816224f0a8650ea536502000000e6421474f0fdb79bcbbd15cf32c37f502923dbb3dfd0b81c9b5f84a6e8a5c3c1212865bed7870ab725331f061706000000741916137923656c8e999efe46e503a44fc609b0ee8271ab88e2cdb51ef00000002908d46b7db610994fa933d8fcb48c28c8e7273d5d3199f9200e0f0b8a2d") getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x1f}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000280)={r2, @in={{0x2, 0x4e21, @rand_addr=0x7f}}, 0x5a, 0x3}, &(0x7f0000000100)=0x90) sendfile(r1, r0, &(0x7f0000000040)=0x3, 0x79ffffffffffff) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000140)=ANY=[@ANYRES32=r3, @ANYBLOB="27000000af867fe29e7d5eb1ecc57ae0bba78de09a3d85727527819e1bcbf93d79bd4380be22febe1f0515"], &(0x7f0000000340)=0x2f) 21:42:56 executing program 2: add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0xfffffffffffffffd) keyctl$set_reqkey_keyring(0xe, 0x5) request_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080), &(0x7f00000000c0)='/dev/uinput\x00', 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40001, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) 21:42:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x400000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$VT_RESIZE(r0, 0x80047456, &(0x7f0000000040)) 21:42:56 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000640)={0x53, 0x0, 0x70, 0x0, @scatter={0x0, 0x0, &(0x7f0000000340)}, &(0x7f0000000440)="0a26eba1f4599fcf371a5914b204a1a1440c834557e561ad3046f81f89fb21c3483259c8e8099a4507053fcad5572a81ec3f49b751c90aafa00f7d1987edeb84950eb4332c1bb884ee77872f6aedb1bcb706f86e5a1d7b38345f689938ddcb3f3a44205509f6bd3abfa960045d425e9c", &(0x7f0000000500)=""/218, 0x0, 0x24, 0x1, &(0x7f0000000600)}) syz_open_dev$vcsa(&(0x7f0000000400)='/dev/vcsa#\x00', 0x5, 0x20000) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYPTR64=&(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB="84102cdf3c7fd8ce845f68a76c050eaa89522e093557be8a76e1d639b361051ce9719e15c91f164125b39123d6b97aba0a7b83c0c67cff7eba53c48b97adc9c2708af80082abee53c6b2f3ae04da4ce9d270bf612c5726c512d2c523d339f55f4daee2a668db2c4194ba3b94eea63c91f05539148cbf982f26b199af6fe853a1018dbd8d548e24707251ebfebb8cb2679ce632710beeb87383a07382c163c4b31c53317da25a0219136f955763c5621c0b60c642fd418e6ae64def37580a0e9d992bc53fbd535e9225f18c641122f47a1ffa4626aaeb730644db5fbaa804188c845edd76aa5772d132622f5cf1d60febe9afa7788a56e5e831", @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYRESHEX=0x0, @ANYRESOCT=r0, @ANYBLOB="97f21b5fc2e96196b0cffb1d8415abdd9f991ce3cb806ea8b0e73991e9a1439054fc3be1585bb0c933055a70876b6bc1db520accfece5d7503af083fc5f3fbbdb719ef03e76fa206a918135c8fd44df6f61a4af46669f0b5dd3c6139347947e01d3384bd27e7fb496e6351bc1d0c4b32a3531a8940d67bbd7b3e286ad7e40b081cc8b61792f8dc7ba51c3a8d915b546e7538fd308bc8948ca744a7b0db1e45aa4644a3d65fdaed86ff73750ad6f3b76c2d86e8eb39a8d581e18cfeb9ae254cee73dcec2a3028ea012a64389dff9c4e59fffe53347d32af3689dbb4d714fb909afecd3bee4ac78faab4f62916f8f056", @ANYPTR, @ANYPTR64, @ANYRES32=0x0]], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRESDEC=r0]], 0x10) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000100)) write(r0, &(0x7f00000006c0)="2c147b124fd5386cf192213fa2ddfcccd2d2c6ab907782c0f58c59c71000e80599ae196fb4ede539b19d002fc6ac22df789d73c437415204a1a49c226f9f487467b343106e2ca9e6391cf65c3cb11b60af89044d40e304ac5d5d960c009cf8bdf9f97b2f637cb9d1df38410f937a8869f9e2ec81405f2ebb5e0a6df0ecf4ebb26d565275fef17e9fa69252", 0x8b) poll(&(0x7f0000000140)=[{r0, 0x200}, {r0, 0x30a}, {r0, 0x10}, {r0, 0x8110}, {r0, 0x3ffe}, {r0, 0x2000000150}, {r0, 0x142}, {r0, 0x80000000}], 0x8, 0xfffffffffffffffa) [ 193.328165] sd 0:0:1:0: [sg0] tag#2638 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 193.337168] sd 0:0:1:0: [sg0] tag#2638 CDB: Write(6) [ 193.342439] sd 0:0:1:0: [sg0] tag#2638 CDB[00]: 0a 26 eb a1 f4 59 9f cf 37 1a 59 14 b2 04 a1 a1 [ 193.351407] sd 0:0:1:0: [sg0] tag#2638 CDB[10]: 44 0c 83 45 57 e5 61 ad 30 46 f8 1f 89 fb 21 c3 [ 193.360384] sd 0:0:1:0: [sg0] tag#2638 CDB[20]: 48 32 59 c8 e8 09 9a 45 07 05 3f ca d5 57 2a 81 [ 193.369411] sd 0:0:1:0: [sg0] tag#2638 CDB[30]: ec 3f 49 b7 51 c9 0a af a0 0f 7d 19 87 ed eb 84 21:42:56 executing program 6: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000000)='./file0\x00') mkdir(&(0x7f00000001c0)='./control\x00', 0x0) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_default\x00') unlink(&(0x7f0000f86000)='./control/file0\x00') rmdir(&(0x7f00000000c0)='./control\x00') 21:42:56 executing program 2: add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0xfffffffffffffffd) keyctl$set_reqkey_keyring(0xe, 0x5) request_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080), &(0x7f00000000c0)='/dev/uinput\x00', 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40001, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) 21:42:56 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@mcast2, @ipv4={[], [], @broadcast}, @mcast1, 0x2, 0x1, 0x80000000, 0x100, 0x6, 0x0, r1}) eventfd2(0x1, 0x1) [ 193.378440] sd 0:0:1:0: [sg0] tag#2638 CDB[40]: 95 0e b4 33 2c 1b b8 84 ee 77 87 2f 6a ed b1 bc [ 193.387449] sd 0:0:1:0: [sg0] tag#2638 CDB[50]: b7 06 f8 6e 5a 1d 7b 38 34 5f 68 99 38 dd cb 3f [ 193.396748] sd 0:0:1:0: [sg0] tag#2638 CDB[60]: 3a 44 20 55 09 f6 bd 3a bf a9 60 04 5d 42 5e 9c 21:42:56 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500020000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000400)=0x4, 0x4) r3 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000000)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000300)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x14}, 0xfd7a}}, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f00000000c0)=0x4adb, 0x13) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000180)=0xff, 0x4) getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f00000001c0)={'icmp\x00'}, &(0x7f0000000200)=0x1e) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000080)) [ 193.682628] sg_write: data in/out 1815663915/91 bytes for SCSI command 0xb4-- guessing data in; [ 193.682628] program syz-executor7 not setting count and/or reply_len properly [ 193.723430] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 193.789111] sd 0:0:1:0: [sg0] tag#2639 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 193.798001] sd 0:0:1:0: [sg0] tag#2639 CDB: Write(6) [ 193.803330] sd 0:0:1:0: [sg0] tag#2639 CDB[00]: 0a 26 eb a1 f4 59 9f cf 37 1a 59 14 b2 04 a1 a1 [ 193.812350] sd 0:0:1:0: [sg0] tag#2639 CDB[10]: 44 0c 83 45 57 e5 61 ad 30 46 f8 1f 89 fb 21 c3 [ 193.821335] sd 0:0:1:0: [sg0] tag#2639 CDB[20]: 48 32 59 c8 e8 09 9a 45 07 05 3f ca d5 57 2a 81 [ 193.830345] sd 0:0:1:0: [sg0] tag#2639 CDB[30]: ec 3f 49 b7 51 c9 0a af a0 0f 7d 19 87 ed eb 84 [ 193.839370] sd 0:0:1:0: [sg0] tag#2639 CDB[40]: 95 0e b4 33 2c 1b b8 84 ee 77 87 2f 6a ed b1 bc [ 193.848519] sd 0:0:1:0: [sg0] tag#2639 CDB[50]: b7 06 f8 6e 5a 1d 7b 38 34 5f 68 99 38 dd cb 3f [ 193.857493] sd 0:0:1:0: [sg0] tag#2639 CDB[60]: 3a 44 20 55 09 f6 bd 3a bf a9 60 04 5d 42 5e 9c [ 193.880805] sg_write: data in/out 1815663915/91 bytes for SCSI command 0xb4-- guessing data in; [ 193.880805] program syz-executor7 not setting count and/or reply_len properly 21:42:56 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x3f0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000001c0)={0xbf}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc0505350, &(0x7f00000002c0)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070") timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1000000000014) 21:42:56 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) r2 = gettid() ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x8001, &(0x7f0000000040)=""/240) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xf) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000600)) 21:42:56 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) preadv(r1, &(0x7f0000002140)=[{&(0x7f0000000fc0)=""/243, 0xf3}, {&(0x7f00000010c0)=""/121, 0x79}], 0x2, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x840042}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x70, r2, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100000000}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xc28}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xb5eb}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x90fe}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffffffffdb9a}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x200}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 21:42:56 executing program 0: unshare(0x20400) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0xaf01, &(0x7f0000000080)) r1 = eventfd(0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x200, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_SET_VRING_CALL(r2, 0x4008af21, &(0x7f0000000280)={0x2}) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000180)={0x2, 0x5c, &(0x7f0000000200)="4ff227745dc43e11ee41d442e3ca22d9ef7d266795648558c6b78dd8fe8ea832deb5633486d3d55449811d64dca024e0ecd75c504dbf31d44ab6fb4599ca109d0d4e1d969b407937a9161db4ebfc679fdc25a06a90b05e69294e965f"}) 21:42:56 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x53, &(0x7f00000000c0)=0x2090, 0x4) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x7e, 0x7, 0x1, 0x9}) open(&(0x7f0000000040)='./file0\x00', 0x2000, 0x10) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) sendto$inet6(r0, &(0x7f0000000280), 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @local}, 0x1c) 21:42:56 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)=0x80000001, 0x4) 21:42:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000640)={0x53, 0x0, 0x70, 0x0, @scatter={0x0, 0x0, &(0x7f0000000340)}, &(0x7f0000000440)="0a26eba1f4599fcf371a5914b204a1a1440c834557e561ad3046f81f89fb21c3483259c8e8099a4507053fcad5572a81ec3f49b751c90aafa00f7d1987edeb84950eb4332c1bb884ee77872f6aedb1bcb706f86e5a1d7b38345f689938ddcb3f3a44205509f6bd3abfa960045d425e9c", &(0x7f0000000500)=""/218, 0x0, 0x24, 0x1, &(0x7f0000000600)}) syz_open_dev$vcsa(&(0x7f0000000400)='/dev/vcsa#\x00', 0x5, 0x20000) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[@ANYPTR64=&(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB="84102cdf3c7fd8ce845f68a76c050eaa89522e093557be8a76e1d639b361051ce9719e15c91f164125b39123d6b97aba0a7b83c0c67cff7eba53c48b97adc9c2708af80082abee53c6b2f3ae04da4ce9d270bf612c5726c512d2c523d339f55f4daee2a668db2c4194ba3b94eea63c91f05539148cbf982f26b199af6fe853a1018dbd8d548e24707251ebfebb8cb2679ce632710beeb87383a07382c163c4b31c53317da25a0219136f955763c5621c0b60c642fd418e6ae64def37580a0e9d992bc53fbd535e9225f18c641122f47a1ffa4626aaeb730644db5fbaa804188c845edd76aa5772d132622f5cf1d60febe9afa7788a56e5e831", @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYRESHEX=0x0, @ANYRESOCT=r0, @ANYBLOB="97f21b5fc2e96196b0cffb1d8415abdd9f991ce3cb806ea8b0e73991e9a1439054fc3be1585bb0c933055a70876b6bc1db520accfece5d7503af083fc5f3fbbdb719ef03e76fa206a918135c8fd44df6f61a4af46669f0b5dd3c6139347947e01d3384bd27e7fb496e6351bc1d0c4b32a3531a8940d67bbd7b3e286ad7e40b081cc8b61792f8dc7ba51c3a8d915b546e7538fd308bc8948ca744a7b0db1e45aa4644a3d65fdaed86ff73750ad6f3b76c2d86e8eb39a8d581e18cfeb9ae254cee73dcec2a3028ea012a64389dff9c4e59fffe53347d32af3689dbb4d714fb909afecd3bee4ac78faab4f62916f8f056", @ANYPTR, @ANYPTR64, @ANYRES32=0x0]], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRESDEC=r0]], 0x10) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000100)) write(r0, &(0x7f00000006c0)="2c147b124fd5386cf192213fa2ddfcccd2d2c6ab907782c0f58c59c71000e80599ae196fb4ede539b19d002fc6ac22df789d73c437415204a1a49c226f9f487467b343106e2ca9e6391cf65c3cb11b60af89044d40e304ac5d5d960c009cf8bdf9f97b2f637cb9d1df38410f937a8869f9e2ec81405f2ebb5e0a6df0ecf4ebb26d565275fef17e9fa69252", 0x8b) poll(&(0x7f0000000140)=[{r0, 0x200}, {r0, 0x30a}, {r0, 0x10}, {r0, 0x8110}, {r0, 0x3ffe}, {r0, 0x2000000150}, {r0, 0x142}, {r0, 0x80000000}], 0x8, 0xfffffffffffffffa) [ 194.114102] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 194.180181] sd 0:0:1:0: [sg0] tag#2639 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 194.189187] sd 0:0:1:0: [sg0] tag#2639 CDB: Write(6) [ 194.194454] sd 0:0:1:0: [sg0] tag#2639 CDB[00]: 0a 26 eb a1 f4 59 9f cf 37 1a 59 14 b2 04 a1 a1 [ 194.203411] sd 0:0:1:0: [sg0] tag#2639 CDB[10]: 44 0c 83 45 57 e5 61 ad 30 46 f8 1f 89 fb 21 c3 [ 194.212408] sd 0:0:1:0: [sg0] tag#2639 CDB[20]: 48 32 59 c8 e8 09 9a 45 07 05 3f ca d5 57 2a 81 [ 194.221385] sd 0:0:1:0: [sg0] tag#2639 CDB[30]: ec 3f 49 b7 51 c9 0a af a0 0f 7d 19 87 ed eb 84 21:42:57 executing program 5: r0 = socket(0x10, 0x40000000000002, 0x0) sendmsg$nl_route(r0, &(0x7f00000013c0)={&(0x7f0000000280), 0xc, &(0x7f0000001380)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000001a00010100000000089e8eabb74c8aa038accc1dd9000000"], 0x1}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d0252926285717070") recvfrom(r0, &(0x7f0000002400)=""/4096, 0x1000, 0x0, 0x0, 0x0) 21:42:57 executing program 2: r0 = socket(0x10, 0x40000000000002, 0x0) sendmsg$nl_route(r0, &(0x7f00000013c0)={&(0x7f0000000280), 0xc, &(0x7f0000001380)={&(0x7f0000000300)=@ipv6_getroute={0x1c, 0x1a, 0x101}, 0x1c}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d0252926285717070") setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) recvfrom(r0, &(0x7f0000002400)=""/4096, 0x1000, 0x0, 0x0, 0x0) [ 194.230401] sd 0:0:1:0: [sg0] tag#2639 CDB[40]: 95 0e b4 33 2c 1b b8 84 ee 77 87 2f 6a ed b1 bc [ 194.239372] sd 0:0:1:0: [sg0] tag#2639 CDB[50]: b7 06 f8 6e 5a 1d 7b 38 34 5f 68 99 38 dd cb 3f [ 194.248341] sd 0:0:1:0: [sg0] tag#2639 CDB[60]: 3a 44 20 55 09 f6 bd 3a bf a9 60 04 5d 42 5e 9c 21:42:57 executing program 4: setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f0000000280)=""/240) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)) 21:42:57 executing program 3: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x6611, 0x0) r0 = socket$kcm(0xa, 0x40122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000100), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000040), &(0x7f0000000200)='syzkaller\x00', 0x0, 0xbb, &(0x7f0000000300)=""/187}, 0x48) sendmsg$kcm(r0, &(0x7f0000003840)={&(0x7f0000000040)=@un=@abs, 0x80, &(0x7f0000002d40)=[{&(0x7f0000000140)="f4001103002b2c25e994efd18498d6623abaa68754a3ffffff8002000000000000000000000000003a00000000000000", 0x30}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000)) 21:42:57 executing program 0: syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60b7e72000083a00fe963500570460d6dd248000000000000000000000000000aafe8003000000000000000000000000aa8000907800000000"], &(0x7f0000000000)) 21:42:57 executing program 6: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040), &(0x7f0000000080)="e0", 0x1, 0xffffffffffffffff) keyctl$read(0xb, r0, &(0x7f0000000180), 0x0) [ 194.467539] sg_write: data in/out 1815663915/91 bytes for SCSI command 0xb4-- guessing data in; [ 194.467539] program syz-executor7 not setting count and/or reply_len properly 21:42:57 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c48875e05b18a4cb3a9cd12dcea440d899c22cebd3b6abf62d996addb07aa3cde470652b3a471b4a7fa2f3fdf6e034d8000000004b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086607, &(0x7f00000000c0)) 21:42:57 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d0252926285717070") connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) 21:42:57 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001540)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200001c0, 0x0, 0x0, 0x200001f0, 0x20000220], 0x0, &(0x7f0000000180), &(0x7f00000001c0)=[{0x0, '\x00', 0xfaff1f00, 0xfffffffffffffffe}, {}, {}]}, 0x108) 21:42:57 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100, 0xff1f) sendto$inet6(r0, &(0x7f0000000200)="0303000007005b0000000000fff55b420293ffffd9fb3780398d537500000e007929301ee616d5c01843e065901f0053c0f485472da7222a2bb401000000c3b54035110f118d0000f55dc62600009b000000faffffff00000000aeb46245004bad2a66c9c1cfdf56fc88046a", 0x6c, 0x0, &(0x7f0000000080)={0xa, 0x200800800, 0x3, @dev}, 0x1c) 21:42:57 executing program 0: 21:42:57 executing program 7: 21:42:57 executing program 6: 21:42:57 executing program 3: 21:42:57 executing program 2: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000280)={&(0x7f0000001500)=@l2={0x1f, 0xffffdd86, {0x9}}, 0x80, &(0x7f00000002c0)}, 0x0) 21:42:57 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000bf6000)=0x177, 0x4) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f00005e6000)=0xffffffffffffff91, 0x2d1) sendto$inet6(r0, &(0x7f0000e13f4e), 0x0, 0x0, &(0x7f000020d000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000f61000)=[{{&(0x7f0000f62ff0)=@ipx, 0x10, &(0x7f0000f5d000), 0x0, &(0x7f0000f62000)=""/89, 0x59}}], 0x61, 0x2041, 0x0) [ 194.825717] kernel msg: ebtables bug: please report to author: counter_offset != totalcnt [ 195.078843] ================================================================== [ 195.094605] BUG: KMSAN: uninit-value in ip6_tnl_start_xmit+0x64e/0x1e20 [ 195.101377] CPU: 1 PID: 6737 Comm: syz-executor2 Not tainted 4.18.0-rc8+ #34 [ 195.108577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.117945] Call Trace: [ 195.120558] dump_stack+0x17c/0x1c0 [ 195.124225] kmsan_report+0x188/0x2a0 [ 195.128113] __msan_warning+0x70/0xc0 [ 195.131946] ip6_tnl_start_xmit+0x64e/0x1e20 [ 195.136383] ? dev_queue_xmit_nit+0x113f/0x1210 [ 195.141096] ? ip6_tnl_dev_uninit+0x740/0x740 [ 195.145616] dev_hard_start_xmit+0x5df/0xc20 [ 195.150077] __dev_queue_xmit+0x2eea/0x3a70 [ 195.154468] dev_queue_xmit+0x4b/0x60 [ 195.158296] ? __netdev_pick_tx+0xb20/0xb20 [ 195.162676] packet_sendmsg+0x7fb5/0x8ae0 [ 195.166853] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 195.172255] ? futex_wait+0x90b/0xbe0 [ 195.176098] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 195.181571] ? rw_copy_check_uvector+0x13f/0x710 [ 195.186382] ? __msan_poison_alloca+0x173/0x200 [ 195.191081] ? import_iovec+0xb4/0x5c0 [ 195.195005] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 195.200537] ___sys_sendmsg+0xe32/0x1250 [ 195.204640] ? compat_packet_setsockopt+0x360/0x360 [ 195.209732] __x64_sys_sendmsg+0x32d/0x460 [ 195.214019] ? ___sys_sendmsg+0x1250/0x1250 [ 195.218370] do_syscall_64+0x15b/0x220 [ 195.222303] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 195.227520] RIP: 0033:0x457089 [ 195.230725] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.250289] RSP: 002b:00007fbfa5291c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.258046] RAX: ffffffffffffffda RBX: 00007fbfa52926d4 RCX: 0000000000457089 [ 195.265340] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 195.272626] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 195.279913] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 195.287219] R13: 00000000004d3ff8 R14: 00000000004c8a56 R15: 0000000000000000 [ 195.290635] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 195.294529] [ 195.294537] Uninit was created at: [ 195.294566] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 195.294586] kmsan_kmalloc+0x98/0x100 [ 195.294605] kmsan_slab_alloc+0x10/0x20 [ 195.294648] __kmalloc_node_track_caller+0xb4c/0x11d0 [ 195.335452] __alloc_skb+0x2ce/0x9b0 [ 195.339190] alloc_skb_with_frags+0x1d0/0xac0 [ 195.343729] sock_alloc_send_pskb+0xb47/0x1120 [ 195.348335] packet_sendmsg+0x6480/0x8ae0 [ 195.352505] ___sys_sendmsg+0xe32/0x1250 [ 195.356584] __x64_sys_sendmsg+0x32d/0x460 [ 195.360853] do_syscall_64+0x15b/0x220 [ 195.364770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 195.369964] ================================================================== [ 195.377328] Disabling lock debugging due to kernel taint [ 195.382800] Kernel panic - not syncing: panic_on_warn set ... [ 195.382800] [ 195.390201] CPU: 1 PID: 6737 Comm: syz-executor2 Tainted: G B 4.18.0-rc8+ #34 [ 195.398812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.408170] Call Trace: [ 195.410787] dump_stack+0x17c/0x1c0 [ 195.414445] panic+0x3c3/0x9a0 [ 195.417695] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 195.423176] kmsan_report+0x29e/0x2a0 [ 195.427005] __msan_warning+0x70/0xc0 [ 195.430835] ip6_tnl_start_xmit+0x64e/0x1e20 [ 195.435280] ? dev_queue_xmit_nit+0x113f/0x1210 [ 195.440007] ? ip6_tnl_dev_uninit+0x740/0x740 [ 195.444529] dev_hard_start_xmit+0x5df/0xc20 [ 195.449009] __dev_queue_xmit+0x2eea/0x3a70 [ 195.453397] dev_queue_xmit+0x4b/0x60 [ 195.457221] ? __netdev_pick_tx+0xb20/0xb20 [ 195.461589] packet_sendmsg+0x7fb5/0x8ae0 [ 195.465773] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 195.471160] ? futex_wait+0x90b/0xbe0 [ 195.474993] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 195.480469] ? rw_copy_check_uvector+0x13f/0x710 [ 195.485269] ? __msan_poison_alloca+0x173/0x200 [ 195.489990] ? import_iovec+0xb4/0x5c0 [ 195.493895] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 195.499373] ___sys_sendmsg+0xe32/0x1250 [ 195.503438] ? compat_packet_setsockopt+0x360/0x360 [ 195.508484] __x64_sys_sendmsg+0x32d/0x460 [ 195.512726] ? ___sys_sendmsg+0x1250/0x1250 [ 195.517060] do_syscall_64+0x15b/0x220 [ 195.520953] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 195.526134] RIP: 0033:0x457089 [ 195.529307] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.548609] RSP: 002b:00007fbfa5291c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.556310] RAX: ffffffffffffffda RBX: 00007fbfa52926d4 RCX: 0000000000457089 [ 195.563590] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 195.570868] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 195.578172] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 195.585431] R13: 00000000004d3ff8 R14: 00000000004c8a56 R15: 0000000000000000 [ 195.593058] Dumping ftrace buffer: [ 195.596588] (ftrace buffer empty) [ 195.600285] Kernel Offset: disabled [ 195.603906] Rebooting in 86400 seconds..